# Desperate: Windows Update- very serious issue



## beaglehound (Jul 15, 2003)

I'm not able to download and install important/critical Windows updates at this time because my computer appears that it is not able to search for updates any longer. [I'm using Vista] 
I have Windows Updates set to Automatic [everyday at 9:00AM]

How it responded before:

Whenever WU checked for updates I would get a message [with a green shield logo of some sort] telling me if all was well and there were no important updates to install or if there were important updates to download and install.

Current response:

Everyday I get a message box with a yellow shield and exclamation mark in it. The message itself says:
"Always install the latest updates to enhance your computer's security and performance."

I press the 'Check for updates' button and it starts to check. When it appears to be finished I get the same message box as if nothing has happened. I get the same message each time.

Recently I've been getting a new message box with a red shield saying it could not check for updates due to error #80070426

What I've done so far:

- I've done a search to resolve this including using Microsoft's "Fix it" little program. It did not help. 
- I've tried to stop and start the Software Licensing Service on Local Computer. It would not stop because of error message 1053.
- I tried to fix error message 1053 but so far I cannot. If this could be fixed I would deal #80070426
- I tried a system restore but the latest I can go back is December 09

My last Windows Update was December 07/11

Is there a program out there that will fix my Windows Update program? 
Is there a way of installing a new Windows Update program and getting rid of the old that appears corrupted?

I'm very concerned right now because I'm not able to search for let alone install important updates. Your help would be most appreciated.

Beagle


----------



## Phantom010 (Mar 9, 2009)

*How to Reset Windows Update Ccomponents*


----------



## beaglehound (Jul 15, 2003)

Phantom~

Thanks,but I tried that site. I even downloaded the Microsoft Fix it tool. It fixed one thing. The other things it checked it did not fix.


----------



## Phantom010 (Mar 9, 2009)

Error 80070426 means the service has not been started.

Press the Windows key + R to open a Run box.

Type *services.msc*

Click OK.

Is the *Windows Update* service both *Started* and *Automatic*?


----------



## beaglehound (Jul 15, 2003)

Phantom~

Licensing Service is in Automatic and it is started.


----------



## Phantom010 (Mar 9, 2009)

Are the *Remote Procedure Call (RPC)* and *DCOM Server Process Launcher* services *Started* and *Automatic*? They are both dependencies.


----------



## beaglehound (Jul 15, 2003)

Phantom~

I activated both of those other services as well. No change yet.

I tried the MIcrosoft Fix It program again and it says:

"Change Windows Update location to Windows Default Settings"

How do I do this?


----------



## Phantom010 (Mar 9, 2009)

Windows updates are saved to C:\Windows\SoftwareDistribution. Not sure how to change that.


----------



## beaglehound (Jul 15, 2003)

I'm not using Windows XP. I'm using Vista. That fix appears to be for XP


----------



## beaglehound (Jul 15, 2003)

Thanks for your efforts Phantom. Much appreciated. I'll continue researching. Please let me know if you find out how I can relocate Windows Updates to "Windows Default Settings"


----------



## Phantom010 (Mar 9, 2009)

I have deleted the Fix a few minutes ago. I've read the manual fixes and they won't do any good. And, they were for XP, Vista and 7.


----------



## Phantom010 (Mar 9, 2009)

By the way, you do have sufficient drive space in your *%SystemRoot% *folder for Windows Update? I think you need at least 15 GB of available space for Vista.


----------



## Snagglegaster (Sep 12, 2006)

beaglehound said:


> Everyday I get a message box with a yellow shield and exclamation mark in it. The message itself says:
> "Always install the latest updates to enhance your computer's security and performance."
> Beagle


The message isn't Microsoft's syntax for any function of Windows Update, so I think that puts malware at the head of the likely suspects list. And I would start looking for a cure based on that assumption.

But Microsoft also says that this the 8190478 error can happen if the Licensing Service isn't running, and suggest that in the Services snap-in the service should be set to automatic and either manually started, or stopped and restarted if it already shows to be running. Since that didn't work, and since you've already tried the MS FixIt tool, I would download and run the System Update Readiness Tool. If things still aren't right, try running System File Checker. That might fix some of the other errors you're seeing. But, I'd still start with the assumption that you have an infection.


----------



## beaglehound (Jul 15, 2003)

I used file checker and there were some corrupted files that it could not fix. I tried using the command to see the files that were corrupted but it would not recognize the command.

I've run a thorough scan for malware/virus using to reliable programs.....nothing.

I'm at a loss to understand why the Software Licensing service keeps stopping. I don't know how I can fix the corrupted files if I can't see them.


----------



## 1SillyBilly (Jul 3, 2008)

I had a problem getting updates for XP. I contacted MS Support via e-mail and worked with a representative to resolve the problem. Part of my Registry was missing. There was no charge for the Update problem.

Go to this link and click on the Updates . . . You will notice that there is no charge for the service. Fill in the box to state your problem.

http://support.microsoft.com/ph/6527


----------



## Snagglegaster (Sep 12, 2006)

beaglehound said:


> I used file checker and there were some corrupted files that it could not fix. I tried using the command to see the files that were corrupted but it would not recognize the command.
> 
> I've run a thorough scan for malware/virus using to reliable programs.....nothing.
> 
> I'm at a loss to understand why the Software Licensing service keeps stopping. I don't know how I can fix the corrupted files if I can't see them.


Details on the scans you ran would be useful, but the symptoms you describe are consistent with malware infections that your tools aren't removing. I'd report the thread and ask that it be moved.


----------



## dvk01 (Dec 14, 2002)

Run the fixit on http://support.microsoft.com/kb/971058 Run it in agressive mode & let us know if Windows update works then 
if it doesn't work, then do this

follow advice *here* and post the logs those programs make


----------



## beaglehound (Jul 15, 2003)

*dvk01~*

*Microsoft's Fixit tool did not fix the problem. Here are the logs you requested:*

........................................................................................................................
*Logfile of Trend Micro HijackThis v2.0.4*
Scan saved at 4:47:23 PM, on 24/12/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\dyng\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dyng\Desktop\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\dyng\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate1c98610cc9ff2f8) (gupdate1c98610cc9ff2f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ZipToA - Unknown owner - C:\Windows\system32\ZipToA.exe (file missing)

End of file - 5934 bytes

.........................................................................................................................

.
*DDS (Ver_2011-08-26.01) - NTFSx86 *
Internet Explorer: 9.0.8112.16421
Run by dyng at 16:50:42 on 2011-12-24
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.2.1033.18.1013.144 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\dyng\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dyng\Desktop\Desktop\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
uSearch Bar = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
mStart Page = hxxp://www.shoptoshiba.ca/welcome
mDefault_Page_URL = hxxp://www.shoptoshiba.ca/welcome
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
uRun: [Google Update] "c:\users\dyng\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [TOSHIBA Volume Indicator] "c:\program files\toshiba\utilities\VolControl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: softpedia.com\www
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.207.0.168 64.178.142.11
TCP: Interfaces\{EB69505E-D30C-40B4-A66D-8DDC9493DA4A} : DhcpNameServer = 24.207.0.168 64.178.142.11
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-2-19 41864]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-30 64512]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20111221.003\BHDrvx86.sys [2011-12-21 819320]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20111223.001\IDSvix86.sys [2011-12-23 368248]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-2-19 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-2-19 81288]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-2 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys [2011-5-2 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-14 106104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c98610cc9ff2f8;Google Update Service (gupdate1c98610cc9ff2f8);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 sdAuxService;PC Tools Auxiliary Service; [x]
S2 sdCoreService;PC Tools Security Service; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 IO_Memory;Access Io_Memory Driver;c:\windows\system32\drivers\IO_Memory.sys [2006-12-11 5888]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-24 20:44:18	--------	d-----w-	c:\users\dyng\appdata\local\Symantec
2011-12-23 18:08:55	--------	d-----w-	c:\windows\SDold
2011-12-23 18:07:53	--------	d-----w-	C:\wutemp
2011-12-23 18:07:53	--------	d-----w-	c:\users\dyng\appdata\local\temp
2011-12-23 18:07:23	--------	d-----w-	C:\wuoldvin5
2011-12-21 00:41:31	--------	d-----w-	c:\windows\system32\catroot2(31)
2011-12-19 18:30:29	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-12-19 18:30:29	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-12-18 23:10:16	--------	d-----w-	c:\programdata\ErrorEND
2011-12-15 08:16:16	--------	d-----w-	c:\users\dyng\appdata\local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2011-10-23 23:42:22	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 16:52:20.91 ===============

.......................................................................................................................................
.
*DDS (Ver_2011-08-26.01)*
.
Microsoft® Windows Vista Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 11/03/2007 6:36:09 PM
System Uptime: 24/12/2011 3:07:03 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Satellite P100
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U2E1 | 800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 58.81 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 9.925 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
A1Click Ultra PC Cleaner 1.01 (Registered Version)
Acrobat.com
Adobe Reader 9.4.6
Apple Software Update
CCleaner
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Conexant HD Audio
DVD MovieFactory for TOSHIBA
FirstClass® Client
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java(TM) SE Runtime Environment 6
Junk Mail filter update
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Platform Installer 2.0
Microsoft XML Parser
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
POP Peeper
RegVac Registry Cleaner 5.02 (Registered Version)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Soft Data Fax Modem with SmartCP
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Volume Indicator
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Mail
Windows Media Player Firefox Plugin
WinDVD for TOSHIBA

.
==== Event Viewer Messages From Past Week ========
.
24/12/2011 3:17:28 PM, Error: Service Control Manager [7023] - 
24/12/2011 3:16:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XAudioService service to connect.
24/12/2011 3:16:13 PM, Error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/12/2011 3:16:13 PM, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The system cannot find the path specified.
24/12/2011 3:16:13 PM, Error: Service Control Manager [7000] - The PC Tools Auxiliary Service service failed to start due to the following error: The system cannot find the path specified.
24/12/2011 3:16:13 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/12/2011 12:38:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Internet Security service to connect.
24/12/2011 12:38:48 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/12/2011 12:01:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
23/12/2011 11:42:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
23/12/2011 11:42:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
23/12/2011 11:42:59 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/12/2011 11:42:59 AM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/12/2011 10:10:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
22/12/2011 10:10:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.
22/12/2011 10:10:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
22/12/2011 10:10:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
21/12/2011 8:11:06 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 8:07:00 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 8:02:51 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 7:58:46 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 7:54:32 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 7:50:21 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 7:46:11 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 7:42:20 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 7:38:13 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 7:31:45 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 7:27:55 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/12/2011 3:45:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
21/12/2011 3:44:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
21/12/2011 3:38:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
21/12/2011 1:23:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
21/12/2011 1:23:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
21/12/2011 1:23:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
21/12/2011 1:23:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
21/12/2011 1:22:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
21/12/2011 1:22:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
21/12/2011 1:22:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
21/12/2011 1:20:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/12/2011 1:20:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
21/12/2011 1:19:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/12/2011 1:19:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
21/12/2011 1:19:13 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
21/12/2011 1:19:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
20/12/2011 6:19:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
20/12/2011 6:19:57 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/12/2011 3:15:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Licensing service to connect.
20/12/2011 3:15:08 AM, Error: Service Control Manager [7000] - The Software Licensing service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/12/2011 6:25:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Hotfix for Windows (KB947821).
19/12/2011 6:25:04 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
18/12/2011 4:34:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the slsvc service.
17/12/2011 9:55:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

...................................................................................................................................

*GMER 1.0.15.15641 - http://www.gmer.net*
Rootkit scan 2011-12-24 18:34:36
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1234GSX rev.AH001M
Running: bn8291d0.exe; Driver: C:\Users\dyng\AppData\Local\Temp\pwtdapod.sys

---- System - GMER 1.0.15 ----

SSDT 8647B280 ZwAlertResumeThread
SSDT 85D73798 ZwAlertThread
SSDT 85D86008 ZwAllocateVirtualMemory
SSDT 8DC86DA0 ZwAlpcConnectPort
SSDT 8DE6AFD0 ZwAssignProcessToJobObject
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0x8DA0B7A6]
SSDT 8DDC5F80 ZwCreateMutant
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0x8DA08794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0x8DA08F1E]
SSDT 8DDBE008 ZwCreateSymbolicLinkObject
SSDT 865823A8 ZwCreateThread
SSDT 8DF9EDC8 ZwDebugActiveProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0x8DA0C1F0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0x8DA0C42A]
SSDT 862D2360 ZwDuplicateObject
SSDT 8660B5E8 ZwFreeVirtualMemory
SSDT 8647B0C0 ZwImpersonateAnonymousToken
SSDT 8647B1A0 ZwImpersonateThread
SSDT 8DC86D28 ZwLoadDriver
SSDT 8660B508 ZwMapViewOfSection
SSDT 8DDC5EC0 ZwOpenEvent
SSDT 86486470 ZwOpenProcess
SSDT 86486368 ZwOpenProcessToken
SSDT 8DF9EFD0 ZwOpenSection
SSDT 864863A0 ZwOpenThread
SSDT 8DE6AEE0 ZwProtectVirtualMemory
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0x8DA0D12A]
SSDT 85D73878 ZwResumeThread
SSDT 8652B120 ZwSetContextThread
SSDT 8652B200 ZwSetInformationProcess
SSDT 8DF9EEA8 ZwSetSystemInformation
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0x8DA0C83C]
SSDT 8DDC5DE0 ZwSuspendProcess
SSDT 85D73958 ZwSuspendThread
SSDT 86582488 ZwTerminateProcess
SSDT 8652B040 ZwTerminateThread
SSDT 8652B008 ZwUnmapViewOfSection
SSDT 85D86120 ZwWriteVirtualMemory
SSDT 8DE6ADE0 ZwCreateThreadEx
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateUserProcess [0x8DA096B6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 30D 828A0904 8 Bytes [80, B2, 47, 86, 98, 37, D7, ...]
.text ntoskrnl.exe!KeInsertQueue + 321 828A0918 4 Bytes [08, 60, D8, 85]
.text ntoskrnl.exe!KeInsertQueue + 32D 828A0924 4 Bytes [A0, 6D, C8, 8D]
.text ntoskrnl.exe!KeInsertQueue + 381 828A0978 4 Bytes [D0, AF, E6, 8D]
.text ntoskrnl.exe!KeInsertQueue + 3D9 828A09D0 4 Bytes [A6, B7, A0, 8D]
.text ... 
? C:\Users\dyng\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtCreateFile + 6 76E4422A 4 Bytes [28, 00, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtCreateFile + B 76E4422F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtMapViewOfSection + 6 76E4497A 1 Byte [28]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtMapViewOfSection + 6 76E4497A 4 Bytes [28, 03, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtMapViewOfSection + B 76E4497F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenFile + 6 76E44A0A 4 Bytes [68, 00, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenFile + B 76E44A0F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcess + 6 76E44A8A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcess + B 76E44A8F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcessToken + 6 76E44A9A 4 Bytes CALL 75E460A0 
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcessToken + B 76E44A9F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcessTokenEx + 6 76E44AAA 4 Bytes [A8, 02, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenProcessTokenEx + B 76E44AAF 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThread + 6 76E44AFA 4 Bytes [68, 01, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThread + B 76E44AFF 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThreadToken + 6 76E44B0A 4 Bytes [68, 02, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThreadToken + B 76E44B0F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThreadTokenEx + 6 76E44B1A 4 Bytes CALL 75E46121 
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtOpenThreadTokenEx + B 76E44B1F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtQueryAttributesFile + 6 76E44BAA 4 Bytes [A8, 00, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtQueryAttributesFile + B 76E44BAF 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtQueryFullAttributesFile + 6 76E44C5A 4 Bytes CALL 75E4625F 
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtQueryFullAttributesFile + B 76E44C5F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtSetInformationFile + 6 76E4513A 4 Bytes [28, 01, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtSetInformationFile + B 76E4513F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtSetInformationThread + 6 76E4518A 4 Bytes [28, 02, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtSetInformationThread + B 76E4518F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtUnmapViewOfSection + 6 76E4542A 1 Byte [68]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtUnmapViewOfSection + 6 76E4542A 4 Bytes [68, 03, 16, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] ntdll.dll!NtUnmapViewOfSection + B 76E4542F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtCreateFile + 6 76E4422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtCreateFile + B 76E4422F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtMapViewOfSection + 6 76E4497A 1 Byte [28]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtMapViewOfSection + 6 76E4497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtMapViewOfSection + B 76E4497F 1 Byte [E2]
.text  C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenFile + 6 76E44A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenFile + B 76E44A0F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcess + 6 76E44A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcess + B 76E44A8F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessToken + 6 76E44A9A 4 Bytes CALL 75E450A0 
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessToken + B 76E44A9F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessTokenEx + 6 76E44AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessTokenEx + B 76E44AAF 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThread + 6 76E44AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThread + B 76E44AFF 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadToken + 6 76E44B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadToken + B 76E44B0F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadTokenEx + 6 76E44B1A 4 Bytes CALL 75E45121 
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadTokenEx + B 76E44B1F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryAttributesFile + 6 76E44BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryAttributesFile + B 76E44BAF 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryFullAttributesFile + 6 76E44C5A 4 Bytes CALL 75E4525F 
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryFullAttributesFile + B 76E44C5F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationFile + 6 76E4513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationFile + B 76E4513F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationThread + 6 76E4518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationThread + B 76E4518F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtUnmapViewOfSection + 6 76E4542A 1 Byte [68]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtUnmapViewOfSection + 6 76E4542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtUnmapViewOfSection + B 76E4542F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtCreateFile + 6 76E4422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtCreateFile + B 76E4422F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtMapViewOfSection + 6 76E4497A 1 Byte [28]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtMapViewOfSection + 6 76E4497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtMapViewOfSection + B 76E4497F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenFile + 6 76E44A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenFile + B 76E44A0F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcess + 6 76E44A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcess + B 76E44A8F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessToken + 6 76E44A9A 4 Bytes CALL 75E450A0 C:\Windows\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessToken + B 76E44A9F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessTokenEx + 6 76E44AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessTokenEx + B 76E44AAF 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThread + 6 76E44AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThread + B 76E44AFF 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadToken + 6 76E44B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadToken + B 76E44B0F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadTokenEx + 6 76E44B1A 4 Bytes CALL 75E45121 C:\Windows\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadTokenEx + B 76E44B1F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryAttributesFile + 6 76E44BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryAttributesFile + B 76E44BAF 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryFullAttributesFile + 6 76E44C5A 4 Bytes CALL 75E4525F C:\Windows\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryFullAttributesFile + B 76E44C5F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationFile + 6 76E4513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationFile + B 76E4513F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationThread + 6 76E4518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationThread + B 76E4518F 1 Byte [E2]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtUnmapViewOfSection + 6 76E4542A 1 Byte [68]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtUnmapViewOfSection + 6 76E4542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtUnmapViewOfSection + B 76E4542F 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[2496] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3404] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\dyng\AppData\Local\Google\Chrome\Application\chrome.exe[3464] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


----------



## dvk01 (Dec 14, 2002)

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​* Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.  *

Download ComboFix from *Here* or * Here*to your Desktop.
*As you download it rename it to username123.exe*

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *renamed combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *

Please tell us if it has cured the problems or if there are any outstanding issues


----------



## beaglehound (Jul 15, 2003)

dvk01~

Below you will find the ComboFix.txt log report since Combo did not solve my problem. When checking for Windows updates I continue to see the Error#80070426 message which does not allow Windows Updates to check for updates.

A question: what was the purpose in renaming "ComboFix" to "username123.exe on my desktop with the log file was being saved under "ComboFix.txt"? I did as requested but I don't understand why it had to be done.

Anyways, here's the ComboFix.text info:

ComboFix 11-12-24.10 - dyng 25/12/2011 10:21:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.270 [GMT -8:00]
Running from: c:\users\dyng\Desktop\Desktop\username123.exe.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\username123.exe
c:\username123.exe\PEV.exe
c:\username123.exe\snapshot.00.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 18:35 . 2011-12-25 18:35	--------	d-----w-	c:\users\dyng\AppData\Local\temp
2011-12-25 18:35 . 2011-12-25 18:35	--------	d-----w-	c:\users\Lyng\AppData\Local\temp
2011-12-25 18:35 . 2011-12-25 18:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-25 07:48 . 2011-12-25 07:54	--------	d-----w-	c:\windows\system32\catroot2
2011-12-24 20:44 . 2011-12-24 20:44	--------	d-----w-	c:\users\dyng\AppData\Local\Symantec
2011-12-23 18:08 . 2011-12-23 18:28	--------	d-----w-	c:\windows\SDold
2011-12-23 18:07 . 2011-12-23 18:07	--------	d-----w-	C:\wutemp
2011-12-23 18:07 . 2011-12-23 18:07	--------	d-----w-	C:\wuoldvin5
2011-12-19 18:30 . 2011-12-21 00:57	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-12-19 18:30 . 2011-12-19 18:30	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-12-18 23:10 . 2011-12-18 23:10	--------	d-----w-	c:\programdata\ErrorEND
2011-12-15 08:16 . 2011-12-15 08:16	--------	d-----w-	c:\users\dyng\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 23:42 . 2011-06-16 13:21	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2011-11-16 1613824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-12 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FinishSetup.lnk]
backup=c:\windows\pss\FinishSetup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^dyng^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RegVac.lnk]
path=c:\users\dyng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegVac.lnk
backup=c:\windows\pss\RegVac.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-12-12 01:27	530552	----a-w-	c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 06:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98610cc9ff2f8;Google Update Service (gupdate1c98610cc9ff2f8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R2 sdAuxService;PC Tools Auxiliary Service; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R3 IO_Memory;Access Io_Memory Driver;c:\windows\system32\drivers\IO_Memory.sys [2006-08-23 5888]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [2011-11-15 819320]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111223.001\IDSvix86.sys [2011-12-20 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-15 106104]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:04]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:04]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3446574824-807475258-896315373-1000Core.job
- c:\users\dyng\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-18 20:17]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3446574824-807475258-896315373-1000UA.job
- c:\users\dyng\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-18 20:17]
.
2011-12-12 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - dyng.job
- c:\program files\Norton Internet Security\Engine\18.6.0.29\navw32.exe [2011-05-02 00:28]
.
2011-12-25 c:\windows\Tasks\User_Feed_Synchronization-{833B2F64-55BF-457D-A020-D2B17B5EE2A8}.job
- c:\windows\system32\msfeedssync.exe [2011-12-07 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.shoptoshiba.ca/welcome
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: softpedia.com\www
TCP: DhcpNameServer = 24.207.0.168 64.178.142.11
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-25 10:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-25 10:39:25
ComboFix-quarantined-files.txt 2011-12-25 18:39
.
Pre-Run: 62,114,758,656 bytes free
Post-Run: 62,552,109,056 bytes free
.
- - End Of File - - 73D6A5716119C90218FD587DAF314EA4


----------



## dvk01 (Dec 14, 2002)

I have done a lot of research on this over the last few days and everything, I can find, effectively tells me that this is unfixable without a complete reinstall of windows
It is all to do with a corruption of the software licencing service and we can't even do a reinstall of SP2 because that needs the software licencing service to run to do it.

All you can try is go to start/run & type
SFC /scannow < press enter>

that might replace any corrupt files, but I doubt it & you are looking at a reinstall


----------



## dvk01 (Dec 14, 2002)

you can try this, which has a slight chance of fixing it 
http://support.microsoft.com/kb/947821


----------



## beaglehound (Jul 15, 2003)

Unfortunately I've already tried KB947821
Your suspicions about scannow are correct. I've tried sfc three times and each time it tells me it was unable to fix certain corrupted files. Unfortunately it doesn't tell me which ones are corrupted. There is a way to access that info. I tried it using the command prompt but I could not get in. It also tells me where the log file is that provides the details. Can't locate it for some reason. Maybe it's because of my limited knowledge.

If a reinstall is what is needed then I don't have much choice. I've backed everything up I require. 

The laptop I have is a Toshiba Satellite P100. It came with a set of 4 recovery disks. I'm assuming those disks are for a complete reinstall of Windows. I've checked the site but can't confirm that. I'll continue looking.

Thank you dvk01 for your interest and serious efforts in trying to help me resolve this. Your time has been very much appreciated. 

At the present time my computer is fully functional- but eventually it won't be unless I get the required Windows Update security updates installed.

Beaglehound


----------



## dvk01 (Dec 14, 2002)

yes the 4 discs will fully restore windows to factory settings and cure this


----------



## beaglehound (Jul 15, 2003)

Many thanks to all who tried to help. Special thanks to *1SillyBilly* for Microsoft's link and his suggestion that I ask for their help. Their free phone support was excellent and the problem has been fixed. They sent an upgrade repair disc at no charge and helped me install it. It was not a malware/virus issue but simply corrupted files that could not be repaired.

I did not have to do a total reformatting of my system but fortunately I had the important data stuff backed up. I'll need to reinstall my programs as well. Thanks again everyone.


----------



## dvk01 (Dec 14, 2002)

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then * RUN*
* Now type *Combofix /Uninstall * in the runbox and click *OK*. Note the *space *between the *X* and the */U*, it needs to be there.









This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here* http://www.thespykiller.co.uk/index.php?page=3 *for info on how to tighten your security settings and how to help prevent future attacks.

and scan here* http://secunia.com/vulnerability_scanning/online/* for out of date & vulnerable common applications on your computer and update whatever it suggests


----------



## beaglehound (Jul 15, 2003)

dvk01~

Please tell me why you have posted the above. 

My problem has been resolved.


----------



## dvk01 (Dec 14, 2002)

It might well have been solved but unless you fully reinstalled windows & it doesn't appear that you did. This will uninstall combofix that we used to attempt an earlier fix 
It is unwise to leave combofix or any other tools on the computer


----------



## beaglehound (Jul 15, 2003)

I see. According to Microscoft, using the repair disc they sent, will wipe out any and all programs previously installed: eg- Norton's AV, Microsoft Office, etc. etc. What it will not touch are things like my documents and pictures. Unfortunately, and mysteriously it took those out too but that's okay because I'd backed them up previously.

I checked my control panel and the only programs that are there now are the programs I reinstalled after solving the problem. There is no combofix. I do appreciate your concern. Thanks very much.


----------

