TechSpot

IE redirects and crashes

Inactive
By charleneroyston
Jan 8, 2011
  1. Hi There!
    I have followed your directions for the 8 steps to remove malware and I am pasting the logs below. I could not GMER to work no matter what, even when I tried in safe mode and unclicked all the boxes on the right as directed. I used avira anti-rootkit instead and have included that log.
    Please help, this is driving me crazy!!!

    Thanks
    Charlene

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5468

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    07/01/2011 6:14:44 PM
    mbam-log-2011-01-07 (18-14-44).txt

    Scan type: Quick scan
    Objects scanned: 146110
    Time elapsed: 10 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Char at 18:25:21.67 on 08/01/2011
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.986 [GMT -8:00]

    AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Program Files\SnapStream Media\Firefly\Firefly.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxctcoms.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

    Avira AntiRootkit Tool - Beta (1.0.1.17)

    ========================================================================================================
    - Scan started January-08-11 - 18:03:07 PM
    ========================================================================================================

    --------------------------------------------------------------------------------------------------------
    Configuration:
    --------------------------------------------------------------------------------------------------------
    - [X] Scan files
    - [X] Scan registry
    - [X] Scan processes
    - [ ] Fast scan
    - Working disk total size : 104.42 GB
    - Working disk free size : 44.27 GB (42 %)
    --------------------------------------------------------------------------------------------------------

    Results:
    Value data mismatch : HKEY_USERS\S-1-5-21-3342059876-170799827-71789101-1000\Software\AppDataLow\-2j__GY_dL70RKO -> 2030223344201
    Value data mismatch : HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM -> autorecover mofs

    --------------------------------------------------------------------------------------------------------
    Files: 0/345144
    Registry items: 2/418759
    Processes: 0/72
    Scan time: 00:15:44
    --------------------------------------------------------------------------------------------------------
    Active processes:
    - zmuojlfd.exe (PID 6360) (Avira AntiRootkit Tool - Beta)
    - System (PID 4)
    - smss.exe (PID 432)
    - csrss.exe (PID 500)
    - wininit.exe (PID 552)
    - csrss.exe (PID 564)
    - services.exe (PID 596)
    - lsass.exe (PID 612)
    - lsm.exe (PID 620)
    - winlogon.exe (PID 696)
    - svchost.exe (PID 796)
    - nvvsvc.exe (PID 848)
    - svchost.exe (PID 876)
    - svchost.exe (PID 936)
    - svchost.exe (PID 1000)
    - svchost.exe (PID 1020)
    - audiodg.exe (PID 1116)
    - svchost.exe (PID 1140)
    - SLsvc.exe (PID 1160)
    - svchost.exe (PID 1200)
    - rundll32.exe (PID 1284)
    - svchost.exe (PID 1444)
    - spoolsv.exe (PID 1724)
    - taskeng.exe (PID 1732)
    - svchost.exe (PID 1796)
    - dwm.exe (PID 1812)
    - explorer.exe (PID 1856)
    - rundll32.exe (PID 1900)
     
  2. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Your DDS log is incomplete.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. charleneroyston

    charleneroyston TS Rookie Topic Starter

    IE searches hijacked & crashes

    Hi Broni,
    As I stated in my previous thread, my IE8 keeps getting hijacked to weird sites when I search and crashes all the time, particularly when switching tabs. I CAN NOT GET GMER TO RUN to matter what. It stops working whether I switch off all the boxes or run un safe mode and I totally switched off my Norton 360. I used Avira anti-root tool instead, which worked without a hitch, and have included this log as well as the Malware and DDS log.
    Please help!!! This is driving me crazy!!!

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5468

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    07/01/2011 6:14:44 PM
    mbam-log-2011-01-07 (18-14-44).txt

    Scan type: Quick scan
    Objects scanned: 146110
    Time elapsed: 10 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Avira AntiRootkit Tool - Beta (1.0.1.17)

    ========================================================================================================
    - Scan started January-08-11 - 18:03:07 PM
    ========================================================================================================

    --------------------------------------------------------------------------------------------------------
    Configuration:
    --------------------------------------------------------------------------------------------------------
    - [X] Scan files
    - [X] Scan registry
    - [X] Scan processes
    - [ ] Fast scan
    - Working disk total size : 104.42 GB
    - Working disk free size : 44.27 GB (42 %)
    --------------------------------------------------------------------------------------------------------

    Results:
    Value data mismatch : HKEY_USERS\S-1-5-21-3342059876-170799827-71789101-1000\Software\AppDataLow\-2j__GY_dL70RKO -> 2030223344201
    Value data mismatch : HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM -> autorecover mofs

    --------------------------------------------------------------------------------------------------------
    Files: 0/345144
    Registry items: 2/418759
    Processes: 0/72
    Scan time: 00:15:44
    --------------------------------------------------------------------------------------------------------
    Active processes:
    - zmuojlfd.exe (PID 6360) (Avira AntiRootkit Tool - Beta)
    - System (PID 4)
    - smss.exe (PID 432)
    - csrss.exe (PID 500)
    - wininit.exe (PID 552)
    - csrss.exe (PID 564)
    - services.exe (PID 596)
    - lsass.exe (PID 612)
    - lsm.exe (PID 620)
    - winlogon.exe (PID 696)
    - svchost.exe (PID 796)
    - nvvsvc.exe (PID 848)
    - svchost.exe (PID 876)
    - svchost.exe (PID 936)
    - svchost.exe (PID 1000)
    - svchost.exe (PID 1020)
    - audiodg.exe (PID 1116)
    - svchost.exe (PID 1140)
    - SLsvc.exe (PID 1160)
    - svchost.exe (PID 1200)
    - rundll32.exe (PID 1284)
    - svchost.exe (PID 1444)
    - spoolsv.exe (PID 1724)
    - taskeng.exe (PID 1732)
    - svchost.exe (PID 1796)
    - dwm.exe (PID 1812)


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Char at 18:25:21.67 on 08/01/2011
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.986 [GMT -8:00]

    AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Program Files\SnapStream Media\Firefly\Firefly.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxctcoms.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
     
  4. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    DDS.txt log is incomplete.
    Attach.txt is missing.
     
  5. charleneroyston

    charleneroyston TS Rookie Topic Starter

    Hi again Broni,
    Thank you again for your patience with someone who knows nothing about this stuff. I guess I didn't wait long enough for the second file to pop up and I can't read :)
    Here is the attach.txt file.

    Thanks
    Charlene


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 28/12/2009 11:39:04 PM
    System Uptime: 09/01/2011 3:39:03 PM (1 hours ago)

    Motherboard: Quanta | | 30D1
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 104 GiB total, 44.128 GiB free.
    D: is FIXED (NTFS) - 75 GiB total, 60.105 GiB free.
    E: is FIXED (NTFS) - 7 GiB total, 0.702 GiB free.
    F: is CDROM ()
    G: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP6: 14/01/2009 4:47:03 PM - Scheduled Checkpoint
    RP7: 14/01/2009 10:55:41 PM - Device Driver Package Install: Symantec Network Service
    RP8: 14/01/2009 11:01:42 PM - Norton 360 Registry Clean
    RP9: 18/01/2009 2:35:23 PM - Device Driver Package Install: NVIDIA Display adapters
    RP10: 18/01/2009 2:38:07 PM - Device Driver Package Install: Conexant Sound, video and game controllers
    RP11: 18/01/2009 2:40:13 PM - Device Driver Package Install: CXT Modems
    RP276: 26/12/2010 12:52:22 PM - Windows Update
    RP277: 27/12/2010 7:09:41 PM - Removed Simply Accounting by Sage 2010
    RP278: 27/12/2010 7:10:08 PM - Removed Simply Accounting by Sage 2010
    RP279: 28/12/2010 2:15:21 AM - Windows Update
    RP280: 30/12/2010 2:15:10 AM - Windows Update
    RP281: 31/12/2010 1:43:17 AM - Windows Update
    RP282: 03/01/2011 10:19:27 PM - Windows Update
    RP283: 04/01/2011 2:04:02 AM - Windows Update
    RP284: 04/01/2011 12:02:19 PM - Installed Simply Accounting by Sage 2010
    RP285: 04/01/2011 12:02:54 PM - Installed Simply Accounting by Sage 2010
    RP286: 04/01/2011 2:59:03 PM - Installed Rosetta Stone Version 3
    RP287: 04/01/2011 3:03:45 PM - Installed Rosetta Stone Version 3
    RP288: 06/01/2011 11:02:21 PM - Restore Operation
    RP290: 06/01/2011 11:25:11 PM - Restore Operation
    RP292: 07/01/2011 7:04:35 PM - Installed Avira RootKit Detection

