Inactive IE redirects and crashes

[charleneroyston]

Hi There!
I have followed your directions for the 8 steps to remove malware and I am pasting the logs below. I could not GMER to work no matter what, even when I tried in safe mode and unclicked all the boxes on the right as directed. I used avira anti-rootkit instead and have included that log.
Please help, this is driving me crazy!!!

Thanks
Charlene

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5468

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

07/01/2011 6:14:44 PM
mbam-log-2011-01-07 (18-14-44).txt

Scan type: Quick scan
Objects scanned: 146110
Time elapsed: 10 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS (Ver_10-12-12.02) - NTFSx86
Run by Char at 18:25:21.67 on 08/01/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.986 [GMT -8:00]

AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxctcoms.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\DllHost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started January-08-11 - 18:03:07 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 104.42 GB
- Working disk free size : 44.27 GB (42 %)
--------------------------------------------------------------------------------------------------------

Results:
Value data mismatch : HKEY_USERS\S-1-5-21-3342059876-170799827-71789101-1000\Software\AppDataLow\-2j__GY_dL70RKO -> 2030223344201
Value data mismatch : HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM -> autorecover mofs

--------------------------------------------------------------------------------------------------------
Files: 0/345144
Registry items: 2/418759
Processes: 0/72
Scan time: 00:15:44
--------------------------------------------------------------------------------------------------------
Active processes:
- zmuojlfd.exe (PID 6360) (Avira AntiRootkit Tool - Beta)
- System (PID 4)
- smss.exe (PID 432)
- csrss.exe (PID 500)
- wininit.exe (PID 552)
- csrss.exe (PID 564)
- services.exe (PID 596)
- lsass.exe (PID 612)
- lsm.exe (PID 620)
- winlogon.exe (PID 696)
- svchost.exe (PID 796)
- nvvsvc.exe (PID 848)
- svchost.exe (PID 876)
- svchost.exe (PID 936)
- svchost.exe (PID 1000)
- svchost.exe (PID 1020)
- audiodg.exe (PID 1116)
- svchost.exe (PID 1140)
- SLsvc.exe (PID 1160)
- svchost.exe (PID 1200)
- rundll32.exe (PID 1284)
- svchost.exe (PID 1444)
- spoolsv.exe (PID 1724)
- taskeng.exe (PID 1732)
- svchost.exe (PID 1796)
- dwm.exe (PID 1812)
- explorer.exe (PID 1856)
- rundll32.exe (PID 1900)

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Your DDS log is incomplete.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[charleneroyston]

IE searches hijacked & crashes

Hi Broni,
As I stated in my previous thread, my IE8 keeps getting hijacked to weird sites when I search and crashes all the time, particularly when switching tabs. I CAN NOT GET GMER TO RUN to matter what. It stops working whether I switch off all the boxes or run un safe mode and I totally switched off my Norton 360. I used Avira anti-root tool instead, which worked without a hitch, and have included this log as well as the Malware and DDS log.
Please help!!! This is driving me crazy!!!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5468

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

07/01/2011 6:14:44 PM
mbam-log-2011-01-07 (18-14-44).txt

Scan type: Quick scan
Objects scanned: 146110
Time elapsed: 10 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started January-08-11 - 18:03:07 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 104.42 GB
- Working disk free size : 44.27 GB (42 %)
--------------------------------------------------------------------------------------------------------

Results:
Value data mismatch : HKEY_USERS\S-1-5-21-3342059876-170799827-71789101-1000\Software\AppDataLow\-2j__GY_dL70RKO -> 2030223344201
Value data mismatch : HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM -> autorecover mofs

--------------------------------------------------------------------------------------------------------
Files: 0/345144
Registry items: 2/418759
Processes: 0/72
Scan time: 00:15:44
--------------------------------------------------------------------------------------------------------
Active processes:
- zmuojlfd.exe (PID 6360) (Avira AntiRootkit Tool - Beta)
- System (PID 4)
- smss.exe (PID 432)
- csrss.exe (PID 500)
- wininit.exe (PID 552)
- csrss.exe (PID 564)
- services.exe (PID 596)
- lsass.exe (PID 612)
- lsm.exe (PID 620)
- winlogon.exe (PID 696)
- svchost.exe (PID 796)
- nvvsvc.exe (PID 848)
- svchost.exe (PID 876)
- svchost.exe (PID 936)
- svchost.exe (PID 1000)
- svchost.exe (PID 1020)
- audiodg.exe (PID 1116)
- svchost.exe (PID 1140)
- SLsvc.exe (PID 1160)
- svchost.exe (PID 1200)
- rundll32.exe (PID 1284)
- svchost.exe (PID 1444)
- spoolsv.exe (PID 1724)
- taskeng.exe (PID 1732)
- svchost.exe (PID 1796)
- dwm.exe (PID 1812)


DDS (Ver_10-12-12.02) - NTFSx86
Run by Char at 18:25:21.67 on 08/01/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.986 [GMT -8:00]

AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxctcoms.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

 

[Broni]

DDS.txt log is incomplete.
Attach.txt is missing.

 

[charleneroyston]

Hi again Broni,
Thank you again for your patience with someone who knows nothing about this stuff. I guess I didn't wait long enough for the second file to pop up and I can't read
Here is the attach.txt file.

Thanks
Charlene


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28/12/2009 11:39:04 PM
System Uptime: 09/01/2011 3:39:03 PM (1 hours ago)

Motherboard: Quanta | | 30D1
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 104 GiB total, 44.128 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 60.105 GiB free.
E: is FIXED (NTFS) - 7 GiB total, 0.702 GiB free.
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP6: 14/01/2009 4:47:03 PM - Scheduled Checkpoint
RP7: 14/01/2009 10:55:41 PM - Device Driver Package Install: Symantec Network Service
RP8: 14/01/2009 11:01:42 PM - Norton 360 Registry Clean
RP9: 18/01/2009 2:35:23 PM - Device Driver Package Install: NVIDIA Display adapters
RP10: 18/01/2009 2:38:07 PM - Device Driver Package Install: Conexant Sound, video and game controllers
RP11: 18/01/2009 2:40:13 PM - Device Driver Package Install: CXT Modems
RP276: 26/12/2010 12:52:22 PM - Windows Update
RP277: 27/12/2010 7:09:41 PM - Removed Simply Accounting by Sage 2010
RP278: 27/12/2010 7:10:08 PM - Removed Simply Accounting by Sage 2010
RP279: 28/12/2010 2:15:21 AM - Windows Update
RP280: 30/12/2010 2:15:10 AM - Windows Update
RP281: 31/12/2010 1:43:17 AM - Windows Update
RP282: 03/01/2011 10:19:27 PM - Windows Update
RP283: 04/01/2011 2:04:02 AM - Windows Update
RP284: 04/01/2011 12:02:19 PM - Installed Simply Accounting by Sage 2010
RP285: 04/01/2011 12:02:54 PM - Installed Simply Accounting by Sage 2010
RP286: 04/01/2011 2:59:03 PM - Installed Rosetta Stone Version 3
RP287: 04/01/2011 3:03:45 PM - Installed Rosetta Stone Version 3
RP288: 06/01/2011 11:02:21 PM - Restore Operation
RP290: 06/01/2011 11:25:11 PM - Restore Operation
RP292: 07/01/2011 7:04:35 PM - Installed Avira RootKit Detection

