We help IT Professionals succeed at work.

Update error

708 Views
Last Modified: 2013-12-01
I am running a 4 month old Toshiba Satellite A135-s4467 and Vista Home Premium - every now and then I get an icon that shows up in my task bar every so often. It has no pattern of when it show up and all I have found about this program swupdate.exe that is run when I double click on the icon is that it gives me an error msg and does no updating. I only have Zone Alarm anti virus software. It speaks on the internet of an anti-virus update file that is harmless. The problem is that it wants to update and when I run it the error message appears and nothing happens so how do I get this to stop trying to run automatically?

Comment
Watch Question

CERTIFIED EXPERT

Commented:
Hi djkaraok, do you have Sophos Av installed?
According to Sophos this is a service that auto updates it's components.
So if you click oni the icon may explain why nothing happens.
It is an auto updater.
http://searchtasks.answersthatwork.com/tasklist.php?File=SWUpdate
http://www.hijackfree.com/en/processdetails/?id=757
If Zone alarm does not report it as threat that's a good sign too.

Thank you for being computer wise.
 It pays to know your task manager and all the running  programs.
Whenever you see something running with a .exe   open your taskmanager and check the running programs.
Delete your IE files history.everyday.
 run regular scans with your up to date AV and also run regular scans with hijackthis. Or personal spyware scanner.
Here is hijackthis with its own personal logfile analyzer, its good but consider having a second opinion from the experts garrantees a secure system.
Our expert zone  on viruses is Security .
https://www.experts-exchange.com/Security/Misc/
 just  ask a new question in this zone and send your hijackthis log to them.

Hijackthis, the download is located at the top right.
http://www.hijackthis.de/
The application comes in an archive and you will have to extract and save it in a permanent folder such as C:\HJT.
2. Run the program and click the "Do a system scan and save a log file" button.
3. Locate the file called hijackthis.log in the same folder where you saved the application and copy/paste its contents onto >>http://www.hijackthis.de/ 
hit analyse
takes you over to the page that shows your analysed log.
Re-run hijackthis and fix.
Best Wishes
Merete

Author

Commented:
Hi djkaraok, do you have Sophos Av installed?

I do not have it installed to my knowledge -

Author

Commented:
Ok I do not have Sophos AV installed as I cannot see it in the programs installed list. Since I bought the computer new and have not added Sophos to the system I am faily confident that it is not installed.

I tried the hijackthis and it gave me an error msg and showed me some files but I could not find a log file to take to the web site. Also are you sure that the program works on Vista Premium?

Again I have a little silver disk on my task bar and when I place my mouse over it, it says "there are new software updates available from Toshiba" - When I double click on the icon it pops up and ask me if I will allow a program "swupdate.exe" to run. If I cancel and don't allow then at some later undetermined date and time it will appear again. When I allow it comes back with an error message and does nothing.
CERTIFIED EXPERT

Commented:
Thanks one down..
yes hijackthis runs on Vista, when you open it it offers to do a system scan and save a log, once its run the log opens hold that open the hijackthis page
http://www.hijackthis.de/

then go to file in the log still open and edit> select all > then edit copy> paste into the hijackthis panel provided on the page>submit wait a sec and then the page turns scroll down

are you in the administrator account?
Try loging into the admin account.
CERTIFIED EXPERT

Commented:
your welcome to post the hijackthis log here

SWUPDATE.EXE indicates software update,
http://pcpitstop.com/spycheck/SWList.asp?pg=70&st=0

Taking a look to see if others have this problem..
to confirm it is highly probable spyware
False positive: Sophos Anti-Virus
http://www.pcreview.co.uk/forums/thread-1709348.php

Author

Commented:
When I run hijackthis I get this error message "For some reason your system denied write access to the Host file. If any hijacked domains are in this file, hijackthis might not be able to fix this.

If that happens you need to edit the file yourself. To do this............."

Then when I close the message screen I get a 2nd screen that says "An unexpected error has occurred at procedure:

modMain_CheckOther1Item()
error #75 Path/File access error..............."

Then it showed me a screen "Below are the results of the scan....."


I get a window with check boxes to select. There are buttons on the bottom of the screen that say "Scan & Fix Stuff" "scan" "fixed checked" and "info on selected item" those are all buttons on the bottom left hand side of the screen. On the bottom right hand side it says "Other Stuff" with buttons that say "Info", "Config", Add checked to ignore list"

There is no menu bar at the top to edit, select all or,  copy etc.

