Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

after malware removal windows 7 firewall wont start


  • Please log in to reply
22 replies to this topic

#1 bigmattdaddy

bigmattdaddy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 28 January 2011 - 02:13 PM

I have a computer that I am working on that was infected with malware. the symptoms where; nothing you clicked on would open just come up with a message saying 'this file is infected' I installed and ran malwarebytes in safe mode. The error messages disappeared (malwarebytes rocks), everything seams to work fine now, but the firewall will not start.

This laptop is Windows 7 Home Premium 64bit.

Malwarebytes log =

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5619

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

1/27/2011 8:54:25 AM
mbam-log-2011-01-27 (08-54-25).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 339951
Time elapsed: 30 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RelevantKnowledge (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vmjfwgrb (Trojan.Downloader) -> Value: vmjfwgrb -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Cindy\AppData\Local\Temp\deiiiektf\emnnwwruerb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\components\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Cindy\AppData\Local\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Cindy\AppData\Local\Temp\0.89830002712322.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Cindy\AppData\Local\Temp\~os7484.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Cindy\AppData\Local\Temp\~os7484.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Cindy\AppData\Local\Temp\~os7484.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Cindy\AppData\Local\Temp\~os7484.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Cindy\AppData\Local\Temp\~os9BD6.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Cindy\AppData\Local\Temp\~os9BD6.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Cindy\AppData\Local\Temp\~os9BD6.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Cindy\AppData\Local\Temp\~os9BD6.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Cindy\local settings\application data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\nscf.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\shfscp.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

Here is the DDS file


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Cindy at 12:38:15.80 on Fri 01/28/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.824 [GMT -6:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\atibtmon.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cindy\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
StartupFolder: C:\Users\Cindy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-27 273488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-30 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-10 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-27 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-27 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-27 40384]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-12 19968]
R2 qmpehsoe;TeamViewer;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-3-10 6403072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-3-10 188928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-19 347680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-5-30 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-30 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-15 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2011-01-28 19:08:11 -------- d-----w- C:\PROGRA~3\Recovery
2011-01-28 03:13:46 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-01-28 03:10:02 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-01-28 03:09:48 -------- d-----w- C:\PROGRA~3\Hitman Pro
2011-01-28 02:24:29 388096 ----a-r- C:\Users\Cindy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-28 02:24:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-01-28 00:06:09 -------- d-----w- C:\Program Files\CCleaner
2011-01-27 23:21:00 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-27 22:38:26 98816 ----a-w- C:\Windows\sed.exe
2011-01-27 22:38:26 89088 ----a-w- C:\Windows\MBR.exe
2011-01-27 22:38:26 256512 ----a-w- C:\Windows\PEV.exe
2011-01-27 22:38:26 161792 ----a-w- C:\Windows\SWREG.exe
2011-01-27 22:36:33 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-27 17:04:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-27 17:04:04 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-27 17:04:02 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-01-27 17:01:43 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{5F70C705-8A6B-482F-8CBA-2EA8C7179D53}\mpengine.dll
2011-01-27 16:21:40 -------- d-----w- C:\Users\Cindy\AppData\Roaming\Malwarebytes
2011-01-27 16:21:32 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-27 16:21:31 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-27 16:21:28 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-27 16:21:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-14 04:03:25 -------- d-----w- C:\Users\Cindy\AppData\Local\ElevatedDiagnostics
2011-01-13 19:36:19 -------- d-----w- C:\Users\Cindy\AppData\Roaming\OpenOffice.org
2011-01-13 19:16:29 -------- d-----w- C:\Program Files (x86)\JRE
2011-01-13 19:16:25 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-01-13 18:12:06 -------- d-----w- C:\PROGRA~3\PC Optimizer Pro

