Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.Olmarik TDL4 virus(NEED HELP FAST!)


  • This topic is locked This topic is locked

#1
Wayne Lao

Wayne Lao

    New Member

  • Member
  • Pip
  • 5 posts
Hey guys I need help on this one ...I dont know what happened because my younger brother was toying with it....so it got infected or something........

I scanned it with eset but it was unable to remove it....
Operating Memory - Win32/Olmarik.TDL4 trojan


so thats what it reported I tried removing it in safe mode but no luck....
MalwareBytes didnt remove it too so to post the log..
  • 0

Advertisements


#2
Wayne Lao

Wayne Lao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the log for Malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8028

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

10/27/2011 5:49:25 PM
mbam-log-2011-10-27 (17-49-25).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 292997
Time elapsed: 26 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\svchost.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I need to see which variant we are dealing with

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
Wayne Lao

Wayne Lao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 10/28/2011 1:07:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 77.28% Memory free
3.93 Gb Paging File | 3.49 Gb Available in Paging File | 88.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.31 Gb Total Space | 223.35 Gb Free Space | 78.01% Space Free | Partition Type: NTFS
Drive D: | 11.49 Gb Total Space | 1.92 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.67 Mb Free Space | 93.29% Space Free | Partition Type: FAT32

Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 01:04:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2009/11/22 04:25:25 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/03/18 07:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/12 06:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe -- (STacSV)
SRV - [2009/09/04 20:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/09 03:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/06 00:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/03/02 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/08/09 13:57:10 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/10/12 06:51:52 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/09/30 02:25:26 | 000,017,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Stopped] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)
DRV - [2009/09/02 01:59:42 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 22:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/29 16:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/13

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010/09/24 17:39:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/27 08:22:24 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\HP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HP\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/27 19:07:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam2.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Facebook Update] C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0279F581-45C4-476E-A3D7-B7119C0E981B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{071731F0-E10C-4DA2-82A3-476A7F586E38}: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) -C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) -C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 01:04:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/10/27 19:29:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/27 19:25:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/27 18:14:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/27 18:14:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/27 18:14:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/27 18:13:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/27 18:12:57 | 000,000,000 | ---D | C] -- C:\pcxmuahah
[2011/10/27 18:07:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/27 18:06:13 | 004,274,802 | R--- | C] (Swearware) -- C:\pcxmuahah.exe
[2011/10/27 16:59:57 | 000,000,000 | ---D | C] -- C:\mbrfix
[2011/10/27 13:05:02 | 000,348,704 | ---- | C] (ESET spol. s r.o.) -- C:\EOlmarikRemover.exe
[2011/10/27 13:04:45 | 000,090,240 | ---- | C] (ESET spol. s r.o.) -- C:\EOlmarikTdl4Cleaner.exe
[2011/10/27 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\99882
[2011/10/27 08:39:01 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2011/10/27 08:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/27 08:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/27 08:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/27 07:43:36 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\ESET.NOD32.Anitvirus.5(32.and.64.bit)
[2011/10/27 07:43:18 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Crack
[2011/10/27 07:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/10/27 07:31:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\ESET
[2011/10/27 07:30:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\IObit
[2011/10/27 07:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/10/27 04:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/10/22 01:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\91D1
[2011/10/21 06:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/10/21 04:38:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\99882
[2011/10/21 04:37:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\D6A99
[2011/10/13 04:13:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\song_files
[2011/10/13 04:06:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Nicki Minaj - Fly ft. Rihanna - YouTube_files
[2011/10/13 04:05:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Katy Perry - Last Friday Night (T.G.I.F.) - YouTube_files
[2011/10/03 12:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\1816F
[2011/10/01 23:43:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Emma Watson Pics In Marie Claire Magazine_files