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira RootKit Detection
BitTorrent
Bonjour
Conexant HD Audio
CorelDRAW Graphics Suite 12
DivX Setup
Dream Day Wedding - Bella Italia
Escape Whisper Valley(TM)
ESU for Microsoft Vista
Everio MediaBrowser
Feedback Tool
FutureTax 2009 for NETFILE
Gamers Unite! Snag Bar
GearDrvs
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Update
HP User Guides 0056
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Internet Explorer (Enable DEP)
iTunes
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 5.8.3 (Full)
Lexmark 5400 Series
LightScribe 1.6.43.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
MySQL Connector/ODBC 3.51
Norton 360
NVIDIA Drivers
NVIDIA PhysX v8.10.29
PoivY
PSSWCORE
QuickTime
Rosetta Stone Version 3
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Simple Adblock
Simply Accounting by Sage 2010
Skype Toolbars
Skype™ 4.2
SmartAudio
Snapstream Firefly 1.2.1.916
Synaptics Pointing Device Driver
Trine
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WildTangent Games
WinRAR archiver
Zynga Toolbar

==== Event Viewer Messages From Past Week ========

09/01/2011 12:52:26 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
09/01/2011 12:52:26 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
09/01/2011 12:51:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Simply Accounting Database Connection Manager service to connect.
09/01/2011 12:51:28 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
09/01/2011 12:50:00 PM, Error: EventLog [6008] - The previous system shutdown at 12:40:39 PM on 09/01/2011 was unexpected.
09/01/2011 12:49:53 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
09/01/2011 10:02:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
09/01/2011 10:02:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
09/01/2011 1:37:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
07/01/2011 6:45:50 PM, Error: EventLog [6008] - The previous system shutdown at 6:44:07 PM on 07/01/2011 was unexpected.
07/01/2011 5:53:23 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
07/01/2011 10:52:45 PM, Error: EventLog [6008] - The previous system shutdown at 10:40:42 PM on 07/01/2011 was unexpected.
06/01/2011 9:27:55 PM, Error: EventLog [6008] - The previous system shutdown at 9:22:31 PM on 06/01/2011 was unexpected.
06/01/2011 3:26:18 AM, Error: EventLog [6008] - The previous system shutdown at 3:24:36 AM on 06/01/2011 was unexpected.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SYMTDI tdx Wanarpv6
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2011 3:23:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
06/01/2011 3:23:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
06/01/2011 3:23:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
06/01/2011 3:23:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
06/01/2011 3:23:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
06/01/2011 3:23:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
06/01/2011 3:23:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
06/01/2011 3:23:00 AM, Error: EventLog [6008] - The previous system shutdown at 3:21:25 AM on 06/01/2011 was unexpected.
06/01/2011 3:10:34 AM, Error: EventLog [6008] - The previous system shutdown at 3:09:17 AM on 06/01/2011 was unexpected.
06/01/2011 2:53:25 AM, Error: EventLog [6008] - The previous system shutdown at 2:51:56 AM on 06/01/2011 was unexpected.
06/01/2011 11:43:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
05/01/2011 9:41:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
05/01/2011 9:25:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
05/01/2011 9:24:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
05/01/2011 9:23:45 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
05/01/2011 6:47:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
05/01/2011 6:47:52 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/01/2011 6:47:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
04/01/2011 5:29:02 PM, Error: EventLog [6008] - The previous system shutdown at 5:20:25 PM on 04/01/2011 was unexpected.
03/01/2011 10:42:01 AM, Error: EventLog [6008] - The previous system shutdown at 1:52:09 AM on 03/01/2011 was unexpected.
03/01/2011 1:20:09 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Resume - Assistant Manager - retail, owned by Char, failed to print on printer Lexmark 5400 Series. Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 644880. Number of bytes printed: 644880. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\CHAR-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
02/01/2011 11:10:21 AM, Error: EventLog [6008] - The previous system shutdown at 11:04:28 AM on 02/01/2011 was unexpected.

==== End Of File ===========================

 

[Broni]

I still need DDS.txt log.

DDS.txt log is incomplete.

 

[charleneroyston]

Hi Broni,
I have posted it again below.

Thanks


DDS (Ver_10-12-12.02) - NTFSx86
Run by Char at 16:32:12.98 on 09/01/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1079 [GMT -8:00]

AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxctcoms.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\DllHost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\WmiApSrv.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Char\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Page =
uSearch Bar =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - c:\program files\gamers unite! snag bar\Helper.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - c:\program files\gamers unite! snag bar\Toolbar.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\registration.exe /title="CorelDRAW Graphics Suite 12" /date=011711 serial=DR12WEX-1504397-KTY lang=EN
mRun: [Firefly] c:\program files\snapstream media\firefly\Firefly.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-6 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-6 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-6 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110107.002\IDSvix86.sys [2011-1-8 353912]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-6 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-6 48688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-23 29992]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-30 21504]
S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2009-8-23 42280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-08 03:05:01 -------- d-----w- c:\program files\Avira GmbH
2011-01-08 03:04:20 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-01-08 03:04:20 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-01-08 03:04:20 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-01-08 03:04:20 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-01-08 03:04:20 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-01-08 03:04:19 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-01-08 03:04:19 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-01-07 07:20:34 -------- d-----w- c:\program files\Conduit
2011-01-07 06:37:41 -------- d-----w- c:\users\char\appdata\local\Zynga
2011-01-07 04:39:17 -------- d-----w- c:\program files\Gamers Unite! Snag Bar
2011-01-07 04:14:25 -------- d-----w- c:\users\char\appdata\local\ElevatedDiagnostics
2011-01-07 04:06:47 -------- d-----w- c:\program files\Microsoft ATS
2011-01-06 11:23:47 -------- d-----w- c:\users\char\appdata\local\Symantec
2011-01-06 01:46:23 -------- d-----w- c:\users\char\appdata\roaming\CleanMyPC Software
2011-01-05 01:32:22 49152 --sha-r- c:\windows\system32\sbeioi.dll
2011-01-04 23:04:46 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-01-04 23:04:02 -------- d-----w- c:\program files\Rosetta Stone
2011-01-04 23:04:02 -------- d-----w- c:\progra~2\Rosetta Stone
2011-01-04 20:07:52 -------- d-----w- c:\windows\Crystal
2011-01-04 20:07:52 -------- d-----w- c:\program files\Seagate Software
2011-01-04 20:07:28 -------- d-----w- c:\program files\common files\AnswerWorks 5.0
2011-01-04 20:04:23 -------- d-----w- c:\program files\Simply Accounting Enterprise 2010
2011-01-04 10:05:29 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c2ae2fc8-6bb3-47c1-b0b5-9b38fca48491}\mpengine.dll
2010-12-17 02:08:54 -------- d-----w- c:\users\char\appdata\roaming\Malwarebytes
2010-12-17 02:08:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 02:08:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 02:08:44 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-17 02:08:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-15 00:11:53 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 00:11:06 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-13 23:02:02 -------- d-----w- c:\users\char\appdata\local\Sage Software
2010-12-13 22:35:44 -------- d-----w- c:\users\char\appdata\local\Simply Accounting
2010-12-13 22:35:00 -------- d-----w- c:\program files\common files\ODBC
2010-12-13 22:30:09 -------- d-----w- c:\program files\winsim
2010-12-11 21:41:46 -------- d-----w- C:\extensions

==================== Find3M ====================

2010-11-13 02:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 16:34:03.57 ===============

 

[Broni]

Uninstall Zynga Toolbar - a Conduit "Community Toolbar" ,which modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[charleneroyston]

Hi Broni,
Ok, so I uninstalled the Zynga Toolbar and it directed me to reboot, which i did.
I ran MBR and ComoboFix and the logs are below. Keeping my fingers crossed.
Thanks again

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9500 Notebook PC
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 177):
0x81C05000 \SystemRoot\system32\ntkrnlpa.exe
0x81FBE000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\PSHED.dll
0x80421000 \SystemRoot\system32\BOOTVID.dll
0x80429000 \SystemRoot\system32\CLFS.SYS
0x8046A000 \SystemRoot\system32\CI.dll
0x8054A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060C000 \SystemRoot\system32\drivers\acpi.sys
0x80652000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065B000 \SystemRoot\system32\drivers\msisadrv.sys
0x80663000 \SystemRoot\system32\drivers\pci.sys
0x8068A000 \SystemRoot\System32\drivers\partmgr.sys
0x80699000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8069C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A6000 \SystemRoot\system32\drivers\volmgr.sys
0x806B5000 \SystemRoot\System32\drivers\volmgrx.sys
0x806FF000 \SystemRoot\system32\drivers\pciide.sys
0x80706000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80714000 \SystemRoot\System32\drivers\mountmgr.sys
0x80724000 \SystemRoot\system32\drivers\atapi.sys
0x8072C000 \SystemRoot\system32\drivers\ataport.SYS
0x8074A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8077C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8078C000 \SystemRoot\system32\drivers\N360\0308000.029\SYMEFA.SYS
0x807DB000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82208000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82279000 \SystemRoot\system32\drivers\ndis.sys
0x82384000 \SystemRoot\system32\drivers\msrpc.sys
0x823AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x87600000 \SystemRoot\System32\drivers\tcpip.sys
0x876EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8780F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8791F000 \SystemRoot\system32\drivers\volsnap.sys
0x87958000 \SystemRoot\System32\Drivers\spldr.sys
0x87960000 \SystemRoot\System32\Drivers\mup.sys
0x8796F000 \SystemRoot\System32\drivers\ecache.sys
0x87996000 \SystemRoot\system32\drivers\disk.sys
0x879A7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x879C8000 \SystemRoot\system32\drivers\crcdisk.sys
0x879F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87800000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87705000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87809000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x879FC000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x87715000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87725000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8772C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x87735000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x87738000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87742000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87780000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8778F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x877A7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8BA08000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BA95000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BAA5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BAB3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8BACD000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BADC000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8BAF0000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8BC0B000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8BD0C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C004000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C746000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C7E7000 \SystemRoot\System32\drivers\watchdog.sys
0x8BD92000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C7F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BDA5000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C7FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BDD0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BB41000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BB70000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BDDB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BDE6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BBB1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BBD4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BBE3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x877AD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x877C2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C000000 \SystemRoot\system32\DRIVERS\swenum.sys
0x877D2000 \SystemRoot\system32\DRIVERS\ks.sys
0x823EA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x807E4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BBF7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D203000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D238000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D249000 \SystemRoot\system32\drivers\CHDART.sys
0x8D275000 \SystemRoot\system32\drivers\portcls.sys
0x8D2A2000 \SystemRoot\system32\drivers\drmk.sys
0x8D2C7000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D601000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D704000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D7B8000 \SystemRoot\system32\drivers\modem.sys
0x8D7C5000 \SystemRoot\System32\Drivers\x10uif.sys
0x8D7C8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D7D1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D7E8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D7F0000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8D304000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8D30E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D323000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D344000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D34D000 \SystemRoot\System32\Drivers\Null.SYS
0x8D354000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D35B000 \SystemRoot\System32\drivers\vga.sys
0x8D367000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D388000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D390000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D398000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D3A3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D3B1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D3BA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DA03000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0x8DA37000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8DA5C000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
0x8DA6A000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0x8DA7F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DA93000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DAC5000 \SystemRoot\system32\drivers\afd.sys
0x8DB0D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DB23000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x8DB2C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DB3A000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8DB3C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DB4F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8DB55000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0x8DB5F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DB9B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DBA5000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110107.002\IDSvix86.sys
0x8E208000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8E266000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8E283000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E29A000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0x8E315000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0x8E357000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8E361000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E36E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8E379000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97640000 \SystemRoot\System32\win32k.sys
0x8E381000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E38B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97860000 \SystemRoot\System32\TSDDD.dll
0x97880000 \SystemRoot\System32\cdd.dll
0x97890000 \SystemRoot\System32\ATMFD.DLL
0x8E39A000 \SystemRoot\system32\drivers\luafv.sys
0x9C20E000 \SystemRoot\system32\drivers\spsys.sys
0x9C2BE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C2CE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C2F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C302000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C315000 \SystemRoot\system32\drivers\HTTP.sys
0x9C382000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C39F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C3B8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C3CD000 \SystemRoot\system32\drivers\mrxdav.sys
0x8E3BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E401000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E43A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E452000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E47A000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E4E0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9E4E4000 \SystemRoot\system32\drivers\peauth.sys
0x9E5C2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E5CC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E5D8000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9E5ED000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9E4C8000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x8E3DC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAA407000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0xAA45C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110110.004\NAVEX15.SYS
0xAA5A7000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110110.004\NAVENG.SYS
0xAA5BB000 \??\C:\Users\Char\AppData\Local\Temp\catchme.sys
0xAA5C3000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x774A0000 \WINDOWS\System32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
432 C:\WINDOWS\System32\smss.exe
508 csrss.exe
560 C:\WINDOWS\System32\wininit.exe
568 csrss.exe
604 C:\WINDOWS\System32\services.exe
616 C:\WINDOWS\System32\lsass.exe
628 C:\WINDOWS\System32\lsm.exe
704 C:\WINDOWS\System32\winlogon.exe
800 C:\WINDOWS\System32\svchost.exe
852 C:\WINDOWS\System32\nvvsvc.exe
880 C:\WINDOWS\System32\svchost.exe
944 C:\WINDOWS\System32\svchost.exe
1016 C:\WINDOWS\System32\svchost.exe
1076 C:\WINDOWS\System32\svchost.exe
1148 C:\WINDOWS\System32\audiodg.exe
1172 C:\WINDOWS\System32\svchost.exe
1192 C:\WINDOWS\System32\SLsvc.exe
1268 C:\WINDOWS\System32\svchost.exe
1472 C:\WINDOWS\System32\svchost.exe
1760 C:\WINDOWS\System32\spoolsv.exe
1768 C:\WINDOWS\System32\taskeng.exe
1792 C:\WINDOWS\System32\svchost.exe
1880 C:\WINDOWS\System32\taskeng.exe
320 C:\WINDOWS\System32\dwm.exe
1616 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
788 C:\Program Files\HP\QuickPlay\QPService.exe
1608 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2020 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1932 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
672 C:\Program Files\Lexmark 5400 Series\lxctmon.exe
2204 C:\Program Files\SnapStream Media\Firefly\Firefly.exe
2212 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2232 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2280 C:\Program Files\iTunes\iTunesHelper.exe
2292 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2300 C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
2316 C:\Program Files\Windows Sidebar\sidebar.exe
2336 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2464 C:\Program Files\Skype\Phone\Skype.exe
2504 C:\Program Files\Windows Media Player\wmpnscfg.exe
2648 C:\Program Files\Windows Sidebar\sidebar.exe
2708 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2792 C:\Program Files\Bonjour\mDNSResponder.exe
2812 C:\WINDOWS\System32\svchost.exe
2844 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
3096 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3120 C:\WINDOWS\System32\lxctcoms.exe
3192 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
3308 C:\WINDOWS\System32\svchost.exe
3848 dllhost.exe
3924 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2428 C:\WINDOWS\System32\svchost.exe
452 C:\WINDOWS\System32\svchost.exe
3004 C:\WINDOWS\System32\SearchIndexer.exe
3516 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3920 WUDFHost.exe
5080 C:\PROGRA~1\COMMON~1\SNAPST~1\Common\X10nets.exe
5128 C:\WINDOWS\System32\mobsync.exe
5200 WmiPrvSE.exe
5476 C:\Program Files\Windows Media Player\wmpnetwk.exe
5928 C:\Program Files\iPod\bin\iPodService.exe
6000 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
6016 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4428 C:\WINDOWS\System32\wbem\WmiApSrv.exe
5224 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5400 C:\WINDOWS\System32\conime.exe
1944 C:\WINDOWS\System32\SearchProtocolHost.exe
4328 C:\WINDOWS\System32\SearchFilterHost.exe
5600 C:\WINDOWS\explorer.exe
2672 C:\Users\Char\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001a`1accfe00 (NTFS)