==================== Find3M ====================

2010-11-19 19:15:42 396584 ----a-w- C:\Windows\System32\SynCOM.dll
2010-11-19 19:15:42 318000 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2010-11-19 19:15:42 265000 ----a-w- C:\Windows\System32\SynCtrl.dll
2010-11-19 19:15:42 214824 ----a-w- C:\Windows\System32\SynTPAPI.dll
2010-11-19 19:15:42 210216 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2010-11-19 19:15:42 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2010-11-19 19:15:42 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2010-11-19 19:15:42 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2010-11-19 19:14:37 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2010-11-19 19:14:37 347680 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2010-11-19 19:14:37 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2010-11-19 19:13:09 70176 ----a-w- C:\Windows\System32\RCoInst64.dll
2010-11-19 19:13:09 476192 ----a-w- C:\Windows\System32\RtkApi64.dll
2010-11-19 19:13:09 332320 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2010-11-19 19:13:09 2603040 ----a-w- C:\Windows\System32\RtkAPO64.dll
2010-11-19 19:13:09 2374560 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2010-11-19 19:13:09 1964576 ----a-w- C:\Windows\System32\RtPgEx64.dll
2010-11-19 19:13:09 149536 ----a-w- C:\Windows\System32\RtkCfg64.dll
2010-11-19 19:13:09 1216032 ----a-w- C:\Windows\System32\RTCOM64.dll
2010-11-19 19:13:09 1146912 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2010-11-19 19:13:06 1251872 ----a-w- C:\Windows\RtlExUpd.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

============= FINISH: 12:39:05.93 ===============

here are the errors I am getting with the firewall.
Attached File  capture1.PNG   42.22KB   4 downloads
Attached File  Capture2.JPG   29.84KB   4 downloads
Attached File  Capture3.JPG   76.19KB   3 downloads
Attached File  Capture4.JPG   31.37KB   4 downloads

It was also getting a browser redirect, so I went to reset the winsock and got this error.
Attached File  Capture5.JPG   37.05KB   4 downloads
Fixed the browser redirect by resetting IE settings.

Everything but the firewall seems to be running fine so far...This firewall is really stumping me.

Thank you in advance for your help, I know you don't get paid for this.

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:57 PM

Posted 03 February 2011 - 03:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 bigmattdaddy

bigmattdaddy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 04 February 2011 - 12:03 PM

here is another run of dds. the computer hasn't been used much but for bookwork since the last scan.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Cindy at 10:56:02.64 on Fri 02/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.663 [GMT -6:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intuit\QuickBooks 2010\qbw32.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Windows\system32\atibtmon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Users\Cindy\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qtfxbso5.default\
FF - component: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: MSN Toolbar: msntoolbar@msn.com - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-27 273488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-30 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-10 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-27 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-27 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-27 40384]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-12 19968]
R2 qmpehsoe;TeamViewer;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-3-10 6403072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-3-10 188928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-19 347680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-5-30 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-30 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-15 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2011-02-01 10:07:11 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{74B685A5-5457-40E0-9891-0B28193BD2E1}\mpengine.dll
2011-01-29 14:56:52 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-29 00:52:00 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2011-01-28 23:39:40 -------- d-----w- C:\Program Files (x86)\Belarc
2011-01-28 19:08:11 -------- d-----w- C:\PROGRA~3\Recovery
2011-01-28 18:37:57 624128 ----a-w- C:\dds.scr
2011-01-28 03:13:46 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-01-28 03:10:02 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-01-28 03:09:48 -------- d-----w- C:\PROGRA~3\Hitman Pro
2011-01-28 02:24:29 388096 ----a-r- C:\Users\Cindy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-28 02:24:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-01-28 00:06:09 -------- d-----w- C:\Program Files\CCleaner
2011-01-27 22:38:26 98816 ----a-w- C:\Windows\sed.exe
2011-01-27 22:38:26 89088 ----a-w- C:\Windows\MBR.exe
2011-01-27 22:38:26 256512 ----a-w- C:\Windows\PEV.exe
2011-01-27 22:38:26 161792 ----a-w- C:\Windows\SWREG.exe
2011-01-27 22:36:33 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-27 17:04:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-27 17:04:04 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-27 17:04:02 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-01-27 16:21:40 -------- d-----w- C:\Users\Cindy\AppData\Roaming\Malwarebytes
2011-01-27 16:21:32 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-27 16:21:31 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-27 16:21:28 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-27 16:21:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-14 04:03:25 -------- d-----w- C:\Users\Cindy\AppData\Local\ElevatedDiagnostics
2011-01-13 19:36:19 -------- d-----w- C:\Users\Cindy\AppData\Roaming\OpenOffice.org
2011-01-13 19:16:29 -------- d-----w- C:\Program Files (x86)\JRE
2011-01-13 19:16:25 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-01-13 18:12:06 -------- d-----w- C:\PROGRA~3\PC Optimizer Pro

==================== Find3M ====================

2010-11-19 19:15:42 396584 ----a-w- C:\Windows\System32\SynCOM.dll
2010-11-19 19:15:42 318000 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2010-11-19 19:15:42 265000 ----a-w- C:\Windows\System32\SynCtrl.dll
2010-11-19 19:15:42 214824 ----a-w- C:\Windows\System32\SynTPAPI.dll
2010-11-19 19:15:42 210216 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2010-11-19 19:15:42 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2010-11-19 19:15:42 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2010-11-19 19:15:42 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2010-11-19 19:14:37 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2010-11-19 19:14:37 347680 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2010-11-19 19:14:37 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2010-11-19 19:13:09 70176 ----a-w- C:\Windows\System32\RCoInst64.dll
2010-11-19 19:13:09 476192 ----a-w- C:\Windows\System32\RtkApi64.dll
2010-11-19 19:13:09 332320 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2010-11-19 19:13:09 2603040 ----a-w- C:\Windows\System32\RtkAPO64.dll
2010-11-19 19:13:09 2374560 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2010-11-19 19:13:09 1964576 ----a-w- C:\Windows\System32\RtPgEx64.dll
2010-11-19 19:13:09 149536 ----a-w- C:\Windows\System32\RtkCfg64.dll
2010-11-19 19:13:09 1216032 ----a-w- C:\Windows\System32\RTCOM64.dll
2010-11-19 19:13:09 1146912 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2010-11-19 19:13:06 1251872 ----a-w- C:\Windows\RtlExUpd.dll

============= FINISH: 10:57:36.07 ===============

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:57 PM

Posted 05 February 2011 - 09:19 AM

Hello bigmattdaddy

Welcome to BleepingComputer :)
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 bigmattdaddy

bigmattdaddy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 14 February 2011 - 11:28 AM

kahdah,

sorry for the delay in responding, I know you are busy. This problem is on a friends laptop and they needed to do paperwork on it, (taxes) I should be getting it back today so I can finish this up. I will post a new dds log and the OLT as soon as possible.

thank you for your help!

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:57 PM

Posted 14 February 2011 - 02:26 PM

Ok no problem. :)
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 bigmattdaddy

bigmattdaddy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 21 February 2011 - 03:20 PM

Kahdah,

Thank you for being patent, here is the otl scan results. This computer is now in my posession so there will be no more delay until we get this fixed.

Thanks,

Matt

OTL logfile created on: 2/21/2011 2:09:38 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Cindy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.02 Gb Total Space | 176.94 Gb Free Space | 80.78% Space Free | Partition Type: NTFS
Drive D: | 13.57 Gb Total Space | 1.94 Gb Free Space | 14.32% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 91.59 Mb Free Space | 92.35% Space Free | Partition Type: FAT32

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/02/21 13:58:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/14 19:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/05/18 10:16:22 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/05/18 08:57:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/02/26 17:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/21 13:58:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
MOD - [2011/01/27 11:07:11 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/03/24 00:59:44 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\qmpehsoe.dll -- (qmpehsoe)
SRV:64bit: - [2010/03/10 21:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 11:50:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/01/27 15:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/01/12 16:44:24 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/14 19:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/05/18 08:57:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 17:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/07/23 23:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/13 02:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/11/19 13:15:42 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/19 13:14:37 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/09/26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/10 21:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 20:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/22 14:00:12 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/01/28 18:52:00 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010/05/30 02:44:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/05/30 02:44:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/28 17:17:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/28 17:17:26 | 000,000,000 | ---D | M]

