my laptop hangs a LOT

D

drv1022

New member
this is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:36 PM, on 9/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SoWar Browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2F7DBA] C:\Windows\system32\9260E5\2F7DBA.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Anyplace Control Security - Unknown owner - C:\Windows\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9530 bytes

thank you in advance :D
 
Hi drv1022

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
hello Mr. Shaba, thanks for the reply..

i would just like to inform you that i'll only be able to do reply and run fixes during the weekends.. i don't have internet access during weekends(i'm at an internet cafe right now).. is that okay? will my thread be deleted due to the long idle periods? thanks
 
hello.. i'll be here until monday.. :) thanks again.

µTorrent
Acrobat.com
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
Assassin's Creed
avast! Antivirus
Batch DOCX to DOC Converter 2009
Canon MP Navigator EX 1.0
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Conexant HD Audio
Cooking Dash
DivX Converter
DivX Web Player
Epi6 Installer
ERUNT 1.1j
FLV Player 2.0, build 23
FoxyTunes for Firefox
GPL MPEG-1/2 DirectShow Decoder Filter
Half-Life
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Update
HP User Guide 0048
HP Wireless Assistant
iTunes
Java DB 10.4.2.1
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 16
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 4.3.1 (Full)
LimeWire 5.2.13
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.105
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Works
Mozilla Firefox (3.5.3)
Mozilla Firefox (3.5b4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NetBeans IDE 6.7.1
Notepad++
NVIDIA Drivers
Presto! PageManager 7.15.16
QuickTime
Ranch Rush
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
ScanSoft OmniPage SE 4
Sonic Activation Module
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Text Twist 2 1.00
The Alim
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 0.9.8a
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
LimeWire 5.2.13


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.
 
i don't know why uTorrent is still there, i'm no longer using that program.. it's no longer in my Program Files folder.. as for the limewire, i uninstalled it just now..

µTorrent
Acrobat.com
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
Assassin's Creed
avast! Antivirus
Batch DOCX to DOC Converter 2009
Canon MP Navigator EX 1.0
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Conexant HD Audio
Cooking Dash
DivX Converter
DivX Web Player
Epi6 Installer
ERUNT 1.1j
FLV Player 2.0, build 23
FoxyTunes for Firefox
GPL MPEG-1/2 DirectShow Decoder Filter
Half-Life
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Update
HP User Guide 0048
HP Wireless Assistant
iTunes
Java DB 10.4.2.1
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 16
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 4.3.1 (Full)
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.105
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Works
Mozilla Firefox (3.5.3)
Mozilla Firefox (3.5b4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NetBeans IDE 6.7.1
Notepad++
NVIDIA Drivers
Presto! PageManager 7.15.16
QuickTime
Ranch Rush
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
ScanSoft OmniPage SE 4
Sonic Activation Module
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Text Twist 2 1.00
The Alim
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 0.9.8a
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
 
  • Download random''s system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
 
log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by donstanley at 2009-09-19 17:26:55
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 82 GB (56%) free of 147 GB
Total RAM: 1021 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:52 PM, on 9/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\donstanley.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SoWar Browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2F7DBA] C:\Windows\system32\9260E5\2F7DBA.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Anyplace Control Security - Unknown owner - C:\Windows\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9623 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-548308923-606228464-1430335500-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-548308923-606228464-1430335500-1000UA.job
C:\Windows\tasks\HPCeeScheduleFordonstanley.job
C:\Windows\tasks\SpeedOptimizer Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-02 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-07 159744]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-19 317152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-19 472800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-01-14 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-01-14 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-01-14 81920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-06 81000]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot []
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"WrtMon.exe"=C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]
"2F7DBA"=C:\Windows\system32\9260E5\2F7DBA.EXE [2009-03-24 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-02 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2008-11-05 4347120]
"Google Update"=C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe []

C:\Users\donstanley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F53BAFE5-CE7A-4E95-95AC-A3912EFD3739}"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1
"NoActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"J:\ow\MAAYOS\Acads\(2-2)\Bio102 Lab\Activity 2 - Embryology\embryology from bio22\vlc-0.9.8a-win32.exe"="J:\ow\MAAYOS\Acads\(2-2)\Bio102 Lab\Activity 2 - Embryology\embryology from bio22\vlc-0.9.8a-win32.exe:*:Enabled:ipsec"
"C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE"="C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE:*:Enabled:ipsec"
"C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\tsdjnq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\tsdjnq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winfvdyxj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winfvdyxj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winedohxt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winedohxt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\bjtqqb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\bjtqqb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\lhrlh.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\lhrlh.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\mpjd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\mpjd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjictdk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjictdk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winmwjygl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winmwjygl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\fjrcgt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\fjrcgt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\acbaww.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\acbaww.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winujkg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winujkg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\yntcy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\yntcy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsteglg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsteglg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winspfoqg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winspfoqg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\plgb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\plgb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ahhj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ahhj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winwbcvjy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winwbcvjy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pnuuj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pnuuj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\isjl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\isjl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsrys.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsrys.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winlbxi.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winlbxi.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\punq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\punq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsqmp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsqmp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbrpai.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbrpai.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winoexk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winoexk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winstlbvv.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winstlbvv.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winrfglwx.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winrfglwx.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ouses.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ouses.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hwvcjk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hwvcjk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\leqvve.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\leqvve.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjbktru.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjbktru.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\aknt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\aknt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winklxur.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winklxur.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\fltgmy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\fltgmy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\uegaas.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\uegaas.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winwobvbd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winwobvbd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\xnjslc.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\xnjslc.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pxvkgb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pxvkgb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\tjpyht.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\tjpyht.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winlitj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winlitj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winqiaw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winqiaw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wintqrpm.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wintqrpm.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsnjm.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsnjm.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ifwak.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ifwak.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nahd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nahd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ghhpuq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ghhpuq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\onvdl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\onvdl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wintsitxo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wintsitxo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wincdknmt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wincdknmt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\windlah.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\windlah.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nkjp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nkjp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pgjcka.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pgjcka.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\rdvo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\rdvo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winpjnpt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winpjnpt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winqmla.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winqmla.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\xomltq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\xomltq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\kuotx.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\kuotx.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\rxhuyt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\rxhuyt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\jjhi.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\jjhi.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbgklia.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbgklia.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wingrrum.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wingrrum.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\thkbfw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\thkbfw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winfteatn.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winfteatn.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winmvwos.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winmvwos.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nwxc.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nwxc.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wingnbn.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wingnbn.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winviswgo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winviswgo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\eopw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\eopw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjvqtmb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjvqtmb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\gfot.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\gfot.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winirnp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winirnp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hhps.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hhps.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbtqgy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbtqgy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hkhj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hkhj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\kcdht.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\kcdht.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f06e3f9-f727-11dc-9a66-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{349dc68b-8f17-11dd-8bb9-001a6b047314}]
shell\Auto\command - G:\keybd.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\keybd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6beff0c6-73fe-11dd-b8e1-001a6b047314}]
shell\AutoRun\command - wscript.exe solution.vbs
shell\Open\command - wscript.exe solution.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab43a39-fc1d-11db-98b3-001636e76a30}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e05e648-e458-11db-9863-001a6b047314}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2ec337-ee66-11db-bf72-001636e76a30}]
shell\AutoRun\command - F:\EXPLORER.EXE
shell\explore\command - F:\EXPLORER.EXE
shell\open\command - F:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eea49f8-ff2d-11dc-8ba2-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9755d12a-07ee-11de-bcd0-001a6b047314}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c63adf5c-455b-11dd-8a2c-001a6b047314}]
shell\0pen\command - krag.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc413d76-dd0c-11dc-aca9-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3de0613-bf8c-11dd-a7f5-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com


======List of files/folders created in the last 1 months======

2009-09-19 17:26:55 ----DC---- C:\rsit
2009-09-12 22:32:25 ----DC---- C:\Program Files\Trend Micro
2009-09-12 22:30:24 ----D---- C:\Windows\ERDNT
2009-09-12 22:29:49 ----DC---- C:\Program Files\ERUNT
2009-09-12 21:14:49 ----A---- C:\Windows\_MSRSTRT.EXE
2009-09-12 21:06:41 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-12 21:06:41 ----A---- C:\Windows\system32\mf.dll
2009-09-12 21:06:15 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-12 21:06:12 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\finger.exe
2009-09-12 21:06:12 ----A---- C:\Windows\system32\ARP.EXE
2009-09-12 21:06:11 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-12 21:06:11 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-12 21:06:10 ----A---- C:\Windows\system32\netevent.dll
2009-09-12 21:04:39 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-12 21:04:39 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-12 21:04:38 ----A---- C:\Windows\system32\wlansec.dll
2009-09-12 21:04:37 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-12 21:03:54 ----A---- C:\Windows\system32\jscript.dll
2009-09-06 07:07:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-06 07:07:28 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 17:03:13 ----DC---- C:\Program Files\NetBeans 6.7.1
2009-09-02 16:19:44 ----DC---- C:\Program Files\Sun
2009-09-02 16:19:25 ----A---- C:\Windows\system32\deploytk.dll
2009-09-02 16:19:24 ----A---- C:\Windows\system32\javaws.exe
2009-09-02 16:19:24 ----A---- C:\Windows\system32\javaw.exe
2009-09-02 16:19:23 ----A---- C:\Windows\system32\java.exe
2009-08-31 03:21:02 ----D---- C:\ProgramData\WindowsSearch
2009-08-31 03:02:18 ----A---- C:\Windows\system32\tzres.dll
2009-08-23 10:09:36 ----A---- C:\Windows\system32\infocardapi.dll
2009-08-23 10:09:33 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-23 10:09:29 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-08-23 10:09:29 ----A---- C:\Windows\system32\icardres.dll
2009-08-23 10:09:29 ----A---- C:\Windows\system32\icardagt.exe
2009-08-23 10:09:20 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-08-23 10:09:09 ----A---- C:\Windows\system32\PresentationHost.exe
2009-08-23 09:51:35 ----A---- C:\Windows\system32\dfshim.dll
2009-08-23 09:51:26 ----A---- C:\Windows\system32\mscoree.dll
2009-08-23 09:51:24 ----A---- C:\Windows\system32\netfxperf.dll
2009-08-23 09:50:48 ----A---- C:\Windows\system32\mscorier.dll
2009-08-23 09:50:33 ----A---- C:\Windows\system32\mscories.dll
2009-08-22 22:11:17 ----A---- C:\Windows\system32\mshtml.dll
2009-08-22 22:11:16 ----A---- C:\Windows\system32\occache.dll
2009-08-22 22:11:14 ----A---- C:\Windows\system32\ieframe.dll
2009-08-22 22:11:10 ----A---- C:\Windows\system32\urlmon.dll
2009-08-22 22:11:09 ----A---- C:\Windows\system32\wininet.dll
2009-08-22 22:11:08 ----A---- C:\Windows\system32\iertutil.dll
2009-08-22 22:11:07 ----A---- C:\Windows\system32\iedkcs32.dll
2009-08-22 22:11:06 ----A---- C:\Windows\system32\msfeeds.dll
2009-08-22 22:11:04 ----A---- C:\Windows\system32\ieaksie.dll
2009-08-22 22:11:03 ----A---- C:\Windows\system32\ieUnatt.exe
2009-08-22 22:11:02 ----A---- C:\Windows\system32\ieencode.dll
2009-08-22 22:11:01 ----A---- C:\Windows\system32\mstime.dll
2009-08-22 22:10:58 ----A---- C:\Windows\system32\jsproxy.dll
2009-08-22 22:03:41 ----A---- C:\Windows\system32\wmp.dll
2009-08-22 22:03:40 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-22 22:03:33 ----A---- C:\Windows\system32\spwmp.dll
2009-08-22 22:03:27 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-22 22:03:25 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-22 22:02:37 ----A---- C:\Windows\system32\atl.dll
2009-08-22 22:02:32 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-22 22:02:24 ----A---- C:\Windows\system32\mstscax.dll
2009-08-22 22:02:15 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2009-09-19 17:27:52 ----D---- C:\Windows\Temp
2009-09-19 17:27:15 ----D---- C:\Windows\Prefetch
2009-09-19 07:45:35 ----SHD---- C:\Windows\Installer
2009-09-19 04:19:14 ----RDC---- C:\Program Files
2009-09-19 00:52:06 ----D---- C:\Windows\inf
2009-09-18 18:05:43 ----D---- C:\Windows\system32\catroot
2009-09-18 18:05:42 ----D---- C:\Windows\system32\catroot2
2009-09-18 18:04:28 ----D---- C:\Windows\winsxs
2009-09-13 21:38:03 ----D---- C:\Windows\System32
2009-09-13 21:38:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-13 06:49:24 ----D---- C:\Windows\rescache
2009-09-13 06:27:11 ----D---- C:\Windows\system32\en-US
2009-09-13 06:27:07 ----D---- C:\Windows\system32\drivers
2009-09-13 03:05:22 ----D---- C:\Program Files\Windows Mail
2009-09-13 03:03:56 ----D---- C:\Windows\ehome
2009-09-13 03:01:38 ----SHD---- C:\System Volume Information
2009-09-12 22:50:01 ----DC---- C:\Program Files\Mozilla Firefox
2009-09-12 22:30:24 ----D---- C:\Windows
2009-09-12 22:02:37 ----D---- C:\Users\donstanley\AppData\Roaming\uTorrent
2009-09-12 21:48:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-12 21:35:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-12 21:24:31 ----D---- C:\Program Files\iPod
2009-09-12 21:21:15 ----D---- C:\Program Files\iTunes
2009-09-12 21:19:47 ----HD---- C:\ProgramData
2009-09-12 21:19:46 ----HD---- C:\Windows\system32\GroupPolicy
2009-09-12 21:14:35 ----AD---- C:\ProgramData\TEMP
2009-09-10 22:18:58 ----D---- C:\Users\donstanley\AppData\Roaming\dvdcss
2009-09-07 03:10:28 ----D---- C:\Windows\AppPatch
2009-09-06 03:12:03 ----D---- C:\Windows\Microsoft.NET
2009-09-04 16:54:17 ----D---- C:\Windows\system32\WDI
2009-09-02 16:18:22 ----D---- C:\Program Files\Java
2009-08-31 19:31:50 ----HD---- C:\Windows\system32\9260E5
2009-08-31 14:38:25 ----DC---- C:\Program Files\Mozilla Firefox 3.1 Beta 2
2009-08-29 05:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-24 20:22:31 ----D---- C:\Users\donstanley\AppData\Roaming\LimeWire
2009-08-23 11:44:32 ----RSD---- C:\Windows\assembly
2009-08-23 11:26:16 ----D---- C:\Program Files\Internet Explorer
2009-08-23 11:26:11 ----D---- C:\Program Files\Windows Media Player
2009-08-23 11:25:59 ----D---- C:\Windows\system32\XPSViewer
2009-08-23 11:25:59 ----D---- C:\Windows\system32\wbem
2009-08-23 11:13:37 ----D---- C:\SwSetup
2009-08-23 11:11:14 ----DC---- C:\Program Files\DOSBox-0.70
2009-08-22 18:34:38 ----D---- C:\Windows\Tasks
2009-08-22 18:34:38 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-06 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-06 51376]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-05-30 96520]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-05-30 26184]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-29 8192]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-06 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-06 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-02-07 218752]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-29 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-14 4452288]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-22 1749760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 AvgWfpX;AVG8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-05-30 68104]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\#Gravity\RagnarokOnline\npkcrypt.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
S3 scrcap;scrcap; C:\Windows\system32\DRIVERS\scrcap.sys []
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Anyplace Control Security;Anyplace Control Security; C:\Windows\svcadmin.exe [2008-03-07 45568]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-06 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-06 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-25 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-25 118877]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-20 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-06 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-06 352920]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 143360]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe []
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------

info.txt:

info.txt logfile of random's system information tool 1.06 2009-09-19 17:28:02

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Batch DOCX to DOC Converter 2009-->"C:\Users\donstanley\AppData\Local\Batchwork\Doc-2-Doc\unins000.exe"
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
Cooking Dash-->"C:\Windows\Cooking Dash\uninstall.exe" "/U:C:\Program Files\Cooking Dash\Uninstall\uninstall.xml"
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Epi6 Installer-->c:\epi6\Uninstal.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FLV Player 2.0, build 23-->C:\Program Files\FLV Player\uninst.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
GPL MPEG-1/2 DirectShow Decoder Filter-->MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
Half-Life-->C:\Windows\IsUninst.exe -fC:\SIERRA\Half-Life\Uninst.isu -c"C:\SIERRA\Half-Life\HLUNINST.DLL"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Pavilion Webcam Driver for Vista v061.001.00005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Quick Launch Buttons 6.10 B9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide 0048-->MsiExec.exe /I{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}
HP Wireless Assistant-->MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
iTunes-->MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) SE Development Kit 6 Update 16-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160160}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 4.3.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic ISO Maker v5.5 (build 0261)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.5b4)-->C:\Program Files\Mozilla Firefox 3.1 Beta 2\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NetBeans IDE 6.7.1-->"C:\Program Files\NetBeans 6.7.1\uninstall.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Presto! PageManager 7.15.16-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Ranch Rush-->"C:\Windows\Ranch Rush\uninstall.exe" "/U:C:\Program Files\Ranch Rush\Uninstall\uninstall.xml"
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
ScanSoft OmniPage SE 4-->MsiExec.exe /X{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Text Twist 2 1.00-->C:\Program Files\Games\Text Twist 2\Uninstall.exe
The Alim-->C:\Windows\uninst.exe -f"C:\Program Files\ISL Software Corporation\The Alim\DeIsL1.isu" -c"C:\Program Files\ISL Software Corporation\The Alim\_ISREG32.DLL"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG 7.5.524 (disabled)
AV: avast! antivirus 4.8.1229 [VPS 090330-0]
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender
AS: avast! antivirus 4.8.1229 [VPS 090330-0]

======System event log======

Computer Name: dnstnly
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 386958
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090918164657.768800-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: dnstnly
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 386977
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090918164915.920265-000
Event Type: Error
User:

Computer Name: dnstnly
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 387010
Source Name: Service Control Manager
Time Written: 20090918164924.000000-000
Event Type: Error
User:

Computer Name: dnstnly
Event Code: 7000
Message: The AVG8 WatchDog service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 387013
Source Name: Service Control Manager
Time Written: 20090918164924.000000-000
Event Type: Error
User:

Computer Name: dnstnly
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 387109
Source Name: Tcpip
Time Written: 20090919070904.838000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: dnstnly
Event Code: 1004
Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OsaNonBoot', component '{12240CB1-7447-46B9-BB0D-0FF01666C66F}' failed. The resource 'C:\Program Files\Microsoft Office\OFFICE11\OSA.EXE' does not exist.
Record Number: 70430
Source Name: MsiInstaller
Time Written: 20090913151837.000000-000
Event Type: Warning
User: dnstnly\donstanley

Computer Name: dnstnly
Event Code: 1001
Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OsaNonBoot' failed during request for component '{12240CB1-7447-46B9-BB0D-0FF01666C66F}'
Record Number: 70431
Source Name: MsiInstaller
Time Written: 20090913151837.000000-000
Event Type: Warning
User: dnstnly\donstanley

Computer Name: dnstnly
Event Code: 10005
Message: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.
Record Number: 70433
Source Name: MsiInstaller
Time Written: 20090913151907.000000-000
Event Type: Error
User: dnstnly\donstanley

Computer Name: dnstnly
Event Code: 1004
Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'EXCELFiles', component '{A2B280D4-20FB-4720-99F7-40C09FBCE10A}' failed. The resource 'C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE' does not exist.
Record Number: 70698
Source Name: MsiInstaller
Time Written: 20090918234526.000000-000
Event Type: Warning
User: dnstnly\donstanley

Computer Name: dnstnly
Event Code: 1001
Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'EXCELFiles' failed during request for component '{A2B280D4-20FB-4720-99F7-40C09FBCE10A}'
Record Number: 70699
Source Name: MsiInstaller
Time Written: 20090918234526.000000-000
Event Type: Warning
User: dnstnly\donstanley

=====Security event log=====

Computer Name: dnstnly
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 92966
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090919092747.513400-000
Event Type: Audit Failure
User:

Computer Name: dnstnly
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xf2ad34
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: ECBF7C1BA4B545C
Source Network Address: 192.168.0.102
Source Port: 1101

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 92967
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090919092921.530400-000
Event Type: Audit Success
User:

Computer Name: dnstnly
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xf2ad34

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 92968
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090919092921.535400-000
Event Type: Audit Success
User:

Computer Name: dnstnly
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xf2ada2
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: ECBF7C1BA4B545C
Source Network Address: 192.168.0.102
Source Port: 1102

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 92969
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090919092921.543400-000
Event Type: Audit Success
User:

Computer Name: dnstnly
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xf2ada2

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 92970
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090919092921.548400-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------
 
We will continue with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
 
Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
 
hello.. i started the laptop on safe mode.. and ran the combofix.. it presented a warning message that i still have my antivirus(avast) on.. before running the combofix i thought that the antivirus was already disabled because i don't see it among the system tray icons.. then i ran avast from the desktop, i tried exploring but i still don't know how to disable it from there.. so i cancelled combofix... sorry O_O
 
Then it might be better that you uninstall avast! and then rerun combofix.

You can reinstall it after combofix run :)
 
hello, i don't know how to uninstall the avast antivirus because there's no uninstall.exe in its folder.. so i searched on how to uninstall it and came upon this: http://www.avast.com/eng/avast-uninstall-utility.html

so i did that to uninstall avast and i ran combofix on safe mode..

i left the laptop around less than 5 minutes and when i came back, it was already shut down so i didn't see what happened. did something wrong happen?
 
No, I don't think so.

Please start computer again and let me know if you can find C:\ComboFix.txt.
 
i can't find C:\ComboFix.txt but i found this: C:\ComboFix\ComboFix.txt:

ComboFix 09-09-18.02 - donstanley 09/21/2009 10:01:22.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.63.1033.18.1021.668 [GMT 8:00]
Running from: C:\Users\donstanley\Desktop\ComboFix.exe
AV: AVG 7.5.524 *On-access scanning disabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
/wow section not completed

is that the one?
 
You must log in or register to reply here.
Back
Top