jpc763
2012-12-29, 18:21
Hello,
You helped me get rid of my Babylon Toolbar problem on my laptop, now both the family computers seem to have something wrong.
Symptoms are that IE will crash when following a link from a page. I use Spybot and it found Babylon Toolbar and tried to remove it. After several attempts, it removed it but the problems still persist.
First question. I have 2 computers with similar but not exactly the same problem.
1) Post both in the same thread?
2) Post each in their own thread at the same time?
3) Post and fix one then post and fix the other?
Thanks. Now for the logs.
DDS Log
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by CrowleyFam at 20:43:35 on 2012-12-28
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.628 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\lxblcoms.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\4.4.0.12\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CouponAmazing: {A2ACB108-446D-4D93-B2F9-998A9534C288} - c:\users\crowleyfam\appdata\local\couponamazing\ie\couponamazing_1355522574.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [GoogleChromeAutoLaunch_B10448EFEB3BD1E026D9BB5AF2D0576B] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService] <no file>
StartupFolder: c:\users\crowle~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BAECE5CD-C4AA-429C-AFD8-EFD154BFC537} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20121228.001\IDSvix86.sys [2012-12-28 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0404000.00c\symtdiv.sys [2011-10-31 340088]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-3-14 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-16 106656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca7af2c6045740;Google Update Service (gupdate1ca7af2c6045740);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-19 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-28 14:27:04 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d8247808-a284-4b7e-b220-96361a11c50d}\mpengine.dll
2012-12-28 03:31:21 -------- d-----w- c:\windows\ERUNT
2012-12-28 03:29:30 -------- d-----w- C:\JRT
2012-12-26 22:20:57 -------- d-----w- c:\windows\system32\Extensions
2012-12-26 22:20:55 -------- d-----w- c:\windows\system32\searchplugins
2012-12-26 22:20:24 -------- d-----w- c:\programdata\BrowserProtect
2012-12-26 22:20:07 -------- d-----w- c:\users\crowleyfam\appdata\roaming\PDFCreatorPackages
2012-12-26 22:19:32 -------- d-----w- c:\program files\GPLGS
2012-12-26 22:19:26 -------- d-----w- c:\users\crowleyfam\appdata\local\couponamazing
2012-12-26 22:19:15 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-12-26 22:18:24 -------- d-----w- c:\program files\PDFCreator
2012-12-23 23:08:18 -------- d-----w- c:\programdata\CanonIJWSpt
2012-12-23 23:05:01 83968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAQ.DLL
2012-12-23 23:05:01 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAQ.DLL
2012-12-23 23:03:53 323584 ----a-w- c:\windows\system32\CNC_AQL.dll
2012-12-23 23:03:53 286720 ----a-w- c:\windows\system32\CNC_AQC.dll
2012-12-23 23:03:53 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-12-23 23:03:53 114688 ----a-w- c:\windows\system32\CNC_AQU.dll
2012-12-23 23:03:53 114688 ----a-w- c:\windows\system32\CNC_AQI.dll
2012-12-23 23:02:51 310272 ----a-w- c:\windows\system32\CNMLMAQ.DLL
2012-12-23 23:02:34 90112 ----a-w- c:\windows\system32\CNC_AQO.dll
2012-12-23 23:02:30 184320 ----a-w- c:\windows\system32\CNMIUAQ.DLL
2012-12-23 17:41:50 117760 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxblpp5c.dll
2012-12-23 17:35:59 -------- d-----w- C:\drivers
2012-12-22 10:03:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 10:03:02 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 22:58:12 -------- d-----w- c:\users\crowleyfam\appdata\roaming\Stencyl
2012-12-15 22:56:44 -------- d-----w- c:\program files\Stencyl
2012-12-14 10:07:22 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-14 10:07:04 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-14 10:07:04 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-14 10:07:04 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-14 10:07:02 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-14 10:07:02 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-14 10:06:59 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-14 10:06:59 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-14 10:06:51 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-14 10:06:51 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-14 10:06:50 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 17:04:14 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 17:04:13 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 17:04:13 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 17:04:10 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 17:04:02 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2012-12-14 23:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 00:54:51 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-09 00:54:11 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-09 00:54:10 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 20:45:03.45 ===============
aswMBR
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-28 20:48:46
-----------------------------
20:48:46.395 OS Version: Windows 6.0.6002 Service Pack 2
20:48:46.395 Number of processors: 1 586 0x7F02
20:48:46.396 ComputerName: CROWLEYFAM-PC UserName: CrowleyFam
20:48:48.203 Initialize success
20:50:01.829 AVAST engine defs: 12122801
20:50:38.897 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
20:50:38.901 Disk 0 Vendor: Hitachi_ ST1O Size: 152627MB BusType: 6
20:50:38.918 Disk 0 MBR read successfully
20:50:38.921 Disk 0 MBR scan
20:50:38.930 Disk 0 unknown MBR code
20:50:38.934 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
20:50:38.958 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142385 MB offset 20973568
20:50:38.970 Disk 0 scanning sectors +312579760
20:50:39.049 Disk 0 scanning C:\Windows\system32\drivers
20:51:05.987 Service scanning
20:51:47.667 Modules scanning
20:52:17.036 Disk 0 trace - called modules:
20:52:17.061 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
20:52:17.081 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85412510]
20:52:17.089 3 CLASSPNP.SYS[87b9e8b3] -> nt!IofCallDriver -> [0x84f10700]
20:52:17.094 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\00000055[0x841a3ad8]
20:52:17.679 AVAST engine scan C:\Windows
20:52:22.337 AVAST engine scan C:\Windows\system32
20:59:02.625 AVAST engine scan C:\Windows\system32\drivers
20:59:21.572 AVAST engine scan C:\Users\CrowleyFam
21:23:07.748 AVAST engine scan C:\ProgramData
21:41:11.279 Scan finished successfully
09:01:52.878 Disk 0 MBR has been saved successfully to "C:\Users\CrowleyFam\Desktop\MBR.dat"
09:01:52.888 The log file has been saved successfully to "C:\Users\CrowleyFam\Desktop\aswMBR.txt"
I have attached the zip file as requested.
I can also post the results of the Spybot scans if requested.
Thanks, John
You helped me get rid of my Babylon Toolbar problem on my laptop, now both the family computers seem to have something wrong.
Symptoms are that IE will crash when following a link from a page. I use Spybot and it found Babylon Toolbar and tried to remove it. After several attempts, it removed it but the problems still persist.
First question. I have 2 computers with similar but not exactly the same problem.
1) Post both in the same thread?
2) Post each in their own thread at the same time?
3) Post and fix one then post and fix the other?
Thanks. Now for the logs.
DDS Log
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by CrowleyFam at 20:43:35 on 2012-12-28
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.628 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\lxblcoms.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0309&m=et1161-05
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\4.4.0.12\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CouponAmazing: {A2ACB108-446D-4D93-B2F9-998A9534C288} - c:\users\crowleyfam\appdata\local\couponamazing\ie\couponamazing_1355522574.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [GoogleChromeAutoLaunch_B10448EFEB3BD1E026D9BB5AF2D0576B] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService] <no file>
StartupFolder: c:\users\crowle~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BAECE5CD-C4AA-429C-AFD8-EFD154BFC537} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20121228.001\IDSvix86.sys [2012-12-28 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0404000.00c\symtdiv.sys [2011-10-31 340088]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-3-14 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-16 106656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca7af2c6045740;Google Update Service (gupdate1ca7af2c6045740);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-19 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-28 14:27:04 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d8247808-a284-4b7e-b220-96361a11c50d}\mpengine.dll
2012-12-28 03:31:21 -------- d-----w- c:\windows\ERUNT
2012-12-28 03:29:30 -------- d-----w- C:\JRT
2012-12-26 22:20:57 -------- d-----w- c:\windows\system32\Extensions
2012-12-26 22:20:55 -------- d-----w- c:\windows\system32\searchplugins
2012-12-26 22:20:24 -------- d-----w- c:\programdata\BrowserProtect
2012-12-26 22:20:07 -------- d-----w- c:\users\crowleyfam\appdata\roaming\PDFCreatorPackages
2012-12-26 22:19:32 -------- d-----w- c:\program files\GPLGS
2012-12-26 22:19:26 -------- d-----w- c:\users\crowleyfam\appdata\local\couponamazing
2012-12-26 22:19:15 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-12-26 22:18:24 -------- d-----w- c:\program files\PDFCreator
2012-12-23 23:08:18 -------- d-----w- c:\programdata\CanonIJWSpt
2012-12-23 23:05:01 83968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAQ.DLL
2012-12-23 23:05:01 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAQ.DLL
2012-12-23 23:03:53 323584 ----a-w- c:\windows\system32\CNC_AQL.dll
2012-12-23 23:03:53 286720 ----a-w- c:\windows\system32\CNC_AQC.dll
2012-12-23 23:03:53 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-12-23 23:03:53 114688 ----a-w- c:\windows\system32\CNC_AQU.dll
2012-12-23 23:03:53 114688 ----a-w- c:\windows\system32\CNC_AQI.dll
2012-12-23 23:02:51 310272 ----a-w- c:\windows\system32\CNMLMAQ.DLL
2012-12-23 23:02:34 90112 ----a-w- c:\windows\system32\CNC_AQO.dll
2012-12-23 23:02:30 184320 ----a-w- c:\windows\system32\CNMIUAQ.DLL
2012-12-23 17:41:50 117760 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxblpp5c.dll
2012-12-23 17:35:59 -------- d-----w- C:\drivers
2012-12-22 10:03:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 10:03:02 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 22:58:12 -------- d-----w- c:\users\crowleyfam\appdata\roaming\Stencyl
2012-12-15 22:56:44 -------- d-----w- c:\program files\Stencyl
2012-12-14 10:07:22 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-14 10:07:04 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-14 10:07:04 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-14 10:07:04 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-14 10:07:02 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-14 10:07:02 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-14 10:06:59 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-14 10:06:59 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-14 10:06:51 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-14 10:06:51 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-14 10:06:50 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 17:04:14 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 17:04:13 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 17:04:13 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 17:04:10 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 17:04:02 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2012-12-14 23:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 00:54:51 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-09 00:54:11 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-09 00:54:10 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 20:45:03.45 ===============
aswMBR
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-28 20:48:46
-----------------------------
20:48:46.395 OS Version: Windows 6.0.6002 Service Pack 2
20:48:46.395 Number of processors: 1 586 0x7F02
20:48:46.396 ComputerName: CROWLEYFAM-PC UserName: CrowleyFam
20:48:48.203 Initialize success
20:50:01.829 AVAST engine defs: 12122801
20:50:38.897 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
20:50:38.901 Disk 0 Vendor: Hitachi_ ST1O Size: 152627MB BusType: 6
20:50:38.918 Disk 0 MBR read successfully
20:50:38.921 Disk 0 MBR scan
20:50:38.930 Disk 0 unknown MBR code
20:50:38.934 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
20:50:38.958 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142385 MB offset 20973568
20:50:38.970 Disk 0 scanning sectors +312579760
20:50:39.049 Disk 0 scanning C:\Windows\system32\drivers
20:51:05.987 Service scanning
20:51:47.667 Modules scanning
20:52:17.036 Disk 0 trace - called modules:
20:52:17.061 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
20:52:17.081 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85412510]
20:52:17.089 3 CLASSPNP.SYS[87b9e8b3] -> nt!IofCallDriver -> [0x84f10700]
20:52:17.094 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\00000055[0x841a3ad8]
20:52:17.679 AVAST engine scan C:\Windows
20:52:22.337 AVAST engine scan C:\Windows\system32
20:59:02.625 AVAST engine scan C:\Windows\system32\drivers
20:59:21.572 AVAST engine scan C:\Users\CrowleyFam
21:23:07.748 AVAST engine scan C:\ProgramData
21:41:11.279 Scan finished successfully
09:01:52.878 Disk 0 MBR has been saved successfully to "C:\Users\CrowleyFam\Desktop\MBR.dat"
09:01:52.888 The log file has been saved successfully to "C:\Users\CrowleyFam\Desktop\aswMBR.txt"
I have attached the zip file as requested.
I can also post the results of the Spybot scans if requested.
Thanks, John