[2011/01/28 17:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2011/01/28 17:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\qtfxbso5.default\extensions
[2011/01/28 17:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/15 07:20:33 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/21 13:58:32 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
[2011/02/17 16:29:46 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/02/17 16:29:40 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/02/17 16:29:39 | 000,439,808 | ---- | C] (Atheros) -- C:\Windows\SysNative\athi95af.rra
[2011/02/14 13:53:09 | 002,048,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011/02/14 13:53:09 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2011/02/14 13:53:09 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2011/02/14 13:53:08 | 002,625,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2011/02/14 13:53:08 | 001,215,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2011/02/14 13:53:08 | 000,569,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2011/02/14 13:53:08 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2011/02/14 13:53:07 | 000,080,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011/02/14 13:53:04 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2011/02/09 18:32:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/09 18:32:08 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/09 18:32:07 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/09 18:32:06 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/09 18:32:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/09 18:32:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/09 18:32:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/09 18:32:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/09 18:32:05 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/09 18:32:05 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/09 18:32:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/09 18:32:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/09 18:30:12 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/09 18:30:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/09 18:30:08 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/09 18:30:06 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/09 18:30:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/09 18:30:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/09 18:30:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/09 18:30:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/09 18:29:56 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/09 18:29:53 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/09 18:29:52 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/09 18:29:46 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/09 18:29:46 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/09 18:29:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/09 18:29:41 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/09 18:29:40 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/09 18:29:39 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/09 18:29:39 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/09 18:29:23 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/09 18:29:22 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/09 18:29:22 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/09 18:29:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/01/29 08:56:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/28 18:54:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/28 17:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2011/01/28 17:17:33 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Mozilla
[2011/01/28 17:17:33 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Mozilla
[2011/01/28 17:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/28 17:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/01/28 13:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/01/27 21:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/01/27 21:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/01/27 20:24:29 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/27 20:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/01/27 18:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/27 16:38:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/27 16:38:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/27 16:38:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/27 16:38:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/27 16:38:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/27 16:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/01/27 16:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/01/27 16:36:33 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/01/27 16:36:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/01/27 16:36:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/01/27 16:36:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/01/27 11:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/01/27 11:04:33 | 000,273,488 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/01/27 11:04:33 | 000,020,560 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/01/27 11:04:30 | 000,029,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/01/27 11:04:29 | 000,051,792 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/01/27 11:04:23 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/01/27 11:04:23 | 000,062,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/01/27 11:04:04 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/01/27 11:04:04 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/27 11:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/01/27 11:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/27 10:21:40 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Malwarebytes
[2011/01/27 10:21:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/27 10:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/27 10:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/27 10:21:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/27 10:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/02/21 13:58:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
[2011/02/21 13:55:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/21 11:04:29 | 000,022,534 | ---- | M] () -- C:\Users\Cindy\Documents\Monthly Bill Chart.ods
[2011/02/21 11:00:25 | 014,483,456 | R--- | M] () -- C:\Users\Cindy\My Home.QBW.TLG
[2011/02/21 11:00:25 | 010,657,792 | R--- | M] () -- C:\Users\Cindy\My Home.QBW
[2011/02/21 11:00:25 | 000,000,328 | ---- | M] () -- C:\Users\Cindy\My Home.QBW.ND
[2011/02/21 10:57:53 | 000,000,328 | ---- | M] () -- C:\Users\Cindy\Scentsy.QBW.ND
[2011/02/21 10:57:52 | 008,728,576 | R--- | M] () -- C:\Users\Cindy\Scentsy.QBW
[2011/02/21 10:57:52 | 003,735,552 | R--- | M] () -- C:\Users\Cindy\Scentsy.QBW.TLG
[2011/02/21 10:54:19 | 008,728,576 | R--- | M] () -- C:\Users\Cindy\In Home Health Care.QBW
[2011/02/21 10:54:19 | 003,473,408 | R--- | M] () -- C:\Users\Cindy\In Home Health Care.QBW.TLG
[2011/02/21 10:54:19 | 000,000,340 | ---- | M] () -- C:\Users\Cindy\In Home Health Care.QBW.ND
[2011/02/21 10:51:08 | 011,870,208 | R--- | M] () -- C:\Users\Cindy\Cindy's Daycare.QBW
[2011/02/21 10:51:08 | 008,192,000 | R--- | M] () -- C:\Users\Cindy\Cindy's Daycare.QBW.TLG
[2011/02/21 10:51:08 | 000,000,336 | ---- | M] () -- C:\Users\Cindy\Cindy's Daycare.QBW.ND
[2011/02/17 11:55:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/17 11:55:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/17 11:50:38 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/17 11:50:38 | 000,632,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/17 11:50:38 | 000,110,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/17 11:46:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCindy.job
[2011/02/17 11:45:53 | 000,383,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/17 11:45:14 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/14 13:51:49 | 002,048,104 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011/02/14 13:51:49 | 001,146,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2011/02/14 13:51:47 | 002,625,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2011/02/14 13:51:47 | 000,569,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2011/02/14 13:51:47 | 000,332,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2011/02/14 13:51:47 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2011/02/14 13:51:46 | 001,215,592 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2011/02/14 13:51:45 | 000,080,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011/02/14 13:51:37 | 000,200,800 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2011/02/14 13:51:30 | 001,251,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011/02/14 13:51:26 | 000,000,712 | ---- | M] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2011/02/14 13:51:26 | 000,000,176 | ---- | M] () -- C:\Windows\SysNative\drivers\RTHDAEQ0.dat
[2011/02/04 11:02:04 | 000,004,004 | ---- | M] () -- C:\Users\Cindy\Desktop\Attach.zip
[2011/02/04 10:54:02 | 000,624,128 | ---- | M] () -- C:\Users\Cindy\Desktop\dds.scr
[2011/01/28 18:52:00 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/28 18:51:52 | 000,000,000 | ---- | M] () -- C:\Users\Cindy\defogger_reenable
[2011/01/28 18:50:51 | 000,133,632 | ---- | M] () -- C:\Users\Cindy\Desktop\RKUnhookerLE.EXE
[2011/01/28 17:39:41 | 000,002,031 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/01/28 17:17:30 | 000,001,967 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/28 17:17:30 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/28 12:36:04 | 000,624,128 | ---- | M] () -- C:\dds.scr
[2011/01/27 21:10:02 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/01/27 17:25:11 | 000,000,017 | ---- | M] () -- C:\Users\Cindy\AppData\Local\resmon.resmoncfg
[2011/01/27 11:04:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/01/27 11:04:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/01/27 10:21:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/26 00:53:10 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/26 00:31:20 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

========== Files Created - No Company Name ==========

[2011/02/04 11:02:04 | 000,004,004 | ---- | C] () -- C:\Users\Cindy\Desktop\Attach.zip
[2011/02/04 10:53:44 | 000,624,128 | ---- | C] () -- C:\Users\Cindy\Desktop\dds.scr
[2011/01/28 18:52:00 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/28 18:51:52 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\defogger_reenable
[2011/01/28 18:50:44 | 000,133,632 | ---- | C] () -- C:\Users\Cindy\Desktop\RKUnhookerLE.EXE
[2011/01/28 17:39:41 | 000,002,031 | ---- | C] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/01/28 17:39:41 | 000,002,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2011/01/28 17:17:30 | 000,001,967 | ---- | C] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/28 17:17:30 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/28 12:37:57 | 000,624,128 | ---- | C] () -- C:\dds.scr
[2011/01/27 21:10:02 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/01/27 17:25:11 | 000,000,017 | ---- | C] () -- C:\Users\Cindy\AppData\Local\resmon.resmoncfg
[2011/01/27 16:38:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/27 16:38:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/27 16:38:26 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/27 16:38:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/27 16:38:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/27 11:04:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/01/27 11:04:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/01/27 10:21:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/28 16:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/07/02 09:46:13 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/07/01 16:14:24 | 000,743,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/30 02:51:08 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/05/30 02:51:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/05/30 02:50:48 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/05/30 02:50:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/05/30 02:49:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/05/30 02:34:08 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/05/30 02:34:08 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/30 05:40:15 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/03/30 04:27:07 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/03/30 04:21:27 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/03/30 04:20:04 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/03/30 04:19:24 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011/01/13 13:36:19 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\OpenOffice.org
[2010/07/02 13:48:17 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\WildTangent
[2009/07/13 23:08:49 | 000,015,908 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 2/21/2011 2:09:38 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Cindy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.02 Gb Total Space | 176.94 Gb Free Space | 80.78% Space Free | Partition Type: NTFS
Drive D: | 13.57 Gb Total Space | 1.94 Gb Free Space | 14.32% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 91.59 Mb Free Space | 92.35% Space Free | Partition Type: FAT32

Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{477EE3A9-4B53-0F22-DB40-277ED46E9E72}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6A66C1E5-4146-4CA6-A551-627CFCEACC83}" = HP Quick Launch
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C3F0426C-175D-39B7-7A14-D6B21952DE5E}" = ATI Catalyst Install Manager
"{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A420-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0AD3D4FC-0B19-B2F2-376A-E6BF36BA342B}" = ccc-core-static
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1E27900B-E594-DCA9-10DB-C87A8318991C}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{31F4E558-F8A8-170E-BD85-BAD4EE739991}" = CCC Help Hungarian
"{338DAD71-9CE7-4D63-B729-7E91C07A4D7D}" = Microsoft Search Enhancement Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5124C3E2-5BE8-3FFA-F958-CF0C99961566}" = CCC Help Swedish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53839C74-42E0-72E8-0369-C9713A319A26}" = Catalyst Control Center InstallProxy
"{54F17069-7E87-A85A-9078-6F5B06AF21A3}" = CCC Help German
"{6048D442-6C92-D73C-D248-02C1D4038C3E}" = CCC Help Finnish
"{608A6E25-720C-8171-F887-F7664A23CA0C}" = CCC Help Norwegian
"{60FA1132-0486-41F9-B747-6D308C284D1C}" = Catalyst Control Center - Branding
"{60FAD0EE-2F87-FAEB-FE05-0CDCF8179884}" = CCC Help Thai
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6CAABDBA-F58D-565C-D36E-6D573B1B8E44}" = Catalyst Control Center Graphics Light
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7908E6E5-4BBC-756D-A235-2CFCC142685D}" = CCC Help English
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{854DDB9E-D488-065B-9FEF-18C159E451AF}" = Catalyst Control Center Graphics Previews Vista
"{85BCA864-BDC8-9299-C6AC-C032301D018C}" = Catalyst Control Center Graphics Full New
"{87553C1A-35F4-142A-AC88-86B663F7F136}" = CCC Help Czech
"{88146D95-5AEC-96BD-3107-A59328CE35BF}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B8797ED-6E75-FEBA-7210-90A2462B5DA7}" = CCC Help Japanese
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90C2329F-2EE2-5035-21B8-14F2F240D976}" = CCC Help Turkish
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A807CEB4-96A8-46A8-A298-C3AA87B47B00}" = HP Software Framework
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B75E2857-9A0D-EE0D-B332-A05FBECDDB83}" = Catalyst Control Center Graphics Previews Common
"{BA8D33B9-40B5-BC33-1F48-C2ADC90ABA95}" = CCC Help Italian
"{BD50BAF8-8DBD-C054-ACAA-EB7300A09B5F}" = CCC Help Korean
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3CBA627-2962-C9B2-6698-C89658757EB9}" = Catalyst Control Center Localization All
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE8F47D8-1C4D-48F3-F9F3-3D5DFCC75C24}" = Catalyst Control Center Core Implementation
"{CF4EFF53-CA7D-9479-3E18-AB6253497A95}" = CCC Help Russian
"{D19E881A-4A1E-A947-717F-B8DA93AE2EDA}" = CCC Help Chinese Standard
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D89D0D05-670D-D6C5-71DA-7C52F754F75F}" = CCC Help Dutch
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3148F44-518B-3232-58CA-77DB808E255F}" = Catalyst Control Center Graphics Full Existing
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EC67E77D-7873-A1B1-17E1-263E10748EEF}" = CCC Help Danish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F220D637-1086-83C2-EA21-25AF1FE47BEC}" = CCC Help Polish
"{F4693A78-2E6C-2A26-B833-E13A4A5DACB4}" = CCC Help Greek
"{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD122F1F-A640-082D-F4CB-F01259A956B6}" = CCC Help Portuguese
"{FDE722A1-1AEF-0641-D5D1-BA4C464BAB4C}" = CCC Help Spanish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"My HP Game Console" = HP Game Console
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2010 10:30:14 PM | Computer Name = Cindy-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/16/2010 10:31:32 PM | Computer Name = Cindy-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/17/2010 10:31:02 AM | Computer Name = Cindy-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 12/17/2010 10:31:02 AM | Computer Name = Cindy-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 12/17/2010 10:31:02 AM | Computer Name = Cindy-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 12/17/2010 11:03:15 AM | Computer Name = Cindy-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'hpCaslNotification' could not be shut down.

Error - 12/17/2010 1:23:54 PM | Computer Name = Cindy-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/17/2010 1:26:25 PM | Computer Name = Cindy-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/17/2010 1:26:49 PM | Computer Name = Cindy-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 12/19/2010 1:07:54 PM | Computer Name = Cindy-PC | Source = System Restore | ID = 8193
Description =

[ Hewlett-Packard Events ]
Error - 8/9/2010 9:19:10 AM | Computer Name = Cindy-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 8/9/2010 9:19:10 AM | Computer Name = Cindy-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 10/15/2010 9:13:51 AM | Computer Name = Cindy-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 10/15/2010 9:13:52 AM | Computer Name = Cindy-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 10/23/2010 1:07:13 AM | Computer Name = Cindy-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ HP Wireless Assistant Events ]
Error - 7/1/2010 2:48:47 PM | Computer Name = Cindy-PC | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/1/2010 2:48:53 PM | Computer Name = Cindy-PC | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/1/2010 2:48:58 PM | Computer Name = Cindy-PC | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/1/2010 2:49:03 PM | Computer Name = Cindy-PC | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/1/2010 2:49:08 PM | Computer Name = Cindy-PC | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/1/2010 2:49:13 PM | Computer Name = Cindy-PC | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/1/2010 2:49:18 PM | Computer Name = Cindy-PC | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/1/2010 2:49:23 PM | Computer Name = Cindy-PC | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/1/2010 2:49:28 PM | Computer Name = Cindy-PC | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/1/2010 2:49:33 PM | Computer Name = Cindy-PC | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 1/27/2011 7:21:41 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 1/27/2011 7:26:32 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 1/27/2011 7:52:32 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 1/27/2011 7:52:40 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 1/27/2011 8:02:28 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 1/27/2011 8:22:50 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 1/27/2011 8:51:30 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10010
Description =

Error - 1/27/2011 9:35:27 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 1/27/2011 10:05:38 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 1/27/2011 10:37:48 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.


< End of report >

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:57 PM

Posted 22 February 2011 - 05:06 AM

Please submit the following file to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Windows\SysNative\qmpehsoe.dll

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 bigmattdaddy

bigmattdaddy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 22 February 2011 - 09:51 AM

here are the results of the scan from Jotti:

[ArcaVir]
2011-02-22 Found nothing
[G DATA]
2011-02-22 Found nothing
[Avast! antivirus]
2011-02-22 Found nothing
[Ikarus]
2011-02-22 Found nothing
[Grisoft AVG Anti-Virus]
2011-02-22 Found nothing
[Kaspersky Anti-Virus]
2011-02-22 Found nothing
[Avira AntiVir]
2011-02-22 Found nothing
[ESET NOD32]
2011-02-22 Found nothing
[Softwin BitDefender]
2011-02-22 Found nothing
[Panda Antivirus]
2011-02-22 Found nothing
[ClamAV]
2011-02-22 Found nothing
[Quick Heal]
2011-02-22 Found nothing
[CPsecure]
2011-02-22 Found nothing
[Sophos]
2011-02-22 Found nothing
[Dr.Web]
2011-02-22 Found nothing
[VirusBlokAda VBA32]
2011-02-22 Found nothing
[Frisk F-Prot Antivirus]
2011-02-22 Found nothing
[VirusBuster]
2011-02-21 Found nothing
[F-Secure Anti-Virus]
2011-02-22 Found nothing

and from Virus Total file scan:

Antivirus Version Last Update Result
AhnLab-V3 2011.02.22.01 2011.02.22 -
AntiVir 7.11.3.178 2011.02.22 -
Antiy-AVL 2.0.3.7 2011.02.22 -
Avast 4.8.1351.0 2011.02.22 -
Avast5 5.0.677.0 2011.02.22 -
AVG 10.0.0.1190 2011.02.22 -
BitDefender 7.2 2011.02.22 -
CAT-QuickHeal 11.00 2011.02.22 -
ClamAV 0.96.4.0 2011.02.22 -
Commtouch 5.2.11.5 2011.02.22 -
Comodo 7772 2011.02.22 -
DrWeb 5.0.2.03300 2011.02.22 -
Emsisoft 5.1.0.2 2011.02.22 -
eSafe 7.0.17.0 2011.02.21 -
eTrust-Vet None 2011.02.22 -
F-Prot 4.6.2.117 2011.02.22 -
F-Secure 9.0.16160.0 2011.02.22 -
Fortinet 4.2.254.0 2011.02.22 -
GData 21 2011.02.22 -
Ikarus T3.1.1.97.0 2011.02.22 -
Jiangmin 13.0.900 2011.02.22 -
K7AntiVirus 9.88.3931 2011.02.22 -
Kaspersky 7.0.0.125 2011.02.22 -
McAfee 5.400.0.1158 2011.02.22 -
McAfee-GW-Edition 2010.1C 2011.02.22 -
Microsoft 1.6502 2011.02.22 -
NOD32 5895 2011.02.22 -
Norman 6.07.03 2011.02.22 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.21 -
PCTools 7.0.3.5 2011.02.22 -
Prevx 3.0 2011.02.22 -
Rising 23.46.01.06 2011.02.22 -
Sophos 4.61.0 2011.02.22 -
SUPERAntiSpyware 4.40.0.1006 2011.02.22 -
Symantec 20101.3.0.103 2011.02.22 -
TheHacker 6.7.0.1.136 2011.02.22 -
TrendMicro 9.200.0.1012 2011.02.22 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.22 -
VBA32 3.12.14.3 2011.02.22 -
VIPRE 8503 2011.02.22 -
ViRobot 2011.2.22.4323 2011.02.22 -
VirusBuster 13.6.212.0 2011.02.21 -
Additional information
Show all
MD5 : 6d83498d85e8d32df4e3087e15f33ae9
SHA1 : 1a3aea971001627611ff3be480e73e96a16f3516
SHA256: c26af50be974b47b502536210f8398b0cf7b908dca606bd67ec4c08b6ad9f1af

Looks clean.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:57 PM

Posted 22 February 2011 - 02:28 PM

OK please do the following:

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan inside archives.
  • Click Scan
  • Wait for the scan to finish
  • Click on the option that says Export to text file.
  • Save it to your desktop and post the contents here in your next reply.
  • Once the log is saved click the option to delete quarantined threats and Uninstall application on close.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 bigmattdaddy

bigmattdaddy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 22 February 2011 - 03:22 PM

mbam log, clean

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5843

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/22/2011 2:07:59 PM
mbam-log-2011-02-22 (14-07-59).txt

Scan type: Quick scan
Objects scanned: 172034
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:57 PM

Posted 23 February 2011 - 08:39 AM

OK please proceed with the Eset scan and post that log as well.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 bigmattdaddy

bigmattdaddy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 23 February 2011 - 10:59 AM

kahdah,

Eset scan came back clean,

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=7c366ae2cf4ba0409ad8cf2cb7ab9ed6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-23 03:49:01
# local_time=2011-02-23 09:49:01 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 1403100 1403100 0 0
# compatibility_mode=5893 16776573 100 94 0 50015992 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=194298
# found=0
# cleaned=0
# scan_time=3602

Edited by bigmattdaddy, 23 February 2011 - 11:02 AM.


#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:57 PM

Posted 23 February 2011 - 02:15 PM

Ok now that has been ruled out let's go to fixing the firewall.
Please do the following.
Go to The Windows 7 start orb then click it, in the Start Search programs and files bar that opens type in cmd when the cmd.exe shows up right click on it and choose "Run as Administrator"
When it opens after that type the following netsh advfirewall reset then hit Enter once that is done close the command prompt then restart the system and see if the firewall is re-enabled now.

If not then let me know.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 bigmattdaddy

bigmattdaddy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 23 February 2011 - 02:20 PM

I'm going to follow what you say here, but I have done these steps.
the firewall did not start. Here is the response after entering the command.

Attached File  Capture.JPG   41.87KB   5 downloads




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users