Analyze my DDS log, please

[sift2cupsflour]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120  BrowserJavaVersion: 1.6.0_26
Run by (PRIVATE) at 10:33:45 on 2011-09-04
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1717 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearch Page =
uSearch Bar =
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:80
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
uPolicies-explorer: DisallowCpl = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: intuit.com\ttlc
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{1892AB9D-DD1A-4939-8CFF-E7FA5EE7E608} : DhcpNameServer = 68.87.85.102 68.87.69.150
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\(PRIVATE)\appdata\roaming\mozilla\firefox\profiles\mky7gmti.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-11 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-7 309848]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-7 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-7 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-16 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-15 366640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-15 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9e13c7a790727;Google Update Service (gupdate1c9e13c7a790727);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-04 16:13:56   388096   ----a-r-   c:\users\(PRIVATE)\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-02 12:00:25   7152464   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{8b6bfe63-2bc5-4ea7-a12f-64bcbc01fbde}\mpengine.dll
2011-08-30 17:40:35   --------   d-----w-   c:\users\(PRIVATE)\appdata\local\Apps
2011-08-30 13:48:40   --------   d-----w-   c:\users\(PRIVATE)\appdata\local\Evernote
2011-08-30 13:46:12   --------   d-----w-   c:\program files\Rainlendar2
2011-08-29 14:36:59   --------   d-----w-   c:\users\(PRIVATE)\appdata\roaming\GlarySoft
2011-08-29 13:43:47   --------   d-----w-   c:\program files\Glary Utilities
2011-08-29 13:42:00   --------   d-----w-   c:\users\(PRIVATE)\appdata\roaming\.anki
2011-08-29 13:41:44   --------   d-----w-   c:\program files\Anki
2011-08-24 16:19:22   18764   ----a-w-   c:\windows\system32\ddmon.dll
2011-08-24 16:17:13   --------   d-----w-   c:\program files\CD Recovery Toolbox Free
2011-08-24 16:16:49   --------   d-----w-   c:\program files\Registry Medic 4
2011-08-24 12:37:53   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-08-17 18:31:48   --------   d-----w-   c:\users\(PRIVATE)\appdata\local\SecondLife
2011-08-17 14:27:13   7522243   ----a-w-   c:\programdata\SPL6B03.tmp
2011-08-16 13:32:57   --------   d-----w-   c:\program files\Phoenix Viewer
2011-08-15 15:42:28   10680383   ----a-w-   c:\programdata\SPL6AE8.tmp
2011-08-11 04:48:30   375808   ----a-w-   c:\windows\system32\winsrv.dll
2011-08-11 04:48:21   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 04:48:10   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-11 04:48:09   247808   ----a-w-   c:\program files\internet explorer\ieproxy.dll
2011-08-11 04:48:08   129536   ----a-w-   c:\program files\internet explorer\sqmapi.dll
2011-08-09 15:10:19   --------   d-----w-   c:\users\(PRIVATE)\appdata\roaming\Firestorm
.
==================== Find3M  ====================
.
2011-08-18 15:35:11   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 11:00:05   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34   71680   ----a-w-   c:\windows\system32\iesetup.dll
2011-07-23 10:59:34   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47   385024   ----a-w-   c:\windows\system32\html.iec
2011-07-23 09:27:04   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-07-19 15:10:07   108477   ----a-w-   c:\windows\Thumbplug TGA Uninstaller.exe
2011-07-06 00:37:00   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-07-06 00:37:00   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2011-07-04 11:43:53   40112   ----a-w-   c:\windows\avastSS.scr
2011-07-04 11:36:43   441176   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20   54104   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-06-20 08:54:36   3602832   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36   3550096   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13:55   905104   ----a-w-   c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 10:34:17.62 ===============

[Jintan]

Welcome to Malware Crypt sift2cupsflour,

The logs show a malware-created proxy setting, but also shows some active Norton Remnants (I assume Avast is the current antivirus). Let's make some changes, then get a more detailed look before starting repairs.

The log shows the user account as "(PRIVATE)". Assuming you changed the logs to this to conceal the actual name (I seem to be doing a lot of assuming here), we ask that folks not alter log results. For the moment we will just pass over this, but should it interfere with the making of fix scripts or other repairs, you will need to post logs unaltered.

-------------

The system is Vista, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

---------

Code:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-
"ProxyServer"=-

Open Notepad (Start Search, type Notepad then click the notepad file that shows in the display), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

---------

If Norton is still installed, please go to Control Panel - Programs and Features, and uninstall it. Reboot, then go here and download the Norton Removal Tool that is appropriate for your version. Then close all open windows and disable all protective software, and click the downloaded file to completely remove Norton from your system. If the removal does not cause a reboot reboot after the tool has completed the removal. Be sure to save all registration keys before running the tool if you plan to reinstall Norton later.

If you do not recall the version that is okay - the same tool is used for most versions. The exception is Norton 360, which requires you run a BUdump.exe tool first.

At some point Avast will also need to be uninstalled/reinstalled due to being corrupted when running along with Norton, but we can put this off until later.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). 

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document.  Once the file is created, open it and rightclick again and choose Paste.  Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document.  Once the file is created, open it and rightclick again and choose Paste.  Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
  
• Decline a download of avast itself if offered
• If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the  save log button, save it to your desktop and post it in your next reply.
  

Run DDS again, and post both log files it produces please.

[sift2cupsflour]

Thank you for your reply. I followed the instructions provided. However I did encounter a difficulty running Gmer. Even though it appeared to show no located infections in the opening scan, the second scan would not complete ie: windows error saying program stopped running. I did run it as an administrator. The log from the opening scan of Gmer is included with other logs you have requested.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-05 16:03:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: n0sivvsw.exe; Driver: C:\Users\ELIZAB~1\AppData\Local\Temp\uxddqpog.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateProcessEx [0x91037398]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                 aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-05 16:04:12
-----------------------------
16:04:12.022    OS Version: Windows 6.0.6002 Service Pack 2
16:04:12.022    Number of processors: 2 586 0x170A
16:04:12.022    ComputerName: NONBOOK  UserName:
16:04:13.769    Initialize success
16:04:13.831    AVAST engine defs: 11090501
16:04:57.043    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:04:57.043    Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
16:04:59.102    Disk 0 MBR read successfully
16:04:59.102    Disk 0 MBR scan
16:04:59.102    Disk 0 unknown MBR code
16:04:59.118    Disk 0 scanning sectors +625135616
16:04:59.180    Disk 0 scanning C:\Windows\system32\drivers
16:05:06.138    Service scanning
16:05:07.636    Modules scanning
16:05:27.260    Disk 0 trace - called modules:
16:05:27.307    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
16:05:27.307    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864fc5e8]
16:05:27.307    3 CLASSPNP.SYS[805d38b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85f17030]
16:05:27.323    Scan finished successfully
16:05:42.112    Disk 0 MBR has been saved successfully to "C:\Users\Elizabeth\Desktop\MBR.dat"
16:05:42.127    The log file has been saved successfully to "C:\Users\Elizabeth\Desktop\aswMBR.txt"


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120  BrowserJavaVersion: 1.6.0_26
Run by Elizabeth at 16:20:48 on 2011-09-05
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1940 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearch Page =
uSearch Bar =
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
uPolicies-explorer: DisallowCpl = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
Trusted Zone: intuit.com\ttlc
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{1892AB9D-DD1A-4939-8CFF-E7FA5EE7E608} : DhcpNameServer = 68.87.85.102 68.87.69.150
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\elizabeth\appdata\roaming\mozilla\firefox\profiles\mky7gmti.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-11 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-7 309848]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-7 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-7 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-16 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-15 366640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-15 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9e13c7a790727;Google Update Service (gupdate1c9e13c7a790727);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-04 16:13:56   388096   ----a-r-   c:\users\elizabeth\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-02 12:00:25   7152464   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{8b6bfe63-2bc5-4ea7-a12f-64bcbc01fbde}\mpengine.dll
2011-08-30 17:40:35   --------   d-----w-   c:\users\elizabeth\appdata\local\Apps
2011-08-30 13:48:40   --------   d-----w-   c:\users\elizabeth\appdata\local\Evernote
2011-08-30 13:46:12   --------   d-----w-   c:\program files\Rainlendar2
2011-08-29 14:36:59   --------   d-----w-   c:\users\elizabeth\appdata\roaming\GlarySoft
2011-08-29 13:43:47   --------   d-----w-   c:\program files\Glary Utilities
2011-08-29 13:42:00   --------   d-----w-   c:\users\elizabeth\appdata\roaming\.anki
2011-08-29 13:41:44   --------   d-----w-   c:\program files\Anki
2011-08-24 16:19:22   18764   ----a-w-   c:\windows\system32\ddmon.dll
2011-08-24 16:17:13   --------   d-----w-   c:\program files\CD Recovery Toolbox Free
2011-08-24 16:16:49   --------   d-----w-   c:\program files\Registry Medic 4
2011-08-24 12:37:53   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-08-17 18:31:48   --------   d-----w-   c:\users\elizabeth\appdata\local\SecondLife
2011-08-17 14:27:13   7522243   ----a-w-   c:\programdata\SPL6B03.tmp
2011-08-16 13:32:57   --------   d-----w-   c:\program files\Phoenix Viewer
2011-08-15 15:42:28   10680383   ----a-w-   c:\programdata\SPL6AE8.tmp
2011-08-11 04:48:30   375808   ----a-w-   c:\windows\system32\winsrv.dll
2011-08-11 04:48:21   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 04:48:10   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-11 04:48:09   247808   ----a-w-   c:\program files\internet explorer\ieproxy.dll
2011-08-11 04:48:08   129536   ----a-w-   c:\program files\internet explorer\sqmapi.dll
2011-08-09 15:10:19   --------   d-----w-   c:\users\elizabeth\appdata\roaming\Firestorm
.
==================== Find3M  ====================
.
2011-08-18 15:35:11   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 11:00:05   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34   71680   ----a-w-   c:\windows\system32\iesetup.dll
2011-07-23 10:59:34   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47   385024   ----a-w-   c:\windows\system32\html.iec
2011-07-23 09:27:04   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-07-19 15:10:07   108477   ----a-w-   c:\windows\Thumbplug TGA Uninstaller.exe
2011-07-06 00:37:00   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-07-06 00:37:00   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2011-07-04 11:43:53   40112   ----a-w-   c:\windows\avastSS.scr
2011-07-04 11:36:43   441176   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20   54104   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-06-20 08:54:36   3602832   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36   3550096   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13:55   905104   ----a-w-   c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 16:21:07.14 ===============

[Jintan]

Not sure I ever asked what problems you might be having there. No malware so far, though a setting that indicates some Control Panel icons may be blocked. The instructions for attaching the second file are actually for a different forum's use, so I will post those contents here as well:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/5/2009 9:00:58 PM
System Uptime: 9/5/2011 3:40:16 PM (1 hours ago)
.
Motherboard: Wistron |  | 3612
Processor: Pentium(R) Dual-Core CPU       T4200  @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 139.706 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.373 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 149 GiB total, 76.011 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: isatap.hsd1.co.comcast.net.
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
RP1006: 8/30/2011 7:49:37 AM - Removed Evernote v. 4.5
RP1007: 8/30/2011 4:50:08 PM - Windows Update
RP1008: 8/31/2011 8:05:31 AM - Scheduled Checkpoint
RP1009: 9/1/2011 8:32:18 AM - Scheduled Checkpoint
RP1010: 9/2/2011 5:59:24 AM - Windows Update
RP1011: 9/4/2011 9:04:00 AM - Removed AnswerWorks 5.0 English Runtime
RP1012: 9/4/2011 9:04:33 AM - Removed TurboTax 2008 WinPerUserEducation
RP1013: 9/4/2011 9:05:14 AM - Removed TurboTax 2008 WinPerProgramHelp
RP1014: 9/4/2011 9:06:36 AM - Removed TurboTax 2008 WinPerTaxSupport
RP1015: 9/4/2011 9:07:53 AM - Removed TurboTax 2008 WinPerFedFormset
RP1016: 9/4/2011 9:08:48 AM - Removed TurboTax 2008 WinPerReleaseEngine
RP1017: 9/4/2011 9:10:37 AM - Removed TurboTax 2008 wrapper
RP1018: 9/4/2011 9:12:56 AM - Removed HP Total Care Advisor
RP1020: 9/4/2011 9:15:24 AM - Configured PowerDirector
RP1021: 9/4/2011 10:13:15 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.0)
Adobe Setup
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
Amazon Kindle
Amazon MP3 Downloader 1.0.12
Anki
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Audacity 1.2.3
avast! Free Antivirus
AZZ Cardfile
azzCardfile 4.0c
Body Tracker
Budget for Windows 4.5.5
Budget Workbook
CamStudio
CCleaner (remove only)
CD Recovery Toolbox Free 1.0
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Command and Conquer 3: Tiberium Wars
Conexant HD Audio
Counter-Strike Steamworks Beta
CyberLink DVD Suite
CyberLink YouCam
Day of Defeat
dcmsvc 1.0
Deathmatch Classic
Defence Alliance 2
DietPower 4.4
ESU for Microsoft Vista
Fallout
Fallout 2
FamilySearch Indexing
Freelang Dictionary (wordlist)
Gadwin PrintScreen
Glary Utilities 2.37.0.1260
GLIntercept 0.5
Google Earth
Google Update Helper
Half-Life
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life: Blue Shift
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Intel(R) Graphics Media Accelerator Driver
IZArc 3.81
Java Auto Updater
Java(TM) 6 Update 13
Java(TM) 6 Update 26
Killing Floor
LabelPrint
Lexmark 2600 Series
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 6.0.1 (x86 en-US)
Mozilla Thunderbird (6.0.1)
Mp3tag v2.45b
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Notable
Notepad++
NovaBench 3.0.3
Now You're Cooking! 5.84
OpenOffice.org 3.3
Opposing Force
PDF Settings
PDFCreator
Personal Ancestral File 5
Phoenix Viewer 1.5.2.1185
Picasa 3
Power2Go
PSPad editor
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recuva
Registry Medic 4.0
ReNamer
Ricochet
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Sierra Utilities
Smead Viewables
SolSuite 2010 v10.1
Stamina 2.5
Steam
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Terraria
Thumbplug TGA
TurboTax 2009
TurboTax 2009 wcoiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcoiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VideoLAN VLC media player 0.8.6i
Warner Bros. Digital Copy Manager
Winamp (remove only)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Writers Project Organizer
XnView 1.98.1
yWriter5
.
==== Event Viewer Messages From Past Week ========
.
9/5/2011 3:41:43 PM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/5/2011 2:31:12 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SRTSP SRTSPX
9/5/2011 2:31:12 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
9/5/2011 2:31:12 PM, Error: Service Control Manager [7000]  - The Norton Internet Security service failed to start due to the following error:  The system cannot find the path specified.
9/5/2011 2:31:12 PM, Error: Service Control Manager [7000]  - The hpqwmiex service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/5/2011 2:30:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
9/4/2011 12:24:37 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Elizabeth\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
8/29/2011 7:28:44 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/29/2011 7:28:44 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/29/2011 7:28:44 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

[Jintan]

Looks like a few of those recent errors were Norton related, and looks like you have now run it's uninstaller, so put those problems behind. Please post back on what other issues you are having there, and let's check that Control Panel item.

Code:

@ECHO OFF
if exist Regsearch1.txt del /q Regsearch1.txt
regedit /e Regsearch1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl"
Notepad Regsearch1.txt

Open Notepad (Start - Search, type notepad and press Enter).

Copy/paste the above text (inside the Code box) into the open Notepad text box, then save this to your desktop as "cfgcheck.bat"

Be sure to include the "" quotes in the name. Then click on cfgcheck.bat. When the scan completes a textbox will open - copy/paste those contents back here please.

[sift2cupsflour]

I'm having general lag and responsiveness issues.... things seeming slow. I do try to keep my computer maintained, which has made me think there are some malware or other issues. I will go over your posts and get my results posted asap.

[sift2cupsflour]

cfgcheck.bat results:


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl]

[Jintan]

Did the slowness improve once Norton was removed? Realistically you should go ahead and uninstall Avast, rebooting after. Check for improvement, then consider reinstalling it.

That Registry extract shows no values, so although the settings are there looks like nothing hase been disabled.

[sift2cupsflour]

I went ahead and uninstalled Avast, rebooted, and then reinstalled. If the logs are showing things are fixed, and there is no malware, then it is most likely the age of my machine. Thank you for your help!

[Jintan]

Still feel free to mention any particular problems areas, while we have this opportunity to review. The logs show you have the most current Java version installed, 6 Update 26, but need to uninstall the older, more vulnerable Java(TM) 6 Update 13. Java now uninstalls the older version while updating, but didn't in the past.

Some additional items to note here:

Registry Medic 4.0 - "Reg cleaners/cure/fixits/optimizer etc." softwares tend to be all the same. Either remove many harmless Registry entries that have zero effect on system performance, or almost always, remove needed, important Registry entries that can have very harmful effects. Even though it carries a better-known name and has been around for a long time, Glary Utilities really falls into this same group. I can't recall ever seeing some events where the use of that brought about an actual solution.

CD Recovery Toolbox Free - I was not familiar with this, so located the download for it. My version seemed to imply it's actually a toolbar program, or uses one. But if you use it, and have had no problems, I would assume it is OK.

Google:

Google Earth
Google Update Helper

That "Update Helper", whatever it might actually be doing, runs every startup, and immediately seeks Internet access to contact the Google servers, regardless if one is available or not. So a startup slowness maker right off, and always comes with any Google software install. And Google Earth is a very large resource user - if set to run from the taskbar, using those resources all the time. If you don't use this regularly, might be good to just uninstall them, and use Google Earth on line for the few times you might need it.