========== Files - Modified Within 30 Days ==========

[2011/10/28 01:04:32 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/28 01:04:32 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/28 01:04:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/10/28 01:00:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/28 01:00:16 | 1581,867,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 00:58:31 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/10/27 23:18:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000UA.job
[2011/10/27 19:14:39 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 19:14:39 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 19:07:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/27 18:06:28 | 004,274,802 | R--- | M] (Swearware) -- C:\pcxmuahah.exe
[2011/10/27 16:59:52 | 000,138,820 | ---- | M] () -- C:\mbrfix.zip
[2011/10/27 13:05:17 | 000,348,704 | ---- | M] (ESET spol. s r.o.) -- C:\EOlmarikRemover.exe
[2011/10/27 13:04:50 | 000,090,240 | ---- | M] (ESET spol. s r.o.) -- C:\EOlmarikTdl4Cleaner.exe
[2011/10/27 05:18:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000Core.job
[2011/10/27 04:53:06 | 000,000,146 | ---- | M] () -- C:\Users\HP\Desktop\HP Wireless Assistant - Shortcut.lnk
[2011/10/26 00:34:24 | 000,000,012 | ---- | M] () -- C:\ProgramData\ReminderNextRun
[2011/10/20 11:25:41 | 000,001,118 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
[2011/10/13 04:13:05 | 000,161,129 | ---- | M] () -- C:\Users\Public\Documents\song.htm
[2011/10/13 04:06:07 | 000,124,740 | ---- | M] () -- C:\Users\Public\Documents\Nicki Minaj - Fly ft. Rihanna - YouTube.htm
[2011/10/13 04:05:53 | 000,136,723 | ---- | M] () -- C:\Users\Public\Documents\Katy Perry - Last Friday Night (T.G.I.F.) - YouTube.htm
[2011/10/09 19:30:33 | 000,000,044 | ---- | M] () -- C:\Windows\System32\imon1.dat
[2011/10/08 15:38:01 | 000,037,202 | ---- | M] () -- C:\Users\Public\Documents\200721_192821544084146_100000689055425_541820_1891414_n.jpg
[2011/10/07 10:12:38 | 000,173,379 | ---- | M] () -- C:\Users\HP\Documents\Snapshot.png
[2011/10/01 23:43:23 | 000,019,211 | ---- | M] () -- C:\Users\Public\Documents\Emma Watson Pics In Marie Claire Magazine.htm
[2011/10/01 03:26:09 | 000,081,710 | ---- | M] () -- C:\Users\Public\Documents\daniel-and-emma-harry-and-hermione-17153790-500-500 (1).jpg

========== Files Created - No Company Name ==========

[2011/10/27 18:14:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/27 18:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/27 18:14:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/27 18:14:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/27 18:14:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/27 16:59:51 | 000,138,820 | ---- | C] () -- C:\mbrfix.zip
[2011/10/27 04:53:06 | 000,000,146 | ---- | C] () -- C:\Users\HP\Desktop\HP Wireless Assistant - Shortcut.lnk
[2011/10/20 11:25:41 | 000,001,118 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
[2011/10/19 05:13:38 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000UA.job
[2011/10/19 05:13:38 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000Core.job
[2011/10/13 04:13:05 | 000,161,129 | ---- | C] () -- C:\Users\Public\Documents\song.htm
[2011/10/13 04:06:04 | 000,124,740 | ---- | C] () -- C:\Users\Public\Documents\Nicki Minaj - Fly ft. Rihanna - YouTube.htm
[2011/10/13 04:05:49 | 000,136,723 | ---- | C] () -- C:\Users\Public\Documents\Katy Perry - Last Friday Night (T.G.I.F.) - YouTube.htm
[2011/10/11 09:14:12 | 000,001,206 | ---- | C] () -- C:\Users\HP\Desktop\RealPlayer.lnk
[2011/10/08 15:38:29 | 000,037,202 | ---- | C] () -- C:\Users\Public\Documents\200721_192821544084146_100000689055425_541820_1891414_n.jpg
[2011/10/07 10:12:38 | 000,173,379 | ---- | C] () -- C:\Users\HP\Documents\Snapshot.png
[2011/10/01 23:43:19 | 000,019,211 | ---- | C] () -- C:\Users\Public\Documents\Emma Watson Pics In Marie Claire Magazine.htm
[2011/10/01 03:26:12 | 000,081,710 | ---- | C] () -- C:\Users\Public\Documents\daniel-and-emma-harry-and-hermione-17153790-500-500 (1).jpg
[2011/07/18 17:37:26 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
[2011/02/22 20:29:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\imon1.dat
[2010/09/24 17:38:21 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/24 17:38:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/24 17:38:10 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/24 17:38:09 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/09/24 17:38:07 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/09/24 17:38:02 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/02/24 18:28:27 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/02/24 18:22:53 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/02/24 18:21:03 | 000,000,276 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/02/24 18:21:03 | 000,000,217 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2009/09/27 21:49:50 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,419,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 22:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/10/27 05:18:18 | 000,000,894 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000Core.job
[2011/10/27 23:18:03 | 000,000,916 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3380120774-2922761812-2623259579-1000UA.job
[2011/10/21 09:21:28 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/10/27 13:05:17 | 000,348,704 | ---- | M] (ESET spol. s r.o.) -- C:\EOlmarikRemover.exe
[2011/10/27 13:04:50 | 000,090,240 | ---- | M] (ESET spol. s r.o.) -- C:\EOlmarikTdl4Cleaner.exe
[2011/10/28 01:04:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/10/27 18:06:28 | 004,274,802 | R--- | M] (Swearware) -- C:\pcxmuahah.exe


< MD5 for: EXPLORER.EXE >
[2009/11/22 04:25:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/10/27 07:59:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2011/10/27 07:59:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/11/22 04:25:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/11/22 04:25:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\explorer.exe
[2009/11/22 04:25:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< >

< End of report >
  • 0

#5
Wayne Lao

Wayne Lao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL Extras logfile created on: 10/28/2011 1:07:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 77.28% Memory free
3.93 Gb Paging File | 3.49 Gb Available in Paging File | 88.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.31 Gb Total Space | 223.35 Gb Free Space | 78.01% Space Free | Partition Type: NTFS
Drive D: | 11.49 Gb Total Space | 1.92 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.67 Mb Free Space | 93.29% Space Free | Partition Type: FAT32

Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F22256-8A8D-4F3F-B22C-6E07313D0FD1}" = HP Support Assistant
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21FFAF37-E51A-41AB-8749-ACD1F9CF8E37}" = HP QuickWeb
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4414C431-245A-4AF7-8FE0-3ED2333FD8D2}" = HP MediaStream
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4B7057D5-6D5D-4088-8217-48EA20C44373}" = HP User Guides 0169
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{EEA95E6C-6847-49BE-83C9-ED92D8E18983}" = HP QuickSync
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9E858E3-522C-4E89-AACC-619CCA2E1EA4}" = ESET NOD32 Antivirus
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Bandoo" = Bandoo
"BearShare" = BearShare
"BearShare 2 MediaBar" = MediaBar
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Chikka Messenger V4" = Chikka Messenger V4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"HDMI" = Intel® Graphics Media Accelerator Driver
"iMesh" = iMesh
"iMesh 1 MediaBar" = MediaBar
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Text Twist 2 1.00" = Text Twist 2 1.00
"VLC media player" = VLC media player 1.0.0-rc1
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"ZumoDrive" = HP CloudDrive

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2011 8:05:14 AM | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16434,
time stamp: 0x4acab181 Faulting module name: SHELL32.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb01 Exception code: 0xc0000005 Fault offset: 0x0009d7bc Faulting
process id: 0x6a8 Faulting application start time: 0x01cc826d664f2b30 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: 1d8c7847-ee81-11e0-8519-c80aa93d5ae8

Error - 10/4/2011 11:45:39 PM | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 14.0.835.187 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3ec Start
Time: 01cc830588c3400b Termination Time: 21 Application Path: C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 7a6f75be-ef04-11e0-b7a9-c80aa93d5ae8

Error - 10/7/2011 6:13:58 AM | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: bsbandmltbpi.dll_unloaded, version:
0.0.0.0, time stamp: 0x4dc40682 Exception code: 0xc0000005 Fault offset: 0x04ec3180
Faulting
process id: 0xed4 Faulting application start time: 0x01cc84d9cfaa7c24 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: bsbandmltbpi.dll
Report
Id: 1197685d-f0cd-11e0-8b07-c80aa93d5ae8

Error - 10/7/2011 6:25:25 PM | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 14.0.835.202 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ed0 Start
Time: 01cc853d7aeb90ac Termination Time: 17 Application Path: C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 3c244866-f133-11e0-adf3-c80aa93d5ae8