PhysicalDrive0 Model Number: ST9120822AS, Rev: 3.BHE
PhysicalDrive1 Model Number: WDCWD800BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

ComboFix 11-01-10.04 - Char 10/01/2011 17:48:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1063 [GMT -8:00]
Running from: c:\users\Char\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 02:00 . 2011-01-11 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-08 03:05 . 2007-03-22 17:36 43584 ------w- c:\windows\system32\drivers\avipbb.sys
2011-01-08 03:05 . 2011-01-08 03:05 -------- d-----w- c:\program files\Avira GmbH
2011-01-08 03:04 . 2003-02-28 00:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-01-08 03:04 . 2002-12-05 22:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-01-08 03:04 . 2002-12-02 23:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-01-08 03:04 . 2002-12-02 21:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-01-08 03:04 . 2002-12-02 21:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-01-08 03:04 . 2011-01-08 03:04 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-01-08 03:04 . 2011-01-08 03:04 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-01-07 07:20 . 2011-01-07 07:20 -------- d-----w- c:\program files\Conduit
2011-01-07 04:39 . 2011-01-07 06:48 -------- d-----w- c:\program files\Gamers Unite! Snag Bar
2011-01-07 04:14 . 2011-01-07 04:14 -------- d-----w- c:\users\Char\AppData\Local\ElevatedDiagnostics
2011-01-07 04:06 . 2011-01-07 04:10 -------- d-----w- c:\program files\Microsoft ATS
2011-01-06 11:23 . 2011-01-06 11:23 -------- d-----w- c:\users\Char\AppData\Local\Symantec
2011-01-06 01:46 . 2011-01-06 01:46 -------- d-----w- c:\users\Char\AppData\Roaming\CleanMyPC Software
2011-01-05 01:32 . 2011-01-05 01:32 49152 --sha-r- c:\windows\system32\sbeioi.dll
2011-01-04 23:04 . 2011-01-04 23:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-01-04 23:04 . 2011-01-05 00:53 -------- d-----w- c:\programdata\Rosetta Stone
2011-01-04 23:04 . 2011-01-04 23:04 -------- d-----w- c:\program files\Rosetta Stone
2011-01-04 20:07 . 2011-01-04 20:07 -------- d-----w- c:\windows\Crystal
2011-01-04 20:07 . 2011-01-04 20:07 -------- d-----w- c:\program files\Seagate Software
2011-01-04 20:07 . 2011-01-04 20:07 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2011-01-04 20:04 . 2011-01-04 20:07 -------- d-----w- c:\program files\Simply Accounting Enterprise 2010
2011-01-04 10:05 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2AE2FC8-6BB3-47C1-B0B5-9B38FCA48491}\mpengine.dll
2010-12-17 02:08 . 2010-12-17 02:08 -------- d-----w- c:\users\Char\AppData\Roaming\Malwarebytes
2010-12-17 02:08 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 02:08 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 02:08 . 2010-12-17 02:08 -------- d-----w- c:\programdata\Malwarebytes
2010-12-17 02:08 . 2011-01-04 06:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-15 00:11 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 00:11 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-13 23:02 . 2010-12-13 23:02 -------- d-----w- c:\users\Char\AppData\Local\Sage Software
2010-12-13 22:35 . 2011-01-07 07:33 -------- d-----w- c:\users\Char\AppData\Local\Simply Accounting
2010-12-13 22:30 . 2011-01-04 20:10 -------- d-----w- c:\program files\winsim
2010-12-12 18:26 . 2010-12-12 18:38 -------- d-----w- c:\programdata\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-11 00:55 . 2010-03-09 03:43 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-11-13 02:53 . 2010-04-16 06:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 18:41 . 2010-01-16 06:38 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}"= "c:\program files\Gamers Unite! Snag Bar\Helper.dll" [2011-01-07 356864]

[HKEY_CLASSES_ROOT\clsid\{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E2A57EE8-6A26-499F-95F8-A96E5C3BE17E}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
2011-01-07 06:48 1536000 ----a-w- c:\program files\Gamers Unite! Snag Bar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2011-01-07 1536000]

[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2011-01-07 1536000]

[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\registration.exe" [2003-11-25 729088]
"Firefly"="c:\program files\SnapStream Media\Firefly\Firefly.exe" [2006-06-06 180224]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\Winsim\ConnectionManager\SimplyConnectionManager.exe [2009-08-23 29992]
R3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\Winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [2009-08-23 42280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-01-15 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-01-15 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-01-15 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110107.002\IDSvix86.sys [2010-11-09 353912]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-01-15 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-01-15 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:10]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 18:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-10 18:03:12
ComboFix-quarantined-files.txt 2011-01-11 02:03
ComboFix2.txt 2011-01-11 01:31

Pre-Run: 47,252,733,952 bytes free
Post-Run: 47,228,243,968 bytes free

- - End Of File - - 93B4F3BB23979822018DA53204787C34

 

[Broni]

I don't like MBR report.
Let's double check....

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[charleneroyston]

Hi Broni,
Here is the bootkit file. The computer is already running better.

Thanks
Charlene

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[Broni]

We'll need to fix your MBR.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

**Important note to Dell users - fixing the MBR may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.

 

[charleneroyston]

Hi Broni,
Here's the MBR log. Looks better to me, but what do i know?

Thanks

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9500 Notebook PC
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 174):
0x81C43000 \SystemRoot\system32\ntkrnlpa.exe
0x81C10000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80407000 \SystemRoot\system32\PSHED.dll
0x80418000 \SystemRoot\system32\BOOTVID.dll
0x80420000 \SystemRoot\system32\CLFS.SYS
0x80461000 \SystemRoot\system32\CI.dll
0x80541000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060E000 \SystemRoot\system32\drivers\acpi.sys
0x80654000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065D000 \SystemRoot\system32\drivers\msisadrv.sys
0x80665000 \SystemRoot\system32\drivers\pci.sys
0x8068C000 \SystemRoot\System32\drivers\partmgr.sys
0x8069B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8069E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A8000 \SystemRoot\system32\drivers\volmgr.sys
0x806B7000 \SystemRoot\System32\drivers\volmgrx.sys
0x80701000 \SystemRoot\system32\drivers\pciide.sys
0x80708000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80716000 \SystemRoot\System32\drivers\mountmgr.sys
0x80726000 \SystemRoot\system32\drivers\atapi.sys
0x8072E000 \SystemRoot\system32\drivers\ataport.SYS
0x8074C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8077E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8078E000 \SystemRoot\system32\drivers\N360\0308000.029\SYMEFA.SYS
0x807DD000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8220C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8227D000 \SystemRoot\system32\drivers\ndis.sys
0x82388000 \SystemRoot\system32\drivers\msrpc.sys
0x823B3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8760C000 \SystemRoot\System32\drivers\tcpip.sys
0x876F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87802000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87912000 \SystemRoot\system32\drivers\volsnap.sys
0x8794B000 \SystemRoot\System32\Drivers\spldr.sys
0x87953000 \SystemRoot\System32\Drivers\mup.sys
0x87962000 \SystemRoot\System32\drivers\ecache.sys
0x87989000 \SystemRoot\system32\drivers\disk.sys
0x8799A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x879BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x879E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x879EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87711000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x879F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x879FC000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x87721000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87731000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87738000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x87741000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x87744000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8774E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8778C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8779B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x877B3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8BC0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BC99000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BCA9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BCB7000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8BCD1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BCE0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8BCF4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C004000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C105000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C20C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C94E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C9EF000 \SystemRoot\System32\drivers\watchdog.sys
0x8C18B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C19E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C9FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C1C9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BD45000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BD74000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C1D4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C1DF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BDB5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BDC0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BDE3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x877B9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x877CD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x877E2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C9FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805CA000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C1F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BDF2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D008000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D03D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D04E000 \SystemRoot\system32\drivers\CHDART.sys
0x8D07A000 \SystemRoot\system32\drivers\portcls.sys
0x8D0A7000 \SystemRoot\system32\drivers\drmk.sys
0x8D0CC000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D209000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D30C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D3C0000 \SystemRoot\system32\drivers\modem.sys
0x8D3CD000 \SystemRoot\System32\Drivers\x10uif.sys
0x8D3D0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D109000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D12A000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0x8D3E7000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8D3F4000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8D17D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D200000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D803000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110111.020\NAVEX15.SYS
0x8D94E000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8D973000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110111.020\NAVENG.SYS
0x8D987000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D98F000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0x8D999000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D9A2000 \SystemRoot\System32\Drivers\Null.SYS
0x8D9A9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D9B0000 \SystemRoot\System32\drivers\vga.sys
0x8D9BC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D9DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D9E5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D9ED000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D192000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D1A0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D1A9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D1BF000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0x877F2000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
0x807E6000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0x94A03000 \SystemRoot\system32\DRIVERS\smb.sys
0x94A17000 \SystemRoot\System32\DRIVERS\netbt.sys
0x94A49000 \SystemRoot\system32\drivers\afd.sys
0x94A91000 \SystemRoot\system32\DRIVERS\pacer.sys
0x94AA7000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x94AB0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x94ABE000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x94AC0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x94AD3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x94AD9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x94B15000 \SystemRoot\system32\drivers\nsiproxy.sys
0x94B1F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110111.001\IDSvix86.sys
0x94B7A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x94BD8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9600C000 \SystemRoot\System32\Drivers\dfsc.sys
0x96023000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0x9609E000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0x960E0000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x960EA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x960F7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x96102000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9DEE0000 \SystemRoot\System32\win32k.sys
0x9610A000 \SystemRoot\System32\drivers\Dxapi.sys
0x96114000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9E100000 \SystemRoot\System32\TSDDD.dll
0x9E120000 \SystemRoot\System32\cdd.dll
0x96123000 \SystemRoot\system32\drivers\luafv.sys
0x96146000 \SystemRoot\system32\drivers\spsys.sys
0x879C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA4A0F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA4A39000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA4A43000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA4A56000 \SystemRoot\system32\drivers\HTTP.sys
0xA4AC3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA4AE0000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA4AF9000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA4B0E000 \SystemRoot\system32\drivers\mrxdav.sys
0xA4B2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA4B4E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA4B87000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA4B9F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA6802000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E130000 \SystemRoot\System32\ATMFD.DLL
0xA6868000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA686C000 \SystemRoot\system32\drivers\peauth.sys
0xA694A000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6954000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6960000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA6975000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA6987000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x77B00000 \WINDOWS\System32\ntdll.dll

Processes (total 69):
0 System Idle Process
4 System
444 C:\WINDOWS\System32\smss.exe
516 csrss.exe
568 csrss.exe
576 C:\WINDOWS\System32\wininit.exe
616 C:\WINDOWS\System32\winlogon.exe
652 C:\WINDOWS\System32\services.exe
664 C:\WINDOWS\System32\lsass.exe
676 C:\WINDOWS\System32\lsm.exe
820 C:\WINDOWS\System32\svchost.exe
864 C:\WINDOWS\System32\nvvsvc.exe
888 C:\WINDOWS\System32\svchost.exe
992 C:\WINDOWS\System32\svchost.exe
1020 C:\WINDOWS\System32\svchost.exe
1056 C:\WINDOWS\System32\svchost.exe
1148 C:\WINDOWS\System32\audiodg.exe
1172 C:\WINDOWS\System32\svchost.exe
1192 C:\WINDOWS\System32\SLsvc.exe
1224 C:\WINDOWS\System32\svchost.exe
1316 C:\WINDOWS\System32\rundll32.exe
1436 C:\WINDOWS\System32\svchost.exe
1684 C:\WINDOWS\System32\spoolsv.exe
1716 C:\WINDOWS\System32\svchost.exe
1916 C:\WINDOWS\System32\taskeng.exe
1924 C:\WINDOWS\System32\dwm.exe
1972 C:\WINDOWS\System32\taskeng.exe
1984 C:\WINDOWS\explorer.exe
336 C:\Program Files\Google\Update\GoogleUpdate.exe
1400 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1432 C:\Program Files\HP\QuickPlay\QPService.exe
1724 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
1908 C:\WINDOWS\System32\rundll32.exe
308 C:\Program Files\Lexmark 5400 Series\lxctmon.exe
1844 C:\Program Files\Lexmark 5400 Series\ezprint.exe
968 C:\Program Files\SnapStream Media\Firefly\Firefly.exe
1864 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
876 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2072 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2148 C:\Program Files\iTunes\iTunesHelper.exe
2200 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2228 C:\WINDOWS\System32\spool\drivers\w32x86\3\lxcttime.exe
2248 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2256 C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
2336 C:\Program Files\Windows Sidebar\sidebar.exe
2396 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2484 C:\Program Files\Bonjour\mDNSResponder.exe
2500 C:\Program Files\Skype\Phone\Skype.exe
2520 C:\WINDOWS\System32\svchost.exe
2528 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2536 C:\Program Files\Windows Media Player\wmpnscfg.exe
2568 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2636 C:\Program Files\Windows Sidebar\sidebar.exe
2836 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2960 C:\WINDOWS\System32\lxctcoms.exe
3008 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
3056 C:\WINDOWS\System32\svchost.exe
3416 dllhost.exe
3964 C:\Program Files\Skype\Plugin Manager\skypePM.exe
492 C:\WINDOWS\System32\svchost.exe
976 C:\WINDOWS\System32\svchost.exe
1324 C:\WINDOWS\System32\SearchIndexer.exe
2676 C:\WINDOWS\System32\drivers\XAudio.exe
2192 WUDFHost.exe
2376 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
1872 C:\WINDOWS\System32\SearchProtocolHost.exe
1072 C:\WINDOWS\System32\SearchFilterHost.exe
3996 C:\Users\Char\Desktop\MBRCheck.exe
728 C:\WINDOWS\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001a`1accfe00 (NTFS)

PhysicalDrive0 Model Number: ST9120822AS, Rev: 3.BHE
PhysicalDrive1 Model Number: WDCWD800BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Broni]

Looks good

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[charleneroyston]

Hi Broni,
Here is the Extras.txt file.
Thanks

OTL Extras logfile created on: 12/01/2011 3:00:21 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Char\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): c:\pagefile.sys 600 100000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.42 Gb Total Space | 44.49 Gb Free Space | 42.61% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 60.11 Gb Free Space | 80.65% Space Free | Partition Type: NTFS
Drive E: | 7.37 Gb Total Space | 0.70 Gb Free Space | 9.52% Space Free | Partition Type: NTFS

Computer Name: CHAR-PC | User Name: Char | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37636A4B-42BC-4904-ABAE-9252A8285CBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BCE29E77-AE9B-4033-91BF-7A83602D95E8}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008D6223-D9EB-4A27-994A-46A188B8A671}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00D81AC7-48AD-4717-86C8-EBDED78DD5CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0176623D-1105-46A1-9B5D-50D958AA145C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02B53BE0-4C23-4990-8B97-0034207777A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{042C84ED-B6F3-4062-9A5A-A400076B6B94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{048FF465-F7D4-476E-A810-C27C5DE737D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04919A90-046D-477A-BE66-790D2EF73239}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{084394EF-FE2C-47B7-B969-AAF45AA6171B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08A35C62-59BA-4676-BA22-8385FB54D353}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B07429D-EA96-4926-92CD-C55BE466E29A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E99A272-9B6E-47C7-8E1B-8D620F42293F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0EB6BEB8-0ADF-4961-ADC9-18E982C6B262}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F34623B-FEF7-4EEF-A97E-396E86724291}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{102FD916-8DBA-4371-8F73-62C7BD3AA99B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{131E46B8-054A-478B-9FBD-E5DB1A279BC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{162A47BE-5B7F-4D2A-9033-F853D3BA6A57}" = protocol=17 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
"{1678946A-92BA-4354-A206-E920D92C4B1D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1741A591-BB5A-4281-8AA5-5F01251B44C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17F54C34-4BCB-43C4-BD15-588892E6DC3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18021892-190F-4DE8-A6D8-A4B82F6EA56E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C0A8B7A-80B3-4783-A3BB-85B306CB8751}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CE17529-A187-486A-8912-4CF6BB61F8EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E2780CD-5F33-499E-AB5D-D389F35A894A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E88EE74-11D6-4FB7-B6CF-5CCD5D8F0394}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F33A704-DD39-4FA3-8857-8624AF214592}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F621F58-36B1-4BF2-96E0-5BD75BDBA524}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FB2F1CC-3914-4325-B117-9F2F513B3608}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FF24F73-2992-4607-8301-904B19C5F09A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20699EAC-9227-434E-8A46-83F0D3E2F164}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20D0D804-3ED1-48D2-836A-AEDFE7A50DFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24062E01-CC59-46F6-8884-761BF76D9A3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25B65718-EEBF-4CB7-A1D4-4EC015566B36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2697DB27-FCDB-4AFE-916C-B720502E4A6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{275A2075-2781-4FD9-9EFC-412549A2470B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27A50E90-3071-47E1-8E40-C50773C3CDCE}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
"{282E84AD-82FE-4F13-8F08-E7F0A61D97F2}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
"{2B6BD31C-6109-4CC1-9E4D-9021FFC3AD41}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{2CE5957C-E146-4E43-B005-D942CB04DFFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FF3BAEB-B2EA-47DE-8198-8DA3A091FF7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{305F5277-A27C-4BEC-B8C7-FF2DC2D76EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30711A66-ABBE-48E7-B699-609C5BB27C97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{324FCE5A-E03E-4AD8-AE90-E2F1AC2D64DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3339ED1E-1A20-491C-9CE5-1CC6EACF1A03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{343C1EBE-AE1F-4C92-BC06-6241C14F26BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3665E115-741A-4D2A-8053-05A0C0BCF8D0}" = protocol=17 | dir=in | app=c:\program files\gamers unite! snag bar\troubleshooter.exe |
"{3800D361-60E2-4BA7-B1F7-F3BB26D414B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38B24C58-2323-485B-A806-275A2C5A2DEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3902F2C6-0DCF-4ED3-A83A-8B6BF633A6C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3926EB57-0B7F-4DDE-9E21-3D0C769D66B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3997E419-AC49-4028-8576-4F7A6BE3B9CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B33EF68-9F8F-4F5C-A6AB-7884A78549AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3CB11994-CE54-4DF1-A152-0D74F8D29D50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EB9AAFF-EE9F-481C-8469-DFB903F7DE67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EF44183-4A63-48DE-B7FF-06C3F9BAA808}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F5622B1-40F8-4A7E-9865-705A7A7D2205}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F908619-B57B-4F51-9A61-D43CB9095089}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FD13C75-D29F-43FB-B2F3-47D2D97708C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{416221A8-4A6B-4932-BB64-5672CC7EAC81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41FE0575-F0E3-4ACC-A3CB-943DBB8AD00E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42361472-D44C-4D95-85D6-53C2963CBAEA}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{425B9284-0772-4C19-AAC0-05B58177888B}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
"{429FA0AB-5803-43D6-9A8F-4A4D0463152D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{432F078F-C5A0-4DA0-B3D4-92440C307302}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{435EBBFB-34B1-4D70-9422-BEA92BFAB944}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43998EC1-761F-437D-995E-A707AF32E026}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44851F47-8035-4B27-A2F1-EC62938959AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46525B80-4275-4330-BFBA-D0B7134B7BA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4677DB6F-72C0-46C6-89DA-00F1AA84B825}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46F3422F-72E7-4A3D-B94F-5B254933FE4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AA3E840-63EC-445E-97F4-1D7FB403BABA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AD11681-92A2-41A1-8160-55DDC2E4C822}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AD14B14-C2FF-4C4E-8461-E2468FEAE9DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AD51B0F-CA69-40E9-BC8E-BFC329D75AF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D1FD388-3AC6-4404-AE41-8E53C28422B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D83AEFC-17DC-49D3-B562-0C1BD8242B19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4DBC0465-207C-42D6-9872-A0D76D9F94D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F668D70-96E5-4276-8A8D-78757E378184}" = protocol=6 | dir=in | app=c:\program files\gamers unite! snag bar\toolbarupdate.exe |
"{4FCFDB6B-E744-414E-A6BF-F59A87BD8617}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55953B8D-6B30-4460-81F9-411642605F72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56407330-E098-4F80-8D89-389ACD3D7729}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56D24142-F7A2-4C05-AA36-B1B72FFD1548}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5701708A-AF24-4A6C-A734-4371A4298624}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{576E4F16-7C2B-49D1-9191-C7E2D162B5A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5785622F-4958-487D-8140-01D32A04C20F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5EC95A57-1E0A-4A64-9EAE-ABDE35D27845}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F183E14-482E-4AF8-AF92-F4E1F547080C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F24D488-9849-414D-ADF3-9CDCB423E5FF}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{6305492F-50A1-4A64-8BC0-540991C94018}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{637B4543-128F-4D75-8717-CDFC74E47903}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63D66EE2-07AD-4EF9-862F-F60F34E12300}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6627A9DB-67D2-4869-8751-5C9F0472A7CF}" = protocol=17 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
"{663CEBF1-27EE-4E3B-A6A1-5FFC52DC1F9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{679DAAC6-E3BF-48A2-9873-8FEA326EF2F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67BA5EA6-D3F0-43A8-BDFF-314F85459289}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6882E7F8-B804-40E9-9183-C6A351E65C4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68EBA4DA-FA87-4FBF-8D84-986828C51E5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{691460BB-747C-4918-AB34-58FAD7A7B57B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6AD81DE3-4AD3-4436-AA14-1592D272F848}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B5183A0-4148-4235-85E3-9AEDAD8D662C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C51F2C2-8D97-46E3-B836-8D04ADFEFBA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CB6EF04-E5D9-435D-AB6C-2EBBB0D12936}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DE76C5C-A07B-4E05-B057-10FD326A8D9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E5280B2-2B89-416C-9D5F-42BA3E449370}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F4BDB2C-B60B-4169-A7EF-855F99E0459A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F9C949B-999E-4AAE-851C-54E8AE1651D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{706C11AE-8D0F-4F89-9C23-DC968A8587DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70E590E3-9637-48F6-B8BB-0E60E151F378}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71C3B0D5-C4A7-4493-B201-0F5A8926FB0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71F5BDE9-2FB2-4745-8478-7D6A5214EAA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73B35EA8-88F0-47B2-9E36-79626136F287}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7468A98B-C566-4B9E-96EA-D11F3ED33308}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75DEB671-0183-436E-9837-7103962E779C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7600CB2D-9897-42BA-90E7-0A4E4D01114F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{769FECE0-B506-4F6D-A6DD-179475FD2A66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77745625-51D4-489B-89DD-4DC96C20849A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7824E68A-E9F6-4DFF-B27D-D4C239A6550E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{786D2292-3C50-48B1-A9EC-3C5E0AED5B98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7931B318-D6FE-4573-9292-14BEFF3E14B3}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{793535B3-9B52-4CE7-8080-DA51F8AA3A34}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A097AC4-E89A-4C27-9FAF-02DFC4626C4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BBDA623-F5A3-4508-AD97-49A78F59DA14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C2C246A-2EB3-4A8A-937D-78D0DCAF77B4}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{7D13B515-7908-4992-8477-9459B2EF8B86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DA08373-8093-4B8D-9BB4-10628ADFBA8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DB1C91D-CA5A-4166-9465-740F2D55341D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EF8F3B3-E8DC-4414-99CA-1DD7C7309B0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FADE229-1627-465C-9381-1ABAFC8FAC3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80360E7A-F66B-42E7-8051-668CACD97ADD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80A3B9A7-BDAC-4361-9747-8987B44C8AF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{814BFD02-879F-4A54-AD5C-CADAF1F5F2AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82038C29-385F-43D7-AFB1-C2C9DB83F8DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8263BC8D-4E18-4EC1-938A-DB35F13484F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82AAE1E4-7AA3-4359-89CE-C82B5D3E1605}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83D292BD-4D42-4AE3-B635-B504671B5773}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8590EADB-E298-4CB3-BF6F-DA8567F55F47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85E7B6FA-03A1-471D-9319-4F4A7805AF17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8642FEDD-831C-4521-A9A5-8D5F18C4F37D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87541379-9543-4106-B388-3AAF1671015D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87E3346F-AD9B-4D84-9AAD-16F12EA4C08B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87F94A51-625F-48C3-8B31-F6B2F4424E43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{884F9E89-E396-42BE-8E8D-9C0A0AF8CC16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{889FCD21-97FD-43D9-99DE-8B10679E59DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{892B9AD4-EECA-41F2-8804-7F4B99FEDF97}" = protocol=6 | dir=in | app=c:\program files\gamers unite! snag bar\troubleshooter.exe |
"{8AFCA5ED-72E4-4433-9DC0-E15D9FB04DEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B3C8150-F6E5-4526-B5AD-A7E178EDA2D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BD8135C-47D3-4E3C-993E-3AACFF9EC6D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BDADDFA-8D3E-4DA3-A3AC-0AC27AEC77E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C0AD62C-A1BD-4529-A47F-B9628639E18F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C336878-DA6F-45C6-AEF5-C9163906D22B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C925690-CCFA-4605-A09A-32747608D392}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CE761E0-9575-4DEC-8EF7-C4A825D8FD01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E6FD7A7-B6CB-47DF-B0A8-87F9E9065D9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{909C98BF-0110-4293-9DC5-1EF3D36ADD89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91EBEAA4-603F-4659-9794-BE547E9A473D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92F23280-4549-4BB7-9C57-98E3DD0F5D1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{953A3848-2C60-4F1D-B48C-AD36E142BF23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{953AE4B6-DDFE-4163-8397-66E8524E29AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95FDF127-A261-4FD7-B49B-1CD032B3D483}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98C98F09-9863-4B69-A1D6-9D9618A10FB2}" = protocol=6 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
"{99DA04BB-3D85-497A-95FF-C1D00DF6D035}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{9A6D6AD8-9BD3-4660-86A2-DB900BC58544}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B6D099D-B88B-4AB8-91D1-9B50236A5A06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B6F58C6-E025-4633-99C0-74192E02BD52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BEDB7D4-9C3E-4722-9075-91023930FEBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C2FEE99-1ECF-4B98-A920-EEB53F673BAA}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9DE5A9E8-1EE1-42EA-8DC8-DD78D550CB16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E6CF817-74F5-47B9-B49B-2C07D6A7E16B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EC7395A-4EAC-463F-B4D2-08F19D98E619}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9ED07FB5-2A81-4773-AB4F-032E9DB04ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1C8651F-2116-456E-BA0C-C90A80A540A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2703418-53BC-480D-873D-A43FF5E34250}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A39E858B-A96D-4742-A05E-EFFF3E34B158}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A5579EE9-DCA7-423B-9C2C-115DF6CEF1D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A63F82EE-8346-4EEA-A5C1-C7219A22D2DF}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{A64B9783-EC3D-4053-BD3C-F300FC0925A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A657CAA0-6AF0-4943-915C-0317A17B520B}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A7FBC710-4721-4771-9648-688C2734E86D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A88C8476-3DEA-4660-8430-2349B259ED72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8CAB36D-8E5A-4913-A8C6-F3061D0B9A14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB75E8A3-BDD3-4A83-A7C6-700C0CC1CD60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB8F4EC5-7ECA-404B-BC19-37CB6CF1CE65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB9833B1-AF8B-41BE-9942-A4E5C5898C20}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{ADABB7BE-B0EC-4898-BA1C-78EABC802E68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF44BD26-C68B-4772-964D-966653A99419}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFDBCA0E-558D-479E-AB75-E8D40B01639F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFE39E09-2AB0-4828-855A-82AD18D777DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B10D5D6E-928F-45DD-B1AF-67F909045CED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B11AC731-7567-4EF1-B0D0-CA9D303BDB4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2D00770-A3F5-4614-897C-84D006A4EB64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5389AE9-490F-491A-8FF7-08067581BF9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B59753B5-B0DF-46D4-ADFF-8F1B5B22208A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6CF02A9-0CFF-4D13-BBF0-A70B6FC16F59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8579982-0A4C-44E8-ABA4-A4C830CF9CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA077B67-E6A0-4806-A888-F63BDF70CFFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA78EC7D-3C34-401D-BE8C-EC168ACA7759}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBBFAAB0-760A-4BD5-98C7-F7EB3EE980B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCF0F81E-DB20-4B9E-90E8-C2E40859E9F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD62D99A-DE7F-4C02-82E9-2B796B3DC0FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDFE2D5D-2B89-4A33-BBD8-4A82559FF88F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C352E9F2-CB37-4112-8B7C-03BFF9E5F6BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4563382-4429-4F68-9CD6-125F24B204F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C69A6FAC-6980-41A8-8AC0-DEB8A8514732}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C80BCA25-B258-49EA-AA52-311C94B22D4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8C8318E-5382-451F-A22D-4963A196CFD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA1B4C9A-312C-48FE-9064-97C6E212F51F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB42D62D-AAF4-4B77-A5E6-D10CE0198E74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB5FE069-4124-4EB4-856C-B4FC4568C946}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBF71C44-9ABF-472E-B709-2050CAF47A19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD46991B-3C62-4B62-879C-171C2FB4A058}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE116C4F-BA07-432C-B2FC-4F9F8DB612B5}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{CE78A205-6A81-4EB3-91A8-9039B930794A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE7E718C-5878-4F6B-8DF4-25BA813EA809}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEE04172-533E-4D70-8D8F-D3C1168F45CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF19D828-5F2E-4FF7-B678-5777837D1D60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF6A3562-A5FA-4B6D-B205-7FCE8F8D1B54}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{CFFD723B-2627-4CED-BDD7-2FF230129D2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D14B81C6-C525-4EC4-9FAC-99FE072BF559}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D17AD6D3-0EFD-4619-BA10-5CA5E14F2BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D332C6EB-249C-45B8-BB41-C118BCC07E9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3C163AB-B075-424A-AF10-B0E19894F08F}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{D9B1CF71-BBB0-4ED7-B215-62A2D4F615BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9B31EE4-FE2B-4599-AEFE-0F08EF8D9A46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9C993E0-69B3-44EA-8854-5FB661CBDD27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAFB11B9-61D5-49E4-B6CF-6872073A7F37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC33C659-91CF-48B8-9D2F-C894637627FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC98E1CB-15F7-498A-9E1A-C5AAC671C3AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD2529CF-2BD7-4D91-94C4-2DCBEF6B317A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD7E3FA4-2476-400A-9295-EE53ACF0D6C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE43C9ED-5E41-45D6-97D4-E1AB90174D91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE867999-686E-497D-A2ED-CC49E8CD3D86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF31DC84-E567-480C-8A8B-06F5C28FCFD3}" = protocol=17 | dir=in | app=c:\program files\gamers unite! snag bar\toolbarupdate.exe |
"{E2217CEA-2A0C-4A66-8171-3B4C9ABEE6C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E2B1491C-579F-4AA8-AA27-7434CF61FAFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E30280A1-0CD8-4195-9F82-B6F199449C6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E558927C-A351-4B97-9CF4-114ADF75F459}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5850D22-19ED-4922-924E-F5CBDEB26A3B}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
"{E647CE9F-DBAE-4DDB-A535-0C58DCF9AC0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E717EBA0-72F6-408F-BCC1-BA6690CA89F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E93AA77E-1A70-4882-A290-E528FB021D59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB8A6EAB-8020-4CB6-9D72-DC8F60EC99FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC73292E-A939-4CA4-909A-44B295AE56C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED0106B0-BBC0-467A-ABED-0ADE94E7AF14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED52EB99-6C61-4D95-92DD-FEE59DF7D07B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED534F2F-71F4-4B4A-AEA7-AB350F49A06E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE21F210-8771-43A3-87BC-05E6C8BC92C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE93C0C3-0A3E-413D-BFAF-27CDCD370691}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EF41341B-ACED-477C-B25A-802F0466F5EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0A9110B-8EEB-43AF-A557-91F989A6D157}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2262CCB-F1AE-4571-A590-024E224D3795}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2A5B8FE-48F2-42F7-BBA2-EA6C316B7C2D}" = protocol=6 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
"{F2BCC3C4-9559-492A-826D-DA3BEA3E8FB2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F44AA201-DD8A-496F-8196-3AEB58C65D54}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F5C35289-ACDB-4B11-A127-DB16F654B328}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5F781C7-F250-428B-85FD-330BFD41B841}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F630A9C2-2562-4C70-AB7B-E9238699D141}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8AEED78-F061-40DD-9A52-787BB7AD859D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8EAD6BF-836B-49B4-A0C2-062C5427E556}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{F9AFBE7A-7D88-4D49-AFFB-FAE82E4C4564}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAE1D51C-27F8-4D5F-8968-BB9090D894A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC6FEC51-E196-4700-9B43-909372F1931B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD32AF56-F183-405C-9A1B-2389D822D6D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD706EFC-CF72-4B62-8E9E-E5A52C16505C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FED955BC-7797-4A98-B9CA-9CA838B1CC8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEF3255F-F2CC-4E95-A32D-3B1DFA167813}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF4F3DE4-69BA-46EE-BC79-4FB26CA933DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF6EF8A3-BFBA-4678-8F14-90D0A5779814}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FF9C5237-643E-4EFC-8A75-D6D9E5274170}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{17BEE93F-F4D0-4798-856B-A6777AE7B309}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{2FBC9FB9-311D-4C9B-82E7-8989804A2FBA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{57776F94-ECFC-4D26-AE81-6CC04E48FA95}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{92DE8CCF-FBE3-44A4-A1F7-03E46B99A35E}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B71F99D1-D5E1-4C37-820A-96AE64268E09}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{437995C6-AA76-4BBC-9F3D-D5D34A3EA10B}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{5135C0F3-3AA6-47B6-ADA1-98356349F2AD}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D6A1D5B0-B1EC-4933-84FD-C7982D23E96E}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{E64BFA76-72BB-4AD1-8351-8696020E4580}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{F21D7305-D327-4898-816C-F4D02BB5074F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}" = Avira RootKit Detection
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
"{5BB74B26-8320-4846-951F-84CFFAD671C6}" = Simply Accounting by Sage 2010
"{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}" = Everio MediaBrowser
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C7B7BD2-AFBB-4D90-9B47-42D5FE5A9220}_is1" = FutureTax 2009 for NETFILE
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F85D2E97-015D-4B26-8C20-20F9C7A7BAD0}" = Simple Adblock
"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BitTorrent" = BitTorrent
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"Firefly" = Snapstream Firefly 1.2.1.916
"Gamers Unite! Snag Bar" = Gamers Unite! Snag Bar
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{5BB74B26-8320-4846-951F-84CFFAD671C6}" = Simply Accounting by Sage 2010
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Lexmark 5400 Series" = Lexmark 5400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"PoivY_is1" = PoivY
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaskPrompt_is1" = TaskPrompt
"WildTangent hp Master Uninstall" = HP Games
"WildTangent hplaptop Master Uninstall" = My HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinRAR archiver" = WinRAR archiver
"WT087683" = Trine
"WTA-7194312d-a7eb-432c-81c7-491614758c85" = Dream Day Wedding - Bella Italia
"WTA-95de3ee0-2169-4ed7-93de-f841b121de89" = Escape Whisper Valley(TM)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Broni]

I still need OTL.txt log.