Page 1 of 4 1234 LastLast
Results 1 to 10 of 31

Thread: my laptop hangs a LOT

  1. #1
    Member
    Join Date
    Nov 2008
    Posts
    36

    Default my laptop hangs a LOT

    this is my log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:33:36 PM, on 9/12/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18294)
    Boot mode: Normal

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/...//ph.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ph.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://aa.rd.yahoo.com/customize/ie/...//ph.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/...//ph.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://aa.rd.yahoo.com/customize/ie/...//ph.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SoWar Browser
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [2F7DBA] C:\Windows\system32\9260E5\2F7DBA.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Google Update] "C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Anyplace Control Security - Unknown owner - C:\Windows\svcadmin.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9530 bytes

    thank you in advance :D

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi drv1022

    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.

    You will now be presented with a screen similar to the one below:



    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Member
    Join Date
    Nov 2008
    Posts
    36

    Default

    hello Mr. Shaba, thanks for the reply..

    i would just like to inform you that i'll only be able to do reply and run fixes during the weekends.. i don't have internet access during weekends(i'm at an internet cafe right now).. is that okay? will my thread be deleted due to the long idle periods? thanks

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    That is fine with me
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Member
    Join Date
    Nov 2008
    Posts
    36

    Default

    hello.. i'll be here until monday.. thanks again.

    µTorrent
    Acrobat.com
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Apple Mobile Device Support
    Apple Software Update
    ASL_HS_Installer32
    Assassin's Creed
    avast! Antivirus
    Batch DOCX to DOC Converter 2009
    Canon MP Navigator EX 1.0
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Conexant HD Audio
    Cooking Dash
    DivX Converter
    DivX Web Player
    Epi6 Installer
    ERUNT 1.1j
    FLV Player 2.0, build 23
    FoxyTunes for Firefox
    GPL MPEG-1/2 DirectShow Decoder Filter
    Half-Life
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Easy Setup - Core
    HP Easy Setup - Frontend
    HP Help and Support
    HP Pavilion Webcam Driver for Vista v061.001.00005
    HP Quick Launch Buttons 6.10 B9
    HP QuickPlay 3.0
    HP Update
    HP User Guide 0048
    HP Wireless Assistant
    iTunes
    Java DB 10.4.2.1
    Java(TM) 6 Update 16
    Java(TM) SE Development Kit 6 Update 16
    Java(TM) SE Runtime Environment 6
    K-Lite Codec Pack 4.3.1 (Full)
    LimeWire 5.2.13
    Magic ISO Maker v5.5 (build 0261)
    MagicDisc 2.7.105
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Professional Edition 2003
    Microsoft Reader
    Microsoft Works
    Mozilla Firefox (3.5.3)
    Mozilla Firefox (3.5b4)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    NetBeans IDE 6.7.1
    Notepad++
    NVIDIA Drivers
    Presto! PageManager 7.15.16
    QuickTime
    Ranch Rush
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    ScanSoft OmniPage SE 4
    Sonic Activation Module
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    Text Twist 2 1.00
    The Alim
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VLC media player 0.9.8a
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Yahoo! Messenger

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent
    LimeWire 5.2.13


    I'd like you to read the this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

    Please run a new uninstall list scan when finished and post the log back here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #7
    Member
    Join Date
    Nov 2008
    Posts
    36

    Default

    i don't know why uTorrent is still there, i'm no longer using that program.. it's no longer in my Program Files folder.. as for the limewire, i uninstalled it just now..

    µTorrent
    Acrobat.com
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Apple Mobile Device Support
    Apple Software Update
    ASL_HS_Installer32
    Assassin's Creed
    avast! Antivirus
    Batch DOCX to DOC Converter 2009
    Canon MP Navigator EX 1.0
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Conexant HD Audio
    Cooking Dash
    DivX Converter
    DivX Web Player
    Epi6 Installer
    ERUNT 1.1j
    FLV Player 2.0, build 23
    FoxyTunes for Firefox
    GPL MPEG-1/2 DirectShow Decoder Filter
    Half-Life
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Easy Setup - Core
    HP Easy Setup - Frontend
    HP Help and Support
    HP Pavilion Webcam Driver for Vista v061.001.00005
    HP Quick Launch Buttons 6.10 B9
    HP QuickPlay 3.0
    HP Update
    HP User Guide 0048
    HP Wireless Assistant
    iTunes
    Java DB 10.4.2.1
    Java(TM) 6 Update 16
    Java(TM) SE Development Kit 6 Update 16
    Java(TM) SE Runtime Environment 6
    K-Lite Codec Pack 4.3.1 (Full)
    Magic ISO Maker v5.5 (build 0261)
    MagicDisc 2.7.105
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Professional Edition 2003
    Microsoft Reader
    Microsoft Works
    Mozilla Firefox (3.5.3)
    Mozilla Firefox (3.5b4)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    NetBeans IDE 6.7.1
    Notepad++
    NVIDIA Drivers
    Presto! PageManager 7.15.16
    QuickTime
    Ranch Rush
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    ScanSoft OmniPage SE 4
    Sonic Activation Module
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    Text Twist 2 1.00
    The Alim
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VLC media player 0.9.8a
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Yahoo! Messenger

  8. #8
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    • Download random''s system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #9
    Member
    Join Date
    Nov 2008
    Posts
    36

    Default

    log.txt:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by donstanley at 2009-09-19 17:26:55
    Microsoft® Windows Vista™ Home Premium Service Pack 1
    System drive C: has 82 GB (56%) free of 147 GB
    Total RAM: 1021 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:27:52 PM, on 9/19/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18294)
    Boot mode: Normal

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\donstanley\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\donstanley.exe
    C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/...//ph.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ph.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://aa.rd.yahoo.com/customize/ie/...//ph.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/...//ph.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://aa.rd.yahoo.com/customize/ie/...//ph.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SoWar Browser
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [2F7DBA] C:\Windows\system32\9260E5\2F7DBA.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Google Update] "C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Anyplace Control Security - Unknown owner - C:\Windows\svcadmin.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9623 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-548308923-606228464-1430335500-1000Core.job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-548308923-606228464-1430335500-1000UA.job
    C:\Windows\tasks\HPCeeScheduleFordonstanley.job
    C:\Windows\tasks\SpeedOptimizer Startup.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-02 41760]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
    "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-07 159744]
    "HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
    "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-19 317152]
    "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-19 472800]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
    "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-01-14 90191]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-01-14 7766016]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-01-14 81920]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-06 81000]
    "CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon []
    "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot []
    "OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
    "WrtMon.exe"=C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
    "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]
    "2F7DBA"=C:\Windows\system32\9260E5\2F7DBA.EXE [2009-03-24 114688]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-02 149280]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2008-11-05 4347120]
    "Google Update"=C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
    "BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe []
    "uTorrent"=C:\Program Files\uTorrent\uTorrent.exe []