Sorry but I cannot do what you ask - either the errors while running hijackthis are preventing me from seeing what you are stating or there is some other explanation.

By the way it did ask me to do a system scan and save a log and that was what I selected to eliminate another question.

Thanks

lol

CERTIFIED EXPERT

Commented:
Hi, obviosuly there is something going on here, pity its Vista all this UAC security it is a pain.
To eliminate the possibility of malware a scan is the only solution.
Did you try hijackthis is  safemode?
administrator account?
 I posted all the steps and hit submit and the internet dies leaving nothing of what I written yegads.

Here is the short version :)
this error
For some reason your system denied write access to the Hosts file.
If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click start, run and type notepad
"C:\Windows\system32\drivers\etc\hosts"

and press enter, find the line(s) HJT reports and delete them.
Save the file as "hosts." (with quotes), and reboot

By default, if you try to modify your hosts file in Vista, it will not let you save it.  It tells you that you don't have permission.  To successfully modify the hosts file, run notepad.exe as an administrator and open the file.

1)  Browse to Start -> All Programs -> Accessories
2)  Right click "Notepad" and select "Run as administrator"
3)  Click "Continue" on the UAC prompt
4)  Click File -> Open
5)  Browse to "C:\Windows\System32\Drivers\etc"
6)  Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)" but not to always use it
7)  Select "hosts" and click "Open"
Delete any lines belwo the default
8)  Make the needed changes and close Notepad.  Save when prompted.

 Sample Vista Host file
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost
--------------------->>>>>>
Anything added here should not be here
-----------------------------------------------

HouseCall is a FREE Web-based tool designed to scan your PC for a wide range of Internet security threats including viruses, worms, Trojans, and spyware. It also detects system vulnerabilities and provides a link so you can easily download missing security patches. After each scan, HouseCall delivers a detailed report, which identifies security threats detected on your computer.
http://www.trendsecure.com/security_solutions/housecall_free_scan.php

We'll take it from there
Good Luck
Merete
Try running \HJT as Administrator - right click, slect "run as Administrator".
HJT in safe mode won't be very helpful.

Author

Commented:
I tried to get the host file but cannot find it where you said. I ran notepad as administrator and can find the drivers folder but inside I cannot find the "host" file. There are a lot of files but they go from gmreadme.txt to hdaudbus.sys thru http.sys but no host file is listed?

Author

Commented:
I went to the http://www.trendsecure.com/security_solutions/housecall_free_scan.php and ran the scan. It took over 1 hour. The results - 0 virus found - 0 spyware detected - 0 vulernabilities detected.

I have on my task bar the silver disc "there are new software upgrades available from Toshiba" it just shows up - read original post

Author

Commented:
I extracted the hijackthis file and ran it as administrator and it created the following log:

Logfile of HijackThis v1.99.1
Scan saved at 2:12:33 PM, on 12/30/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Program Files\UltimateBuddy\UltimateBuddy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\djkaraok\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program

Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03

\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program

Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program

Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common

Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media

Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common

Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program

Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe

/autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common

Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\microsoft shared\Works

Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program

Files\Adobe\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4

\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}

- C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -

file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a}

- file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program

Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} -

C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Program

Files\WebSnapshot\WebSnapshot.dll (HKCU)
O9 - Extra 'Tools' menuitem: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} -

C:\Program Files\WebSnapshot\WebSnapshot.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -

http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) -

http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1

\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program

Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1

\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program

Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems -

C:\Windows\system32\agrsmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

C:\Windows\system32\brsvc01a.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program

Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %

windir%\system32\svchost.exe (file missing)
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-

194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -

Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common

Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common

Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common

Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%

\system32\svchost.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common

Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common

Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner -

%windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common

Files\SureThing Shared\stllssvr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation -

C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program

Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner -

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. -

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies

LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) -

Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

-------------------------------------------------------------------------------------------------------------------------------------------

P.S. The difference in hijackthis working this time vs the first time that did not work is - I ran the hijackthis.exe from within the zip file ---- the second time I extracted hijackthis.exe to the desktop and ran the program and it worked. I am also going to try to post the log to the hijackthis site and see what it says.

Author

Commented:
This is the analysis by hijackthis - not sure what is important or what is not and certainly not sure how to fix the issues that it found.

    Logfile of HijackThis v1.99.1  
 This should be the newest version.  
  Platform: Unknown Windows (WinNT 6.00.1904)  
 
  MSIE: Internet Explorer v7.00 (7.00.6000.16575)  
 This should be the newest version.  
   C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe  
Neutral Fuzzy Algorithmcheck (3.77 / 5.00), Safe
   C:\Windows\system32\taskeng.exe  
Very safe
This entry was classified from our visitors as good.
   C:\Windows\system32\Dwm.exe  
Very safe
This entry was classified from our visitors as good.
   C:\Windows\Explorer.EXE  
Very safe
Systemprozess für Desktop und Taskleiste.
   C:\Windows\System32\igfxtray.exe  
Neutral
 
   C:\Windows\System32\hkcmd.exe  
Neutral
 
   C:\Windows\System32\igfxpers.exe  
 
NVidia Graphics related
   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe  
Safe
 
   C:\Program Files\Windows Defender\MSASCui.exe  
Very safe
This entry was classified from our visitors as good.
   C:\Program Files\Synaptics\SynTP\SynToshiba.exe  
 Fuzzy Algorithmcheck (4.22 / 5.00), Safe
   C:\Windows\RtHDVCpl.exe  
Safe
This entry was classified from our visitors as good.
   C:\Program Files\ltmoh\ltmoh.exe  
 
Modem On Hold utility
   C:\Program Files\Toshiba\SmoothView\SmoothView.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\toshiba\toshiba zoom.*\! Check if you know this process and arrange a viruscheck where required. Part of a Toshiba-Tool
   C:\Program Files\Toshiba\FlashCards\TCrdMain.exe  
 Fuzzy Algorithmcheck (4.01 / 5.00), Safe
   C:\Program Files\Toshiba\ConfigFree\NDSTray.exe  
 
 
   C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe  
Safe
Google Desktop Search
   C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe  
Safe
Java Runtime
   C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe  
Very safe
Acronis True Image
   C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe  
Very safe
This entry was classified from our visitors as good.
   C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe  
Safe
Acronis TrueImage - Task Scheduler
   C:\Program Files\Roxio\Media Experience\DMXLauncher.exe  
Safe Fuzzy Algorithmcheck (4.19 / 5.00), Safe
   C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe  
Very safe
Possibly nasty! According to our database this process runs normally in c:\programme\roxio\easy cd creator 6\dragtodisc\! Check if you know this process and arrange a viruscheck where required. Roxio Easy CD Creator DragToDisc
   C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe  
 
Logitech Web Cam
   C:\Program Files\Logitech\QuickCam\Quickcam.exe  
Very safe Fuzzy Algorithmcheck (4.25 / 5.00), Safe
   C:\Program Files\Microsoft IntelliPoint\ipoint.exe  
Very safe
Microsoft IntelliPoint
   C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe  
Very safe
Brother related software
   C:\Program Files\Brother\ControlCenter3\brccMCtl.exe  
Safe Fuzzy Algorithmcheck (4.26 / 5.00), Safe
   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe  
 Fuzzy Algorithmcheck (4.26 / 5.00), Safe
   C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe  
Very safe
 
   C:\Program Files\Windows Media Player\wmpnscfg.exe  
Safe
Windows Media Player related
   C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe  
 
Microsoft Works
   C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe  
Safe
Google Desktop Search
   C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe  
 Fuzzy Algorithmcheck (3.96 / 5.00), Safe
   C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe  
Very safe
Logitech Webcam related
   C:\Toshiba\IVP\ISM\ivpsvmgr.exe  
 Fuzzy Algorithmcheck (3.55 / 5.00), Safe
   C:\Program Files\UltimateBuddy\UltimateBuddy.exe  
 Fuzzy Algorithmcheck (4.33 / 5.00), Safe
   C:\Program Files\Common Files\Real\Update_OB\realsched.exe  
Neutral
Checks for updates for RealPlayer
   C:\Program Files\Internet Explorer\ieuser.exe  
Very safe This is a unknown process.
This entry was classified from our visitors as good.
   C:\Program Files\Internet Explorer\iexplore.exe  
Safe
This entry was classified from our visitors as good.
   C:\Program Files\Brother\Brmfcmon\BrMfimon.exe  
Safe Fuzzy Algorithmcheck (4.32 / 5.00), Safe
   C:\Program Files\Windows Mail\WinMail.exe  
Very safe
Windows Vista - Windows Mail
   C:\Windows\system32\SearchFilterHost.exe  
Very safe
Microsoft Windows Search related process
   C:\Users\djkaraok\Desktop\HijackThis.exe  
 Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
   R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =  
 
   http://go.microsoft.com/fwlink/?LinkId=54896
 
 
   R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =  
Safe  
   http://cm.my.yahoo.com/  
 This is a unknown process.
 
   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =  
 
   http://www.toshibadirect.com/dpdstart  
 
   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =  
 
   http://go.microsoft.com/fwlink/?LinkId=54896  
 
   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =  
 
   http://go.microsoft.com/fwlink/?LinkId=54896  
 
   R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =  
Neutral  
   http://go.microsoft.com/fwlink/?LinkId=69157  
 
   R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
Neutral  
   R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
Neutral  
   R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
Neutral  
   R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  
 This entry has been identified as safe.  
   C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll  
 Fuzzy Algorithmcheck (3.39 / 5.00), Neutral
   O1 - Hosts: ::1 localhost  
Safe  
   O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program  
 Ycomp*_*_*_*.dll - Yahoo Companion!, Yahoo Companion!  
   Files\Yahoo!\Companion\Installs\cpn\yt.dll  
 Fuzzy Algorithmcheck (3.39 / 5.00), Neutral
   O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -  
 AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html  
   C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll  
 Fuzzy Algorithmcheck (4.03 / 5.00), Safe
   O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -  
 SBC Yahoo! Browser related
   C:\Program Files\Yahoo!\Common\yiesrvc.dll  
 This is a unknown process.
 
   O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber  
 RoboForm.dll - RoboForm, RoboForm  
   Systems\AI RoboForm\roboform.dll  
 Fuzzy Algorithmcheck (4.52 / 5.00), Safe
   O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program  
 SUN Java
   Files\Java\jre1.6.0_03\bin\ssv.dll  
 Fuzzy Algorithmcheck (4.1 / 5.00), Safe
   O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
 
Safe
Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
   O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program  
 googletoolbar.dll, googletoolbar*.dll (* = number), googletoolbar_en_*.**-big.dll, Googletoolbar_en_*.*.**-deleon.dll. - Google toolbar, http://toolbar.google.com/ 
   files\google\googletoolbar2.dll  
 Fuzzy Algorithmcheck (3.97 / 5.00), Safe
   O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program  
 googletoolbar.dll, googletoolbar*.dll (* = digit), googlenav.dll, googlenav*.dll, googletoolbar_en_*.**-big.dll, googletoolbar_en_*.*.**-deleon.dll - Google Toolbar  
   files\google\googletoolbar2.dll  
 Fuzzy Algorithmcheck (3.97 / 5.00), Safe
   O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)  
Very safe
Unnecessary (deactivated) entry that can be fixed. saIE.dll - SiteAdvisor, http://www.siteadvisor.com/preview/ 
   O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program  
 Ycomp*_*_*_*.dll - Yahoo Companion!, http://companion.yahoo.com/ 
   Files\Yahoo!\Companion\Installs\cpn\yt.dll  
 Fuzzy Algorithmcheck (3.39 / 5.00), Neutral
   O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program  
 RoboForm.dll - RoboForm, http://www.roboform.com/ 
   Files\Siber Systems\AI RoboForm\roboform.dll  
 Fuzzy Algorithmcheck (4.5 / 5.00), Safe
   O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe  
Neutral Not dangerous, but unnecessary. Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel  
   O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe  
 Application that implements the Intel Hotkey command.
   O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe  
 Intel Common User Interface Module
   O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe  
Safe  
   O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide  
Very safe Related to Windows Defender Microsoft (anti-spyware) tool
   O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe  
Very safe Realtek Audio driver for Vista
   O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe  
Very safe Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet  
   O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE  
 Fuzzy Algorithmcheck (4.01 / 5.00), Safe
   O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe  
 Fuzzy Algorithmcheck (4.05 / 5.00), Safe
   O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe  
 Toshiba SmoothView
   O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe  
 Fuzzy Algorithmcheck (4.01 / 5.00), Safe
   O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe  
Safe This entry was classified from our visitors as good.
   O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run  
 Not dangerous, but unnecessary. Pinger is the resident program for Toshiba updates. Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification  
   O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop  
 Fuzzy Algorithmcheck (4 / 5.00), Safe
   Search\GoogleDesktop.exe" /startup  
 Fuzzy Algorithmcheck (4 / 5.00), Safe
   O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"  
Very safe Microsoft LifeCam
   O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common  
 Fuzzy Algorithmcheck (3.42 / 5.00), Neutral
   Files\Real\Update_OB\realsched.exe" -osboot  
 Fuzzy Algorithmcheck (3.46 / 5.00), Neutral
   O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone  
 Unknown application.  
   Labs\ZoneAlarm\zlclient.exe"  
Very safe Fuzzy Algorithmcheck (4.5 / 5.00), Safe
   O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03  
 Fuzzy Algorithmcheck (3.92 / 5.00), Safe
   \bin\jusched.exe"  
 Fuzzy Algorithmcheck (3.98 / 5.00), Safe
   O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program  
 Fuzzy Algorithmcheck (4.38 / 5.00), Safe
   Files\Acronis\TrueImageHome\TrueImageMonitor.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\acronis\trueimage.*\! Check if you know this process and arrange a viruscheck where required. Acronis True Image
   O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program  
 Fuzzy Algorithmcheck (4.36 / 5.00), Safe
   Files\Acronis\TrueImageHome\TimounterMonitor.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\acronis\trueimage.*\! Check if you know this process and arrange a viruscheck where required. Acronis True Image Servermonitor
   O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common  
 Fuzzy Algorithmcheck (4.25 / 5.00), Safe
   Files\Acronis\Schedule2\schedhlp.exe"  
 Fuzzy Algorithmcheck (4.28 / 5.00), Safe
   O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media  
 Fuzzy Algorithmcheck (4.38 / 5.00), Safe
   Experience\DMXLauncher.exe"  
 Fuzzy Algorithmcheck (4.24 / 5.00), Safe
   O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"  
 Not dangerous, but unnecessary. Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly  
   O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common  
 Unknown application.  
   Files\LogiShrd\LComMgr\Communications_Helper.exe"  
 Fuzzy Algorithmcheck (3.9 / 5.00), Safe
   O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program  
 Unknown application.  
   Files\Logitech\QuickCam\Quickcam.exe" /hide  
 Fuzzy Algorithmcheck (4.08 / 5.00), Safe
   O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"  
Very safe Microsoft IntelliPoint
   O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN  
 Brother Printer / Scanner related
   O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe  
 Brother printer application
   /autorun  
 
   O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common  
 Unknown application.  
   Files\LightScribe\LightScribeControlPanel.exe -hidden  
 Fuzzy Algorithmcheck (4.26 / 5.00), Safe
   O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI  
 Fuzzy Algorithmcheck (4.46 / 5.00), Safe
   RoboForm\RoboTaskBarIcon.exe"  
 Fuzzy Algorithmcheck (4.45 / 5.00), Safe
   O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe  
Safe This entry was classified from our visitors as good.
   O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\microsoft shared\Works  
 Fuzzy Algorithmcheck (3.9 / 5.00), Safe
   Shared\WkCalRem.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\microsoft shared\works shared\! Check if you know this process and arrange a viruscheck where required. Microsoft Works
   O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program  
 Unknown application.  
   Files\Adobe\Reader\reader_sl.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\adobe\.*reader\! Check if you know this process and arrange a viruscheck where required. Acrobat Reader
   O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program  
 Unknown application.  
   Files\Adobe\Reader\AdobeCollabSync.exe  
 Fuzzy Algorithmcheck (4.05 / 5.00), Safe
   O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI  
Neutral Fuzzy Algorithmcheck (4.46 / 5.00), Safe
   RoboForm\RoboFormComCustomizeIEMenu.html  
 
   O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4  
 The entry E&xport to Microsoft Excel has been identified as safe.
   \Office12\EXCEL.EXE/3000  
 Fuzzy Algorithmcheck (4.13 / 5.00), Safe
   O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI  
Very safe Fuzzy Algorithmcheck (4.46 / 5.00), Safe
   RoboForm\RoboFormComFillForms.html  
 Fuzzy Algorithmcheck (4.33 / 5.00), Safe
   O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber  
 The entry RoboForm Toolbar has been identified as safe.
   Systems\AI RoboForm\RoboFormComShowToolbar.html  
 Fuzzy Algorithmcheck (4.64 / 5.00), Safe
   O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI  
 Fuzzy Algorithmcheck (4.46 / 5.00), Safe
   RoboForm\RoboFormComSavePass.html  
 Fuzzy Algorithmcheck (4.44 / 5.00), Safe
   O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program  
 The entry has been identified as safe.
   Files\Java\jre1.6.0_03\bin\ssv.dll  
 Fuzzy Algorithmcheck (4.1 / 5.00), Safe
   O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}  
 The entry Sun Java Console has been identified as safe.
   - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll  
 Fuzzy Algorithmcheck (4.1 / 5.00), Safe
   O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  
 The entry Send to OneNote has been identified as safe.
   C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll  
 Fuzzy Algorithmcheck (4.19 / 5.00), Safe
   O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}  
 The entry S&end to OneNote has been identified as safe.
   - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll  
 Fuzzy Algorithmcheck (4.19 / 5.00), Safe
   O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -  
 The entry Fill Forms has been identified as safe.
   file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html  
 Fuzzy Algorithmcheck (4.45 / 5.00), Safe
   O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -  
 The entry Fill Forms has been identified as safe.
   file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html  
 Fuzzy Algorithmcheck (4.45 / 5.00), Safe
   O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program  
 The entry Save has been identified as safe.
   Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html  
 Fuzzy Algorithmcheck (4.49 / 5.00), Safe
   O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -  
 The entry Save Forms has been identified as safe.
   file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html  
 Fuzzy Algorithmcheck (4.49 / 5.00), Safe
   O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -  
 The entry Yahoo! Services has been identified as safe.
   C:\Program Files\Yahoo!\Common\yiesrvc.dll  
 This is a unknown process.
 
   O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -  
 The entry RoboForm has been identified as safe.
   file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html  
 Fuzzy Algorithmcheck (4.58 / 5.00), Safe
   O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a}  
 The entry RoboForm Toolbar has been identified as safe.
   - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html  
 Fuzzy Algorithmcheck (4.58 / 5.00), Safe
   O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1  
 The entry Research has been identified as safe.
   \MICROS~4\Office12\REFIEBAR.DLL  
 Fuzzy Algorithmcheck (4.13 / 5.00), Safe
   O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program  
 The entry UltimateBet has been identified as safe.
   Files\UltimateBet\UltimateBet.exe  
 Fuzzy Algorithmcheck (4.33 / 5.00), Safe
   O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} -  
 The entry UltimateBet has been identified as safe.
   C:\Program Files\UltimateBet\UltimateBet.exe  
 Fuzzy Algorithmcheck (4.33 / 5.00), Safe
   O9 - Extra button: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} - C:\Program  
 To be fixed if the entry 'Web Snapshot ' is unknown. Unknown buttons or entries in the 'Extras'-menu should be fixed.
   Files\WebSnapshot\WebSnapshot.dll (HKCU)  
 This is a unknown process.
 
   O9 - Extra 'Tools' menuitem: Web Snapshot - {954A224B-F501-4911-A8BF-6709A048FD77} -  
 To be fixed if the entry 'Web Snapshot ' is unknown. Unknown buttons or entries in the 'Extras'-menu should be fixed.
   C:\Program Files\WebSnapshot\WebSnapshot.dll (HKCU)  
 This is a unknown process.
 
   O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll  
Very safe This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
   O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll  
Safe This entry should be safe. This entry was classified from our visitors as good.
   O11 - Options group: [INTERNATIONAL] International*  
Neutral  
   O13 - Gopher Prefix:  
Safe Fuzzy Algorithmcheck (4.12 / 5.00), Safe
   O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -  
 This entry has been identified as safe.
   http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB  
 
   O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program  
 Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
   Files\Yahoo!\Common\Yinsthelper.dll  
 Fuzzy Algorithmcheck (3.14 / 5.00), Neutral
   O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) -  
 Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
   http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab  
 
   O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -  
 Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
   http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab  
 
   O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -  
 Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
   http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab  
 
   O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1  
 This entry has been identified as safe.  
   \MSNMES~1\MSGRAP~1.DLL  
 Fuzzy Algorithmcheck (3.82 / 5.00), Safe
   O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program  
 This entry has been identified as safe.  
   Files\Common Files\Microsoft Shared\Help\hxds.dll  
 Fuzzy Algorithmcheck (3.53 / 5.00), Safe
   O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1  
 This entry has been identified as safe.  
   \MSGRAP~1.DLL  
 Fuzzy Algorithmcheck (3.92 / 5.00), Safe
   O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1  
 This entry has been identified as safe.  
   \COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL  
 Fuzzy Algorithmcheck (4.17 / 5.00), Safe
   O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL  
Safe This entry was classified from our visitors as good.
   O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll  
 Intel Graphic card
   O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program  
 Unknown service. (Program)  
   Files\Common Files\Acronis\Schedule2\schedul2.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\acronis\schedule2\! Check if you know this process and arrange a viruscheck where required. Acronis Disk Scheduler
   O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems -  
 Unknown service. ()  
   C:\Windows\system32\agrsmsvc.exe  
 
Modem Driver
   O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -  
 Unknown service. ()  
   C:\Windows\system32\brsvc01a.exe  
 
Brother Drucker
   O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program  
Safe Unknown service. (Program)  
   Files\TOSHIBA\ConfigFree\CFSvcs.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\toshiba\configfree\! Check if you know this process and arrange a viruscheck where required. Toshiba Config Free
   O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %  
 Fuzzy Algorithmcheck (4.07 / 5.00), Safe
   windir%\system32\svchost.exe (file missing)
 
 Fuzzy Algorithmcheck (2.85 / 5.00), Nasty
   O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-  
 Unknown service. ()  
   194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe  
 
Google Desktop Search
   O23 - Service: Google Updater Service (gusvc) - Google - C:\Program  
 Unknown service. (Program)  
   Files\Google\Common\Google Updater\GoogleUpdaterService.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\google\common\google updater\! Check if you know this process and arrange a viruscheck where required. Google Updater Service
   O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -  
 Unknown service. ()  
   C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe  
 
Related to Macrovision Corporation
   O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -  
 Unknown service. ()  
   Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe  
 
Hewlett-Packard Direct Disc Labeling Service
   O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common  
 Unknown service. (Common)  
   Files\LogiShrd\LVCOMSER\LVComSer.exe  
 Fuzzy Algorithmcheck (3.77 / 5.00), Safe
   O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common  
 Unknown service. (Common)  
   Files\LogiShrd\LVMVFM\LVPrcSrv.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\.*logishrd.*\! Check if you know this process and arrange a viruscheck where required. Logitech Webcam related
   O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common  
 Unknown service. (Common)  
   Files\LogiShrd\SrvLnch\SrvLnch.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\.*\logishrd\srvlnch\! Check if you know this process and arrange a viruscheck where required. Logitech Quick Cam related
   O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%  
 
   \system32\svchost.exe (file missing)  
 Fuzzy Algorithmcheck (2.85 / 5.00), Nasty
   O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common  
 Unknown service. (Common)  
   Files\Sonic Shared\RoxioUPnPRenderer9.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\sonic shared\! Check if you know this process and arrange a viruscheck where required. Part of Roxio WinOnCd
   O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common  
 Unknown service. (Common)  
   Files\Sonic Shared\RoxioUpnpService9.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\sonic shared\! Check if you know this process and arrange a viruscheck where required. Part of Roxio WinOnCd
   O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program  
 Unknown service. (Program)  
   Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\roxio shared\9.0\sharedcom\! Check if you know this process and arrange a viruscheck where required. Part of Roxio WinOnCd
   O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio  
 Fuzzy Algorithmcheck (4.05 / 5.00), Safe
   Shared\9.0\SharedCOM\RoxMediaDB9.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\roxio shared\9.0\sharedcom\! Check if you know this process and arrange a viruscheck where required. Part of Roxio WinOnCd
   O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner -  
 
   %windir%\system32\svchost.exe (file missing)  
 Fuzzy Algorithmcheck (2.85 / 5.00), Nasty
   O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common  
 Unknown service. (Common)  
   Files\SureThing Shared\stllssvr.exe  
 
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\surething shared\! Check if you know this process and arrange a viruscheck where required. MicroVision Development
   O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe  
Very safe This service (swupdtmr.exe) was identified as a good one.  
   O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation -  
 Unknown service. ()  
   C:\Windows\system32\TODDSrv.exe  
 
TOSHIBA Optical Disc Drive Service
   O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program  
 Unknown service. (Program)  
   Files\Toshiba\Power Saver\TosCoSrv.exe  
 Fuzzy Algorithmcheck (4.01 / 5.00), Safe
   O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner -  
 Unknown service. ()  
   C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe  
Safe Fuzzy Algorithmcheck (4.36 / 5.00), Safe
   O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. -  
 Unknown service. ()  
   C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe  
Safe
Ulead VideoStudio 8
   O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies  
 Unknown service. ()  
   LTD - C:\Windows\System32\ZoneLabs\vsmon.exe  
 
ZoneAlarm Firewall
   O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) -  
 Fuzzy Algorithmcheck (3.98 / 5.00), Safe
   Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)  
 Fuzzy Algorithmcheck (3.8 / 5.00), Safe
Short analysis
Use these tips at your own risk!
 
   
© 2004 - 2007 Mathias Mattner | Contact  
   
       
 
Your HJT log looks OK.  Your TrendMicro online scan came up clean.  I don't think you have a virus/spyware problem at the moment.
swupdate.exe appears to be part of Toshiba's update download service.  If it will not run on your machine, why not disable it and run updates manually?  Go into msconfig (start - run - msconfig), click on the startup tab, find swupdate.exe and remove the tick from the box next to it.  Reboot when requested.
CERTIFIED EXPERT

Commented:
Hi djkaraok
 I find a few things not right, if you have a lot of unknowns on a new system?
what about this
Fuzzy Algorithmcheck (2.85 / 5.00), Nasty
   O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-  
 Unknown service. ()  
   194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe  

 \system32\svchost.exe (file missing)  
 Fuzzy Algorithmcheck (2.85 / 5.00), Nasty
   O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common  
 Unknown service. (Common)  
   Files\Sonic Shared\RoxioUPnPRenderer9.exe  

Checking the hosts does differ from Xp
Updating the HOSTS file in Windows Vista
http://www.mvps.org/winhelp2002/hostsvista.htm


Author

Commented:
phototropic - I ran my msconfig and looked at the startup items and there is no swupdate. Maybe you did not notice but this is not a startup problem. I do not see the icon on my taskbar all the tiime. It just appears and when I double click on it the problem appears.

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
A little more explanation on how to turn off the service etc. Since I have been using computers for sometime it worked for me but others would need further explanation on how to get to the services and how to turn them off. Since the updater was randomly coming on I will only know if the solution is complete or not but feel extremely like this is a good fix. Thanks !

Author

Commented:
I feel that the solution for the update error is fixed but then running the Hijack program led to other issues per Merete. What do I need to do to get these fixed? Start a new post?

Thanks!

CERTIFIED EXPERT

Commented:
what issues?
The malware it finds can be fixed by either re running hyjackthis and fix then use the hijackthis page to analyze
or run your AV scans
And then run either a system restore or a system file checker
at start run type in sfc /scannow

Author

Commented:
Well The little disk looking icon in my task bar wanting to do an update is back. I checked my msconfig and the swupdate.exe is not showing but something from Toshiba is that is called NDSTray.exe "Configfree(TM) tray". I did not know what this was so I left it alone, but I get a request to allow this NDSTray and TCrdMain.exe (Toshiba Flashcards - whatever that is). I have been "deny" them access and have not seen a problem but don't know what I am missing since I am not allowing them access. I do not deny in every case so it has to ask me each time. Could one of these be causing the Toshiba Update disk to appear in my task bar? If I double click on the disk it tries to run the swupdate.exe program. Since I took it off automatic it should not appear at all?

Problem is not solved - Like I said since it is intermitten then we can try something and wait and see like turning off the process for swupdate.exe to load automatically.

CERTIFIED EXPERT

Commented:
Hi djkaraok welcome to 2008 hope you had a great day
ndstray.exe - ndstray - Process Information
ndstray.exe is the traybar process from the ConfigFree Traybar utility on Toshiba laptops. It allows you switch between network devices by clicking on the traybar icon.

 its very good you question anything you are not sure of, may I suggest for a quick fix since your Laptop is new to check out the owner manual
It should be on the start menue all programs
become familiar with your laptop and what programs are installed natively.
What services run the background

As a premium member you have access to all of EE knowledgbase if you like to explore it and find answers for Vista or your laptop.
A lot of your questions are very simple and a little google will produce good results even guides on the laptop and Vista.
Vista also has the HELP located on every page every OS has an inbuilt help.
Windows Vista Services Explained
http://www.speedyvista.com/services.html
All the best
Merete




Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.