my laptop hangs a LOT

this time, an error occurred:
ss3.png


do i just continue?
 
hi, i donwloaded a new ComboFix.exe and ran it on safe mode..

i think this error message(not sure if it's normal) came up when i ran it:
ss4.png


but it continued to run for a while.. i saw stuff that looks something like this:

completed 1
completed 2
completed 3

and so on.. i thought that it's perfectly fine so i left the laptop and was watching it from afar...

then all of a sudden my laptop suddenly shut down..

again, no C:\ComboFix.txt seen

but i saw this: C:\ComboFix\ComboFix.txt

ComboFix 09-09-25.01 - donstanley 09/28/2009 1:22:22.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.63.1033.18.1021.639 [GMT 8:00]
Running from: C:\Users\donstanley\Desktop\ComboFix.exe
AV: AVG 7.5.524 *On-access scanning disabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section not completed

ADDED INFO ABOUT MY PROBLEM:

i think lots of system files are already missing/corrupted from my laptop.. reason why i think this: some applications like microsoft excel cannot be run anymore... when i run them, an installer comes up and it gets an error because it says that some files are missing.. are these stuff significant?
 
another thing, i to type "C"... i have to press capslock + "c"... shift+c.. doesn't work.. when i type shift + "c", nothing appears.. not "C" nor "c".. is that also malware-related? XD thanks
 
Please right-click combofix and choose run as administrator. Let me know if it helped :)
 
hello, it only completed up to stage 6 then the laptop shut down again..

i had trouble turning it on: when i press the power button, the light would turn on then off again.. it wouldn't start-up.. it worked when i tried to remove the battery and put it back again..
 
So then we don't use combofix.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Rerun rsit.

Post:

- mbam log
- a fresh rsit log
 
mbam log:

Malwarebytes' Anti-Malware 1.41
Database version: 2866
Windows 6.0.6001 Service Pack 1

9/28/2009 3:37:14 PM
mbam-log-2009-09-28 (15-37-12).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 277589
Time elapsed: 4 hour(s), 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f53bafe5-ce7a-4e95-95ac-a3912efd3739} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (SoWar Browser) Good: (Internet Explorer) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\9260E5\com.run (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\9260E5\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.

rsit log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by donstanley at 2009-09-28 15:48:20
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 95 GB (65%) free of 147 GB
Total RAM: 1021 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:05 PM, on 9/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\donstanley\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\donstanley.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2F7DBA] C:\Windows\system32\9260E5\2F7DBA.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Anyplace Control Security - Unknown owner - C:\Windows\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10224 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-548308923-606228464-1430335500-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-548308923-606228464-1430335500-1000UA.job
C:\Windows\tasks\HPCeeScheduleFordonstanley.job
C:\Windows\tasks\SpeedOptimizer Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-02 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-07 159744]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-19 317152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-19 472800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-01-14 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-01-14 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-01-14 81920]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot []
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"WrtMon.exe"=C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]
"2F7DBA"=C:\Windows\system32\9260E5\2F7DBA.EXE [2009-03-24 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-02 149280]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2008-11-05 4347120]
"Google Update"=C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe []

C:\Users\donstanley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1
"NoActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"J:\ow\MAAYOS\Acads\(2-2)\Bio102 Lab\Activity 2 - Embryology\embryology from bio22\vlc-0.9.8a-win32.exe"="J:\ow\MAAYOS\Acads\(2-2)\Bio102 Lab\Activity 2 - Embryology\embryology from bio22\vlc-0.9.8a-win32.exe:*:Enabled:ipsec"
"C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE"="C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE:*:Enabled:ipsec"
"C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\tsdjnq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\tsdjnq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winfvdyxj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winfvdyxj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winedohxt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winedohxt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\bjtqqb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\bjtqqb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\lhrlh.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\lhrlh.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\mpjd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\mpjd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjictdk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjictdk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winmwjygl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winmwjygl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\fjrcgt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\fjrcgt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\acbaww.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\acbaww.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winujkg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winujkg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\yntcy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\yntcy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsteglg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsteglg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winspfoqg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winspfoqg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\plgb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\plgb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ahhj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ahhj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winwbcvjy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winwbcvjy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pnuuj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pnuuj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\isjl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\isjl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsrys.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsrys.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winlbxi.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winlbxi.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\punq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\punq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsqmp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsqmp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbrpai.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbrpai.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winoexk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winoexk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winstlbvv.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winstlbvv.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winrfglwx.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winrfglwx.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ouses.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ouses.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hwvcjk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hwvcjk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\leqvve.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\leqvve.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjbktru.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjbktru.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\aknt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\aknt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winklxur.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winklxur.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\fltgmy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\fltgmy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\uegaas.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\uegaas.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winwobvbd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winwobvbd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\xnjslc.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\xnjslc.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pxvkgb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pxvkgb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\tjpyht.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\tjpyht.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winlitj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winlitj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winqiaw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winqiaw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wintqrpm.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wintqrpm.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsnjm.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsnjm.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ifwak.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ifwak.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nahd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nahd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ghhpuq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ghhpuq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\onvdl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\onvdl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wintsitxo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wintsitxo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wincdknmt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wincdknmt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\windlah.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\windlah.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nkjp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nkjp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pgjcka.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pgjcka.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\rdvo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\rdvo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winpjnpt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winpjnpt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winqmla.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winqmla.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\xomltq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\xomltq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\kuotx.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\kuotx.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\rxhuyt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\rxhuyt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\jjhi.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\jjhi.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbgklia.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbgklia.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wingrrum.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wingrrum.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\thkbfw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\thkbfw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winfteatn.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winfteatn.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winmvwos.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winmvwos.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nwxc.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nwxc.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wingnbn.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wingnbn.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winviswgo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winviswgo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\eopw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\eopw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjvqtmb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjvqtmb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\gfot.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\gfot.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winirnp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winirnp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hhps.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hhps.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbtqgy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbtqgy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hkhj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hkhj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\kcdht.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\kcdht.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f06e3f9-f727-11dc-9a66-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{349dc68b-8f17-11dd-8bb9-001a6b047314}]
shell\Auto\command - G:\keybd.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\keybd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6beff0c6-73fe-11dd-b8e1-001a6b047314}]
shell\AutoRun\command - wscript.exe solution.vbs
shell\Open\command - wscript.exe solution.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab43a39-fc1d-11db-98b3-001636e76a30}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e05e648-e458-11db-9863-001a6b047314}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2ec337-ee66-11db-bf72-001636e76a30}]
shell\AutoRun\command - F:\EXPLORER.EXE
shell\explore\command - F:\EXPLORER.EXE
shell\open\command - F:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eea49f8-ff2d-11dc-8ba2-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9755d12a-07ee-11de-bcd0-001a6b047314}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c63adf5c-455b-11dd-8a2c-001a6b047314}]
shell\0pen\command - krag.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc413d76-dd0c-11dc-aca9-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3de0613-bf8c-11dd-a7f5-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com


======List of files/folders created in the last 1 months======

2009-09-28 10:37:56 ----D---- C:\Users\donstanley\AppData\Roaming\Malwarebytes
2009-09-28 10:37:11 ----D---- C:\ProgramData\Malwarebytes
2009-09-28 10:37:10 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-28 02:55:10 ----SDC---- C:\ComboFix
2009-09-28 02:55:10 ----A---- C:\Windows\system32\CF29267.exe
2009-09-28 01:21:29 ----A---- C:\Windows\zip.exe
2009-09-28 01:21:29 ----A---- C:\Windows\SWXCACLS.exe
2009-09-28 01:21:29 ----A---- C:\Windows\SWSC.exe
2009-09-28 01:21:29 ----A---- C:\Windows\SWREG.exe
2009-09-28 01:21:29 ----A---- C:\Windows\sed.exe
2009-09-28 01:21:29 ----A---- C:\Windows\PEV.exe
2009-09-28 01:21:29 ----A---- C:\Windows\NIRCMD.exe
2009-09-28 01:21:29 ----A---- C:\Windows\grep.exe
2009-09-28 01:21:27 ----A---- C:\Windows\system32\swsc.exe
2009-09-28 01:21:27 ----A---- C:\Windows\system32\CF4945.exe
2009-09-28 01:11:15 ----SHDC---- C:\Config.Msi
2009-09-28 00:21:21 ----DC---- C:\Program Files\Microsoft Visual Studio 8
2009-09-27 12:24:14 ----D---- C:\ProgramData\Microsoft Help
2009-09-27 11:18:41 ----D---- C:\Users\donstanley\AppData\Roaming\GetRightToGo
2009-09-21 10:00:21 ----A---- C:\Windows\system32\CF18994.exe
2009-09-21 01:35:15 ----A---- C:\Windows\system32\CF13436.exe
2009-09-20 00:31:01 ----DC---- C:\Qoobox
2009-09-19 17:26:55 ----DC---- C:\rsit
2009-09-12 22:32:25 ----DC---- C:\Program Files\Trend Micro
2009-09-12 22:30:24 ----D---- C:\Windows\ERDNT
2009-09-12 22:29:49 ----DC---- C:\Program Files\ERUNT
2009-09-12 21:14:49 ----A---- C:\Windows\_MSRSTRT.EXE
2009-09-12 21:06:41 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-12 21:06:41 ----A---- C:\Windows\system32\mf.dll
2009-09-12 21:06:15 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-12 21:06:12 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\finger.exe
2009-09-12 21:06:12 ----A---- C:\Windows\system32\ARP.EXE
2009-09-12 21:06:11 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-12 21:06:11 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-12 21:06:10 ----A---- C:\Windows\system32\netevent.dll
2009-09-12 21:04:39 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-12 21:04:39 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-12 21:04:38 ----A---- C:\Windows\system32\wlansec.dll
2009-09-12 21:04:37 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-12 21:03:54 ----A---- C:\Windows\system32\jscript.dll
2009-09-06 07:07:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-06 07:07:28 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 17:03:13 ----DC---- C:\Program Files\NetBeans 6.7.1
2009-09-02 16:19:44 ----DC---- C:\Program Files\Sun
2009-09-02 16:19:25 ----A---- C:\Windows\system32\deploytk.dll
2009-09-02 16:19:24 ----A---- C:\Windows\system32\javaws.exe
2009-09-02 16:19:24 ----A---- C:\Windows\system32\javaw.exe
2009-09-02 16:19:23 ----A---- C:\Windows\system32\java.exe
2009-08-31 03:21:02 ----D---- C:\ProgramData\WindowsSearch
2009-08-31 03:02:18 ----A---- C:\Windows\system32\tzres.dll

======List of files/folders modified in the last 1 months======

2009-09-28 15:49:05 ----D---- C:\Windows\Temp
2009-09-28 15:46:53 ----D---- C:\Windows\System32
2009-09-28 15:46:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-28 15:46:52 ----D---- C:\Windows\inf
2009-09-28 15:37:11 ----HD---- C:\Windows\system32\9260E5
2009-09-28 10:37:16 ----D---- C:\Windows\system32\drivers
2009-09-28 10:37:11 ----HD---- C:\ProgramData
2009-09-28 10:37:10 ----RDC---- C:\Program Files
2009-09-28 02:55:49 ----A---- C:\Windows\ntbtlog.txt
2009-09-28 02:55:09 ----D---- C:\Windows\system32\en-US
2009-09-28 01:21:29 ----D---- C:\Windows
2009-09-28 01:11:32 ----SHD---- C:\Windows\Installer
2009-09-28 01:11:27 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-28 01:10:34 ----D---- C:\Windows\ShellNew
2009-09-28 01:10:22 ----A---- C:\Windows\win.ini
2009-09-28 01:10:16 ----D---- C:\Program Files\Common Files\System
2009-09-28 01:00:35 ----RSD---- C:\Windows\assembly
2009-09-28 00:55:28 ----D---- C:\Program Files\MSBuild
2009-09-28 00:50:26 ----D---- C:\Program Files\Microsoft Office
2009-09-28 00:49:38 ----RSD---- C:\Windows\Fonts
2009-09-28 00:48:20 ----SD---- C:\ProgramData\Microsoft
2009-09-28 00:44:16 ----D---- C:\Program Files\Common Files
2009-09-28 00:42:46 ----D---- C:\Windows\Help
2009-09-28 00:16:01 ----SHD---- C:\System Volume Information
2009-09-27 13:01:41 ----SD---- C:\Users\donstanley\AppData\Roaming\Microsoft
2009-09-27 12:37:31 ----D---- C:\Windows\winsxs
2009-09-27 12:33:36 ----D---- C:\Program Files\Microsoft Works
2009-09-27 02:11:14 ----DC---- C:\Program Files\Mozilla Firefox
2009-09-27 01:53:07 ----SD---- C:\Windows\Downloaded Program Files
2009-09-26 09:23:15 ----D---- C:\Windows\system32\catroot2
2009-09-21 09:50:48 ----DC---- C:\Program Files\Alwil Software
2009-09-20 22:51:17 ----D---- C:\Windows\Prefetch
2009-09-18 18:05:43 ----D---- C:\Windows\system32\catroot
2009-09-13 06:49:24 ----D---- C:\Windows\rescache
2009-09-13 03:05:22 ----D---- C:\Program Files\Windows Mail
2009-09-13 03:03:56 ----D---- C:\Windows\ehome
2009-09-12 22:02:37 ----D---- C:\Users\donstanley\AppData\Roaming\uTorrent
2009-09-12 21:48:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-12 21:35:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-12 21:24:31 ----D---- C:\Program Files\iPod
2009-09-12 21:21:15 ----D---- C:\Program Files\iTunes
2009-09-12 21:19:46 ----HD---- C:\Windows\system32\GroupPolicy
2009-09-12 21:14:35 ----AD---- C:\ProgramData\TEMP
2009-09-10 22:18:58 ----D---- C:\Users\donstanley\AppData\Roaming\dvdcss
2009-09-07 03:10:28 ----D---- C:\Windows\AppPatch
2009-09-06 03:12:03 ----D---- C:\Windows\Microsoft.NET
2009-09-04 16:54:17 ----D---- C:\Windows\system32\WDI
2009-09-02 16:18:22 ----D---- C:\Program Files\Java
2009-08-31 14:38:25 ----DC---- C:\Program Files\Mozilla Firefox 3.1 Beta 2
2009-08-29 05:38:20 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-05-30 96520]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-05-30 26184]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-29 8192]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-02-07 218752]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-29 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-14 4452288]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-22 1749760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 AvgWfpX;AVG8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-05-30 68104]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 catchme;catchme; \??\C:\Users\DONSTA~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\#Gravity\RagnarokOnline\npkcrypt.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
S3 scrcap;scrcap; C:\Windows\system32\DRIVERS\scrcap.sys []
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Anyplace Control Security;Anyplace Control Security; C:\Windows\svcadmin.exe [2008-03-07 45568]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-25 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-25 118877]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-20 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 143360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe []
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------
 
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
 
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top