    C:\Users\donstanley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{F53BAFE5-CE7A-4E95-95AC-A3912EFD3739}"= []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "PromptOnSecureDesktop"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoInstrumentation"=1
    "NoActiveDesktop"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
    "J:\ow\MAAYOS\Acads\(2-2)\Bio102 Lab\Activity 2 - Embryology\embryology from bio22\vlc-0.9.8a-win32.exe"="J:\ow\MAAYOS\Acads\(2-2)\Bio102 Lab\Activity 2 - Embryology\embryology from bio22\vlc-0.9.8a-win32.exe:*:Enabled:ipsec"
    "C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE"="C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE:*:Enabled:ipsec"
    "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\tsdjnq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\tsdjnq.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winfvdyxj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winfvdyxj.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winedohxt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winedohxt.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\bjtqqb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\bjtqqb.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\lhrlh.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\lhrlh.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\mpjd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\mpjd.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winjictdk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjictdk.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winmwjygl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winmwjygl.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\fjrcgt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\fjrcgt.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\acbaww.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\acbaww.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winujkg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winujkg.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\yntcy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\yntcy.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winsteglg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsteglg.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winspfoqg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winspfoqg.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\plgb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\plgb.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\ahhj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ahhj.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winwbcvjy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winwbcvjy.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\pnuuj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pnuuj.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\isjl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\isjl.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winsrys.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsrys.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winlbxi.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winlbxi.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\punq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\punq.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winsqmp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsqmp.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winbrpai.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbrpai.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winoexk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winoexk.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winstlbvv.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winstlbvv.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winrfglwx.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winrfglwx.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\ouses.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ouses.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\hwvcjk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hwvcjk.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\leqvve.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\leqvve.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winjbktru.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjbktru.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\aknt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\aknt.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winklxur.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winklxur.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\fltgmy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\fltgmy.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\uegaas.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\uegaas.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winwobvbd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winwobvbd.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\xnjslc.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\xnjslc.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\pxvkgb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pxvkgb.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\tjpyht.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\tjpyht.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winlitj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winlitj.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winqiaw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winqiaw.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\wintqrpm.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wintqrpm.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winsnjm.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsnjm.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\ifwak.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ifwak.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\nahd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nahd.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\ghhpuq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ghhpuq.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\onvdl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\onvdl.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\wintsitxo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wintsitxo.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\wincdknmt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wincdknmt.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\windlah.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\windlah.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\nkjp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nkjp.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\pgjcka.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pgjcka.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\rdvo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\rdvo.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winpjnpt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winpjnpt.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winqmla.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winqmla.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\xomltq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\xomltq.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\kuotx.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\kuotx.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\rxhuyt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\rxhuyt.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\jjhi.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\jjhi.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winbgklia.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbgklia.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\wingrrum.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wingrrum.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\thkbfw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\thkbfw.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winfteatn.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winfteatn.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winmvwos.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winmvwos.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\nwxc.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nwxc.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\wingnbn.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wingnbn.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winviswgo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winviswgo.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\eopw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\eopw.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winjvqtmb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjvqtmb.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\gfot.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\gfot.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winirnp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winirnp.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\hhps.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hhps.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\winbtqgy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbtqgy.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\hkhj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hkhj.exe:*:Enabled:ipsec"
    "C:\Users\DONSTA~1\AppData\Local\Temp\kcdht.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\kcdht.exe:*:Enabled:ipsec"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f06e3f9-f727-11dc-9a66-001a6b047314}]
    shell\AutoRun\command - oalvm.com
    shell\explore\command - oalvm.com
    shell\open\command - oalvm.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{349dc68b-8f17-11dd-8bb9-001a6b047314}]
    shell\Auto\command - G:\keybd.exe
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\keybd.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6beff0c6-73fe-11dd-b8e1-001a6b047314}]
    shell\AutoRun\command - wscript.exe solution.vbs
    shell\Open\command - wscript.exe solution.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab43a39-fc1d-11db-98b3-001636e76a30}]
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e05e648-e458-11db-9863-001a6b047314}]
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2ec337-ee66-11db-bf72-001636e76a30}]
    shell\AutoRun\command - F:\EXPLORER.EXE
    shell\explore\command - F:\EXPLORER.EXE
    shell\open\command - F:\EXPLORER.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eea49f8-ff2d-11dc-8ba2-001a6b047314}]
    shell\AutoRun\command - oalvm.com
    shell\explore\command - oalvm.com
    shell\open\command - oalvm.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9755d12a-07ee-11de-bcd0-001a6b047314}]
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c63adf5c-455b-11dd-8a2c-001a6b047314}]
    shell\0pen\command - krag.exe
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc413d76-dd0c-11dc-aca9-001a6b047314}]
    shell\AutoRun\command - oalvm.com
    shell\explore\command - oalvm.com
    shell\open\command - oalvm.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3de0613-bf8c-11dd-a7f5-001a6b047314}]
    shell\AutoRun\command - oalvm.com
    shell\explore\command - oalvm.com
    shell\open\command - oalvm.com


    ======List of files/folders created in the last 1 months======

    2009-09-19 17:26:55 ----DC---- C:\rsit
    2009-09-12 22:32:25 ----DC---- C:\Program Files\Trend Micro
    2009-09-12 22:30:24 ----D---- C:\Windows\ERDNT
    2009-09-12 22:29:49 ----DC---- C:\Program Files\ERUNT
    2009-09-12 21:14:49 ----A---- C:\Windows\_MSRSTRT.EXE
    2009-09-12 21:06:41 ----A---- C:\Windows\system32\WMVCORE.DLL
    2009-09-12 21:06:41 ----A---- C:\Windows\system32\mf.dll
    2009-09-12 21:06:15 ----A---- C:\Windows\system32\netiohlp.dll
    2009-09-12 21:06:12 ----A---- C:\Windows\system32\TCPSVCS.EXE
    2009-09-12 21:06:12 ----A---- C:\Windows\system32\NETSTAT.EXE
    2009-09-12 21:06:12 ----A---- C:\Windows\system32\HOSTNAME.EXE
    2009-09-12 21:06:12 ----A---- C:\Windows\system32\finger.exe
    2009-09-12 21:06:12 ----A---- C:\Windows\system32\ARP.EXE
    2009-09-12 21:06:11 ----A---- C:\Windows\system32\ROUTE.EXE
    2009-09-12 21:06:11 ----A---- C:\Windows\system32\MRINFO.EXE
    2009-09-12 21:06:10 ----A---- C:\Windows\system32\netevent.dll
    2009-09-12 21:04:39 ----A---- C:\Windows\system32\wlanmsm.dll
    2009-09-12 21:04:39 ----A---- C:\Windows\system32\L2SecHC.dll
    2009-09-12 21:04:38 ----A---- C:\Windows\system32\wlansec.dll
    2009-09-12 21:04:37 ----A---- C:\Windows\system32\wlansvc.dll
    2009-09-12 21:03:54 ----A---- C:\Windows\system32\jscript.dll
    2009-09-06 07:07:33 ----A---- C:\Windows\system32\Apphlpdm.dll
    2009-09-06 07:07:28 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
    2009-09-02 17:03:13 ----DC---- C:\Program Files\NetBeans 6.7.1
    2009-09-02 16:19:44 ----DC---- C:\Program Files\Sun
    2009-09-02 16:19:25 ----A---- C:\Windows\system32\deploytk.dll
    2009-09-02 16:19:24 ----A---- C:\Windows\system32\javaws.exe
    2009-09-02 16:19:24 ----A---- C:\Windows\system32\javaw.exe
    2009-09-02 16:19:23 ----A---- C:\Windows\system32\java.exe
    2009-08-31 03:21:02 ----D---- C:\ProgramData\WindowsSearch
    2009-08-31 03:02:18 ----A---- C:\Windows\system32\tzres.dll
    2009-08-23 10:09:36 ----A---- C:\Windows\system32\infocardapi.dll
    2009-08-23 10:09:33 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-08-23 10:09:29 ----A---- C:\Windows\system32\PresentationHostProxy.dll
    2009-08-23 10:09:29 ----A---- C:\Windows\system32\icardres.dll
    2009-08-23 10:09:29 ----A---- C:\Windows\system32\icardagt.exe
    2009-08-23 10:09:20 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
    2009-08-23 10:09:09 ----A---- C:\Windows\system32\PresentationHost.exe
    2009-08-23 09:51:35 ----A---- C:\Windows\system32\dfshim.dll
    2009-08-23 09:51:26 ----A---- C:\Windows\system32\mscoree.dll
    2009-08-23 09:51:24 ----A---- C:\Windows\system32\netfxperf.dll
    2009-08-23 09:50:48 ----A---- C:\Windows\system32\mscorier.dll
    2009-08-23 09:50:33 ----A---- C:\Windows\system32\mscories.dll
    2009-08-22 22:11:17 ----A---- C:\Windows\system32\mshtml.dll
    2009-08-22 22:11:16 ----A---- C:\Windows\system32\occache.dll
    2009-08-22 22:11:14 ----A---- C:\Windows\system32\ieframe.dll
    2009-08-22 22:11:10 ----A---- C:\Windows\system32\urlmon.dll
    2009-08-22 22:11:09 ----A---- C:\Windows\system32\wininet.dll
    2009-08-22 22:11:08 ----A---- C:\Windows\system32\iertutil.dll
    2009-08-22 22:11:07 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-08-22 22:11:06 ----A---- C:\Windows\system32\msfeeds.dll
    2009-08-22 22:11:04 ----A---- C:\Windows\system32\ieaksie.dll
    2009-08-22 22:11:03 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-08-22 22:11:02 ----A---- C:\Windows\system32\ieencode.dll
    2009-08-22 22:11:01 ----A---- C:\Windows\system32\mstime.dll
    2009-08-22 22:10:58 ----A---- C:\Windows\system32\jsproxy.dll
    2009-08-22 22:03:41 ----A---- C:\Windows\system32\wmp.dll
    2009-08-22 22:03:40 ----A---- C:\Windows\system32\wmpdxm.dll
    2009-08-22 22:03:33 ----A---- C:\Windows\system32\spwmp.dll
    2009-08-22 22:03:27 ----A---- C:\Windows\system32\dxmasf.dll
    2009-08-22 22:03:25 ----A---- C:\Windows\system32\wmploc.DLL
    2009-08-22 22:02:37 ----A---- C:\Windows\system32\atl.dll
    2009-08-22 22:02:32 ----A---- C:\Windows\system32\wkssvc.dll
    2009-08-22 22:02:24 ----A---- C:\Windows\system32\mstscax.dll
    2009-08-22 22:02:15 ----A---- C:\Windows\system32\avifil32.dll

    ======List of files/folders modified in the last 1 months======

    2009-09-19 17:27:52 ----D---- C:\Windows\Temp
    2009-09-19 17:27:15 ----D---- C:\Windows\Prefetch
    2009-09-19 07:45:35 ----SHD---- C:\Windows\Installer
    2009-09-19 04:19:14 ----RDC---- C:\Program Files
    2009-09-19 00:52:06 ----D---- C:\Windows\inf
    2009-09-18 18:05:43 ----D---- C:\Windows\system32\catroot
    2009-09-18 18:05:42 ----D---- C:\Windows\system32\catroot2
    2009-09-18 18:04:28 ----D---- C:\Windows\winsxs
    2009-09-13 21:38:03 ----D---- C:\Windows\System32
    2009-09-13 21:38:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-09-13 06:49:24 ----D---- C:\Windows\rescache
    2009-09-13 06:27:11 ----D---- C:\Windows\system32\en-US
    2009-09-13 06:27:07 ----D---- C:\Windows\system32\drivers
    2009-09-13 03:05:22 ----D---- C:\Program Files\Windows Mail
    2009-09-13 03:03:56 ----D---- C:\Windows\ehome
    2009-09-13 03:01:38 ----SHD---- C:\System Volume Information
    2009-09-12 22:50:01 ----DC---- C:\Program Files\Mozilla Firefox
    2009-09-12 22:30:24 ----D---- C:\Windows
    2009-09-12 22:02:37 ----D---- C:\Users\donstanley\AppData\Roaming\uTorrent
    2009-09-12 21:48:40 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-09-12 21:35:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2009-09-12 21:24:31 ----D---- C:\Program Files\iPod
    2009-09-12 21:21:15 ----D---- C:\Program Files\iTunes
    2009-09-12 21:19:47 ----HD---- C:\ProgramData
    2009-09-12 21:19:46 ----HD---- C:\Windows\system32\GroupPolicy
    2009-09-12 21:14:35 ----AD---- C:\ProgramData\TEMP
    2009-09-10 22:18:58 ----D---- C:\Users\donstanley\AppData\Roaming\dvdcss
    2009-09-07 03:10:28 ----D---- C:\Windows\AppPatch
    2009-09-06 03:12:03 ----D---- C:\Windows\Microsoft.NET
    2009-09-04 16:54:17 ----D---- C:\Windows\system32\WDI
    2009-09-02 16:18:22 ----D---- C:\Program Files\Java
    2009-08-31 19:31:50 ----HD---- C:\Windows\system32\9260E5
    2009-08-31 14:38:25 ----DC---- C:\Program Files\Mozilla Firefox 3.1 Beta 2
    2009-08-29 05:38:20 ----A---- C:\Windows\system32\mrt.exe
    2009-08-24 20:22:31 ----D---- C:\Users\donstanley\AppData\Roaming\LimeWire
    2009-08-23 11:44:32 ----RSD---- C:\Windows\assembly
    2009-08-23 11:26:16 ----D---- C:\Program Files\Internet Explorer
    2009-08-23 11:26:11 ----D---- C:\Program Files\Windows Media Player
    2009-08-23 11:25:59 ----D---- C:\Windows\system32\XPSViewer
    2009-08-23 11:25:59 ----D---- C:\Windows\system32\wbem
    2009-08-23 11:13:37 ----D---- C:\SwSetup
    2009-08-23 11:11:14 ----DC---- C:\Program Files\DOSBox-0.70
    2009-08-22 18:34:38 ----D---- C:\Windows\Tasks
    2009-08-22 18:34:38 ----D---- C:\Windows\system32\Tasks

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-06 23152]
    R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-06 114768]
    R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-06 51376]
    R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-05-30 96520]
    R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-05-30 26184]
    R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-29 8192]
    R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-06 20560]
    R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-06 51792]
    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
    R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
    R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
    R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-02-07 218752]
    R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
    R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-29 9472]
    R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
    R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
    R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
    R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-14 4452288]
    R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-22 1749760]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
    S3 AvgWfpX;AVG8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-05-30 68104]
    S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
    S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
    S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
    S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
    S3 npkcrypt;npkcrypt; \??\C:\Program Files\#Gravity\RagnarokOnline\npkcrypt.sys []
    S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
    S3 scrcap;scrcap; C:\Windows\system32\DRIVERS\scrcap.sys []
    S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
    S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Anyplace Control Security;Anyplace Control Security; C:\Windows\svcadmin.exe [2008-03-07 45568]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-06 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-06 138680]
    R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-25 270431]
    R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-25 118877]
    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-20 61440]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
    S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
    S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-06 254040]
    S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-06 352920]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 143360]
    S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe []
    S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]

    -----------------EOF-----------------

    info.txt:

    info.txt logfile of random's system information tool 1.06 2009-09-19 17:28:02

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
    Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
    Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
    Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
    ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
    Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Batch DOCX to DOC Converter 2009-->"C:\Users\donstanley\AppData\Local\Batchwork\Doc-2-Doc\unins000.exe"
    Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
    Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
    Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
    Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
    Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
    Cooking Dash-->"C:\Windows\Cooking Dash\uninstall.exe" "/U:C:\Program Files\Cooking Dash\Uninstall\uninstall.xml"
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Epi6 Installer-->c:\epi6\Uninstal.exe
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    FLV Player 2.0, build 23-->C:\Program Files\FLV Player\uninst.exe
    FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
    GPL MPEG-1/2 DirectShow Decoder Filter-->MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
    Half-Life-->C:\Windows\IsUninst.exe -fC:\SIERRA\Half-Life\Uninst.isu -c"C:\SIERRA\Half-Life\HLUNINST.DLL"
    HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
    Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
    Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
    HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
    HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
    HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
    HP Help and Support-->MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
    HP Pavilion Webcam Driver for Vista v061.001.00005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
    HP Quick Launch Buttons 6.10 B9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
    HP QuickPlay 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
    HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
    HP User Guide 0048-->MsiExec.exe /I{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}
    HP Wireless Assistant-->MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
    iTunes-->MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
    Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
    Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
    Java(TM) SE Development Kit 6 Update 16-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160160}
    Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    K-Lite Codec Pack 4.3.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Magic ISO Maker v5.5 (build 0261)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
    MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
    Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
    Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Firefox (3.5b4)-->C:\Program Files\Mozilla Firefox 3.1 Beta 2\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    NetBeans IDE 6.7.1-->"C:\Program Files\NetBeans 6.7.1\uninstall.exe"
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    Presto! PageManager 7.15.16-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
    QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
    Ranch Rush-->"C:\Windows\Ranch Rush\uninstall.exe" "/U:C:\Program Files\Ranch Rush\Uninstall\uninstall.xml"
    Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
    ScanSoft OmniPage SE 4-->MsiExec.exe /X{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}
    Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Text Twist 2 1.00-->C:\Program Files\Games\Text Twist 2\Uninstall.exe
    The Alim-->C:\Windows\uninst.exe -f"C:\Program Files\ISL Software Corporation\The Alim\DeIsL1.isu" -c"C:\Program Files\ISL Software Corporation\The Alim\_ISREG32.DLL"
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: AVG 7.5.524 (disabled)
    AV: avast! antivirus 4.8.1229 [VPS 090330-0]
    AS: Spybot - Search and Destroy (disabled)
    AS: Windows Defender
    AS: avast! antivirus 4.8.1229 [VPS 090330-0]

    ======System event log======

    Computer Name: dnstnly
    Event Code: 4001
    Message: WLAN AutoConfig service has successfully stopped.

    Record Number: 386958
    Source Name: Microsoft-Windows-WLAN-AutoConfig
    Time Written: 20090918164657.768800-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: dnstnly
    Event Code: 15016
    Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
    Record Number: 386977
    Source Name: Microsoft-Windows-HttpEvent
    Time Written: 20090918164915.920265-000
    Event Type: Error
    User:

    Computer Name: dnstnly
    Event Code: 7000
    Message: The Parallel port driver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    Record Number: 387010
    Source Name: Service Control Manager
    Time Written: 20090918164924.000000-000
    Event Type: Error
    User:

    Computer Name: dnstnly
    Event Code: 7000
    Message: The AVG8 WatchDog service failed to start due to the following error:
    The system cannot find the file specified.
    Record Number: 387013
    Source Name: Service Control Manager
    Time Written: 20090918164924.000000-000
    Event Type: Error
    User:

    Computer Name: dnstnly
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Record Number: 387109
    Source Name: Tcpip
    Time Written: 20090919070904.838000-000
    Event Type: Warning
    User:

    =====Application event log=====

    Computer Name: dnstnly
    Event Code: 1004
    Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OsaNonBoot', component '{12240CB1-7447-46B9-BB0D-0FF01666C66F}' failed. The resource 'C:\Program Files\Microsoft Office\OFFICE11\OSA.EXE' does not exist.
    Record Number: 70430
    Source Name: MsiInstaller
    Time Written: 20090913151837.000000-000
    Event Type: Warning
    User: dnstnly\donstanley

    Computer Name: dnstnly
    Event Code: 1001
    Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OsaNonBoot' failed during request for component '{12240CB1-7447-46B9-BB0D-0FF01666C66F}'
    Record Number: 70431
    Source Name: MsiInstaller
    Time Written: 20090913151837.000000-000
    Event Type: Warning
    User: dnstnly\donstanley

    Computer Name: dnstnly
    Event Code: 10005
    Message: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.
    Record Number: 70433
    Source Name: MsiInstaller
    Time Written: 20090913151907.000000-000
    Event Type: Error
    User: dnstnly\donstanley

    Computer Name: dnstnly
    Event Code: 1004
    Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'EXCELFiles', component '{A2B280D4-20FB-4720-99F7-40C09FBCE10A}' failed. The resource 'C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE' does not exist.
    Record Number: 70698
    Source Name: MsiInstaller
    Time Written: 20090918234526.000000-000
    Event Type: Warning
    User: dnstnly\donstanley

    Computer Name: dnstnly
    Event Code: 1001
    Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'EXCELFiles' failed during request for component '{A2B280D4-20FB-4720-99F7-40C09FBCE10A}'
    Record Number: 70699
    Source Name: MsiInstaller
    Time Written: 20090918234526.000000-000
    Event Type: Warning
    User: dnstnly\donstanley

    =====Security event log=====

    Computer Name: dnstnly
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

    File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
    Record Number: 92966
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090919092747.513400-000
    Event Type: Audit Failure
    User:

    Computer Name: dnstnly
    Event Code: 4624
    Message: An account was successfully logged on.

    Subject:
    Security ID: S-1-0-0
    Account Name: -
    Account Domain: -
    Logon ID: 0x0

    Logon Type: 3

    New Logon:
    Security ID: S-1-5-7
    Account Name: ANONYMOUS LOGON
    Account Domain: NT AUTHORITY
    Logon ID: 0xf2ad34
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x0
    Process Name: -

    Network Information:
    Workstation Name: ECBF7C1BA4B545C
    Source Network Address: 192.168.0.102
    Source Port: 1101

    Detailed Authentication Information:
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Transited Services: -
    Package Name (NTLM only): NTLM V1
    Key Length: 128

    This event is generated when a logon session is created. It is generated on the computer that was accessed.

    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

    The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    Record Number: 92967
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090919092921.530400-000
    Event Type: Audit Success
    User:

    Computer Name: dnstnly
    Event Code: 4634
    Message: An account was logged off.

    Subject:
    Security ID: S-1-5-7
    Account Name: ANONYMOUS LOGON
    Account Domain: NT AUTHORITY
    Logon ID: 0xf2ad34

    Logon Type: 3

    This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
    Record Number: 92968
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090919092921.535400-000
    Event Type: Audit Success
    User:

    Computer Name: dnstnly
    Event Code: 4624
    Message: An account was successfully logged on.

    Subject:
    Security ID: S-1-0-0
    Account Name: -
    Account Domain: -
    Logon ID: 0x0

    Logon Type: 3

    New Logon:
    Security ID: S-1-5-7
    Account Name: ANONYMOUS LOGON
    Account Domain: NT AUTHORITY
    Logon ID: 0xf2ada2
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x0
    Process Name: -

    Network Information:
    Workstation Name: ECBF7C1BA4B545C
    Source Network Address: 192.168.0.102
    Source Port: 1102

    Detailed Authentication Information:
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Transited Services: -
    Package Name (NTLM only): NTLM V1
    Key Length: 128

    This event is generated when a logon session is created. It is generated on the computer that was accessed.

    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

    The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    Record Number: 92969
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090919092921.543400-000
    Event Type: Audit Success
    User:

    Computer Name: dnstnly
    Event Code: 4634
    Message: An account was logged off.

    Subject:
    Security ID: S-1-5-7
    Account Name: ANONYMOUS LOGON
    Account Domain: NT AUTHORITY
    Logon ID: 0xf2ada2

    Logon Type: 3

    This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
    Record Number: 92970
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090919092921.548400-000
    Event Type: Audit Success
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=0f06
    "NUMBER_OF_PROCESSORS"=2
    "PLATFORM"=MCD
    "PCBRAND"=Pavilion
    "OnlineServices"=Online Services
    "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

    -----------------EOF-----------------

  10. #10
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    We will continue with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New HijackThis log.


    A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •