TheTechGuide Forum

General Category => Tech Clinic => Topic started by: germs on February 20, 2010, 11:28:03 AM

Title: serious issues
Post by: germs on February 20, 2010, 11:28:03 AM

a while ago my wife clicked on a link sent to her via a hacked facebook profile of a 12 year old relative, and ever since our laptop has run like garbage.

Firefox won't run. I uninstalled it, reinstalled it, still no good.

Spybot, and Super Antispyware regularly find and "fix" issues called:
My Web Search, and Fun Web products, etc. 100's of adware, spyware, unwanted browser extensions

Everything runs slow in general. Our homepage is redirected, And I am unable to enable my windows firewall, eventhough I am prompted to everyday.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:26:54 AM, on 2/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (http://\"http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab (http://\"http://www2.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167172544750 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167172544750\")
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab (http://\"http://download.divx.com/player/DivXBrowserPlugin.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8924 bytes

Title: serious issues
Post by: guestolo on February 20, 2010, 02:56:30 PM

Download [color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\") and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
• Finally paste the contents of the Report.txt back here

In addition:
Download [color=\"#FF0000\"]OTL.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] by OldTimer to your Desktop.

• Close all windows and double click on OTL.exe to run it
• Under the Custom Scan box paste this in, the contents in Blue

[color=\"#0000FF\"]netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]

• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"

Title: serious issues
Post by: germs on February 21, 2010, 02:27:40 PM

I downloaded sdfix.exe and OTL.exe. when I try to reboot in safe mode, the laptop shuts itself off? I checked the power cord, the switch on the wall, the battery is charging...90% right now. This really sucks. Is there something else I could try? (thanks for your help btw)

Title: serious issues
Post by: guestolo on February 21, 2010, 03:15:26 PM

Skip SDFix.exe and please run OTL.exe with the instructions I posted and post the logs

Title: serious issues
Post by: germs on February 21, 2010, 03:39:30 PM

OTL logfile created on: 2/21/2010 12:25:39 PM - Run 1
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Documents and Settings\Jerame Farnum\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.00 Mb Total Physical Memory | 554.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.67 Gb Total Space | 22.11 Gb Free Space | 35.28% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 0.66 Gb Free Space | 5.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ISHNA
Current User Name: Jerame Farnum
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
PRC - [2010/02/19 21:28:20 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/09/04 01:44:18 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 16:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/12/21 23:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/12/13 16:45:58 | 000,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/12/08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005/11/15 14:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/06/19 12:50:08 | 000,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/02/28 13:47:32 | 000,106,496 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/02/28 13:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
MOD - [2005/02/28 13:36:18 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2007/10/21 14:51:55 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/21 23:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/15 14:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2005/02/28 13:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/02/19 21:28:20 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 21:28:20 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 21:28:20 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/15 14:33:10 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/04/12 02:04:39 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/12 02:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/12 02:04:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/11/28 01:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 14:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 03:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 01:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 01:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 01:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 00:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 02:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 01:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 12:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/05 09:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 09:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/10 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/16 20:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/10 12:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/04/09 11:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com (http://\"http://www.google.com\")
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com (http://\"http://www.google.com\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com (http://\"http://www.google.com\")
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:0.9945
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/12 19:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 19:30:27 | 000,000,000 | ---D | M]
 
[2009/01/30 17:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Extensions
[2009/06/08 20:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Firefox\Profiles\0gfmqu98.default\extensions
[2009/05/09 05:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Firefox\Profiles\0gfmqu98.default\extensions\[email protected]
[2009/06/09 17:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/09 17:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions(2)
[2009/06/08 14:31:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
 
O1 HOSTS File: ([2010/02/20 07:39:16 | 000,307,143 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe ()
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (http://\"http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab\") (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (http://\"http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab\") (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (http://\"http://www2.snapfish.com/SnapfishActivia.cab\") (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1167172544750 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167172544750\") (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (http://\"http://download.divx.com/player/DivXBrowserPlugin.cab\") (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab\") (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (http://\"http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab\") (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\") (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab\") (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab\") (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab\") (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab\") (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab\") (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab\") (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab\") (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\") (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1 65.41.120.51 208.13.143.36
O20 - AppInit_DLLs: (cru629.dat) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{11dd8c6c-0898-11df-9488-0014a5ec4ca9}\Shell - "" = AutoRun
O33 - MountPoints2\{11dd8c6c-0898-11df-9488-0014a5ec4ca9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11dd8c6c-0898-11df-9488-0014a5ec4ca9}\Shell\AutoRun\command - "" = F:\iStudio.exe -- File not found
O33 - MountPoints2\{edfab080-f9c0-11dc-93c8-0014a5ec4ca9}\Shell\AutoRun\command - "" = H:\PMB_Portable.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: ipv6apir - (C:\WINDOWS\system32\auditrol.dll) - C:\WINDOWS\System32\auditrol.dll File not found
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/06/18 22:55:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173310768939008)
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/02/21 11:03:53 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/02/21 11:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Nova Development
[2010/02/20 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nova Development
[2010/02/20 20:08:58 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
[2010/02/20 08:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/19 14:35:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/02/19 14:35:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/02/19 14:35:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/02/19 14:35:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/02/19 14:35:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/02/19 14:35:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/02/19 14:35:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/02/19 14:35:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010/02/19 14:35:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/02/19 14:35:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/02/19 14:35:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/02/19 14:35:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010/01/23 19:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerame Farnum\My Documents\Intelli-studio
[2010/01/23 19:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerame Farnum\Application Data\Intelli-studio
[2010/01/23 19:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2009/06/08 14:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/05 10:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2008/11/05 12:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/08/16 09:20:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/16 09:20:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/07/17 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/04 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/06/18 23:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[198 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/02/21 11:43:24 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/02/21 11:43:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/21 11:20:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E6547FF9-161E-4EC0-B28F-80E11A8512DB}.job
[2010/02/21 11:20:00 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/21 11:20:00 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/21 11:20:00 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/21 11:15:41 | 000,013,504 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/02/21 11:15:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/21 11:15:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/21 11:15:16 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/21 11:11:16 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\ntuser.dat
[2010/02/21 11:11:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jerame Farnum\ntuser.ini
[2010/02/21 11:11:08 | 003,748,116 | -H-- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\IconCache.db
[2010/02/20 20:34:46 | 000,399,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
[2010/02/20 20:08:42 | 001,529,241 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\SDFix.exe
[2010/02/20 08:25:47 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\HiJackThis.lnk
[2010/02/20 07:39:16 | 000,307,143 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/16 19:13:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpFCFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpEFFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD20D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB70D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp17FC3.FOT
[2010/02/11 13:41:03 | 000,002,519 | ---- | M] () -- C:\WINDOWS\System32\selfeval106.rtf
[2010/02/11 03:07:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/07 09:49:37 | 016,724,059 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\DSC00613.pdf
[2010/02/07 09:47:50 | 000,288,877 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\DSC00613.JPG
[2010/02/05 17:31:13 | 000,001,943 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/01 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/01/27 22:11:44 | 000,004,104 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\Video treatment.rtf
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[198 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/02/21 11:04:42 | 000,222,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/20 20:08:42 | 001,529,241 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\SDFix.exe
[2010/02/20 08:16:34 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\HiJackThis.lnk
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpFCFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpEFFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpD20D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB70D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp17FC3.FOT
[2010/02/11 12:27:47 | 000,002,519 | ---- | C] () -- C:\WINDOWS\System32\selfeval106.rtf
[2010/02/07 09:49:12 | 016,724,059 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\DSC00613.pdf
[2010/02/07 09:42:43 | 000,288,877 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\DSC00613.JPG
[2010/01/27 20:07:51 | 000,004,104 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\Video treatment.rtf
[2009/01/11 21:05:44 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/11 21:05:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/01 03:39:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/03 21:16:55 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/03/12 09:07:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/25 14:44:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/02/24 22:32:58 | 000,014,980 | ---- | C] () -- C:\Program Files\Common Files\guculoq._sy
[2008/02/24 22:32:58 | 000,013,769 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll
[2008/02/24 22:32:58 | 000,011,325 | ---- | C] () -- C:\Program Files\Common Files\yjihaz.dll
[2008/02/24 22:32:58 | 000,010,588 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\obogyciwak.dl
[2008/02/24 22:32:58 | 000,010,190 | ---- | C] () -- C:\Program Files\Common Files\hedizirec._sy
[2008/02/24 22:32:57 | 000,019,797 | ---- | C] () -- C:\Program Files\Common Files\mesewa.inf
[2008/02/24 22:32:57 | 000,015,853 | ---- | C] () -- C:\Program Files\Common Files\pewijeh.scr
[2008/02/24 22:32:57 | 000,015,686 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\ejefox.vbs
[2008/02/24 22:32:57 | 000,015,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oxikucy.db
[2008/02/24 22:32:57 | 000,011,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\myfaroxul.sys
[2008/02/24 22:32:57 | 000,011,153 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban
[2008/02/16 01:01:40 | 000,019,852 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\quhudital.bin
[2008/02/16 01:01:40 | 000,019,366 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban
[2008/02/16 01:01:40 | 000,018,508 | ---- | C] () -- C:\Program Files\Common Files\kuminyzage.com
[2008/02/16 01:01:40 | 000,017,190 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\aryc.dat
[2008/02/16 01:01:40 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban
[2008/02/16 01:01:40 | 000,015,358 | ---- | C] () -- C:\WINDOWS\vuxeculaz.dll
[2008/02/16 01:01:40 | 000,014,761 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dytefuceke.inf
[2008/02/16 01:01:40 | 000,013,203 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\obege.inf
[2008/02/16 01:01:40 | 000,012,072 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db
[2008/02/16 01:01:40 | 000,011,738 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat
[2008/02/16 01:01:40 | 000,011,652 | ---- | C] () -- C:\Program Files\Common Files\erywava.scr
[2008/02/16 01:01:40 | 000,010,125 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban
[2008/02/16 01:01:40 | 000,010,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xodaruximy.exe
[2008/01/27 16:22:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/10/21 17:13:29 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2007/04/30 18:28:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/14 21:48:20 | 000,002,582 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\wklnhst.dat
[2007/01/10 10:17:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/12/26 19:52:59 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\fusioncache.dat
[2006/12/26 13:42:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/26 13:34:21 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/19 00:55:13 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/19 00:53:19 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/19 00:37:38 | 000,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/19 00:18:26 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/19 00:16:00 | 000,003,583 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 02:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/17 09:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 09:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
 
[color=\"#E56717\"]========== Custom Scans ==========[/color]
 
 
[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=\"#A23BEC\"]< MD5 for: AGP440.SYS  >[/color]
[2004/08/09 23:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/17 19:11:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/07/17 19:11:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/09 23:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/17 19:11:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/07/17 19:11:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL  >[/color]
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/04/13 16:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[198 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav  >[/color]
[2005/08/17 01:43:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/17 01:43:50 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/17 01:43:50 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 2/21/2010 12:25:39 PM - Run 1
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Documents and Settings\Jerame Farnum\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.00 Mb Total Physical Memory | 554.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.67 Gb Total Space | 22.11 Gb Free Space | 35.28% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 0.66 Gb Free Space | 5.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ISHNA
Current User Name: Jerame Farnum
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" (Adobe Systems Incorporated)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(tm) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(tm) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(tm) 6 Update 3
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.0
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe  1.4.56.1
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{822944D4-BC5D-44AE-9315-16C174D318B0}" = Photo Explosion
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Anime Studio Pro_is1" = Anime Studio Pro 6.0
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"Final Draft 5" = Final Draft 5
"HijackThis" = HijackThis 2.0.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MusicIP Mixer_is1" = MusicIP Mixer 1.7
"MyPublisher BookMaker" = MyPublisher BookMaker
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Panda ActiveScan" = Panda ActiveScan
"Papagayo_is1" = Papagayo 1.2
"PhotoShow Deluxe 4" = PhotoShow Deluxe 4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tablet Driver" = Tablet
"ViewpointMediaPlayer" = Viewpoint Media Player
"Walgreens PhotoShow Express 4" = Walgreens PhotoShow Express 4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2/11/2010 4:21:33 PM | Computer Name = ISHNA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 2/12/2010 12:09:44 AM | Computer Name = ISHNA | Source = Application Hang | ID = 1002
Description = Hanging application moviemk.exe, version 2.1.4026.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 2/14/2010 3:46:11 PM | Computer Name = ISHNA | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 9.0.0.0, faulting module
 photoshop.exe, version 9.0.0.0, fault address 0x00b249b2.
 
Error - 2/19/2010 2:06:21 AM | Computer Name = ISHNA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 2/19/2010 2:06:53 AM | Computer Name = ISHNA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 2/19/2010 2:22:03 AM | Computer Name = ISHNA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 2/19/2010 8:49:53 PM | Computer Name = ISHNA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error -

Title: serious issues
Post by: guestolo on February 21, 2010, 03:59:08 PM

Please do the following:
Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot
Restart the computer

Back in Windows
Download ComboFix from only this location:
[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Title: serious issues
Post by: germs on February 21, 2010, 04:38:32 PM

ComboFix 10-02-21.02 - Jerame Farnum 02/21/2010  13:24:04.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.894.554 [GMT -8:00]
Running from: c:\documents and settings\Jerame Farnum\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\dytefuceke.inf
c:\documents and settings\All Users\Application Data\obege.inf
c:\documents and settings\All Users\Documents\ojaze.inf
c:\documents and settings\Jerame Farnum\Application Data\ejefox.vbs
c:\program files\Common Files\mesewa.inf
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Internet Explorer\SET293.tmp
c:\program files\Internet Explorer\SET294.tmp
c:\program files\Internet Explorer\SET296.tmp
c:\program files\Internet Explorer\SET2FA.tmp
c:\program files\Internet Explorer\SET2FB.tmp
c:\program files\Internet Explorer\SET2FC.tmp
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\windows\evaxedoqel.inf
c:\windows\lega.exe
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\soqa.bat
c:\windows\system32\suspend.bin
c:\windows\system32\suspend.exe
c:\windows\system32\Thumbs.db
c:\windows\vuxeculaz.dll
c:\windows\xixigofal._sy
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2010-01-21 to 2010-02-21  )))))))))))))))))))))))))))))))
.

2010-02-21 19:04 . 2010-02-21 19:04 222296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-21 19:03 . 2008-11-06 10:03 -------- d-----w- C:\SDFix
2010-02-21 19:02 . 2010-02-21 19:02 -------- d-----w- c:\documents and settings\Jerame Farnum\Local Settings\Application Data\Nova Development
2010-02-21 04:36 . 2010-02-21 04:39 -------- d-----w- c:\documents and settings\Melissa Quaranto\Local Settings\Application Data\Nova Development
2010-02-21 04:23 . 2010-02-21 04:23 -------- d-----w- c:\program files\Nova Development
2010-02-21 04:23 . 2010-02-21 04:23 -------- d-----w- c:\documents and settings\Melissa Quaranto\Application Data\Nova Development
2010-02-20 16:16 . 2010-02-20 16:16 388096 ----a-r- c:\documents and settings\Jerame Farnum\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-20 16:16 . 2010-02-20 16:16 -------- d-----w- c:\program files\TrendMicro
2010-02-19 22:35 . 2001-08-18 06:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-02-19 22:35 . 2001-08-18 06:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-02-19 22:35 . 2001-08-18 06:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-02-19 22:35 . 2001-08-18 06:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-02-19 22:35 . 2001-08-17 22:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-02-19 22:35 . 2001-08-17 22:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-02-19 22:35 . 2001-08-17 22:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-02-19 22:35 . 2001-08-17 22:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2010-02-19 22:35 . 2001-08-17 22:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-02-19 22:35 . 2001-08-17 22:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-02-19 22:35 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-02-19 22:35 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-01-31 00:55 . 2010-01-31 00:55 52224 ----a-w- c:\documents and settings\Melissa Quaranto\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-31 00:55 . 2010-02-06 01:49 117760 ----a-w- c:\documents and settings\Melissa Quaranto\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-31 00:53 . 2010-01-31 00:53 -------- d-----w- c:\documents and settings\Melissa Quaranto\Application Data\SUPERAntiSpyware.com
2010-01-28 06:29 . 2010-01-28 06:29 52224 ----a-w- c:\documents and settings\Jerame Farnum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-24 03:25 . 2010-01-24 03:45 -------- d-----w- c:\documents and settings\Jerame Farnum\Application Data\Intelli-studio
2010-01-24 03:25 . 2010-01-24 03:25 -------- d-----w- c:\program files\Samsung

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 21:13 . 2007-10-22 01:13 13504 ----a-w- c:\windows\system32\tablet.dat
2010-02-21 04:50 . 2006-06-19 09:07 125520 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-20 15:42 . 2009-06-10 02:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-20 05:28 . 2009-06-21 21:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-20 02:35 . 2009-06-21 21:42 117760 ----a-w- c:\documents and settings\Jerame Farnum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-19 04:29 . 2006-12-28 20:33 29164 ----a-w- c:\documents and settings\Melissa Quaranto\Application Data\wklnhst.dat
2010-01-30 15:15 . 2006-12-29 21:30 -------- d-----w- c:\program files\LimeWire
2010-01-30 02:53 . 2007-01-12 16:10 -------- d-----w- c:\documents and settings\Melissa Quaranto\Application Data\Walgreens
2010-01-16 15:02 . 2010-01-16 15:02 -------- d-----w- c:\documents and settings\Melissa Quaranto\Application Data\CyberLink
2010-01-16 15:02 . 2007-01-10 18:27 -------- d-----w- c:\documents and settings\Melissa Quaranto\Application Data\HP
2010-01-13 03:32 . 2010-01-13 03:32 -------- d-----w- c:\program files\Common Files\Apple
2010-01-13 03:32 . 2010-01-13 03:31 -------- d-----w- c:\program files\QuickTime
2010-01-13 03:31 . 2010-01-13 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-31 16:50 . 2004-08-10 15:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 15:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-10 15:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 15:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-10 15:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-10 15:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 21:01 . 2009-12-04 21:01 57955 ----a-w- c:\documents and settings\Melissa Quaranto\Application Data\Smilebox\uninstall.exe
2009-12-04 18:22 . 2004-08-10 15:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2005-06-29 09:55 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-10 15:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 15:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 15:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-10 15:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-10 15:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-10 15:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2008-02-25 06:32 . 2008-02-25 06:32 14980 ----a-w- c:\program files\Common Files\guculoq._sy
2008-02-25 06:32 . 2008-02-25 06:32 11325 ----a-w- c:\program files\Common Files\yjihaz.dll
2008-02-25 06:32 . 2008-02-25 06:32 10190 ----a-w- c:\program files\Common Files\hedizirec._sy
2008-02-25 06:32 . 2008-02-25 06:32 15853 ----a-w- c:\program files\Common Files\pewijeh.scr
2008-02-16 09:01 . 2008-02-16 09:01 18508 ----a-w- c:\program files\Common Files\kuminyzage.com
2008-02-16 09:01 . 2008-02-16 09:01 11652 ----a-w- c:\program files\Common Files\erywava.scr
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-20 2012912]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-14 507904]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"AddressBookReminderApp"="c:\program files\Nova Development\Photo Explosion\4.0\ReminderApp.exe" [2009-09-04 144672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

c:\documents and settings\Melissa Quaranto\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-21 25214]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2007-10-21 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 00:08 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Virtual Assistant.lnk
backup=c:\windows\pss\Virtual Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 09:08 483328 ----a-w- c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-05 01:58 856064 ----a-w- c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-22 15:57 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 10:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
2005-10-11 17:23 1187840 ------w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-02-09 16:52 643072 ------w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simple Star PhotoShow Media Manager]
2006-01-13 21:22 233472 ----a-w- c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 09:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Walgreens PhotoShow Media Manager]
2006-04-20 06:35 237568 ----a-w- c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 9:05 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 66632]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 1:06 AM 231424]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-02-21 c:\windows\Tasks\User_Feed_Synchronization-{E6547FF9-161E-4EC0-B28F-80E11A8512DB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab (http://\"http://file:///C:/WINDOWS/Java/classes/xmldso.cab\")
FF - ProfilePath - c:\documents and settings\Jerame Farnum\Application Data\Mozilla\Firefox\Profiles\0gfmqu98.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com (http://\"http://www.yahoo.com\")
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-4bed8bac - c:\windows\system32\omabwklt.dll
AddRemove-HijackThis - c:\documents and settings\Jerame Farnum\Desktop\HijackThis.exe
AddRemove-Virtual Assistant - c:\progra~1\VIRTUA~1\Uninstall.exe
AddRemove-{2415830B-C6BD-4C1A-B4A3-D6EC7DAD4C2B} - c:\documents and settings\Jerame Farnum\Local Settings\Application Data\{63E02CCF-2C7E-43D2-89FB-97B27E8C460F}\DirectDVD8.exe

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2010-02-21 13:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?9?0?4??????? ???B?????????????hLC? ??????

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-21  13:35:17
ComboFix-quarantined-files.txt  2010-02-21 21:35

Pre-Run: 23,597,195,264 bytes free
Post-Run: 24,866,336,768 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 8C8E7886EBF9FCD64ADBF8F16A5A411B

Title: serious issues
Post by: guestolo on February 21, 2010, 05:22:27 PM

Go to the following link [color=\"#0000FF\"]ESET Online Scanner[/color] (http://\"http://www.eset.com/onlinescan/\")[/url]
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
     
  
• Click Start
     
  
• When asked, allow the ActiveX control to install
• Click Start
     
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
     
  
• Click Scan (This scan can take awhile, so please be patient)
     
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
     
  
• Copy and paste that log as a reply to this topic

Title: serious issues
Post by: germs on February 22, 2010, 01:34:08 AM

after agreeing to the terms, and clicking the start button, the pop-up goes blank, loads, loads, loads, beeps when it's done, but stays blank, and then disappears 5 seconds later.

note: I am now able to run windows in safe mode, but 30 seconds into running sdfix, it turns itself off.

Title: serious issues
Post by: guestolo on February 22, 2010, 01:48:46 AM

I'm just on my way to bed, in the meantime, can you try the following
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
     
  
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
     
  
• Click the green arrow (http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg) at the right, and the scan will start.
     
  
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
     
  
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
     
  
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.
  

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Title: serious issues
Post by: germs on February 24, 2010, 12:14:54 AM

I ran the scans, and went to bed, in the morning my wife rebooted the computer, but din't save the log. bummer. On the bright side, I was prompted to do a windows update, and it didn't fail this time, and now my firewall's been enabled. Yay! I tried so many times to turn that thing on. Thought I was doing something wrong. Should I redo/revisit previous steps?

Title: serious issues
Post by: guestolo on February 24, 2010, 12:33:54 AM

Dr. Web isn't a replacement for a full time AntiVirus software
Do you have your own to install, or do you need a free solution, let me know please

Title: serious issues
Post by: germs on February 24, 2010, 01:30:35 AM

This might sound completely stupid but I always assumed that the $69 Norton, and the like, were rip off's. like consumer products people thought that they had to buy because they didn't know better, or something. If buying one of those products is really, truly a good idea, I'll make the investment, if that's what you recommend. In the meantime, should I retry the ESET, or the SDfix?

Title: serious issues
Post by: guestolo on February 24, 2010, 08:25:32 AM

Don't worry about Eset or another scan with Dr. Web
What I would like to do is get a permanent AntiVirus software on your computer

Let's do the following
Go to the link and get yourself a copy of Avast5 free edition
http://www.avast.com/free-antivirus-download (http://\"http://www.avast.com/free-antivirus-download\")

Simply click on the "Download Now" button beside 'Multi-language 43mb or English 40mb
Save the installer to desktop

After installing, normally you can just set it to run a Quick Scan weekly thru settings
But can you have it run a Full System Scan please
Let me know if it finds anything, or comes clean
reboot after the scan

Can you reopen OTL.exe and run a Quick scan, post back it's new log
We'll just do some final cleanup afterwards and get some of your other software updated to help keep it secure

Title: serious issues
Post by: germs on February 24, 2010, 09:36:22 AM

great, thank you. I will follow these steps after work today. Last night before going to bed I did a quick scan with malwarebyte, and the "my web search" thing is still showing up. Here's the log, if it helps:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/24/2010 6:31:55 AM
mbam-log-2010-02-24 (06-31-55).txt

Scan type: Quick Scan
Objects scanned: 134149
Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Title: serious issues
Post by: guestolo on February 24, 2010, 09:44:23 AM

Malwarebytes is probably just finding leftovers, but can you do the following
Make sure you reopen MBAM, then first Check For Updates
As you are outdated
Then run a fresh Quick Scan

I"m on my way to work, I'll see how you make out later on  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: serious issues
Post by: germs on February 28, 2010, 01:57:12 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3794
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/28/2010 10:53:01 AM
mbam-log-2010-02-28 (10-53-01).txt

Scan type: Quick Scan
Objects scanned: 152250
Time elapsed: 40 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Title: serious issues
Post by: guestolo on February 28, 2010, 02:12:12 PM

Can you reopen OTL.exe and run a scan, post back it's new log
We'll just do some final cleanup afterwards and get some of your other software updated to help keep it secure

Title: serious issues
Post by: germs on February 28, 2010, 03:46:38 PM

Avast found two items total, and moved them into the "chest".
The scans are performing good, but for some reason the laptop is running painfully slow, the desktop loads and reloads 5-6 times before it settles. Fire Fox is still a no go. Can't even uninstall it using add/remove menu, does nothing. Here's the new OTL:

OTL logfile created on: 2/28/2010 11:07:34 AM - Run 2
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Documents and Settings\Jerame Farnum\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.67 Gb Total Space | 22.24 Gb Free Space | 35.48% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 0.66 Gb Free Space | 5.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ISHNA
Current User Name: Jerame Farnum
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
PRC - [2010/02/19 21:28:20 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/02/11 10:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/04 01:44:18 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/21 23:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/12/13 16:45:58 | 000,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/12/08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005/11/15 14:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/06/19 12:50:08 | 000,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/02/28 13:47:32 | 000,106,496 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/02/28 13:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
MOD - [2005/02/28 13:36:18 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/10/21 14:51:55 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/21 23:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/15 14:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2005/02/28 13:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com (http://\"http://www.google.com\")
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:0.9945
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/12 19:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 19:30:27 | 000,000,000 | ---D | M]
 
[2009/01/30 17:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Extensions
[2009/06/08 20:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Firefox\Profiles\0gfmqu98.default\extensions
[2009/05/09 05:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Firefox\Profiles\0gfmqu98.default\extensions\[email protected]
[2009/06/09 17:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/09 17:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions(2)
[2009/06/08 14:31:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
 
O1 HOSTS File: ([2010/02/21 23:51:54 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:    127.0.0.1      localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (http://\"http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab\") (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (http://\"http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab\") (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (http://\"http://www2.snapfish.com/SnapfishActivia.cab\") (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1167172544750 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167172544750\") (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (http://\"http://download.divx.com/player/DivXBrowserPlugin.cab\") (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab\") (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (http://\"http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab\") (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\") (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab\") (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab\") (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab\") (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab\") (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab\") (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab\") (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab\") (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\") (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1 65.41.120.51 208.13.143.36
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: ipv6apir - (C:\WINDOWS\system32\auditrol.dll) - C:\WINDOWS\System32\auditrol.dll File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 14 Days ==========[/color]
 
[2010/02/25 22:10:53 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/25 22:10:52 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/25 22:10:49 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/25 22:10:46 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/25 22:10:42 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/25 22:10:42 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/25 22:10:40 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/25 22:10:20 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/25 22:10:20 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/25 22:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/25 22:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/22 06:00:06 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/02/21 23:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerame Farnum\DoctorWeb
[2010/02/21 15:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/02/21 15:07:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/21 14:33:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/02/21 13:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/21 13:21:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/21 13:19:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/21 13:19:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/21 13:19:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/21 13:19:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/21 13:19:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/21 13:18:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/21 11:03:53 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/02/21 11:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Nova Development
[2010/02/20 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nova Development
[2010/02/20 20:08:58 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
[2010/02/20 08:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/06/08 14:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/05 10:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2008/11/05 12:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/08/16 09:20:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/16 09:20:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/07/17 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/04 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/06/18 23:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[198 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 14 Days ==========[/color]
 
[2010/02/28 09:26:22 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/02/28 09:25:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/28 08:55:45 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E6547FF9-161E-4EC0-B28F-80E11A8512DB}.job
[2010/02/26 20:59:01 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/26 20:59:01 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/26 20:59:01 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/26 20:54:56 | 000,013,504 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/02/26 20:54:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/26 20:54:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/26 20:54:13 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/26 20:52:33 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\ntuser.dat
[2010/02/26 20:52:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jerame Farnum\ntuser.ini
[2010/02/26 20:52:22 | 003,747,208 | -H-- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\IconCache.db
[2010/02/25 22:10:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/25 22:10:43 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 20:57:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 19:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/21 23:51:54 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/21 23:30:39 | 031,715,272 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
[2010/02/21 15:31:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/21 13:30:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/21 13:21:59 | 000,000,279 | RHS- | M] () -- C:\boot. ini
[2010/02/21 13:15:52 | 003,868,001 | R--- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\ComboFix.exe
[2010/02/20 20:34:46 | 000,399,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
[2010/02/20 20:08:42 | 001,529,241 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\SDFix.exe
[2010/02/20 08:25:47 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\HiJackThis.lnk
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[198 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/02/25 22:10:54 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/21 23:30:36 | 031,715,272 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
[2010/02/21 14:35:38 | 937,676,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/21 13:21:59 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/02/21 13:21:56 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/21 13:19:35 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/21 13:19:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/21 13:19:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/21 13:19:35 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/21 13:19:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/21 13:15:52 | 003,868,001 | R--- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\ComboFix.exe
[2010/02/21 11:04:42 | 000,222,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/20 20:08:42 | 001,529,241 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\SDFix.exe
[2010/02/20 08:16:34 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\HiJackThis.lnk
[2009/01/11 21:05:44 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/11 21:05:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/01 03:39:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/03 21:16:55 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/03/12 09:07:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/25 14:44:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/02/24 22:32:58 | 000,014,980 | ---- | C] () -- C:\Program Files\Common Files\guculoq._sy
[2008/02/24 22:32:58 | 000,013,769 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll
[2008/02/24 22:32:58 | 000,011,325 | ---- | C] () -- C:\Program Files\Common Files\yjihaz.dll
[2008/02/24 22:32:58 | 000,010,588 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\obogyciwak.dl
[2008/02/24 22:32:58 | 000,010,190 | ---- | C] () -- C:\Program Files\Common Files\hedizirec._sy
[2008/02/24 22:32:57 | 000,015,853 | ---- | C] () -- C:\Program Files\Common Files\pewijeh.scr
[2008/02/24 22:32:57 | 000,015,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oxikucy.db
[2008/02/24 22:32:57 | 000,011,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\myfaroxul.sys
[2008/02/24 22:32:57 | 000,011,153 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban
[2008/02/16 01:01:40 | 000,019,852 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\quhudital.bin
[2008/02/16 01:01:40 | 000,019,366 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban
[2008/02/16 01:01:40 | 000,018,508 | ---- | C] () -- C:\Program Files\Common Files\kuminyzage.com
[2008/02/16 01:01:40 | 000,017,190 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\aryc.dat
[2008/02/16 01:01:40 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban
[2008/02/16 01:01:40 | 000,012,072 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db
[2008/02/16 01:01:40 | 000,011,738 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat
[2008/02/16 01:01:40 | 000,011,652 | ---- | C] () -- C:\Program Files\Common Files\erywava.scr
[2008/02/16 01:01:40 | 000,010,125 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban
[2008/02/16 01:01:40 | 000,010,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xodaruximy.exe
[2008/01/27 16:22:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/10/21 17:13:29 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2007/04/30 18:28:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/14 21:48:20 | 000,002,582 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\wklnhst.dat
[2007/01/10 10:17:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/12/26 19:52:59 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\fusioncache.dat
[2006/12/26 13:42:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/26 13:34:21 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/19 00:55:13 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/19 00:53:19 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/19 00:37:38 | 000,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/19 00:18:26 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/19 00:16:00 | 000,003,583 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 02:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/17 09:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 09:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
 
[color=\"#E56717\"]========== LOP Check ==========[/color]
 
[2010/02/25 22:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/02/05 10:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2008/02/21 16:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2006/06/19 00:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/06/13 10:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
[2009/06/10 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/28 18:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/19 16:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2008/08/27 20:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{63E02CCF-2C7E-43D2-89FB-97B27E8C460F}
[2008/01/06 14:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\BitTorrent
[2008/02/16 00:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\DNA
[2006/12/26 15:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Leadertech
[2009/05/16 15:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Lost Marble
[2008/07/09 06:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\MSNInstaller
[2008/07/08 21:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\MSNInstaller(2)
[2007/01/16 12:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Opera
[2009/06/13 10:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Smith Micro
[2007/02/14 21:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Template
[2007/02/14 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Viewpoint
[2007/02/19 16:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\YourScreen
[2010/02/28 08:55:45 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E6547FF9-161E-4EC0-B28F-80E11A8512DB}.job
 
[color=\"#E56717\"]========== Purity Check ==========[/color]
 
 
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Title: serious issues
Post by: guestolo on March 01, 2010, 02:57:33 PM

Double  click on OTL.exe and Run it

• Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  
  Quote

  :OTL
  O36 - AppCertDlls: ipv6apir - (C:\WINDOWS\system32\auditrol.dll) - C:\WINDOWS\System32\auditrol.dll File not found
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  :Files
  C:\Documents and Settings\Jerame Farnum\DoctorWeb
  C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
  C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
  c:\documents and settings\Melissa Quaranto\Start Menu\Programs\Startup\LimeWire On
  Startup.lnk
  C:\Program Files\Common Files\guculoq._sy
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll
  C:\Program Files\Common Files\yjihaz.dll
  C:\Documents and Settings\All Users\Application Data\obogyciwak.dl
  C:\Program Files\Common Files\hedizirec._sy
  C:\Program Files\Common Files\pewijeh.scr
  C:\Documents and Settings\All Users\Application Data\oxikucy.db
  C:\Documents and Settings\All Users\Application Data\myfaroxul.sys
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban
  C:\Documents and Settings\All Users\Application Data\quhudital.bin
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban
  C:\Program Files\Common Files\kuminyzage.com
  C:\Documents and Settings\All Users\Application Data\aryc.dat
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db
  C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat
  C:\Program Files\Common Files\erywava.scr
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban
  C:\Documents and Settings\All Users\Application Data\xodaruximy.exe
  :Commands
  [EmptyTemp]
  [Reboot]

  
  
• Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
  
• Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition:
Download GMER from one of the following locations and save it to your desktop.

    [color=\"#FF0000\"]GMER Download Link 1[/color] (http://\"http://www.gmer.net/gmer.zip\")
    [color=\"#FF0000\"]GMER Download Link 2[/color] (http://\"http://majorgeeks.com/downloadget.php?id=5198&file=15&evp=3f18075291813a665b2a25536a70b307\")[/b]

Right-click on the gmer.zip  icon and select the Extract all...
Follow the prompts and at the end click on Finish
In Gmer's extracted folder
Double-click on the gmer.exe program. Once you double-click the icon a Windows security warning may appear asking if you are sure you would like to run the program. If this warning appears, please click on the Run  button to allow GMER to start. If no warning appeared then you should just continue with the following:

You will now see the main GMER window. If it gives you a warning about rootkit activity and asks if you want to run a full scan, please click on the NO button.
 We now need to configure GMER to not use some settings. Please ensure that the following settings are UNChecked

• Sections
     
  
• IAT/EAT
     
  
• Drives/Partition other than Systemdrive, which is typically C:\
            Leave only C:\ ticked if that is your normal systemdrive
     
  
• Show All (This is important, so do not miss it.)
  

Click on the Scan button to scan your computer for rootkits. This may take a while, so please be patient. When it has finished you will be back at the main screen
Save the rootkit scan report to your Desktop by clicking on the Save .. button
A screen will open asking where you would like to save the report. Click once on the Desktop button to change to the Desktop folder and then in the File name: field enter gmer.txt. Finally, press the Save button to save the report to your desktop.

Please post that report too

Title: serious issues
Post by: germs on March 01, 2010, 11:55:18 PM

OTL logfile created on: 3/1/2010 8:31:10 PM - Run 3
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Documents and Settings\Jerame Farnum\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.00 Mb Total Physical Memory | 537.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.67 Gb Total Space | 21.82 Gb Free Space | 34.81% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 0.66 Gb Free Space | 5.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ISHNA
Current User Name: Jerame Farnum
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
PRC - [2010/02/19 21:28:20 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/02/11 10:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/04 01:44:18 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/21 23:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/12/13 16:45:58 | 000,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/12/08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005/11/15 14:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/06/19 12:50:08 | 000,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/02/28 13:47:32 | 000,106,496 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/02/28 13:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2004/07/02 11:18:08 | 001,892,352 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wksss.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
MOD - [2005/02/28 13:36:18 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/10/21 14:51:55 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/21 23:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/15 14:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2005/02/28 13:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/02/19 21:28:20 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 21:28:20 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 21:28:20 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 10:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 10:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 10:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 10:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 10:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 10:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/15 14:33:10 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/04/12 02:04:39 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/12 02:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/12 02:04:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/11/28 01:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 14:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 03:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 01:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 01:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 01:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 00:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 02:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 01:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 12:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/05 09:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 09:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/10 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/16 20:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/10 12:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/04/09 11:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com (http://\"http://www.google.com\")
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:0.9945
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/12 19:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 19:30:27 | 000,000,000 | ---D | M]
 
[2009/01/30 17:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Extensions
[2009/06/08 20:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Firefox\Profiles\0gfmqu98.default\extensions
[2009/05/09 05:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Firefox\Profiles\0gfmqu98.default\extensions\[email protected]
[2009/06/09 17:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/09 17:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions(2)
[2009/06/08 14:31:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
 
O1 HOSTS File: ([2010/02/21 23:51:54 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:    127.0.0.1      localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (http://\"http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab\") (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (http://\"http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab\") (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (http://\"http://www2.snapfish.com/SnapfishActivia.cab\") (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1167172544750 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167172544750\") (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (http://\"http://download.divx.com/player/DivXBrowserPlugin.cab\") (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab\") (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (http://\"http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab\") (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\") (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab\") (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab\") (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab\") (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab\") (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab\") (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab\") (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab\") (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\") (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1 65.41.120.51 208.13.143.36
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: ipv6apir - (C:\WINDOWS\system32\auditrol.dll) - C:\WINDOWS\System32\auditrol.dll File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/02/25 22:10:53 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/25 22:10:52 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/25 22:10:49 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/25 22:10:46 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/25 22:10:42 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/25 22:10:42 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/25 22:10:40 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/25 22:10:20 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/25 22:10:20 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/25 22:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/25 22:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/22 06:00:06 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/02/21 23:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerame Farnum\DoctorWeb
[2010/02/21 15:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/02/21 15:07:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/21 14:33:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/02/21 13:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/21 13:21:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/21 13:19:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/21 13:19:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/21 13:19:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/21 13:19:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/21 13:19:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/21 13:18:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/21 11:03:53 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/02/21 11:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Nova Development
[2010/02/20 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nova Development
[2010/02/20 20:08:58 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
[2010/02/20 08:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/19 14:35:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/02/19 14:35:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/02/19 14:35:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/02/19 14:35:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/02/19 14:35:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/02/19 14:35:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/02/19 14:35:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/02/19 14:35:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010/02/19 14:35:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/02/19 14:35:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/02/19 14:35:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/02/19 14:35:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009/06/08 14:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/05 10:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2008/11/05 12:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/08/16 09:20:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/16 09:20:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/07/17 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/04 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/06/18 23:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[198 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/03/01 19:12:34 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/03/01 19:12:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/01 18:19:44 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E6547FF9-161E-4EC0-B28F-80E11A8512DB}.job
[2010/03/01 06:31:38 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/01 06:31:38 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/01 06:31:38 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/01 06:27:34 | 000,013,504 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/03/01 06:27:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 06:27:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/01 06:27:05 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/01 06:26:03 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\ntuser.dat
[2010/03/01 06:25:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jerame Farnum\ntuser.ini
[2010/03/01 06:25:28 | 002,108,750 | -H-- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\IconCache.db
[2010/02/25 22:10:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/25 22:10:43 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 20:57:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 19:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/21 23:51:54 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/21 23:30:39 | 031,715,272 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
[2010/02/21 15:31:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/21 13:30:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/21 13:21:59 | 000,000,279 | RHS- | M] () -- C:\boot. ini
[2010/02/21 13:15:52 | 003,868,001 | R--- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\ComboFix.exe
[2010/02/20 20:34:46 | 000,399,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
[2010/02/20 20:08:42 | 001,529,241 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\SDFix.exe
[2010/02/20 08:25:47 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\HiJackThis.lnk
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpFCFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpEFFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD20D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB70D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp17FC3.FOT
[2010/02/11 13:41:03 | 000,002,519 | ---- | M] () -- C:\WINDOWS\System32\selfeval106.rtf
[2010/02/11 10:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 10:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 10:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 10:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 10:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 10:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 10:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 10:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 10:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/05 17:31:13 | 000,001,943 | ---- | M] () -- C:\WINDOWS\win.ini
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[198 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/02/25 22:10:54 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/21 23:30:36 | 031,715,272 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
[2010/02/21 14:35:38 | 937,676,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/21 13:21:59 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/02/21 13:21:56 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/21 13:19:35 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/21 13:19:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/21 13:19:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/21 13:19:35 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/21 13:19:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/21 13:15:52 | 003,868,001 | R--- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\ComboFix.exe
[2010/02/21 11:04:42 | 000,222,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/20 20:08:42 | 001,529,241 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\SDFix.exe
[2010/02/20 08:16:34 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\HiJackThis.lnk
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpFCFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpEFFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpD20D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB70D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp17FC3.FOT
[2010/02/11 12:27:47 | 000,002,519 | ---- | C] () -- C:\WINDOWS\System32\selfeval106.rtf
[2009/01/11 21:05:44 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/11 21:05:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/01 03:39:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/03 21:16:55 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/03/12 09:07:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/25 14:44:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/02/24 22:32:58 | 000,014,980 | ---- | C] () -- C:\Program Files\Common Files\guculoq._sy
[2008/02/24 22:32:58 | 000,013,769 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll
[2008/02/24 22:32:58 | 000,011,325 | ---- | C] () -- C:\Program Files\Common Files\yjihaz.dll
[2008/02/24 22:32:58 | 000,010,588 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\obogyciwak.dl
[2008/02/24 22:32:58 | 000,010,190 | ---- | C] () -- C:\Program Files\Common Files\hedizirec._sy
[2008/02/24 22:32:57 | 000,015,853 | ---- | C] () -- C:\Program Files\Common Files\pewijeh.scr
[2008/02/24 22:32:57 | 000,015,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oxikucy.db
[2008/02/24 22:32:57 | 000,011,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\myfaroxul.sys
[2008/02/24 22:32:57 | 000,011,153 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban
[2008/02/16 01:01:40 | 000,019,852 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\quhudital.bin
[2008/02/16 01:01:40 | 000,019,366 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban
[2008/02/16 01:01:40 | 000,018,508 | ---- | C] () -- C:\Program Files\Common Files\kuminyzage.com
[2008/02/16 01:01:40 | 000,017,190 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\aryc.dat
[2008/02/16 01:01:40 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban
[2008/02/16 01:01:40 | 000,012,072 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db
[2008/02/16 01:01:40 | 000,011,738 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat
[2008/02/16 01:01:40 | 000,011,652 | ---- | C] () -- C:\Program Files\Common Files\erywava.scr
[2008/02/16 01:01:40 | 000,010,125 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban
[2008/02/16 01:01:40 | 000,010,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xodaruximy.exe
[2008/01/27 16:22:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/10/21 17:13:29 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2007/04/30 18:28:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/14 21:48:20 | 000,002,582 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\wklnhst.dat
[2007/01/10 10:17:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/12/26 19:52:59 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\fusioncache.dat
[2006/12/26 13:42:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/26 13:34:21 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/19 00:55:13 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/19 00:53:19 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/19 00:37:38 | 000,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/19 00:18:26 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/19 00:16:00 | 000,003,583 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 02:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/17 09:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 09:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
 
[color=\"#E56717\"]========== Custom Scans ==========[/color]
 
 
[color=\"#A23BEC\"]< :OTL >[/color]
 
[color=\"#A23BEC\"]< O36 - AppCertDlls: ipv6apir - (C:\WINDOWS\system32\auditrol.dll) - C:\WINDOWS\System32\auditrol.dll File not found >[/color]
 
[color=\"#A23BEC\"]< :Reg >[/color]
 
[color=\"#A23BEC\"]< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >[/color]
 
[color=\"#A23BEC\"]< "QuickTime Task"=- >[/color]
 
[color=\"#A23BEC\"]< :Files >[/color]
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\DoctorWeb >[/color]
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe >[/color]
[2010/02/21 23:30:39 | 031,715,272 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk >[/color]
[2010/03/01 19:12:34 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
 
[color=\"#A23BEC\"]< c:\documents and settings\Melissa Quaranto\Start Menu\Programs\Startup\LimeWire On >[/color]
 
[color=\"#A23BEC\"]< Startup.lnk >[/color]
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\guculoq._sy >[/color]
[2008/02/24 22:32:58 | 000,014,980 | ---- | M] () -- C:\Program Files\Common Files\guculoq._sy
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll >[/color]
[2008/02/24 22:32:58 | 000,013,769 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\yjihaz.dll >[/color]
[2008/02/24 22:32:58 | 000,011,325 | ---- | M] () -- C:\Program Files\Common Files\yjihaz.dll
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\obogyciwak.dl >[/color]
[2008/02/24 22:32:58 | 000,010,588 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\obogyciwak.dl
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\hedizirec._sy >[/color]
[2008/02/24 22:32:58 | 000,010,190 | ---- | M] () -- C:\Program Files\Common Files\hedizirec._sy
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\pewijeh.scr >[/color]
[2008/02/24 22:32:57 | 000,015,853 | ---- | M] () -- C:\Program Files\Common Files\pewijeh.scr
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\oxikucy.db >[/color]
[2008/02/24 22:32:57 | 000,015,538 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\oxikucy.db
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\myfaroxul.sys >[/color]
[2008/02/24 22:32:57 | 000,011,350 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\myfaroxul.sys
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban >[/color]
[2008/02/24 22:32:57 | 000,011,153 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\quhudital.bin >[/color]
[2008/02/16 01:01:40 | 000,019,852 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\quhudital.bin
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban >[/color]
[2008/02/16 01:01:40 | 000,019,366 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\kuminyzage.com >[/color]
[2008/02/16 01:01:40 | 000,018,508 | ---- | M] () -- C:\Program Files\Common Files\kuminyzage.com
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\aryc.dat >[/color]
[2008/02/16 01:01:40 | 000,017,190 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\aryc.dat
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban >[/color]
[2008/02/16 01:01:40 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db >[/color]
[2008/02/16 01:01:40 | 000,012,072 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat >[/color]
[2008/02/16 01:01:40 | 000,011,738 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\erywava.scr >[/color]
[2008/02/16 01:01:40 | 000,011,652 | ---- | M] () -- C:\Program Files\Common Files\erywava.scr
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban >[/color]
[2008/02/16 01:01:40 | 000,010,125 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\xodaruximy.exe >[/color]
[2008/02/16 01:01:40 | 000,010,040 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xodaruximy.exe
 
[color=\"#A23BEC\"]< :Commands >[/color]
 
[color=\"#A23BEC\"]< [EmptyTemp] >[/color]
 
[color=\"#A23BEC\"]< [Reboot] >[/color]
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Title: serious issues
Post by: guestolo on March 02, 2010, 12:05:06 AM

When you pasted the fix in quotes I had to OTL.exe you then clicked on the Run Scan button, not the Run Fix

Please follow these instructions closely
Double  click on OTL.exe and Run it

• Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  
  Quote

  :OTL
  O36 - AppCertDlls: ipv6apir - (C:\WINDOWS\system32\auditrol.dll) - C:\WINDOWS\System32\auditrol.dll File not found
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  :Files
  C:\Documents and Settings\Jerame Farnum\DoctorWeb
  C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
  C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
  c:\documents and settings\Melissa Quaranto\Start Menu\Programs\Startup\LimeWire On
  Startup.lnk
  C:\Program Files\Common Files\guculoq._sy
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll
  C:\Program Files\Common Files\yjihaz.dll
  C:\Documents and Settings\All Users\Application Data\obogyciwak.dl
  C:\Program Files\Common Files\hedizirec._sy
  C:\Program Files\Common Files\pewijeh.scr
  C:\Documents and Settings\All Users\Application Data\oxikucy.db
  C:\Documents and Settings\All Users\Application Data\myfaroxul.sys
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban
  C:\Documents and Settings\All Users\Application Data\quhudital.bin
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban
  C:\Program Files\Common Files\kuminyzage.com
  C:\Documents and Settings\All Users\Application Data\aryc.dat
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db
  C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat
  C:\Program Files\Common Files\erywava.scr
  C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban
  C:\Documents and Settings\All Users\Application Data\xodaruximy.exe
  :Commands
  [EmptyTemp]
  [Reboot]

  
  
• Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
  
• Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Title: serious issues
Post by: germs on March 02, 2010, 09:41:28 AM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\ipv6apir:C:\WINDOWS\system32\auditrol.dll deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
========== FILES ==========
C:\Documents and Settings\Jerame Farnum\DoctorWeb\Quarantine folder moved successfully.
C:\Documents and Settings\Jerame Farnum\DoctorWeb folder moved successfully.
C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk moved successfully.
File\Folder c:\documents and settings\Melissa Quaranto\Start Menu\Programs\Startup\LimeWire On not found.
File\Folder Startup.lnk not found.
C:\Program Files\Common Files\guculoq._sy moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll moved successfully.
C:\Program Files\Common Files\yjihaz.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\obogyciwak.dl moved successfully.
C:\Program Files\Common Files\hedizirec._sy moved successfully.
C:\Program Files\Common Files\pewijeh.scr moved successfully.
C:\Documents and Settings\All Users\Application Data\oxikucy.db moved successfully.
C:\Documents and Settings\All Users\Application Data\myfaroxul.sys moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\quhudital.bin moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban moved successfully.
C:\Program Files\Common Files\kuminyzage.com moved successfully.
C:\Documents and Settings\All Users\Application Data\aryc.dat moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db moved successfully.
C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat moved successfully.
C:\Program Files\Common Files\erywava.scr moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\xodaruximy.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2014696 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Jerame Farnum
->Temp folder emptied: 45690902 bytes
->Temporary Internet Files folder emptied: 440186038 bytes
->Java cache emptied: 683236 bytes
->FireFox cache emptied: 52429235 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Melissa Quaranto
->Temp folder emptied: 23444622 bytes
->Temporary Internet Files folder emptied: 185288381 bytes
->Java cache emptied: 23969248 bytes
->FireFox cache emptied: 62706194 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 533900 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4631665 bytes
%systemroot%\System32 .tmp files removed: 153122980 bytes
%systemroot%\System32\dllcache .tmp files removed: 1685504 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21278360 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 971.00 mb
 
 
OTL by OldTimer - Version 3.1.30.1 log created on 03022010_060909

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Title: serious issues
Post by: germs on March 02, 2010, 09:42:46 AM

GMER 1.0.15.15281 - http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2010-03-02 06:06:41
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JERAME~1\LOCALS~1\Temp\uxtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwClose [0xEDF89C5A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwCreateKey [0xEDF89B16]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwDeleteKey [0xEDF8A0CA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwDeleteValueKey [0xEDF89FF4]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwDuplicateObject [0xEDF896EC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwOpenKey [0xEDF89BF0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwOpenProcess [0xEDF8962C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwOpenThread [0xEDF89690]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwQueryValueKey [0xEDF89D10]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwRenameKey [0xEDF8A198]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwRestoreKey [0xEDF89CD0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwSetValueKey [0xEDF89E50]
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xEE09B320]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwCreateProcessEx [0xEDF964FE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwCreateSection [0xEDF96322]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwLoadDriver [0xEDF9645C]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          NtCreateSection
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                         aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                         aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device          \FileSystem\Fastfat \FatCdrom                                                                                  aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                       aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                        SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                        EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                        SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                        EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                    aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \FileSystem\Fastfat \Fat                                                                                       aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                       fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                       aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Title: serious issues
Post by: guestolo on March 02, 2010, 09:49:04 AM

How is everything running on your end now?

Title: serious issues
Post by: germs on March 03, 2010, 08:39:14 PM

The general performance of the laptop is pretty good, thank you. I'm stoked about the firewall being enabled, and your reccomendation for installing avast seems to be paying off. I have a couple of lingering concerns that I'd like to run by you before we wrap this up.

1. Firefox was the browser that my wife was using when we became infected, and since that incident it will not run at all, even in safe mode, and it will not uninstall no matter what I try.

2. when my wife logs on under her settings, the computer slows down, and when I run super antispyware, tracking cookies keep showing up in her system files. She uses the internet for school, and other activities daily. it seems to me that she's revisiting sites that are hotspots for adware. Also I think a bunch of programs come on at the time of her start ups.
 
thoughts?

Title: serious issues
Post by: guestolo on March 06, 2010, 12:55:54 PM

How many users on this computer?
Is the wifes profile the only slow one that you noticed?

Title: serious issues
Post by: germs on March 07, 2010, 05:21:05 PM

two profiles, me and my wife. i run photoshop, and animation programs simultaneously, and she has difficulty doing everyday stuff under her settings.

Title: serious issues
Post by: guestolo on March 07, 2010, 07:01:15 PM

The wife's profile may just be corrupt, we can fix that
But one more scan with OTL please

Reopen OTL.exe, put a tick in "Scan All Users" at the top
Then click on "Run Scan"
Post the new log that opens