    ==== Installed Programs ======================

    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira RootKit Detection
    BitTorrent
    Bonjour
    Conexant HD Audio
    CorelDRAW Graphics Suite 12
    DivX Setup
    Dream Day Wedding - Bella Italia
    Escape Whisper Valley(TM)
    ESU for Microsoft Vista
    Everio MediaBrowser
    Feedback Tool
    FutureTax 2009 for NETFILE
    Gamers Unite! Snag Bar
    GearDrvs
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Easy Setup - Frontend
    HP Games
    HP Help and Support
    HP Photosmart Essential 2.0
    HP Photosmart Essential2.5
    HP Quick Launch Buttons 6.20 B1
    HP QuickPlay 3.2
    HP Update
    HP User Guides 0056
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    Internet Explorer (Enable DEP)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 23
    Java(TM) SE Runtime Environment 6
    K-Lite Codec Pack 5.8.3 (Full)
    Lexmark 5400 Series
    LightScribe 1.6.43.1
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    MSCU for Microsoft Vista
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.0
    My HP Games
    MySQL Connector/ODBC 3.51
    Norton 360
    NVIDIA Drivers
    NVIDIA PhysX v8.10.29
    PoivY
    PSSWCORE
    QuickTime
    Rosetta Stone Version 3
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Simple Adblock
    Simply Accounting by Sage 2010
    Skype Toolbars
    Skype™ 4.2
    SmartAudio
    Snapstream Firefly 1.2.1.916
    Synaptics Pointing Device Driver
    Trine
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WildTangent Games
    WinRAR archiver
    Zynga Toolbar

    ==== Event Viewer Messages From Past Week ========

    09/01/2011 12:52:26 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
    09/01/2011 12:52:26 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    09/01/2011 12:51:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Simply Accounting Database Connection Manager service to connect.
    09/01/2011 12:51:28 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    09/01/2011 12:50:00 PM, Error: EventLog [6008] - The previous system shutdown at 12:40:39 PM on 09/01/2011 was unexpected.
    09/01/2011 12:49:53 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    09/01/2011 10:02:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    09/01/2011 10:02:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    09/01/2011 1:37:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    07/01/2011 6:45:50 PM, Error: EventLog [6008] - The previous system shutdown at 6:44:07 PM on 07/01/2011 was unexpected.
    07/01/2011 5:53:23 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    07/01/2011 10:52:45 PM, Error: EventLog [6008] - The previous system shutdown at 10:40:42 PM on 07/01/2011 was unexpected.
    06/01/2011 9:27:55 PM, Error: EventLog [6008] - The previous system shutdown at 9:22:31 PM on 06/01/2011 was unexpected.
    06/01/2011 3:26:18 AM, Error: EventLog [6008] - The previous system shutdown at 3:24:36 AM on 06/01/2011 was unexpected.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SYMTDI tdx Wanarpv6
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    06/01/2011 3:24:10 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2011 3:23:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    06/01/2011 3:23:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    06/01/2011 3:23:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    06/01/2011 3:23:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    06/01/2011 3:23:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    06/01/2011 3:23:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    06/01/2011 3:23:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    06/01/2011 3:23:00 AM, Error: EventLog [6008] - The previous system shutdown at 3:21:25 AM on 06/01/2011 was unexpected.
    06/01/2011 3:10:34 AM, Error: EventLog [6008] - The previous system shutdown at 3:09:17 AM on 06/01/2011 was unexpected.
    06/01/2011 2:53:25 AM, Error: EventLog [6008] - The previous system shutdown at 2:51:56 AM on 06/01/2011 was unexpected.
    06/01/2011 11:43:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    05/01/2011 9:41:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    05/01/2011 9:25:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    05/01/2011 9:24:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    05/01/2011 9:23:45 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    05/01/2011 6:47:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    05/01/2011 6:47:52 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    05/01/2011 6:47:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    04/01/2011 5:29:02 PM, Error: EventLog [6008] - The previous system shutdown at 5:20:25 PM on 04/01/2011 was unexpected.
    03/01/2011 10:42:01 AM, Error: EventLog [6008] - The previous system shutdown at 1:52:09 AM on 03/01/2011 was unexpected.
    03/01/2011 1:20:09 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Resume - Assistant Manager - retail, owned by Char, failed to print on printer Lexmark 5400 Series. Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 644880. Number of bytes printed: 644880. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\CHAR-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
    02/01/2011 11:10:21 AM, Error: EventLog [6008] - The previous system shutdown at 11:04:28 AM on 02/01/2011 was unexpected.

    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    I still need DDS.txt log.
     
  7. charleneroyston

    charleneroyston TS Rookie Topic Starter

    Hi Broni,
    I have posted it again below.

    Thanks


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Char at 16:32:12.98 on 09/01/2011
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1079 [GMT -8:00]

    AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Program Files\SnapStream Media\Firefly\Firefly.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxctcoms.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\conime.exe
    C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\Char\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.ca/
    uSearch Page =
    uSearch Bar =
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: FCToolbarURLSearchHook Class: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - c:\program files\gamers unite! snag bar\Helper.dll
    uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - c:\program files\gamers unite! snag bar\Toolbar.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
    BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
    mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
    mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
    mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
    mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\registration.exe /title="CorelDRAW Graphics Suite 12" /date=011711 serial=DR12WEX-1504397-KTY lang=EN
    mRun: [Firefly] c:\program files\snapstream media\firefly\Firefly.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-6 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-6 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-6 482432]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110107.002\IDSvix86.sys [2011-1-8 353912]
    R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-6 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-6 48688]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
    S2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-23 29992]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-30 21504]
    S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2009-8-23 42280]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-01-08 03:05:01 -------- d-----w- c:\program files\Avira GmbH
    2011-01-08 03:04:20 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
    2011-01-08 03:04:20 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
    2011-01-08 03:04:20 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2011-01-08 03:04:20 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
    2011-01-08 03:04:20 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
    2011-01-08 03:04:19 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
    2011-01-08 03:04:19 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
    2011-01-07 07:20:34 -------- d-----w- c:\program files\Conduit
    2011-01-07 06:37:41 -------- d-----w- c:\users\char\appdata\local\Zynga
    2011-01-07 04:39:17 -------- d-----w- c:\program files\Gamers Unite! Snag Bar
    2011-01-07 04:14:25 -------- d-----w- c:\users\char\appdata\local\ElevatedDiagnostics
    2011-01-07 04:06:47 -------- d-----w- c:\program files\Microsoft ATS
    2011-01-06 11:23:47 -------- d-----w- c:\users\char\appdata\local\Symantec
    2011-01-06 01:46:23 -------- d-----w- c:\users\char\appdata\roaming\CleanMyPC Software
    2011-01-05 01:32:22 49152 --sha-r- c:\windows\system32\sbeioi.dll
    2011-01-04 23:04:46 -------- d-----w- c:\program files\common files\Macrovision Shared
    2011-01-04 23:04:02 -------- d-----w- c:\program files\Rosetta Stone
    2011-01-04 23:04:02 -------- d-----w- c:\progra~2\Rosetta Stone
    2011-01-04 20:07:52 -------- d-----w- c:\windows\Crystal
    2011-01-04 20:07:52 -------- d-----w- c:\program files\Seagate Software
    2011-01-04 20:07:28 -------- d-----w- c:\program files\common files\AnswerWorks 5.0
    2011-01-04 20:04:23 -------- d-----w- c:\program files\Simply Accounting Enterprise 2010
    2011-01-04 10:05:29 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c2ae2fc8-6bb3-47c1-b0b5-9b38fca48491}\mpengine.dll
    2010-12-17 02:08:54 -------- d-----w- c:\users\char\appdata\roaming\Malwarebytes
    2010-12-17 02:08:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-17 02:08:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-17 02:08:44 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-17 02:08:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-15 00:11:53 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-15 00:11:06 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-12-13 23:02:02 -------- d-----w- c:\users\char\appdata\local\Sage Software
    2010-12-13 22:35:44 -------- d-----w- c:\users\char\appdata\local\Simply Accounting
    2010-12-13 22:35:00 -------- d-----w- c:\program files\common files\ODBC
    2010-12-13 22:30:09 -------- d-----w- c:\program files\winsim
    2010-12-11 21:41:46 -------- d-----w- C:\extensions

    ==================== Find3M ====================

    2010-11-13 02:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
    2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 16:34:03.57 ===============
     
  8. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Uninstall Zynga Toolbar - a Conduit "Community Toolbar" ,which modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ========================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. charleneroyston

    charleneroyston TS Rookie Topic Starter

    Hi Broni,
    Ok, so I uninstalled the Zynga Toolbar and it directed me to reboot, which i did.
    I ran MBR and ComoboFix and the logs are below. Keeping my fingers crossed.
    Thanks again

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv9500 Notebook PC
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 177):
    0x81C05000 \SystemRoot\system32\ntkrnlpa.exe
    0x81FBE000 \SystemRoot\system32\hal.dll
    0x80409000 \SystemRoot\system32\kdcom.dll
    0x80410000 \SystemRoot\system32\PSHED.dll
    0x80421000 \SystemRoot\system32\BOOTVID.dll
    0x80429000 \SystemRoot\system32\CLFS.SYS
    0x8046A000 \SystemRoot\system32\CI.dll
    0x8054A000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805C6000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8060C000 \SystemRoot\system32\drivers\acpi.sys
    0x80652000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x8065B000 \SystemRoot\system32\drivers\msisadrv.sys
    0x80663000 \SystemRoot\system32\drivers\pci.sys
    0x8068A000 \SystemRoot\System32\drivers\partmgr.sys
    0x80699000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8069C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x806A6000 \SystemRoot\system32\drivers\volmgr.sys
    0x806B5000 \SystemRoot\System32\drivers\volmgrx.sys
    0x806FF000 \SystemRoot\system32\drivers\pciide.sys
    0x80706000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80714000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80724000 \SystemRoot\system32\drivers\atapi.sys
    0x8072C000 \SystemRoot\system32\drivers\ataport.SYS
    0x8074A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8077C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8078C000 \SystemRoot\system32\drivers\N360\0308000.029\SYMEFA.SYS
    0x807DB000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82208000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82279000 \SystemRoot\system32\drivers\ndis.sys
    0x82384000 \SystemRoot\system32\drivers\msrpc.sys
    0x823AF000 \SystemRoot\system32\drivers\NETIO.SYS
    0x87600000 \SystemRoot\System32\drivers\tcpip.sys
    0x876EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8780F000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8791F000 \SystemRoot\system32\drivers\volsnap.sys
    0x87958000 \SystemRoot\System32\Drivers\spldr.sys
    0x87960000 \SystemRoot\System32\Drivers\mup.sys
    0x8796F000 \SystemRoot\System32\drivers\ecache.sys
    0x87996000 \SystemRoot\system32\drivers\disk.sys
    0x879A7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x879C8000 \SystemRoot\system32\drivers\crcdisk.sys
    0x879F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x87800000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x87705000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x87809000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x879FC000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
    0x87715000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x87725000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8772C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x87735000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x87738000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x87742000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x87780000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8778F000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x877A7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x8BA08000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8BA95000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8BAA5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8BAB3000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8BACD000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8BADC000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8BAF0000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8BC0B000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8BD0C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8C004000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8C746000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8C7E7000 \SystemRoot\System32\drivers\watchdog.sys
    0x8BD92000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8C7F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8BDA5000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8C7FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8BDD0000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8BB41000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8BB70000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8BDDB000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8BDE6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8BC00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8BBB1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8BBD4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8BBE3000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x877AD000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x877C2000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8C000000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x877D2000 \SystemRoot\system32\DRIVERS\ks.sys
    0x823EA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x807E4000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8BBF7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8D203000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8D238000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8D249000 \SystemRoot\system32\drivers\CHDART.sys
    0x8D275000 \SystemRoot\system32\drivers\portcls.sys
    0x8D2A2000 \SystemRoot\system32\drivers\drmk.sys
    0x8D2C7000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8D601000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8D704000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8D7B8000 \SystemRoot\system32\drivers\modem.sys
    0x8D7C5000 \SystemRoot\System32\Drivers\x10uif.sys
    0x8D7C8000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8D7D1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8D7E8000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8D7F0000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x8D304000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x8D30E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x8D323000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x8D344000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8D34D000 \SystemRoot\System32\Drivers\Null.SYS
    0x8D354000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8D35B000 \SystemRoot\System32\drivers\vga.sys
    0x8D367000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8D388000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8D390000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8D398000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8D3A3000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8D3B1000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8D3BA000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8DA03000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
    0x8DA37000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8DA5C000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
    0x8DA6A000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
    0x8DA7F000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8DA93000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8DAC5000 \SystemRoot\system32\drivers\afd.sys
    0x8DB0D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8DB23000 \SystemRoot\system32\DRIVERS\SymIMv.sys
    0x8DB2C000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8DB3A000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
    0x8DB3C000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8DB4F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x8DB55000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
    0x8DB5F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8DB9B000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8DBA5000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110107.002\IDSvix86.sys
    0x8E208000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x8E266000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x8E283000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8E29A000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
    0x8E315000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
    0x8E357000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x8E361000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8E36E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8E379000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x97640000 \SystemRoot\System32\win32k.sys
    0x8E381000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8E38B000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x97860000 \SystemRoot\System32\TSDDD.dll
    0x97880000 \SystemRoot\System32\cdd.dll
    0x97890000 \SystemRoot\System32\ATMFD.DLL
    0x8E39A000 \SystemRoot\system32\drivers\luafv.sys
    0x9C20E000 \SystemRoot\system32\drivers\spsys.sys
    0x9C2BE000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9C2CE000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9C2F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9C302000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9C315000 \SystemRoot\system32\drivers\HTTP.sys
    0x9C382000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9C39F000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9C3B8000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9C3CD000 \SystemRoot\system32\drivers\mrxdav.sys
    0x8E3BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9E401000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9E43A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9E452000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9E47A000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9E4E0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9E4E4000 \SystemRoot\system32\drivers\peauth.sys
    0x9E5C2000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9E5CC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9E5D8000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x9E5ED000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x9E4C8000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x8E3DC000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xAA407000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
    0xAA45C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110110.004\NAVEX15.SYS
    0xAA5A7000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110110.004\NAVENG.SYS
    0xAA5BB000 \??\C:\Users\Char\AppData\Local\Temp\catchme.sys
    0xAA5C3000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
    0x774A0000 \WINDOWS\System32\ntdll.dll

    Processes (total 72):
    0 System Idle Process
    4 System
    432 C:\WINDOWS\System32\smss.exe
    508 csrss.exe
    560 C:\WINDOWS\System32\wininit.exe
    568 csrss.exe
    604 C:\WINDOWS\System32\services.exe
    616 C:\WINDOWS\System32\lsass.exe
    628 C:\WINDOWS\System32\lsm.exe
    704 C:\WINDOWS\System32\winlogon.exe
    800 C:\WINDOWS\System32\svchost.exe
    852 C:\WINDOWS\System32\nvvsvc.exe
    880 C:\WINDOWS\System32\svchost.exe
    944 C:\WINDOWS\System32\svchost.exe
    1016 C:\WINDOWS\System32\svchost.exe
    1076 C:\WINDOWS\System32\svchost.exe
    1148 C:\WINDOWS\System32\audiodg.exe
    1172 C:\WINDOWS\System32\svchost.exe
    1192 C:\WINDOWS\System32\SLsvc.exe
    1268 C:\WINDOWS\System32\svchost.exe
    1472 C:\WINDOWS\System32\svchost.exe
    1760 C:\WINDOWS\System32\spoolsv.exe
    1768 C:\WINDOWS\System32\taskeng.exe
    1792 C:\WINDOWS\System32\svchost.exe
    1880 C:\WINDOWS\System32\taskeng.exe
    320 C:\WINDOWS\System32\dwm.exe
    1616 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    788 C:\Program Files\HP\QuickPlay\QPService.exe
    1608 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    2020 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    1932 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    672 C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    2204 C:\Program Files\SnapStream Media\Firefly\Firefly.exe
    2212 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    2232 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2280 C:\Program Files\iTunes\iTunesHelper.exe
    2292 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2300 C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
    2316 C:\Program Files\Windows Sidebar\sidebar.exe
    2336 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    2464 C:\Program Files\Skype\Phone\Skype.exe
    2504 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2648 C:\Program Files\Windows Sidebar\sidebar.exe
    2708 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2792 C:\Program Files\Bonjour\mDNSResponder.exe
    2812 C:\WINDOWS\System32\svchost.exe
    2844 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    3096 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    3120 C:\WINDOWS\System32\lxctcoms.exe
    3192 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    3308 C:\WINDOWS\System32\svchost.exe
    3848 dllhost.exe
    3924 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    2428 C:\WINDOWS\System32\svchost.exe
    452 C:\WINDOWS\System32\svchost.exe
    3004 C:\WINDOWS\System32\SearchIndexer.exe
    3516 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    3920 WUDFHost.exe
    5080 C:\PROGRA~1\COMMON~1\SNAPST~1\Common\X10nets.exe
    5128 C:\WINDOWS\System32\mobsync.exe
    5200 WmiPrvSE.exe
    5476 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5928 C:\Program Files\iPod\bin\iPodService.exe
    6000 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    6016 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    4428 C:\WINDOWS\System32\wbem\WmiApSrv.exe
    5224 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    5400 C:\WINDOWS\System32\conime.exe
    1944 C:\WINDOWS\System32\SearchProtocolHost.exe
    4328 C:\WINDOWS\System32\SearchFilterHost.exe
    5600 C:\WINDOWS\explorer.exe
    2672 C:\Users\Char\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001a`1accfe00 (NTFS)

    PhysicalDrive0 Model Number: ST9120822AS, Rev: 3.BHE
    PhysicalDrive1 Model Number: WDCWD800BEVS-60RST0, Rev: 04.01G04

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
    74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    ComboFix 11-01-10.04 - Char 10/01/2011 17:48:27.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1063 [GMT -8:00]
    Running from: c:\users\Char\Desktop\ComboFix.exe
    AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
    .

    2011-01-11 02:00 . 2011-01-11 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-08 03:05 . 2007-03-22 17:36 43584 ------w- c:\windows\system32\drivers\avipbb.sys
    2011-01-08 03:05 . 2011-01-08 03:05 -------- d-----w- c:\program files\Avira GmbH
    2011-01-08 03:04 . 2003-02-28 00:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2011-01-08 03:04 . 2002-12-05 22:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2011-01-08 03:04 . 2002-12-02 23:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2011-01-08 03:04 . 2002-12-02 21:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2011-01-08 03:04 . 2002-12-02 21:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2011-01-08 03:04 . 2011-01-08 03:04 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2011-01-08 03:04 . 2011-01-08 03:04 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2011-01-07 07:20 . 2011-01-07 07:20 -------- d-----w- c:\program files\Conduit
    2011-01-07 04:39 . 2011-01-07 06:48 -------- d-----w- c:\program files\Gamers Unite! Snag Bar
    2011-01-07 04:14 . 2011-01-07 04:14 -------- d-----w- c:\users\Char\AppData\Local\ElevatedDiagnostics
    2011-01-07 04:06 . 2011-01-07 04:10 -------- d-----w- c:\program files\Microsoft ATS
    2011-01-06 11:23 . 2011-01-06 11:23 -------- d-----w- c:\users\Char\AppData\Local\Symantec
    2011-01-06 01:46 . 2011-01-06 01:46 -------- d-----w- c:\users\Char\AppData\Roaming\CleanMyPC Software
    2011-01-05 01:32 . 2011-01-05 01:32 49152 --sha-r- c:\windows\system32\sbeioi.dll
    2011-01-04 23:04 . 2011-01-04 23:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2011-01-04 23:04 . 2011-01-05 00:53 -------- d-----w- c:\programdata\Rosetta Stone
    2011-01-04 23:04 . 2011-01-04 23:04 -------- d-----w- c:\program files\Rosetta Stone
    2011-01-04 20:07 . 2011-01-04 20:07 -------- d-----w- c:\windows\Crystal
    2011-01-04 20:07 . 2011-01-04 20:07 -------- d-----w- c:\program files\Seagate Software
    2011-01-04 20:07 . 2011-01-04 20:07 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
    2011-01-04 20:04 . 2011-01-04 20:07 -------- d-----w- c:\program files\Simply Accounting Enterprise 2010
    2011-01-04 10:05 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2AE2FC8-6BB3-47C1-B0B5-9B38FCA48491}\mpengine.dll
    2010-12-17 02:08 . 2010-12-17 02:08 -------- d-----w- c:\users\Char\AppData\Roaming\Malwarebytes
    2010-12-17 02:08 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-17 02:08 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-17 02:08 . 2010-12-17 02:08 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-17 02:08 . 2011-01-04 06:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-15 00:11 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-15 00:11 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2010-12-13 23:02 . 2010-12-13 23:02 -------- d-----w- c:\users\Char\AppData\Local\Sage Software
    2010-12-13 22:35 . 2011-01-07 07:33 -------- d-----w- c:\users\Char\AppData\Local\Simply Accounting
    2010-12-13 22:30 . 2011-01-04 20:10 -------- d-----w- c:\program files\winsim
    2010-12-12 18:26 . 2010-12-12 18:38 -------- d-----w- c:\programdata\WinZip

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-11 00:55 . 2010-03-09 03:43 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2010-11-13 02:53 . 2010-04-16 06:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 18:41 . 2010-01-16 06:38 222080 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}"= "c:\program files\Gamers Unite! Snag Bar\Helper.dll" [2011-01-07 356864]

    [HKEY_CLASSES_ROOT\clsid\{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{E2A57EE8-6A26-499F-95F8-A96E5C3BE17E}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
    2011-01-07 06:48 1536000 ----a-w- c:\program files\Gamers Unite! Snag Bar\Toolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2011-01-07 1536000]

    [HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
    [HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
    [HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2011-01-07 1536000]

    [HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
    [HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
    [HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
    "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
    "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
    "EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
    "LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
    "CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\registration.exe" [2003-11-25 729088]
    "Firefly"="c:\program files\SnapStream Media\Firefly\Firefly.exe" [2006-06-06 180224]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
    "ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
    R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\Winsim\ConnectionManager\SimplyConnectionManager.exe [2009-08-23 29992]
    R3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\Winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [2009-08-23 42280]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-01-15 310320]
    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-01-15 259632]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-01-15 482432]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110107.002\IDSvix86.sys [2010-11-09 353912]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-01-15 117640]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-01-15 48688]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:10]

    2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:10]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-10 18:00
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-01-10 18:03:12
    ComboFix-quarantined-files.txt 2011-01-11 02:03
    ComboFix2.txt 2011-01-11 01:31

    Pre-Run: 47,252,733,952 bytes free
    Post-Run: 47,228,243,968 bytes free

    - - End Of File - - 93B4F3BB23979822018DA53204787C34
     
  10. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    I don't like MBR report.
    Let's double check....

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  11. charleneroyston

    charleneroyston TS Rookie Topic Starter

    Hi Broni,
    Here is the bootkit file. The computer is already running better.

    Thanks
    Charlene

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    We'll need to fix your MBR.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.

    **Important note to Dell users - fixing the MBR may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.
     
  13. charleneroyston

    charleneroyston TS Rookie Topic Starter

    Hi Broni,
    Here's the MBR log. Looks better to me, but what do i know?

    Thanks

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv9500 Notebook PC
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 174):
    0x81C43000 \SystemRoot\system32\ntkrnlpa.exe
    0x81C10000 \SystemRoot\system32\hal.dll
    0x80400000 \SystemRoot\system32\kdcom.dll
    0x80407000 \SystemRoot\system32\PSHED.dll
    0x80418000 \SystemRoot\system32\BOOTVID.dll
    0x80420000 \SystemRoot\system32\CLFS.SYS
    0x80461000 \SystemRoot\system32\CI.dll
    0x80541000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805BD000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8060E000 \SystemRoot\system32\drivers\acpi.sys
    0x80654000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x8065D000 \SystemRoot\system32\drivers\msisadrv.sys
    0x80665000 \SystemRoot\system32\drivers\pci.sys
    0x8068C000 \SystemRoot\System32\drivers\partmgr.sys
    0x8069B000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8069E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x806A8000 \SystemRoot\system32\drivers\volmgr.sys
    0x806B7000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80701000 \SystemRoot\system32\drivers\pciide.sys
    0x80708000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80716000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80726000 \SystemRoot\system32\drivers\atapi.sys
    0x8072E000 \SystemRoot\system32\drivers\ataport.SYS
    0x8074C000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8077E000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8078E000 \SystemRoot\system32\drivers\N360\0308000.029\SYMEFA.SYS
    0x807DD000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x8220C000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8227D000 \SystemRoot\system32\drivers\ndis.sys
    0x82388000 \SystemRoot\system32\drivers\msrpc.sys
    0x823B3000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8760C000 \SystemRoot\System32\drivers\tcpip.sys
    0x876F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x87802000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x87912000 \SystemRoot\system32\drivers\volsnap.sys
    0x8794B000 \SystemRoot\System32\Drivers\spldr.sys
    0x87953000 \SystemRoot\System32\Drivers\mup.sys
    0x87962000 \SystemRoot\System32\drivers\ecache.sys
    0x87989000 \SystemRoot\system32\drivers\disk.sys
    0x8799A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x879BB000 \SystemRoot\system32\drivers\crcdisk.sys
    0x879E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x879EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x87711000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x879F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x879FC000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
    0x87721000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x87731000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x87738000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x87741000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x87744000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8774E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8778C000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8779B000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x877B3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x8BC0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8BC99000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8BCA9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8BCB7000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8BCD1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8BCE0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8BCF4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8C004000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8C105000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8C20C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8C94E000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8C9EF000 \SystemRoot\System32\drivers\watchdog.sys
    0x8C18B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8C200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8C19E000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8C9FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8C1C9000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8BD45000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8BD74000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8C1D4000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8C1DF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8BDB5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8BDC0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8BDE3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x877B9000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x877CD000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x877E2000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8C9FD000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x805CA000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8C1F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8BDF2000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8BC00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8D008000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8D03D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8D04E000 \SystemRoot\system32\drivers\CHDART.sys
    0x8D07A000 \SystemRoot\system32\drivers\portcls.sys
    0x8D0A7000 \SystemRoot\system32\drivers\drmk.sys
    0x8D0CC000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8D209000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8D30C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8D3C0000 \SystemRoot\system32\drivers\modem.sys
    0x8D3CD000 \SystemRoot\System32\Drivers\x10uif.sys
    0x8D3D0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8D109000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x8D12A000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
    0x8D3E7000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x8D3F4000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x8D17D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x8D200000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8D803000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110111.020\NAVEX15.SYS
    0x8D94E000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8D973000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110111.020\NAVENG.SYS
    0x8D987000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8D98F000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
    0x8D999000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8D9A2000 \SystemRoot\System32\Drivers\Null.SYS
    0x8D9A9000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8D9B0000 \SystemRoot\System32\drivers\vga.sys
    0x8D9BC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8D9DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8D9E5000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8D9ED000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8D192000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8D1A0000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8D1A9000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8D1BF000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
    0x877F2000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
    0x807E6000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
    0x94A03000 \SystemRoot\system32\DRIVERS\smb.sys
    0x94A17000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x94A49000 \SystemRoot\system32\drivers\afd.sys
    0x94A91000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x94AA7000 \SystemRoot\system32\DRIVERS\SymIMv.sys
    0x94AB0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x94ABE000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
    0x94AC0000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x94AD3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x94AD9000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x94B15000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x94B1F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110111.001\IDSvix86.sys
    0x94B7A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x94BD8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x9600C000 \SystemRoot\System32\Drivers\dfsc.sys
    0x96023000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
    0x9609E000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
    0x960E0000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x960EA000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x960F7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x96102000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x9DEE0000 \SystemRoot\System32\win32k.sys
    0x9610A000 \SystemRoot\System32\drivers\Dxapi.sys
    0x96114000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9E100000 \SystemRoot\System32\TSDDD.dll
    0x9E120000 \SystemRoot\System32\cdd.dll
    0x96123000 \SystemRoot\system32\drivers\luafv.sys
    0x96146000 \SystemRoot\system32\drivers\spsys.sys
    0x879C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xA4A0F000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0xA4A39000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA4A43000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA4A56000 \SystemRoot\system32\drivers\HTTP.sys
    0xA4AC3000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA4AE0000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA4AF9000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA4B0E000 \SystemRoot\system32\drivers\mrxdav.sys
    0xA4B2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA4B4E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA4B87000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA4B9F000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA6802000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9E130000 \SystemRoot\System32\ATMFD.DLL
    0xA6868000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA686C000 \SystemRoot\system32\drivers\peauth.sys
    0xA694A000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA6954000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA6960000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0xA6975000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0xA6987000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x77B00000 \WINDOWS\System32\ntdll.dll

    Processes (total 69):
    0 System Idle Process
    4 System
    444 C:\WINDOWS\System32\smss.exe
    516 csrss.exe
    568 csrss.exe
    576 C:\WINDOWS\System32\wininit.exe
    616 C:\WINDOWS\System32\winlogon.exe
    652 C:\WINDOWS\System32\services.exe
    664 C:\WINDOWS\System32\lsass.exe
    676 C:\WINDOWS\System32\lsm.exe
    820 C:\WINDOWS\System32\svchost.exe
    864 C:\WINDOWS\System32\nvvsvc.exe
    888 C:\WINDOWS\System32\svchost.exe
    992 C:\WINDOWS\System32\svchost.exe
    1020 C:\WINDOWS\System32\svchost.exe
    1056 C:\WINDOWS\System32\svchost.exe
    1148 C:\WINDOWS\System32\audiodg.exe
    1172 C:\WINDOWS\System32\svchost.exe
    1192 C:\WINDOWS\System32\SLsvc.exe
    1224 C:\WINDOWS\System32\svchost.exe
    1316 C:\WINDOWS\System32\rundll32.exe
    1436 C:\WINDOWS\System32\svchost.exe
    1684 C:\WINDOWS\System32\spoolsv.exe
    1716 C:\WINDOWS\System32\svchost.exe
    1916 C:\WINDOWS\System32\taskeng.exe
    1924 C:\WINDOWS\System32\dwm.exe
    1972 C:\WINDOWS\System32\taskeng.exe
    1984 C:\WINDOWS\explorer.exe
    336 C:\Program Files\Google\Update\GoogleUpdate.exe
    1400 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1432 C:\Program Files\HP\QuickPlay\QPService.exe
    1724 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    1908 C:\WINDOWS\System32\rundll32.exe
    308 C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    1844 C:\Program Files\Lexmark 5400 Series\ezprint.exe
    968 C:\Program Files\SnapStream Media\Firefly\Firefly.exe
    1864 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    876 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2072 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    2148 C:\Program Files\iTunes\iTunesHelper.exe
    2200 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2228 C:\WINDOWS\System32\spool\drivers\w32x86\3\lxcttime.exe
    2248 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2256 C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
    2336 C:\Program Files\Windows Sidebar\sidebar.exe
    2396 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    2484 C:\Program Files\Bonjour\mDNSResponder.exe
    2500 C:\Program Files\Skype\Phone\Skype.exe
    2520 C:\WINDOWS\System32\svchost.exe
    2528 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2536 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2568 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    2636 C:\Program Files\Windows Sidebar\sidebar.exe
    2836 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2960 C:\WINDOWS\System32\lxctcoms.exe
    3008 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    3056 C:\WINDOWS\System32\svchost.exe
    3416 dllhost.exe
    3964 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    492 C:\WINDOWS\System32\svchost.exe
    976 C:\WINDOWS\System32\svchost.exe
    1324 C:\WINDOWS\System32\SearchIndexer.exe
    2676 C:\WINDOWS\System32\drivers\XAudio.exe
    2192 WUDFHost.exe
    2376 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    1872 C:\WINDOWS\System32\SearchProtocolHost.exe
    1072 C:\WINDOWS\System32\SearchFilterHost.exe
    3996 C:\Users\Char\Desktop\MBRCheck.exe
    728 C:\WINDOWS\System32\conime.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001a`1accfe00 (NTFS)

    PhysicalDrive0 Model Number: ST9120822AS, Rev: 3.BHE
    PhysicalDrive1 Model Number: WDCWD800BEVS-60RST0, Rev: 04.01G04

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  14. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. charleneroyston

    charleneroyston TS Rookie Topic Starter

    Hi Broni,
    Here is the Extras.txt file.
    Thanks

    OTL Extras logfile created on: 12/01/2011 3:00:21 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Char\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
    Paging file location(s): c:\pagefile.sys 600 100000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 104.42 Gb Total Space | 44.49 Gb Free Space | 42.61% Space Free | Partition Type: NTFS
    Drive D: | 74.53 Gb Total Space | 60.11 Gb Free Space | 80.65% Space Free | Partition Type: NTFS
    Drive E: | 7.37 Gb Total Space | 0.70 Gb Free Space | 9.52% Space Free | Partition Type: NTFS

    Computer Name: CHAR-PC | User Name: Char | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- Reg Error: Value error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{37636A4B-42BC-4904-ABAE-9252A8285CBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{BCE29E77-AE9B-4033-91BF-7A83602D95E8}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{008D6223-D9EB-4A27-994A-46A188B8A671}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{00D81AC7-48AD-4717-86C8-EBDED78DD5CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{0176623D-1105-46A1-9B5D-50D958AA145C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{02B53BE0-4C23-4990-8B97-0034207777A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{042C84ED-B6F3-4062-9A5A-A400076B6B94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{048FF465-F7D4-476E-A810-C27C5DE737D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{04919A90-046D-477A-BE66-790D2EF73239}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{084394EF-FE2C-47B7-B969-AAF45AA6171B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{08A35C62-59BA-4676-BA22-8385FB54D353}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{0B07429D-EA96-4926-92CD-C55BE466E29A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{0E99A272-9B6E-47C7-8E1B-8D620F42293F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{0EB6BEB8-0ADF-4961-ADC9-18E982C6B262}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{0F34623B-FEF7-4EEF-A97E-396E86724291}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{102FD916-8DBA-4371-8F73-62C7BD3AA99B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{131E46B8-054A-478B-9FBD-E5DB1A279BC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{162A47BE-5B7F-4D2A-9033-F853D3BA6A57}" = protocol=17 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
    "{1678946A-92BA-4354-A206-E920D92C4B1D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1741A591-BB5A-4281-8AA5-5F01251B44C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{17F54C34-4BCB-43C4-BD15-588892E6DC3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{18021892-190F-4DE8-A6D8-A4B82F6EA56E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1C0A8B7A-80B3-4783-A3BB-85B306CB8751}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1CE17529-A187-486A-8912-4CF6BB61F8EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1E2780CD-5F33-499E-AB5D-D389F35A894A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1E88EE74-11D6-4FB7-B6CF-5CCD5D8F0394}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1F33A704-DD39-4FA3-8857-8624AF214592}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1F621F58-36B1-4BF2-96E0-5BD75BDBA524}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1FB2F1CC-3914-4325-B117-9F2F513B3608}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1FF24F73-2992-4607-8301-904B19C5F09A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{20699EAC-9227-434E-8A46-83F0D3E2F164}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{20D0D804-3ED1-48D2-836A-AEDFE7A50DFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{24062E01-CC59-46F6-8884-761BF76D9A3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{25B65718-EEBF-4CB7-A1D4-4EC015566B36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{2697DB27-FCDB-4AFE-916C-B720502E4A6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{275A2075-2781-4FD9-9EFC-412549A2470B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{27A50E90-3071-47E1-8E40-C50773C3CDCE}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
    "{282E84AD-82FE-4F13-8F08-E7F0A61D97F2}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
    "{2B6BD31C-6109-4CC1-9E4D-9021FFC3AD41}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
    "{2CE5957C-E146-4E43-B005-D942CB04DFFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{2FF3BAEB-B2EA-47DE-8198-8DA3A091FF7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{305F5277-A27C-4BEC-B8C7-FF2DC2D76EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{30711A66-ABBE-48E7-B699-609C5BB27C97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{324FCE5A-E03E-4AD8-AE90-E2F1AC2D64DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3339ED1E-1A20-491C-9CE5-1CC6EACF1A03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{343C1EBE-AE1F-4C92-BC06-6241C14F26BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3665E115-741A-4D2A-8053-05A0C0BCF8D0}" = protocol=17 | dir=in | app=c:\program files\gamers unite! snag bar\troubleshooter.exe |
    "{3800D361-60E2-4BA7-B1F7-F3BB26D414B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{38B24C58-2323-485B-A806-275A2C5A2DEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3902F2C6-0DCF-4ED3-A83A-8B6BF633A6C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3926EB57-0B7F-4DDE-9E21-3D0C769D66B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3997E419-AC49-4028-8576-4F7A6BE3B9CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3B33EF68-9F8F-4F5C-A6AB-7884A78549AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3CB11994-CE54-4DF1-A152-0D74F8D29D50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3EB9AAFF-EE9F-481C-8469-DFB903F7DE67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3EF44183-4A63-48DE-B7FF-06C3F9BAA808}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3F5622B1-40F8-4A7E-9865-705A7A7D2205}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3F908619-B57B-4F51-9A61-D43CB9095089}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3FD13C75-D29F-43FB-B2F3-47D2D97708C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{416221A8-4A6B-4932-BB64-5672CC7EAC81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{41FE0575-F0E3-4ACC-A3CB-943DBB8AD00E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{42361472-D44C-4D95-85D6-53C2963CBAEA}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
    "{425B9284-0772-4C19-AAC0-05B58177888B}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
    "{429FA0AB-5803-43D6-9A8F-4A4D0463152D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{432F078F-C5A0-4DA0-B3D4-92440C307302}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{435EBBFB-34B1-4D70-9422-BEA92BFAB944}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{43998EC1-761F-437D-995E-A707AF32E026}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{44851F47-8035-4B27-A2F1-EC62938959AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{46525B80-4275-4330-BFBA-D0B7134B7BA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4677DB6F-72C0-46C6-89DA-00F1AA84B825}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{46F3422F-72E7-4A3D-B94F-5B254933FE4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4AA3E840-63EC-445E-97F4-1D7FB403BABA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4AD11681-92A2-41A1-8160-55DDC2E4C822}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4AD14B14-C2FF-4C4E-8461-E2468FEAE9DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4AD51B0F-CA69-40E9-BC8E-BFC329D75AF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4D1FD388-3AC6-4404-AE41-8E53C28422B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4D83AEFC-17DC-49D3-B562-0C1BD8242B19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4DBC0465-207C-42D6-9872-A0D76D9F94D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4F668D70-96E5-4276-8A8D-78757E378184}" = protocol=6 | dir=in | app=c:\program files\gamers unite! snag bar\toolbarupdate.exe |
    "{4FCFDB6B-E744-414E-A6BF-F59A87BD8617}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{55953B8D-6B30-4460-81F9-411642605F72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{56407330-E098-4F80-8D89-389ACD3D7729}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{56D24142-F7A2-4C05-AA36-B1B72FFD1548}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5701708A-AF24-4A6C-A734-4371A4298624}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{576E4F16-7C2B-49D1-9191-C7E2D162B5A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5785622F-4958-487D-8140-01D32A04C20F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5EC95A57-1E0A-4A64-9EAE-ABDE35D27845}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5F183E14-482E-4AF8-AF92-F4E1F547080C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5F24D488-9849-414D-ADF3-9CDCB423E5FF}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
    "{6305492F-50A1-4A64-8BC0-540991C94018}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{637B4543-128F-4D75-8717-CDFC74E47903}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{63D66EE2-07AD-4EF9-862F-F60F34E12300}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6627A9DB-67D2-4869-8751-5C9F0472A7CF}" = protocol=17 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
    "{663CEBF1-27EE-4E3B-A6A1-5FFC52DC1F9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{679DAAC6-E3BF-48A2-9873-8FEA326EF2F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{67BA5EA6-D3F0-43A8-BDFF-314F85459289}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6882E7F8-B804-40E9-9183-C6A351E65C4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{68EBA4DA-FA87-4FBF-8D84-986828C51E5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{691460BB-747C-4918-AB34-58FAD7A7B57B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6AD81DE3-4AD3-4436-AA14-1592D272F848}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6B5183A0-4148-4235-85E3-9AEDAD8D662C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6C51F2C2-8D97-46E3-B836-8D04ADFEFBA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6CB6EF04-E5D9-435D-AB6C-2EBBB0D12936}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6DE76C5C-A07B-4E05-B057-10FD326A8D9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6E5280B2-2B89-416C-9D5F-42BA3E449370}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6F4BDB2C-B60B-4169-A7EF-855F99E0459A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6F9C949B-999E-4AAE-851C-54E8AE1651D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{706C11AE-8D0F-4F89-9C23-DC968A8587DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{70E590E3-9637-48F6-B8BB-0E60E151F378}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{71C3B0D5-C4A7-4493-B201-0F5A8926FB0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{71F5BDE9-2FB2-4745-8478-7D6A5214EAA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{73B35EA8-88F0-47B2-9E36-79626136F287}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7468A98B-C566-4B9E-96EA-D11F3ED33308}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{75DEB671-0183-436E-9837-7103962E779C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7600CB2D-9897-42BA-90E7-0A4E4D01114F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{769FECE0-B506-4F6D-A6DD-179475FD2A66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{77745625-51D4-489B-89DD-4DC96C20849A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7824E68A-E9F6-4DFF-B27D-D4C239A6550E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{786D2292-3C50-48B1-A9EC-3C5E0AED5B98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7931B318-D6FE-4573-9292-14BEFF3E14B3}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
    "{793535B3-9B52-4CE7-8080-DA51F8AA3A34}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7A097AC4-E89A-4C27-9FAF-02DFC4626C4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7BBDA623-F5A3-4508-AD97-49A78F59DA14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7C2C246A-2EB3-4A8A-937D-78D0DCAF77B4}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{7D13B515-7908-4992-8477-9459B2EF8B86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7DA08373-8093-4B8D-9BB4-10628ADFBA8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7DB1C91D-CA5A-4166-9465-740F2D55341D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7EF8F3B3-E8DC-4414-99CA-1DD7C7309B0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7FADE229-1627-465C-9381-1ABAFC8FAC3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{80360E7A-F66B-42E7-8051-668CACD97ADD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{80A3B9A7-BDAC-4361-9747-8987B44C8AF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{814BFD02-879F-4A54-AD5C-CADAF1F5F2AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{82038C29-385F-43D7-AFB1-C2C9DB83F8DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8263BC8D-4E18-4EC1-938A-DB35F13484F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{82AAE1E4-7AA3-4359-89CE-C82B5D3E1605}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{83D292BD-4D42-4AE3-B635-B504671B5773}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8590EADB-E298-4CB3-BF6F-DA8567F55F47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{85E7B6FA-03A1-471D-9319-4F4A7805AF17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8642FEDD-831C-4521-A9A5-8D5F18C4F37D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{87541379-9543-4106-B388-3AAF1671015D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{87E3346F-AD9B-4D84-9AAD-16F12EA4C08B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{87F94A51-625F-48C3-8B31-F6B2F4424E43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{884F9E89-E396-42BE-8E8D-9C0A0AF8CC16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{889FCD21-97FD-43D9-99DE-8B10679E59DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{892B9AD4-EECA-41F2-8804-7F4B99FEDF97}" = protocol=6 | dir=in | app=c:\program files\gamers unite! snag bar\troubleshooter.exe |
    "{8AFCA5ED-72E4-4433-9DC0-E15D9FB04DEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8B3C8150-F6E5-4526-B5AD-A7E178EDA2D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8BD8135C-47D3-4E3C-993E-3AACFF9EC6D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8BDADDFA-8D3E-4DA3-A3AC-0AC27AEC77E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8C0AD62C-A1BD-4529-A47F-B9628639E18F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8C336878-DA6F-45C6-AEF5-C9163906D22B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8C925690-CCFA-4605-A09A-32747608D392}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8CE761E0-9575-4DEC-8EF7-C4A825D8FD01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8E6FD7A7-B6CB-47DF-B0A8-87F9E9065D9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{909C98BF-0110-4293-9DC5-1EF3D36ADD89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{91EBEAA4-603F-4659-9794-BE547E9A473D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{92F23280-4549-4BB7-9C57-98E3DD0F5D1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{953A3848-2C60-4F1D-B48C-AD36E142BF23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{953AE4B6-DDFE-4163-8397-66E8524E29AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{95FDF127-A261-4FD7-B49B-1CD032B3D483}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{98C98F09-9863-4B69-A1D6-9D9618A10FB2}" = protocol=6 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
    "{99DA04BB-3D85-497A-95FF-C1D00DF6D035}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
    "{9A6D6AD8-9BD3-4660-86A2-DB900BC58544}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9B6D099D-B88B-4AB8-91D1-9B50236A5A06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9B6F58C6-E025-4633-99C0-74192E02BD52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9BEDB7D4-9C3E-4722-9075-91023930FEBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9C2FEE99-1ECF-4B98-A920-EEB53F673BAA}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{9DE5A9E8-1EE1-42EA-8DC8-DD78D550CB16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9E6CF817-74F5-47B9-B49B-2C07D6A7E16B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9EC7395A-4EAC-463F-B4D2-08F19D98E619}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9ED07FB5-2A81-4773-AB4F-032E9DB04ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A1C8651F-2116-456E-BA0C-C90A80A540A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A2703418-53BC-480D-873D-A43FF5E34250}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A39E858B-A96D-4742-A05E-EFFF3E34B158}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{A5579EE9-DCA7-423B-9C2C-115DF6CEF1D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A63F82EE-8346-4EEA-A5C1-C7219A22D2DF}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
    "{A64B9783-EC3D-4053-BD3C-F300FC0925A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A657CAA0-6AF0-4943-915C-0317A17B520B}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{A7FBC710-4721-4771-9648-688C2734E86D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A88C8476-3DEA-4660-8430-2349B259ED72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A8CAB36D-8E5A-4913-A8C6-F3061D0B9A14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AB75E8A3-BDD3-4A83-A7C6-700C0CC1CD60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AB8F4EC5-7ECA-404B-BC19-37CB6CF1CE65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AB9833B1-AF8B-41BE-9942-A4E5C5898C20}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{ADABB7BE-B0EC-4898-BA1C-78EABC802E68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AF44BD26-C68B-4772-964D-966653A99419}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AFDBCA0E-558D-479E-AB75-E8D40B01639F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{AFE39E09-2AB0-4828-855A-82AD18D777DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B10D5D6E-928F-45DD-B1AF-67F909045CED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B11AC731-7567-4EF1-B0D0-CA9D303BDB4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B2D00770-A3F5-4614-897C-84D006A4EB64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B5389AE9-490F-491A-8FF7-08067581BF9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B59753B5-B0DF-46D4-ADFF-8F1B5B22208A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B6CF02A9-0CFF-4D13-BBF0-A70B6FC16F59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B8579982-0A4C-44E8-ABA4-A4C830CF9CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BA077B67-E6A0-4806-A888-F63BDF70CFFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BA78EC7D-3C34-401D-BE8C-EC168ACA7759}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BBBFAAB0-760A-4BD5-98C7-F7EB3EE980B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BCF0F81E-DB20-4B9E-90E8-C2E40859E9F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BD62D99A-DE7F-4C02-82E9-2B796B3DC0FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BDFE2D5D-2B89-4A33-BBD8-4A82559FF88F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C352E9F2-CB37-4112-8B7C-03BFF9E5F6BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C4563382-4429-4F68-9CD6-125F24B204F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C69A6FAC-6980-41A8-8AC0-DEB8A8514732}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C80BCA25-B258-49EA-AA52-311C94B22D4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C8C8318E-5382-451F-A22D-4963A196CFD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CA1B4C9A-312C-48FE-9064-97C6E212F51F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CB42D62D-AAF4-4B77-A5E6-D10CE0198E74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CB5FE069-4124-4EB4-856C-B4FC4568C946}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CBF71C44-9ABF-472E-B709-2050CAF47A19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CD46991B-3C62-4B62-879C-171C2FB4A058}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CE116C4F-BA07-432C-B2FC-4F9F8DB612B5}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{CE78A205-6A81-4EB3-91A8-9039B930794A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CE7E718C-5878-4F6B-8DF4-25BA813EA809}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CEE04172-533E-4D70-8D8F-D3C1168F45CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CF19D828-5F2E-4FF7-B678-5777837D1D60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CF6A3562-A5FA-4B6D-B205-7FCE8F8D1B54}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{CFFD723B-2627-4CED-BDD7-2FF230129D2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D14B81C6-C525-4EC4-9FAC-99FE072BF559}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D17AD6D3-0EFD-4619-BA10-5CA5E14F2BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D332C6EB-249C-45B8-BB41-C118BCC07E9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D3C163AB-B075-424A-AF10-B0E19894F08F}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
    "{D9B1CF71-BBB0-4ED7-B215-62A2D4F615BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D9B31EE4-FE2B-4599-AEFE-0F08EF8D9A46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D9C993E0-69B3-44EA-8854-5FB661CBDD27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DAFB11B9-61D5-49E4-B6CF-6872073A7F37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DC33C659-91CF-48B8-9D2F-C894637627FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DC98E1CB-15F7-498A-9E1A-C5AAC671C3AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DD2529CF-2BD7-4D91-94C4-2DCBEF6B317A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DD7E3FA4-2476-400A-9295-EE53ACF0D6C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DE43C9ED-5E41-45D6-97D4-E1AB90174D91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DE867999-686E-497D-A2ED-CC49E8CD3D86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DF31DC84-E567-480C-8A8B-06F5C28FCFD3}" = protocol=17 | dir=in | app=c:\program files\gamers unite! snag bar\toolbarupdate.exe |
    "{E2217CEA-2A0C-4A66-8171-3B4C9ABEE6C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E2B1491C-579F-4AA8-AA27-7434CF61FAFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E30280A1-0CD8-4195-9F82-B6F199449C6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E558927C-A351-4B97-9CF4-114ADF75F459}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E5850D22-19ED-4922-924E-F5CBDEB26A3B}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
    "{E647CE9F-DBAE-4DDB-A535-0C58DCF9AC0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E717EBA0-72F6-408F-BCC1-BA6690CA89F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E93AA77E-1A70-4882-A290-E528FB021D59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{EB8A6EAB-8020-4CB6-9D72-DC8F60EC99FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{EC73292E-A939-4CA4-909A-44B295AE56C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{ED0106B0-BBC0-467A-ABED-0ADE94E7AF14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{ED52EB99-6C61-4D95-92DD-FEE59DF7D07B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{ED534F2F-71F4-4B4A-AEA7-AB350F49A06E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{EE21F210-8771-43A3-87BC-05E6C8BC92C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{EE93C0C3-0A3E-413D-BFAF-27CDCD370691}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{EF41341B-ACED-477C-B25A-802F0466F5EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F0A9110B-8EEB-43AF-A557-91F989A6D157}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F2262CCB-F1AE-4571-A590-024E224D3795}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F2A5B8FE-48F2-42F7-BBA2-EA6C316B7C2D}" = protocol=6 | dir=in | app=c:\program files\poivy.com\poivy\poivy.exe |
    "{F2BCC3C4-9559-492A-826D-DA3BEA3E8FB2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F44AA201-DD8A-496F-8196-3AEB58C65D54}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{F5C35289-ACDB-4B11-A127-DB16F654B328}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F5F781C7-F250-428B-85FD-330BFD41B841}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F630A9C2-2562-4C70-AB7B-E9238699D141}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F8AEED78-F061-40DD-9A52-787BB7AD859D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F8EAD6BF-836B-49B4-A0C2-062C5427E556}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
    "{F9AFBE7A-7D88-4D49-AFFB-FAE82E4C4564}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FAE1D51C-27F8-4D5F-8968-BB9090D894A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FC6FEC51-E196-4700-9B43-909372F1931B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FD32AF56-F183-405C-9A1B-2389D822D6D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FD706EFC-CF72-4B62-8E9E-E5A52C16505C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FED955BC-7797-4A98-B9CA-9CA838B1CC8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FEF3255F-F2CC-4E95-A32D-3B1DFA167813}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FF4F3DE4-69BA-46EE-BC79-4FB26CA933DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FF6EF8A3-BFBA-4678-8F14-90D0A5779814}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{FF9C5237-643E-4EFC-8A75-D6D9E5274170}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "TCP Query User{17BEE93F-F4D0-4798-856B-A6777AE7B309}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "TCP Query User{2FBC9FB9-311D-4C9B-82E7-8989804A2FBA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{57776F94-ECFC-4D26-AE81-6CC04E48FA95}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
    "TCP Query User{92DE8CCF-FBE3-44A4-A1F7-03E46B99A35E}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "TCP Query User{B71F99D1-D5E1-4C37-820A-96AE64268E09}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{437995C6-AA76-4BBC-9F3D-D5D34A3EA10B}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
    "UDP Query User{5135C0F3-3AA6-47B6-ADA1-98356349F2AD}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{D6A1D5B0-B1EC-4933-84FD-C7982D23E96E}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{E64BFA76-72BB-4AD1-8351-8696020E4580}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{F21D7305-D327-4898-816C-F4D02BB5074F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
    "{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}" = Avira RootKit Detection
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
    "{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
    "{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
    "{5BB74B26-8320-4846-951F-84CFFAD671C6}" = Simply Accounting by Sage 2010
    "{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}" = Everio MediaBrowser
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C7B7BD2-AFBB-4D90-9B47-42D5FE5A9220}_is1" = FutureTax 2009 for NETFILE
    "{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
    "{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
    "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
    "{F85D2E97-015D-4B26-8C20-20F9C7A7BAD0}" = Simple Adblock
    "{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
    "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "BitTorrent" = BitTorrent
    "CNXT_HDAUDIO" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DivX Setup.divx.com" = DivX Setup
    "Firefly" = Snapstream Firefly 1.2.1.916
    "Gamers Unite! Snag Bar" = Gamers Unite! Snag Bar
    "HP Photosmart Essential" = HP Photosmart Essential 2.0
    "InstallShield_{5BB74B26-8320-4846-951F-84CFFAD671C6}" = Simply Accounting by Sage 2010
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
    "Lexmark 5400 Series" = Lexmark 5400 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "N360" = Norton 360
    "NVIDIA Drivers" = NVIDIA Drivers
    "PoivY_is1" = PoivY
    "SmartAudio" = SmartAudio
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TaskPrompt_is1" = TaskPrompt
    "WildTangent hp Master Uninstall" = HP Games
    "WildTangent hplaptop Master Uninstall" = My HP Games
    "WildTangent wildgames Master Uninstall" = WildTangent Games
    "WinRAR archiver" = WinRAR archiver
    "WT087683" = Trine
    "WTA-7194312d-a7eb-432c-81c7-491614758c85" = Dream Day Wedding - Bella Italia
    "WTA-95de3ee0-2169-4ed7-93de-f841b121de89" = Escape Whisper Valley(TM)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    I still need OTL.txt log.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.