1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware / Virus ?

Discussion in 'Virus & Other Malware Removal' started by NervousGuy, Dec 27, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. NervousGuy

    NervousGuy Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    42
    Hey guys, need some serious help with this.

    .1) Being refused internet connection in normal boot , so I'm having to result to Safe Mode. I have 0 internet connection issues and since it runs fine in Safe Mode, I believe its a corrupted system file or malware disguising itself as a system error.

    2) Getting errors anytime i attempt to open most programs. Will give an error the give a route cause as a named .dll file. Ususally ending in comctl32.dll.

    I basically can't open most of my programs nor connect to the internet , unless i run in Safe Mode.

    Downloaded HJT , DDS and attempted to instal GMER but the system wouldnt allow me. Spybot + Malwarebytes (updated) havent picked up anything so I was hoping to get some help from you guys!

    Thanks in advance ! (y)

    Heres my HJT Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:10:06, on 27/12/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    R3 - URLSearchHook: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

    --
    End of file - 5885 bytes


    Heres the DDS.txt

    DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
    Run by Elizabeth at 18:10:29.74 on 27/12/2010
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.1518 [GMT 0:00]

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\DllHost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Elizabeth\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    mDefault_Page_URL = hxxp://www.google.co.uk
    uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
    mRun: [<NO NAME>]
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
    IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
    IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\elizab~1\appdata\roaming\mozilla\firefox\profiles\c9xlec65.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - PageRage Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial
    FF - component: c:\users\elizabeth\appdata\roaming\mozilla\firefox\profiles\c9xlec65.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\users\elizabeth\appdata\roaming\mozilla\firefox\profiles\c9xlec65.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\elizabeth\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\elizabeth\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\elizabeth\appdata\roaming\mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\users\elizabeth\program files\dna\plugins\npbtdna.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    ============= SERVICES / DRIVERS ===============

    S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20090610.001\IDSvix86.sys [2009-6-11 272432]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
    S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-10-3 37936]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 CplIR;Embedded IR Driver;c:\windows\system32\drivers\CplIR.sys [2007-3-6 14848]
    S4 gupdate1ca35bc36b955c0;Google Update Service (gupdate1ca35bc36b955c0);c:\program files\google\update\GoogleUpdate.exe [2009-9-15 133104]
    S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-27 1153368]
    S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-13 1174664]

    =============== Created Last 30 ================

    2010-12-26 21:13:14 -------- d-----w- C:\savw_95_sa
    2010-12-26 20:36:34 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-12-26 17:22:30 388096 ----a-r- c:\users\elizab~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-26 17:22:29 -------- d-----w- c:\program files\Trend Micro
    2010-12-26 14:28:47 -------- d-----w- c:\program files\CCleaner
    2010-12-26 03:15:43 -------- d-----w- C:\escw_95_sa
    2010-12-16 18:16:14 81920 ----a-w- c:\windows\system32\consent.exe
    2010-12-11 17:06:12 -------- d-----w- c:\windows\pss
    2010-12-11 16:48:14 -------- d-----w- c:\windows\system32\EventProviders
    2010-12-11 12:43:18 -------- d-----w- c:\users\elizab~1\appdata\roaming\Malwarebytes
    2010-12-11 12:38:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-11 12:38:50 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-11 12:38:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 12:38:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-11 09:37:54 -------- d-sh--w- C:\found.002
    2010-12-10 13:25:04 784136 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    2010-12-02 02:03:59 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

    ==================== Find3M ====================

    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

    ============= FINISH: 18:11:58.93 ===============
     
  2. NervousGuy

    NervousGuy Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    42
    Patiently waiting and giving a cheeky bump :p
     
  3. NervousGuy

    NervousGuy Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    42
    Another bump, Any help guys ?
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya NervousGuy,

    Quick question: do you still use Norton, is the license current?

    Kevin
     
  5. NervousGuy

    NervousGuy Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    42
    Hey Kevin thanks a lot for getting back to me !