Error - 10/8/2011 5:48:42 AM | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 14.0.835.202 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9fc Start
Time: 01cc85582d9d808d Termination Time: 57 Application Path: C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: acb4de5d-f192-11e0-8af8-c80aa93d5ae8

Error - 10/9/2011 2:58:16 AM | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 14.0.835.202 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c28 Start
Time: 01cc863c160fdeb9 Termination Time: 162 Application Path: C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 0217fcf6-f244-11e0-b7df-c80aa93d5ae8

Error - 10/11/2011 5:42:58 AM | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RealPlay.exe, version: 11.0.0.446, time
stamp: 0x47fcfc2b Faulting module name: twebbrowse.dll, version: 1.0.3.45, time
stamp: 0x4775ae42 Exception code: 0xc0000005 Fault offset: 0x00004bff Faulting process
id: 0x8fc Faulting application start time: 0x01cc87f8885e4bb2 Faulting application
path: C:\Program Files\Real\RealPlayer\RealPlay.exe Faulting module path: C:\Program
Files\Common Files\Real\Common\twebbrowse.dll Report Id: 66bb1b9b-f3ed-11e0-8b62-c80aa93d5ae8

Error - 10/11/2011 8:07:03 PM | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 14.0.835.202 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cbc Start
Time: 01cc88723cadfeb7 Termination Time: 0 Application Path: C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 12b7022c-f466-11e0-ae6e-c80aa93d5ae8

Error - 10/11/2011 8:18:59 PM | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 14.0.835.202 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f08 Start
Time: 01cc8873b8e35130 Termination Time: 0 Application Path: C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: bf800a4c-f467-11e0-ae6e-c80aa93d5ae8

Error - 10/12/2011 7:57:13 PM | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Faulting application name: realplay.exe, version: 11.0.0.446, time
stamp: 0x47fcfc2b Faulting module name: twebbrowse.dll, version: 1.0.3.45, time
stamp: 0x4775ae42 Exception code: 0xc0000005 Fault offset: 0x00004bff Faulting process
id: 0xe3c Faulting application start time: 0x01cc893a875bdb8f Faulting application
path: C:\Program Files\Real\RealPlayer\realplay.exe Faulting module path: C:\Program
Files\Common Files\Real\Common\twebbrowse.dll Report Id: e75dfcd1-f52d-11e0-8b1d-c80aa93d5ae8

[ Hewlett-Packard Events ]
Error - 12/9/2010 8:47:18 AM | Computer Name = HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/9/2010 8:47:18 AM | Computer Name = HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/9/2010 9:07:43 AM | Computer Name = HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/9/2010 9:07:44 AM | Computer Name = HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 2/10/2011 12:25:21 PM | Computer Name = HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ System Events ]
Error - 10/27/2011 3:06:29 PM | Computer Name = HP-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:05:13 PM on ?10/?27/?2011 was unexpected.

Error - 10/27/2011 3:06:52 PM | Computer Name = HP-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/27/2011 3:08:53 PM | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 10/27/2011 3:08:53 PM | Computer Name = HP-PC | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 10/27/2011 9:00:25 PM | Computer Name = HP-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom discache DVMIO ehdrv spldr Wanarpv6

Error - 10/27/2011 9:00:29 PM | Computer Name = HP-PC | Source = DCOM | ID = 10005
Description =

Error - 10/27/2011 9:00:35 PM | Computer Name = HP-PC | Source = DCOM | ID = 10005
Description =

Error - 10/27/2011 9:00:37 PM | Computer Name = HP-PC | Source = DCOM | ID = 10005
Description =

Error - 10/27/2011 9:00:37 PM | Computer Name = HP-PC | Source = DCOM | ID = 10005
Description =

Error - 10/27/2011 9:00:44 PM | Computer Name = HP-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll
Error
Code: 21


< End of report >
  • 0

#6
Wayne Lao

Wayne Lao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hey man...I cant seem to open aswMBR.exe....when I open it does nothing...
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK, when you restart the computer, on the safe mode menu is there an option called repair my computer ?

If there is could you select that
And then select startup repair

Let me know the result of that please
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP