Trojan.Gen.2 virus removal

[bigguns193]

Hi i just recently purchased norton antivirus 2012 and its showing the virus trojan.gen.2 so after trying all of the tools they provide nothing is getting rid of this virus and when i scanned with malwarebytes its not showing it at all so what else can i do to get rid of this virus? Any and all help would be greatly appreciated thank you very much.

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!)

Post back the report.

MrC

[bigguns193]

here is the attach.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/31/2010 1:58:15 AM

System Uptime: 6/25/2012 3:48:41 PM (8 hours ago)

.

Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB

Processor: Intel® Core2 CPU T5300 @ 1.73GHz | U2E1 | 1067/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 110 GiB total, 40.035 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP908: 6/22/2012 12:00:09 AM - Scheduled Checkpoint

RP909: 6/22/2012 3:00:16 AM - Windows Update

RP910: 6/23/2012 12:00:09 AM - Scheduled Checkpoint

RP911: 6/23/2012 3:00:16 AM - Windows Update

RP913: 6/23/2012 10:37:25 PM - Windows Live Essentials

RP914: 6/24/2012 3:00:21 AM - Windows Update

RP915: 6/24/2012 7:02:21 PM - Scheduled Checkpoint

RP916: 6/25/2012 3:00:26 AM - Windows Update

RP917: 6/25/2012 1:38:40 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

RP919: 6/25/2012 2:43:09 PM - StopZILLA! Restore Point.

RP920: 6/25/2012 3:24:17 PM - Norton_Power_Eraser_20120625152415305

RP921: 6/25/2012 3:26:29 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

RP922: 6/25/2012 3:55:48 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

RP923: 6/25/2012 4:44:19 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

ABBYY FineReader 6.0 Sprint

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.0

Adobe Shockwave Player

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

Ask Toolbar

Bejeweled 2 Deluxe

Bing Bar

Bing Rewards Client Installer

Blackhawk Striker 2

Blasterball 3

Bluetooth Stack for Windows by Toshiba

Bonjour

Camera Assistant Software for Toshiba

CCScore

CD/DVD Drive Acoustic Silencer

Chuzzle Deluxe

Coupon Printer for Windows

D3DX10

Desktop Dialer

Driver Mender

DVD MovieFactory for TOSHIBA

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

FATE

FaxRedist

ffdshow [rev 2527] [2008-12-19]

FrostWire 4.21.8

FrostWire 5.3.3

Google Chrome

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

Graboid Video 3.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Internet Offers

iTunes

Java SE Runtime Environment 6

JEOPARDY

Junk Mail filter update

Kodak EasyShare software

Lexmark 4200 Series

LG Android Drivers

LG USB Modem driver

Logitech Vid HD

LuckyWire 1.0.0.0

Malwarebytes' Anti-Malware

Marvell Miniport Driver

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Money Essentials

Microsoft Money Shared Libraries

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft XML Parser

MobileMe Control Panel

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB973688)

netbrdg

Norton AntiVirus

Norton Bootable Recovery Tool Wizard

OfotoXMI

OGA Notifier 2.0.0048.0

Penguins!

Polar Bowler

Polar Golfer

Protector Suite QL 5.6

QuickTime

RadioBar Toolbar

Realtek High Definition Audio Driver

RegTweaker version 3.2.2

Safari

SCRABBLE

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Segoe UI

SFR

SHASTA

skin0001

SKINXSDK

staticcr

Synaptics Pointing Device Driver

System Requirements Lab for Intel

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TomTom HOME 2.7.6.2056

TomTom HOME Visual Studio Merge Modules

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Game Console

TOSHIBA Hardware Setup

TOSHIBA Media Center Game Console

Toshiba Registration

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Verizon V CAST Media Manager

Visual C++ 8.0 CRT (x86) WinSXS MSM

VLC media player 1.0.1

VPRINTOL

VZAccess Manager

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

WinDVD for TOSHIBA

WIRELESS

WModem Driver Installer

Xvid 1.2.1 final uninstall

Yahoo! Messenger

Yahoo! Music Jukebox

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

6/25/2012 7:33:55 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SMR300\0000 disappeared from the system without first being prepared for removal.

6/25/2012 4:47:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the service.

6/25/2012 4:47:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.

6/25/2012 3:58:22 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

6/25/2012 3:50:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv

6/25/2012 3:50:41 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/25/2012 3:50:41 PM, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.

6/25/2012 3:33:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Windows Vista (KB2709162).

6/25/2012 3:33:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Update for Windows Vista (KB2677070).

6/25/2012 3:33:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Windows Vista (KB2685939).

6/25/2012 3:33:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2686833).

6/25/2012 3:33:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2656374).

6/25/2012 3:33:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2699988).

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2709162_client~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2709162_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0 () into Absent(Absent) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2686833_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2686833_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2685939_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2685939_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2656374_client~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2656374_client_2~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2709162~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0 () into Absent(Absent) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2685939~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state

6/25/2012 3:25:43 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state

6/25/2012 3:25:31 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0 () into Absent(Absent) state

6/25/2012 3:25:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state

6/25/2012 3:25:07 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2685939~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

6/25/2012 3:24:51 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2709162~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state

6/25/2012 3:19:43 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The file cannot be opened transactionally, because its identity depends on the outcome of an unresolved transaction.

6/25/2012 3:06:20 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.

6/25/2012 3:03:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

6/25/2012 2:52:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

6/25/2012 2:49:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NAV eeCtrl IDSVix86 is3srv spldr SRTSPX SymIRON SYMTDIv Wanarpv6

6/25/2012 2:49:11 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/25/2012 2:49:11 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/25/2012 2:49:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

6/25/2012 2:48:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/25/2012 2:48:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/25/2012 2:48:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

6/25/2012 2:48:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/25/2012 2:48:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/25/2012 2:48:04 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

6/25/2012 2:48:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

6/25/2012 2:47:54 PM, Error: EventLog [6008] - The previous system shutdown at 2:46:23 PM on 6/25/2012 was unexpected.

6/25/2012 2:45:32 PM, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.

6/25/2012 2:34:25 PM, Error: EventLog [6008] - The previous system shutdown at 2:32:27 PM on 6/25/2012 was unexpected.

6/25/2012 2:05:51 AM, Error: EventLog [6008] - The previous system shutdown at 9:07:52 PM on 6/24/2012 was unexpected.

6/25/2012 11:15:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NAV eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv szkg5 szkgfs Wanarpv6

6/25/2012 11:14:28 AM, Error: EventLog [6008] - The previous system shutdown at 11:11:48 AM on 6/25/2012 was unexpected.

6/25/2012 1:36:37 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/25/2012 1:36:28 PM, Error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).

6/25/2012 1:36:28 PM, Error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).

6/25/2012 1:36:27 PM, Error: Service Control Manager [7034] - The lxbm_device service terminated unexpectedly. It has done this 1 time(s).

6/25/2012 1:34:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg5 szkgfs

6/25/2012 1:33:43 PM, Error: EventLog [6008] - The previous system shutdown at 1:31:04 PM on 6/25/2012 was unexpected.

6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux~31bf3856ad364e35~x86~en-US~7.6.7600.256 () into Staged(Staged) state

6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux~31bf3856ad364e35~x86~~7.6.7600.256 () into Staged(Staged) state

6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256 () into Staged(Staged) state

6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256 () into Staged(Staged) state

6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~en-US~7.6.7600.256 () into Staged(Staged) state

6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256 () into Staged(Staged) state

6/23/2012 10:39:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

6/23/2012 10:39:43 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/23/2012 10:39:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/18/2012 9:02:38 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

6/18/2012 9:02:23 AM, Error: EventLog [6008] - The previous system shutdown at 8:58:45 AM on 6/18/2012 was unexpected.

6/18/2012 10:06:11 AM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

.

==== End Of File ===========================

and here is dds

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Chris at 23:15:29 on 2012-06-25

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.225 [GMT -4:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Protector Suite QL\upeksvr.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\lxbmcoms.exe

C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe

C:\Toshiba\IVP\ISM\pinger.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Lexmark 4200 Series\LXBMmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = about:blank

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No File

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.7.1.5\ips\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\programdata\wrdata\pkg\LPBar.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - c:\programdata\wrdata\pkg\LPBar.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

TB: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No File

TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [uTorrent] "c:\users\chris\desktop\wallpapers\uTorrent.exe"

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [HLBackupScheduler] "c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe"

uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"

uRun: [spybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [RtHDVCpl] "RtHDVCpl.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"

mRun: [lxbmmon.exe] "c:\program files\lexmark 4200 series\lxbmmon.exe"

mRun: [Lexmark 4200 Series Fax Server] "c:\program files\lexmark 4200 series\fm3032.exe" /s

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\programdata\wrdata\pkg\LPBar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BD2E4F3D-4BBA-4F70-B0A5-480269A763ED} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{FA920D65-0A50-47BD-A597-5344759D964F} : DhcpNameServer = 192.168.1.1

Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} -

Notify: igfxcui - igfxdev.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll

LSA: Notification Packages = scecli psqlpwd

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1307010.005\symds.sys [2012-6-24 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1307010.005\symefa.sys [2012-6-24 905336]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-19 821920]

R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1307010.005\ccsetx86.sys [2012-6-24 132744]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\ipsdefs\20120623.002\IDSvix86.sys [2012-6-25 382624]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1307010.005\ironx86.sys [2012-6-24 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1307010.005\symtdiv.sys [2012-6-24 345208]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-23 106656]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-17 4247552]

RUnknown szkg5;szkg5; [x]

RUnknown szkgfs;szkgfs; [x]

S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2007-4-23 1347584]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

S3 SVRPEDRV;SVRPEDRV;d:\bin\PEDRV.SYS [2006-12-11 8704]

SUnknown is3srv;is3srv; [x]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-06-25 19:55:09 -------- d-----w- c:\users\chris\appdata\local\{736DC6CD-3AB6-471B-A612-4EF07C4A5042}

2012-06-25 19:05:00 -------- d-----w- c:\users\chris\appdata\local\{BC75FE65-AEDE-46E0-A9DF-D49CF291ACEA}

2012-06-25 19:04:30 -------- d-----w- c:\users\chris\appdata\local\{EF75D9BD-1912-4757-902E-E0B499327231}

2012-06-25 18:40:22 -------- d-----w- c:\users\chris\appdata\local\{75BC24EF-0A51-4E31-B1EA-ED88DBE96BC5}

2012-06-25 18:39:41 -------- d-----w- c:\users\chris\appdata\local\{324072B5-8439-4A79-979A-27D6D40B894E}

2012-06-25 17:43:16 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys

2012-06-25 17:37:02 -------- d-----w- c:\users\chris\appdata\local\{20F6F2EA-9EAA-4365-AB30-0154509A11A7}

2012-06-25 17:36:36 -------- d-----w- c:\users\chris\appdata\local\{6CE580CF-A494-4067-9A45-C6D62448E2F2}

2012-06-25 12:41:19 -------- d-----w- c:\users\chris\appdata\local\{5081642E-56E9-4F5B-B883-73F5E253ED2D}

2012-06-25 12:40:30 -------- d-----w- c:\users\chris\appdata\local\{F607885F-A324-4D29-8E70-ED01DC54FAFF}

2012-06-25 06:08:21 -------- d-----w- c:\users\chris\appdata\local\{1929EF9D-92B3-49E3-B433-1C067B24CEF2}

2012-06-25 06:07:59 -------- d-----w- c:\users\chris\appdata\local\{DEED0B03-011A-4DAB-A281-B2B5493B75C6}

2012-06-25 05:17:52 -------- d-----w- C:\NBRT

2012-06-25 00:55:17 -------- d-----w- c:\users\chris\appdata\local\{FD5B8FF7-790F-4542-A771-98033BA0E247}

2012-06-25 00:54:55 -------- d-----w- c:\users\chris\appdata\local\{ABFF4058-E8FC-45D8-83D6-FF0D2C5274D1}

2012-06-25 00:02:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-06-25 00:00:15 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0405000.022

2012-06-25 00:00:15 -------- d-----w- c:\windows\system32\drivers\NBRTWizard

2012-06-25 00:00:04 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard

2012-06-24 21:54:49 -------- d-----w- c:\users\chris\appdata\local\{37DFED87-31AC-4CF5-AD86-C69F6F36F710}

2012-06-24 21:54:25 -------- d-----w- c:\users\chris\appdata\local\{D19B635A-DB83-4F37-8776-DBCD40C727E0}

2012-06-24 21:45:31 -------- d-----w- c:\users\chris\appdata\local\NPE

2012-06-24 15:35:37 -------- d-----w- c:\users\chris\appdata\local\{799DA83F-EDBF-4B01-9849-CECBC29868C5}

2012-06-24 15:34:03 -------- d-----w- c:\users\chris\appdata\local\{78E559B1-9E74-40FE-8C26-DA5D63E6AD47}

2012-06-24 15:33:32 -------- d-----w- c:\users\chris\appdata\local\{C12D4145-8298-41EC-8AEE-75DCF5B87BE9}

2012-06-24 05:02:38 345208 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symtdiv.sys

2012-06-24 05:02:38 318584 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symnets.sys

2012-06-24 05:02:37 905336 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symefa.sys

2012-06-24 05:02:37 340088 ----a-r- c:\windows\system32\drivers\nav\1307010.005\symds.sys

2012-06-24 05:02:37 32888 ----a-w- c:\windows\system32\drivers\nav\1307010.005\srtspx.sys

2012-06-24 05:02:36 574072 ----a-w- c:\windows\system32\drivers\nav\1307010.005\srtsp.sys

2012-06-24 05:02:36 149624 ----a-w- c:\windows\system32\drivers\nav\1307010.005\ironx86.sys

2012-06-24 05:02:36 132744 ----a-w- c:\windows\system32\drivers\nav\1307010.005\ccsetx86.sys

2012-06-24 05:01:33 -------- d-----w- c:\windows\system32\drivers\nav\1307010.005

2012-06-24 02:53:02 19736 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll

2012-06-24 02:50:41 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-06-24 02:50:39 -------- d-----w- c:\program files\Symantec

2012-06-24 02:50:39 -------- d-----w- c:\program files\common files\Symantec Shared

2012-06-24 02:45:17 -------- d-----w- c:\windows\system32\drivers\NAV

2012-06-24 02:44:59 -------- d-----w- c:\program files\Norton AntiVirus

2012-06-24 02:40:27 -------- d-----w- C:\8c4ca1840b0adb2948de88d897

2012-06-24 02:37:36 -------- d-----w- c:\program files\NortonInstaller

2012-06-24 02:36:29 15712 ----a-w- c:\program files\common files\windows live\.cache\281673281cd51b202\MeshBetaRemover.exe

2012-06-24 02:34:49 -------- d-----w- c:\users\chris\appdata\local\{86994268-5031-4005-92B8-5B53C2243C81}

2012-06-24 02:34:37 -------- d-----w- c:\users\chris\appdata\local\{88AB8C42-7571-40B6-A09D-CBC8E16386A9}

2012-06-23 13:29:05 -------- d-----w- c:\users\chris\appdata\local\{07760BA6-AFF7-4A91-86BE-5A27336FFA60}

2012-06-23 13:28:43 -------- d-----w- c:\users\chris\appdata\local\{5E9F4217-A246-4438-AE4A-78D6FA805A87}

2012-06-22 17:53:20 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{caa53a37-f609-44d7-892c-9b0265851f01}\mpengine.dll

2012-06-22 13:41:32 -------- d-----w- c:\users\chris\appdata\local\{81FD36CE-A93C-4577-99DE-4E9C9AFAAB6D}

2012-06-22 13:41:09 -------- d-----w- c:\users\chris\appdata\local\{3D309185-1832-435A-A39C-48DA851554F9}

2012-06-21 16:52:49 -------- d-----w- c:\users\chris\appdata\local\{9E7AD089-0A15-48A2-9175-F5BB244E12C0}

2012-06-21 16:52:27 -------- d-----w- c:\users\chris\appdata\local\{4858FDAE-B031-4CEC-AA45-74D088F6D8DE}

2012-06-20 19:19:30 -------- d-----w- c:\users\chris\appdata\local\{1FCC03F8-52B5-4B37-BECE-A3D5328251FF}

2012-06-20 19:19:05 -------- d-----w- c:\users\chris\appdata\local\{E59CC56C-7714-4380-8BB0-E18FD5626E4F}

2012-06-19 13:44:05 -------- d-----w- c:\users\chris\appdata\local\{CA6BD617-D00B-4D4A-9DDB-8091ECA81C01}

2012-06-19 13:43:30 -------- d-----w- c:\users\chris\appdata\local\{2913FFAD-F463-4767-8D1B-6FE11250E690}

2012-06-17 14:51:56 -------- d-----w- c:\users\chris\appdata\local\{0426EA5F-A2B4-48A9-B9F9-45DDE8E338C0}

2012-06-16 19:47:55 -------- d-----w- c:\users\chris\appdata\local\{8F25C88E-C37A-49DF-B461-A2235696E2D9}

2012-06-15 13:17:27 -------- d-----w- c:\users\chris\appdata\local\{2A34B73F-3929-4462-BF4A-69DB45EA5631}

2012-06-14 14:34:00 -------- d-----w- c:\users\chris\appdata\local\{F8FD97A8-2776-4048-8AF1-CFF589AB7F6C}

2012-06-14 14:33:41 -------- d-----w- c:\users\chris\appdata\local\{46A531E4-05AA-465F-B344-9DA52706CB45}

2012-06-14 13:39:52 -------- d-----w- c:\users\chris\appdata\local\{88F81013-A7F8-4176-AD71-9AAF802B962E}

2012-06-14 13:39:29 -------- d-----w- c:\users\chris\appdata\local\{00ADB113-8FDD-44B6-A3C6-0D18B9E746F5}

2012-06-08 20:27:23 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-08 20:26:48 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-08 20:26:21 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-08 20:26:21 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 18:37:01 -------- d-----w- c:\users\chris\appdata\local\{9BEF466B-5F0F-4CEB-AB9A-9EBD0DCDAD63}

2012-06-02 18:36:38 -------- d-----w- c:\users\chris\appdata\local\{9A447711-4B28-46C7-AD98-EB721F85B411}

2012-05-29 22:34:30 -------- d-----w- c:\users\chris\appdata\local\{9804722D-872A-4A84-85DD-99CC7ABA2164}

2012-05-29 22:33:59 -------- d-----w- c:\users\chris\appdata\local\{10566D96-64CE-43A2-BEEE-781DB553E5CC}

.

==================== Find3M ====================

.

2012-05-05 08:02:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 08:02:31 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

============= FINISH: 23:19:00.44 ===============

and this is from Roguekiller

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Chris [Admin rights]

Mode: Scan -- Date: 06/25/2012 23:27:33

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : uTorrent ("C:\Users\Chris\Desktop\Wallpapers\uTorrent.exe") -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2864384524-2689584164-734915261-1000[...]\Run : uTorrent ("C:\Users\Chris\Desktop\Wallpapers\uTorrent.exe") -> FOUND

[sUSP PATH] Uninstall Webroot RunOnce.lnk @Mcx1 : C:\Users\Mcx1\AppData\Roaming\wruninstall.exe -> FOUND

[sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\Chris\Desktop\dds.scr) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x82AA75C3 -> HOOKED (Unknown @ 0x96C1D5B8)

SSDT[14] : NtAlertThread @ 0x82A20255 -> HOOKED (Unknown @ 0x96C1D678)

SSDT[18] : NtAllocateVirtualMemory @ 0x82A5C4FB -> HOOKED (Unknown @ 0x949190E8)

SSDT[21] : NtAlpcConnectPort @ 0x829FE887 -> HOOKED (Unknown @ 0x9487E4D0)

SSDT[42] : NtAssignProcessToJobObject @ 0x829D1B43 -> HOOKED (Unknown @ 0x9492D008)

SSDT[67] : NtCreateMutant @ 0x82A34812 -> HOOKED (Unknown @ 0x96C19B20)

SSDT[77] : NtCreateSymbolicLinkObject @ 0x829D435A -> HOOKED (Unknown @ 0x965FEC20)

SSDT[78] : NtCreateThread @ 0x82AA5BE0 -> HOOKED (Unknown @ 0x94922090)

SSDT[116] : NtDebugActiveProcess @ 0x82A78D22 -> HOOKED (Unknown @ 0x949294E8)

SSDT[129] : NtDuplicateObject @ 0x82A0C551 -> HOOKED (Unknown @ 0x969C50D0)

SSDT[147] : NtFreeVirtualMemory @ 0x82898F1D -> HOOKED (Unknown @ 0x9644CCF0)

SSDT[156] : NtImpersonateAnonymousToken @ 0x829CEF12 -> HOOKED (Unknown @ 0x94913CF0)

SSDT[158] : NtImpersonateThread @ 0x829E454F -> HOOKED (Unknown @ 0x94930B48)

SSDT[165] : NtLoadDriver @ 0x8297FDEE -> HOOKED (Unknown @ 0x9487E788)

SSDT[177] : NtMapViewOfSection @ 0x82A2489A -> HOOKED (Unknown @ 0x949F2588)

SSDT[184] : NtOpenEvent @ 0x82A0DDCF -> HOOKED (Unknown @ 0x949000C0)

SSDT[194] : NtOpenProcess @ 0x82A34FAE -> HOOKED (Unknown @ 0x9491FAD0)

SSDT[195] : NtOpenProcessToken @ 0x82A15A2E -> HOOKED (Unknown @ 0x9491E288)

SSDT[197] : NtOpenSection @ 0x82A2566D -> HOOKED (Unknown @ 0x94927890)

SSDT[201] : NtOpenThread @ 0x82A304FF -> HOOKED (Unknown @ 0x969C51A0)

SSDT[210] : NtProtectVirtualMemory @ 0x82A2E2E2 -> HOOKED (Unknown @ 0x94903B68)

SSDT[282] : NtResumeThread @ 0x82A2FB4A -> HOOKED (Unknown @ 0x94930638)

SSDT[289] : NtSetContextThread @ 0x82AA706F -> HOOKED (Unknown @ 0x9651EB58)

SSDT[305] : NtSetInformationProcess @ 0x82A288C8 -> HOOKED (Unknown @ 0x9651EC18)

SSDT[317] : NtSetSystemInformation @ 0x829FAEEB -> HOOKED (Unknown @ 0x949F2290)

SSDT[330] : NtSuspendProcess @ 0x82AA74FF -> HOOKED (Unknown @ 0x94914A18)

SSDT[331] : NtSuspendThread @ 0x829AE92B -> HOOKED (Unknown @ 0x949F90F8)

SSDT[334] : NtTerminateProcess @ 0x82A05143 -> HOOKED (Unknown @ 0x94922170)

SSDT[335] : NtTerminateThread @ 0x82A30534 -> HOOKED (Unknown @ 0x967F9D48)

SSDT[348] : NtUnmapViewOfSection @ 0x82A24B5D -> HOOKED (Unknown @ 0x9490C8D8)

SSDT[358] : NtWriteVirtualMemory @ 0x82A2192D -> HOOKED (Unknown @ 0x9644CDC0)

SSDT[382] : NtCreateThreadEx @ 0x82A2FFE9 -> HOOKED (Unknown @ 0x967FA3A0)

S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x96C67928)

S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x96D89070)

S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x96C7A600)

S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x986AC0F8)

S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x96CA1858)

S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x96C73E30)

S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x96CA1510)

S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x96CA7DC0)

S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x96CD0B40)

S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x96CC1250)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++

--- User ---

[MBR] a635ea7d8a69e8c995d58a70ece15e75

[bSP] e9d40177ccf5189658c3cb696f865b6d : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112972 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

---------------------------------

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[bigguns193]

ok here is the report from kaspersky

TDSSKiller.2.7.42.0_26.06.2012_07.36.55_log.txt

[MrCharlie]

OK, that scan was clean, please do this........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[bigguns193]

ok here's combofix

ComboFix 12-06-26.01 - Chris 06/26/2012 11:12:46.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.353 [GMT -4:00]

Running from: c:\users\Chris\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\Object

c:\program files\Object\config.ini

c:\program files\Object\facetheme_uninstall.exe

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\SpaceQuery

c:\programdata\SpaceQuery

c:\users\Chris\2009_DTV_S4_firmware.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))

.

.

2012-06-26 15:23 . 2012-06-26 15:23 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-06-26 15:23 . 2012-06-26 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-26 14:46 . 2012-06-26 14:46 -------- d-----w- c:\program files\Norton Safe Web Lite

2012-06-26 14:46 . 2012-06-26 14:46 -------- d-----w- c:\windows\system32\drivers\NST

2012-06-25 17:43 . 2012-01-12 13:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys

2012-06-25 05:17 . 2012-06-25 05:17 -------- d-----w- C:\NBRT

2012-06-25 00:02 . 2009-06-12 11:18 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-06-24 21:45 . 2012-06-25 19:27 -------- d-----w- c:\users\Chris\AppData\Local\NPE

2012-06-24 02:53 . 2012-06-24 02:53 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-24 02:40 . 2012-06-24 02:40 -------- d-----w- C:\8c4ca1840b0adb2948de88d897

2012-06-24 02:37 . 2012-06-26 14:48 -------- d-----w- c:\program files\NortonInstaller

2012-06-24 02:36 . 2012-06-24 02:36 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\281673281cd51b202\MeshBetaRemover.exe

2012-06-22 17:53 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAA53A37-F609-44D7-892C-9B0265851F01}\mpengine.dll

2012-06-08 20:27 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-08 20:27 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-08 20:27 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-08 20:27 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-08 20:26 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-08 20:26 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-08 20:26 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-08 20:26 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-08 20:26 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-24 02:28 . 2012-01-15 09:38 7021336 ----a-w- c:\users\Mcx1\AppData\Roaming\wruninstall.exe

2012-05-05 08:02 . 2012-03-31 17:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 08:02 . 2012-03-31 17:01 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-03 08:16 . 2012-05-12 06:25 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-12 06:25 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 13:36 . 2012-05-12 06:25 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 12:39 . 2012-05-11 17:20 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-09-09 03:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]

2010-12-12 14:56 242176 ----a-w- c:\program files\RegTweaker\key.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-30 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]

"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-12-08 5247624]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"lxbmmon.exe"="c:\program files\Lexmark 4200 Series\lxbmmon.exe" [2007-01-30 230320]

"Lexmark 4200 Series Fax Server"="c:\program files\Lexmark 4200 Series\fm3032.exe" [2007-01-30 160688]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-12-04 00:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]

2007-01-17 21:46 534648 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2007-02-13 17:30 405504 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2007-02-28 20:10 220160 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-01-31 23:40 151552 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]

2006-12-08 00:49 55416 ----a-w- c:\program files\Toshiba\TBS\HSON.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-01-31 23:40 131072 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-01-07 21:07 1394000 ------w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]

NDSTray.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-01-31 23:40 126976 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-02-07 01:50 4374528 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2007-01-19 06:24 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-01-30 18:03 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-02-02 21:36 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]

2006-12-20 07:16 411768 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:02]

.

2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:07]

.

2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:07]

.

2010-11-18 c:\windows\Tasks\User_Feed_Synchronization-{68D25D97-0AED-49A8-AED6-E5352684C986}.job

- c:\windows\system32\msfeedssync.exe [2011-07-25 17:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} -

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)

WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)

HKCU-Run-uTorrent - c:\users\Chris\Desktop\Wallpapers\uTorrent.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-Defender Pro Antiphishing Helper - c:\program files\Defender Pro\Defender Pro\IEShow.exe

MSConfigStartUp-DPAgent - c:\program files\Defender Pro\Defender Pro\bdagent.exe

MSConfigStartUp-iolo Startup - c:\program files\iolo\Common\Lib\ioloLManager.exe

MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe

MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-26 11:23

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NSL]

"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=hex:51,66,7a,6c,4c,1d,38,12,50,d3,52,

34,79,b3,8e,01,c8,54,6e,db,8d,6e,1b,8c

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{5B291E6C-9A74-4034-971B-A4B007A0B315}"=hex:51,66,7a,6c,4c,1d,38,12,02,1d,3a,

5f,46,d4,5a,05,e8,0d,e7,f0,02,fe,f7,01

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{97AB88EF-346B-4179-A0B1-7445896547A5}"=hex:51,66,7a,6c,4c,1d,38,12,81,8b,b8,

93,59,7a,17,04,df,a7,37,05,8c,3b,03,b1

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{02F0243C-2E71-4A1A-A790-6C30888119D0}"=hex:51,66,7a,6c,4c,1d,38,12,52,27,e3,

06,43,60,74,0f,d8,86,2f,70,8d,df,5d,c4

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{201F27D4-3704-41D6-89C1-AA35E39143ED}"=hex:51,66,7a,6c,4c,1d,38,12,ba,24,0c,

24,36,79,b8,04,f6,d7,e9,75,e6,cf,07,f9

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AEB04B5E-C981-47A9-B847-33EE4C92F6B9}"=hex:51,66,7a,6c,4c,1d,38,12,30,48,a3,

aa,b3,87,c7,02,c7,51,70,ae,49,cc,b2,ad

"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,

ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49

"{C8D5D964-2BE8-4C5B-8CF5-6E975AA88504}"=hex:51,66,7a,6c,4c,1d,38,12,0a,da,c6,

cc,da,65,35,09,f3,e3,2d,d7,5f,f6,c1,10

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d,

dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02

"{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}"=hex:51,66,7a,6c,4c,1d,38,12,d8,ab,4f,

ee,ae,d5,fa,0c,d8,b7,d7,3b,69,3d,5f,f3

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,

36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d

"{B0DE3308-5D5A-470D-81B9-634FC078393B}"=hex:51,66,7a,6c,4c,1d,38,12,66,30,cd,

b4,68,13,63,02,fe,af,20,0f,c5,26,7d,2f

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a9,0b,dc,7f,59,4b,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,3f,28,28,ab,f8,97,49,ac,d1,7d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,3f,28,28,ab,f8,97,49,ac,d1,7d,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(604)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\program files\Protector Suite QL\infra.dll

.

Completion time: 2012-06-26 11:29:05

ComboFix-quarantined-files.txt 2012-06-26 15:29

ComboFix2.txt 2010-05-13 03:52

.

Pre-Run: 49,687,576,576 bytes free

Post-Run: 49,989,111,808 bytes free

.

- - End Of File - - 26418E08A29E33EC8A0EAA69DEA43CF6

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[bigguns193]

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.26.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Chris :: CHRIS-PC [administrator]

6/26/2012 1:29:41 PM

mbam-log-2012-06-26 (13-42-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230164

Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\{6F098504-CDB1-420f-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> No action taken.

HKCU\Software\IEBarProperties (Adware.Mirar) -> No action taken.

HKCU\Software\AppDataLow\Software\MarketPrecision (Adware.Adparatus) -> No action taken.

HKLM\SOFTWARE\SpaceQuery (Adware.SpaceQuery) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

seems like its working better should i try scanning again with norton?

[bigguns193]

oh and the log was taken before i removed checked malware

[MrCharlie]

seems like its working better should i try scanning again with norton?

Yes go ahead with the scan, let me know how it is, MrC

[bigguns193]

the scan went fine its not showing any sign of the trojan at all i just have one last question if you know of a good free program that will help speed up my computer a little bit? thank you for all of your help.

[MrCharlie]

There's no program that will speed up your computer, here's 3 links to help with slow computers:

http://forums.malwar...showtopic=81990

http://users.telenet...owcomputer.html

http://www.malwarere...nningslowly.php

--------------------------------------

A little clean up to do.........

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!