    Norton Is out of date, started running errors before it could even scan. So I tried to install Sophos after uninstalling Norton but it seems remnants of Norton are still on my system.
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    It maybe that the Norton remnants are causing internet problems.

    Download and install the Norton removal tool from Here

    Alternative link

    Install and run the tool, follow any prompts that are given. See if internet is back in Normal mode....

    Next run DDS again and post the two logs please.

    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE

    Kevin
     
  7. NervousGuy

    NervousGuy Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    42
    I'll get right on it. I'll repost once the removal tool has finished !
     
  8. NervousGuy

    NervousGuy Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    42
    Hey Kevin, it seems it was Norton's remnants causing my internet problems, now i can boot in normal mode and acess the internet from every browser :)

    The problem yet remains of the many programs which give a program ".exe" - Bad Image error related to a comctl32.dll file located in C:\\Windows\WinSxS\x86 region.

    Heres the DDS after the removal of the remnants of norton.


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Elizabeth at 21:39:32.63 on 28/12/2010
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.905 [GMT 0:00]

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\DllHost.exe
    C:\Users\Elizabeth\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    mDefault_Page_URL = hxxp://www.google.co.uk
    uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
    mRun: [<NO NAME>]
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
    IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
    IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\elizab~1\appdata\roaming\mozilla\firefox\profiles\c9xlec65.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - PageRage Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial
    FF - component: c:\users\elizabeth\appdata\roaming\mozilla\firefox\profiles\c9xlec65.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\users\elizabeth\appdata\roaming\mozilla\firefox\profiles\c9xlec65.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\elizabeth\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\elizabeth\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\elizabeth\appdata\roaming\mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\users\elizabeth\program files\dna\plugins\npbtdna.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    ============= SERVICES / DRIVERS ===============

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 CplIR;Embedded IR Driver;c:\windows\system32\drivers\CplIR.sys [2007-3-6 14848]
    S4 gupdate1ca35bc36b955c0;Google Update Service (gupdate1ca35bc36b955c0);c:\program files\google\update\GoogleUpdate.exe [2009-9-15 133104]
    S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-27 1153368]

    =============== Created Last 30 ================

    2010-12-26 21:13:14 -------- d-----w- C:\savw_95_sa
    2010-12-26 20:36:34 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-12-26 17:22:30 388096 ----a-r- c:\users\elizab~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-26 17:22:29 -------- d-----w- c:\program files\Trend Micro
    2010-12-26 14:28:47 -------- d-----w- c:\program files\CCleaner
    2010-12-26 03:15:43 -------- d-----w- C:\escw_95_sa
    2010-12-16 18:16:14 81920 ----a-w- c:\windows\system32\consent.exe
    2010-12-11 17:06:12 -------- d-----w- c:\windows\pss
    2010-12-11 16:48:14 -------- d-----w- c:\windows\system32\EventProviders
    2010-12-11 12:43:18 -------- d-----w- c:\users\elizab~1\appdata\roaming\Malwarebytes
    2010-12-11 12:38:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-11 12:38:50 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-11 12:38:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 12:38:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-11 09:37:54 -------- d-sh--w- C:\found.002
    2010-12-10 13:25:04 784136 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    2010-12-02 02:03:59 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

    ==================== Find3M ====================

    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

    ============= FINISH: 21:41:18.94 ===============

    Heres the Attach.txt part


    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 01/02/2009 14:33:17
    System Uptime: 28/12/2010 21:34:46 (0 hours ago)

    Motherboard: TOSHIBA | | ISRAA
    Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | U2E1 | 1600/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 56 GiB total, 4.134 GiB free.
    E: is FIXED (NTFS) - 55 GiB total, 54.564 GiB free.
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description:
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #140
    PNP Device ID: ROOT\*ISATAP\0000
    Service:

    ==== System Restore Points ===================

    RP659: 28/12/2010 15:01:17 - Windows Update
    RP660: 28/12/2010 21:41:19 - Windows Update

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.9
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    µTorrent
    BitTorrent
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    BT Broadband Desktop Help
    BT Broadband Support Tools
    BTHomeHub
    Canon MP220 series
    CCleaner
    CD/DVD Drive Acoustic Silencer
    Desktop SMS
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    DNA
    DVD MovieFactory for TOSHIBA
    Emdedded IR Driver
    Facebook Plug-In
    Google Chrome
    Google Update Helper
    GoToAssist Corporate
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ImgBurn
    Intel Matrix Storage Manager
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    IrfanView (remove only)
    iTunes
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft XML Parser
    mIRC
    Mozilla Firefox (3.6.10)
    MSVC80_x86
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    myphotobook 3.1
    Octoshape add-in for Adobe Flash Player
    Octoshape Streaming Services
    OGA Notifier 2.0.0048.0
    PC Connectivity Solution
    QuickTime
    RealPlayer
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Roxio Media Manager
    SAMSUNG CDMA Modem Driver Set
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio
    SAMSUNG SYMBIAN USB Download Driver
    SamsungConnectivityCableDriver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Skype web features
    Skype™ 4.1
    SpeedFan (remove only)
    Spotify
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    System Requirements Lab
    TeamSpeak 3 Client
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    Toshiba Online Product Information
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Utility Common Driver
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    Ventrilo Client
    VentriloMIX
    VLC media player 1.0.3
    Vuze
    Vuze Remote Toolbar
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinPcap 3.1
    WinRAR archiver
    World of Warcraft
    Xfire (remove only)

    ==== Event Viewer Messages From Past Week ========

    28/12/2010 21:42:22, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.95.2722.0).
    28/12/2010 20:58:13, Error: EventLog [6008] - The previous system shutdown at 20:56:25 on 28/12/2010 was unexpected.
    28/12/2010 14:57:33, Error: EventLog [6008] - The previous system shutdown at 12:29:03 on 28/12/2010 was unexpected.
    28/12/2010 11:48:55, Error: EventLog [6008] - The previous system shutdown at 06:05:01 on 28/12/2010 was unexpected.
    28/12/2010 00:23:01, Error: EventLog [6008] - The previous system shutdown at 00:20:45 on 28/12/2010 was unexpected.
    27/12/2010 17:56:19, Error: EventLog [6008] - The previous system shutdown at 14:14:57 on 27/12/2010 was unexpected.
    26/12/2010 12:41:24, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The operation completed successfully.
    26/12/2010 12:36:19, Error: EventLog [6008] - The previous system shutdown at 12:34:12 on 26/12/2010 was unexpected.
    26/12/2010 12:32:21, Error: EventLog [6008] - The previous system shutdown at 12:13:25 on 26/12/2010 was unexpected.
    26/12/2010 11:10:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl spldr SYMTDI Wanarpv6
    26/12/2010 11:08:15, Error: EventLog [6008] - The previous system shutdown at 05:07:33 on 26/12/2010 was unexpected.
    26/12/2010 03:19:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    26/12/2010 03:05:23, Error: EventLog [6008] - The previous system shutdown at 23:49:12 on 25/12/2010 was unexpected.
    25/12/2010 21:12:49, Error: EventLog [6008] - The previous system shutdown at 21:11:22 on 25/12/2010 was unexpected.
    25/12/2010 18:12:17, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001B9E9AB521 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    25/12/2010 18:11:24, Error: EventLog [6008] - The previous system shutdown at 18:09:04 on 25/12/2010 was unexpected.
    25/12/2010 11:12:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials - KB2267621.
    25/12/2010 11:12:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Vista Service Pack 2 (KB948465).
    25/12/2010 11:11:57, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0900.
    25/12/2010 11:04:07, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.95.2533.0).
    25/12/2010 10:59:23, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: System Update Readiness Tool for Windows Vista (KB947821) [November 2010].
    25/12/2010 10:59:23, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.95.1996.0).
    25/12/2010 04:52:07, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0a05.
    25/12/2010 02:08:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl spldr SRTSPX SYMTDI Wanarpv6
    25/12/2010 02:03:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    25/12/2010 01:59:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    25/12/2010 01:58:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    25/12/2010 01:58:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    25/12/2010 01:58:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    25/12/2010 01:58:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    25/12/2010 01:44:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SYMTDI tdx Wanarpv6
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    25/12/2010 01:44:36, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    25/12/2010 01:43:35, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
    25/12/2010 01:43:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    25/12/2010 01:43:33, Error: EventLog [6008] - The previous system shutdown at 01:40:03 on 25/12/2010 was unexpected.
    24/12/2010 17:28:36, Error: EventLog [6008] - The previous system shutdown at 01:26:25 on 24/12/2010 was unexpected.
    23/12/2010 20:51:50, Error: EventLog [6008] - The previous system shutdown at 15:25:16 on 23/12/2010 was unexpected.
    23/12/2010 15:19:01, Error: srv [2018] - The server was unable to allocate from the system paged pool because the server reached the configured limit for paged pool allocations.
    23/12/2010 15:18:01, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Terminal Services Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    23/12/2010 15:14:04, Error: Service Control Manager [7000] - The Remote Access Connection Manager service failed to start due to the following error: The pipe state is invalid.
    23/12/2010 15:13:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "230" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    23/12/2010 15:13:20, Error: EventLog [6008] - The previous system shutdown at 14:53:50 on 23/12/2010 was unexpected.
    23/12/2010 14:49:21, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.70 for the Network Card with network address 001B9E9AB521 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    23/12/2010 13:33:34, Error: EventLog [6008] - The previous system shutdown at 13:18:50 on 23/12/2010 was unexpected.
    22/12/2010 19:43:18, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    22/12/2010 19:01:44, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0900: Security Update for Windows Vista (KB2423089).
    22/12/2010 18:58:41, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2423089-3_neutral_PACKAGE from package KB2423089(Security Update) into Staged(Staged) state
    22/12/2010 18:58:41, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2423089-2_neutral_GDR from package KB2423089(Security Update) into Staged(Staged) state
    22/12/2010 18:58:41, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2423089-18_neutral_PACKAGE from package KB2423089(Security Update) into Absent(Absent) state
    22/12/2010 18:58:41, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2423089-17_neutral_PACKAGE from package KB2423089(Security Update) into Staged(Staged) state
    22/12/2010 18:58:41, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2423089-15_neutral_PACKAGE from package KB2423089(Security Update) into Staged(Staged) state
    22/12/2010 18:58:41, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2423089-13_neutral_PACKAGE from package KB2423089(Security Update) into Staged(Staged) state
    22/12/2010 18:58:41, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2423089 (Security Update) into Staged(Staged) state
    22/12/2010 18:58:41, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2423089 (Security Update) into Install Requested(Install Requested) state
    22/12/2010 18:58:28, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0900: Security Update for Windows Vista (KB2436673).
    22/12/2010 18:58:22, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0900: Update for Windows Vista (KB2388210).
    22/12/2010 18:58:22, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2436673-6_neutral_PACKAGE from package KB2436673(Security Update) into Staged(Staged) state
    22/12/2010 18:58:22, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2436673-5_neutral_GDR from package KB2436673(Security Update) into Staged(Staged) state
    22/12/2010 18:58:22, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2436673-32_neutral_PACKAGE from package KB2436673(Security Update) into Absent(Absent) state
    22/12/2010 18:58:22, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2436673-31_neutral_PACKAGE from package KB2436673(Security Update) into Absent(Absent) state
    22/12/2010 18:58:22, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2436673-30_neutral_PACKAGE from package KB2436673(Security Update) into Staged(Staged) state
    22/12/2010 18:58:22, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2436673-29_neutral_PACKAGE from package KB2436673(Security Update) into Absent(Absent) state
    22/12/2010 18:58:22, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2436673-26_neutral_PACKAGE from package KB2436673(Security Update) into Staged(Staged) state
    22/12/2010 18:58:22, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2436673-23_neutral_PACKAGE from package KB2436673(Security Update) into Staged(Staged) state
    22/12/2010 18:58:22, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2436673 (Security Update) into Staged(Staged) state
    22/12/2010 18:58:22, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2436673 (Security Update) into Install Requested(Install Requested) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-8_neutral_GDR from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-79_neutral_PACKAGE from package KB2388210(Update) into Absent(Absent) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-78_neutral_PACKAGE from package KB2388210(Update) into Absent(Absent) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-77_neutral_PACKAGE from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-74_neutral_PACKAGE from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-71_neutral_PACKAGE from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-6_neutral_GDR from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-4_neutral_GDR from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-2_neutral_GDR from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-18_neutral_PACKAGE from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-17_neutral_PACKAGE from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-16_neutral_GDR from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-14_neutral_GDR from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-12_neutral_GDR from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2388210-10_neutral_GDR from package KB2388210(Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2388210 (Update) into Staged(Staged) state
    22/12/2010 18:58:17, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2388210 (Update) into Install Requested(Install Requested) state
    22/12/2010 18:58:13, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0900: Security Update for Windows Vista (KB2305420).
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-80_neutral_PACKAGE from package KB2305420(Security Update) into Absent(Absent) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-79_neutral_PACKAGE from package KB2305420(Security Update) into Absent(Absent) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-78_neutral_PACKAGE from package KB2305420(Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-77_neutral_PACKAGE from package KB2305420(Security Update) into Absent(Absent) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-74_neutral_PACKAGE from package KB2305420(Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-71_neutral_PACKAGE from package KB2305420(Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-6_neutral_GDR from package KB2305420(Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-18_neutral_PACKAGE from package KB2305420(Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-17_neutral_PACKAGE from package KB2305420(Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-16_neutral_PACKAGE from package KB2305420(Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-15_neutral_GDR from package KB2305420(Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-13_neutral_GDR from package KB2305420(Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2305420-11_neutral_GDR from package KB2305420(Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2305420 (Security Update) into Staged(Staged) state
    22/12/2010 18:58:08, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2305420 (Security Update) into Install Requested(Install Requested) state
    22/12/2010 18:58:03, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0900: Security Update for Windows Vista (KB2296199).
    22/12/2010 18:57:58, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0900: Update for Windows Vista (KB2443685).
    22/12/2010 18:57:58, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2296199-6_neutral_PACKAGE from package KB2296199(Security Update) into Staged(Staged) state
    22/12/2010 18:57:58, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2296199-5_neutral_GDR from package KB2296199(Security Update) into Staged(Staged) state
    22/12/2010 18:57:58, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2296199-32_neutral_PACKAGE from package KB2296199(Security Update) into Absent(Absent) state
    22/12/2010 18:57:58, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2296199-31_neutral_PACKAGE from package KB2296199(Security Update) into Absent(Absent) state
    22/12/2010 18:57:58, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2296199-30_neutral_PACKAGE from package KB2296199(Security Update) into Staged(Staged) state
    22/12/2010 18:57:58, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2296199-29_neutral_PACKAGE from package KB2296199(Security Update) into Absent(Absent) state
    22/12/2010 18:57:58, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2296199-26_neutral_PACKAGE from package KB2296199(Security Update) into Staged(Staged) state
    22/12/2010 18:57:58, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2296199-23_neutral_PACKAGE from package KB2296199(Security Update) into Staged(Staged) state
    22/12/2010 18:57:58, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2296199 (Security Update) into Staged(Staged) state
    22/12/2010 18:57:58, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2296199 (Security Update) into Install Requested(Install Requested) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-291_neutral_PACKAGE from package KB2443685(Update) into Staged(Staged) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-290_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-289_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-288_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-287_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-286_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-285_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-284_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-283_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-282_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-281_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-280_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-279_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-278_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-277_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-276_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-275_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-274_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-273_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-272_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-271_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-270_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-269_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-268_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-267_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-266_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-265_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-264_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-263_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-262_neutral_PACKAGE from package KB2443685(Update) into Staged(Staged) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-261_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-260_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-259_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-258_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-257_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-256_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-255_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-254_neutral_PACKAGE from package KB2443685(Update) into Staged(Staged) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-253_neutral_GDR from package KB2443685(Update) into Staged(Staged) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-166_neutral_GDR from package KB2443685(Update) into Staged(Staged) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-1035_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-1034_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-1033_neutral_PACKAGE from package KB2443685(Update) into Staged(Staged) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-1032_neutral_PACKAGE from package KB2443685(Update) into Absent(Absent) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-1029_neutral_PACKAGE from package KB2443685(Update) into Staged(Staged) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2443685-1026_neutral_PACKAGE from package KB2443685(Update) into Staged(Staged) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2443685 (Update) into Staged(Staged) state
    22/12/2010 18:57:54, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2443685 (Update) into Install Requested(Install Requested) state
    22/12/2010 18:54:00, Error: Service Control Manager [7023] - The Windows Image Acquisition (WIA) service terminated with the following error: Windows Image Acquisition (WIA) is not a valid Win32 application.
    22/12/2010 18:54:00, Error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Remote Access Connection Manager is not a valid Win32 application.
    22/12/2010 18:54:00, Error: Service Control Manager [7000] - The TOSHIBA Bluetooth Service service failed to start due to the following error: The system cannot find the file specified.
    22/12/2010 18:54:00, Error: Service Control Manager [7000] - The Spooler service failed to start due to the following error: Access is denied.
    22/12/2010 18:54:00, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    22/12/2010 18:53:57, Error: RemoteAccess [20151] - The Control Protocol EAP in the Point to Point Protocol module C:\Windows\System32\rasppp.dll returned an error while initializing. EAP is not a valid Win32 application.
    22/12/2010 18:53:57, Error: RemoteAccess [20070] - Point to Point Protocol engine was unable to load the C:\Windows\System32\rastls.dll module. C:\Windows\System32\rastls.dll is not a valid Win32 application.
    22/12/2010 18:53:57, Error: RasMan [20063] - Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application. is not a valid Win32 application. is not a valid Win32 application. is not a valid Win32 application.
    22/12/2010 18:53:08, Error: EventLog [6008] - The previous system shutdown at 17:24:38 on 17/12/2010 was unexpected.

    ==== End Of File ===========================
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya NervousGuy,

    Ok, proceed as follows please :-

    Step 1

    Please download OTM by OldTimer.
    Alternative Mirror
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------

      :Files
      ipconfig /flushdns /c
      :Commands
      [EmptyTemp]
      [ResetHosts]
      [Purity]
      [EmptyFlash]

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Step 2

    • Re-open Malwarebytes and check for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 3

    Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type sfc /scannow > then enter. Type exit when its finished and re-boot your PC. Note the space between sfc and /scannow

    Let me see the logs from OTM and Malwarebytes in your reply. Also if step 3 found any issues?

    Kevin
     
  10. NervousGuy

    NervousGuy Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    42
    Hey Kevin,

    I installed OTM.exe and copied the command into the region under the yellow bar and hit MoveIT! but then OTM just paused for a while then closed without any further action. I tried again and the same thing happened.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Did you right click and select run as administrator?
     
  12. NervousGuy

    NervousGuy Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    42
    Yup right-clicked run as administrator. You think its worth trying it in safe mode at all ?
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OTM will run fine in safe mode, try step 3 first and run the sfc /scannow command. Then OTM, If it still wont work; try from Safe mode...
     
  14. NervousGuy

    NervousGuy Thread Starter

    Joined:
    Dec 26, 2010
    Messages:
    42
    Sure ill do sfc scannow, do you also want a malwarebytes log , or should i first run sfc then attempt OTM then if im successful, MWB?
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Yep, sfc /scannow then OTM then MWB.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/970967

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice