« previous next »
Pages: 1 [2]

Author Topic: serious issues  (Read 2835 times)

Offline germs

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
serious issues
« Reply #20 on: March 01, 2010, 11:55:18 PM »
OTL logfile created on: 3/1/2010 8:31:10 PM - Run 3
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Documents and Settings\Jerame Farnum\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.00 Mb Total Physical Memory | 537.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.67 Gb Total Space | 21.82 Gb Free Space | 34.81% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 0.66 Gb Free Space | 5.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ISHNA
Current User Name: Jerame Farnum
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
PRC - [2010/02/19 21:28:20 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/02/11 10:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/04 01:44:18 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/21 23:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/12/13 16:45:58 | 000,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/12/08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2005/11/15 14:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/06/19 12:50:08 | 000,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/02/28 13:47:32 | 000,106,496 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/02/28 13:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2004/07/02 11:18:08 | 001,892,352 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wksss.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
MOD - [2005/02/28 13:36:18 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 10:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/10/21 14:51:55 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/21 23:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/15 14:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/10 14:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2005/02/28 13:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/02/19 21:28:20 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 21:28:20 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 21:28:20 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 10:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 10:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 10:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 10:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 10:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 10:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/15 14:33:10 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/04/12 02:04:39 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/12 02:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/12 02:04:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/11/28 01:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 14:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 03:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 01:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 01:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 01:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 00:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 02:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 01:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 12:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/05 09:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 09:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/10 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/16 20:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/10 12:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/04/09 11:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:0.9945
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/12 19:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 19:30:27 | 000,000,000 | ---D | M]
 
[2009/01/30 17:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Extensions
[2009/06/08 20:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Firefox\Profiles\0gfmqu98.default\extensions
[2009/05/09 05:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerame Farnum\Application Data\Mozilla\Firefox\Profiles\0gfmqu98.default\extensions\[email protected]
[2009/06/09 17:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/09 17:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions(2)
[2009/06/08 14:31:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
 
O1 HOSTS File: ([2010/02/21 23:51:54 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:    127.0.0.1      localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Nova Development\Photo Explosion\4.0\ReminderApp.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1167172544750 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1 65.41.120.51 208.13.143.36
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: ipv6apir - (C:\WINDOWS\system32\auditrol.dll) - C:\WINDOWS\System32\auditrol.dll File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/02/25 22:10:53 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/25 22:10:52 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/25 22:10:49 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/25 22:10:46 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/25 22:10:42 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/25 22:10:42 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/25 22:10:40 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/25 22:10:20 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/25 22:10:20 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/25 22:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/25 22:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/22 06:00:06 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/02/21 23:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerame Farnum\DoctorWeb
[2010/02/21 15:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/02/21 15:07:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/21 14:33:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/02/21 13:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/21 13:21:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/21 13:19:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/21 13:19:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/21 13:19:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/21 13:19:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/21 13:19:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/21 13:18:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/21 11:03:53 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/02/21 11:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\Nova Development
[2010/02/20 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nova Development
[2010/02/20 20:08:58 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
[2010/02/20 08:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/19 14:35:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/02/19 14:35:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/02/19 14:35:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/02/19 14:35:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/02/19 14:35:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/02/19 14:35:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/02/19 14:35:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/02/19 14:35:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010/02/19 14:35:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/02/19 14:35:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/02/19 14:35:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/02/19 14:35:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009/06/08 14:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/05 10:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2008/11/05 12:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/08/16 09:20:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/16 09:20:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/07/17 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/04 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/06/18 23:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[198 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/03/01 19:12:34 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/03/01 19:12:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/01 18:19:44 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E6547FF9-161E-4EC0-B28F-80E11A8512DB}.job
[2010/03/01 06:31:38 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/01 06:31:38 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/01 06:31:38 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/01 06:27:34 | 000,013,504 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/03/01 06:27:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 06:27:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/01 06:27:05 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/01 06:26:03 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\ntuser.dat
[2010/03/01 06:25:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jerame Farnum\ntuser.ini
[2010/03/01 06:25:28 | 002,108,750 | -H-- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\IconCache.db
[2010/02/25 22:10:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/25 22:10:43 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 20:57:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 19:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/21 23:51:54 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/21 23:30:39 | 031,715,272 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
[2010/02/21 15:31:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/21 13:30:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/21 13:21:59 | 000,000,279 | RHS- | M] () -- C:\boot. ini
[2010/02/21 13:15:52 | 003,868,001 | R--- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\ComboFix.exe
[2010/02/20 20:34:46 | 000,399,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/20 20:09:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerame Farnum\Desktop\OTL.exe
[2010/02/20 20:08:42 | 001,529,241 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\SDFix.exe
[2010/02/20 08:25:47 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\HiJackThis.lnk
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpFCFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpEFFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpD20D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB70D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp17FC3.FOT
[2010/02/11 13:41:03 | 000,002,519 | ---- | M] () -- C:\WINDOWS\System32\selfeval106.rtf
[2010/02/11 10:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 10:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 10:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 10:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 10:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 10:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 10:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 10:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 10:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/05 17:31:13 | 000,001,943 | ---- | M] () -- C:\WINDOWS\win.ini
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[198 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/02/25 22:10:54 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/21 23:30:36 | 031,715,272 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
[2010/02/21 14:35:38 | 937,676,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/21 13:21:59 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/02/21 13:21:56 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/21 13:19:35 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/21 13:19:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/21 13:19:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/21 13:19:35 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/21 13:19:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/21 13:15:52 | 003,868,001 | R--- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\ComboFix.exe
[2010/02/21 11:04:42 | 000,222,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/20 20:08:42 | 001,529,241 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\SDFix.exe
[2010/02/20 08:16:34 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Desktop\HiJackThis.lnk
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpFCFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpEFFC3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpD20D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpB70D3.FOT
[2010/02/11 20:05:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp17FC3.FOT
[2010/02/11 12:27:47 | 000,002,519 | ---- | C] () -- C:\WINDOWS\System32\selfeval106.rtf
[2009/01/11 21:05:44 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/11 21:05:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/01 03:39:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/03 21:16:55 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/03/12 09:07:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/25 14:44:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/02/24 22:32:58 | 000,014,980 | ---- | C] () -- C:\Program Files\Common Files\guculoq._sy
[2008/02/24 22:32:58 | 000,013,769 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll
[2008/02/24 22:32:58 | 000,011,325 | ---- | C] () -- C:\Program Files\Common Files\yjihaz.dll
[2008/02/24 22:32:58 | 000,010,588 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\obogyciwak.dl
[2008/02/24 22:32:58 | 000,010,190 | ---- | C] () -- C:\Program Files\Common Files\hedizirec._sy
[2008/02/24 22:32:57 | 000,015,853 | ---- | C] () -- C:\Program Files\Common Files\pewijeh.scr
[2008/02/24 22:32:57 | 000,015,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oxikucy.db
[2008/02/24 22:32:57 | 000,011,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\myfaroxul.sys
[2008/02/24 22:32:57 | 000,011,153 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban
[2008/02/16 01:01:40 | 000,019,852 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\quhudital.bin
[2008/02/16 01:01:40 | 000,019,366 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban
[2008/02/16 01:01:40 | 000,018,508 | ---- | C] () -- C:\Program Files\Common Files\kuminyzage.com
[2008/02/16 01:01:40 | 000,017,190 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\aryc.dat
[2008/02/16 01:01:40 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban
[2008/02/16 01:01:40 | 000,012,072 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db
[2008/02/16 01:01:40 | 000,011,738 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat
[2008/02/16 01:01:40 | 000,011,652 | ---- | C] () -- C:\Program Files\Common Files\erywava.scr
[2008/02/16 01:01:40 | 000,010,125 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban
[2008/02/16 01:01:40 | 000,010,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xodaruximy.exe
[2008/01/27 16:22:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/10/21 17:13:29 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2007/04/30 18:28:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/14 21:48:20 | 000,002,582 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Application Data\wklnhst.dat
[2007/01/10 10:17:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/12/26 19:52:59 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\fusioncache.dat
[2006/12/26 13:42:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/26 13:34:21 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/19 00:55:13 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/19 00:53:19 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/19 00:37:38 | 000,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/19 00:18:26 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/19 00:16:00 | 000,003,583 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 02:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/17 09:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 09:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
 
[color=\"#E56717\"]========== Custom Scans ==========[/color]
 
 
[color=\"#A23BEC\"]< :OTL >[/color]
 
[color=\"#A23BEC\"]< O36 - AppCertDlls: ipv6apir - (C:\WINDOWS\system32\auditrol.dll) - C:\WINDOWS\System32\auditrol.dll File not found >[/color]
 
[color=\"#A23BEC\"]< :Reg >[/color]
 
[color=\"#A23BEC\"]< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >[/color]
 
[color=\"#A23BEC\"]< "QuickTime Task"=- >[/color]
 
[color=\"#A23BEC\"]< :Files >[/color]
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\DoctorWeb >[/color]
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe >[/color]
[2010/02/21 23:30:39 | 031,715,272 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk >[/color]
[2010/03/01 19:12:34 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
 
[color=\"#A23BEC\"]< c:\documents and settings\Melissa Quaranto\Start Menu\Programs\Startup\LimeWire On >[/color]
 
[color=\"#A23BEC\"]< Startup.lnk >[/color]
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\guculoq._sy >[/color]
[2008/02/24 22:32:58 | 000,014,980 | ---- | M] () -- C:\Program Files\Common Files\guculoq._sy
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll >[/color]
[2008/02/24 22:32:58 | 000,013,769 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\yjihaz.dll >[/color]
[2008/02/24 22:32:58 | 000,011,325 | ---- | M] () -- C:\Program Files\Common Files\yjihaz.dll
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\obogyciwak.dl >[/color]
[2008/02/24 22:32:58 | 000,010,588 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\obogyciwak.dl
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\hedizirec._sy >[/color]
[2008/02/24 22:32:58 | 000,010,190 | ---- | M] () -- C:\Program Files\Common Files\hedizirec._sy
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\pewijeh.scr >[/color]
[2008/02/24 22:32:57 | 000,015,853 | ---- | M] () -- C:\Program Files\Common Files\pewijeh.scr
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\oxikucy.db >[/color]
[2008/02/24 22:32:57 | 000,015,538 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\oxikucy.db
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\myfaroxul.sys >[/color]
[2008/02/24 22:32:57 | 000,011,350 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\myfaroxul.sys
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban >[/color]
[2008/02/24 22:32:57 | 000,011,153 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\quhudital.bin >[/color]
[2008/02/16 01:01:40 | 000,019,852 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\quhudital.bin
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban >[/color]
[2008/02/16 01:01:40 | 000,019,366 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\kuminyzage.com >[/color]
[2008/02/16 01:01:40 | 000,018,508 | ---- | M] () -- C:\Program Files\Common Files\kuminyzage.com
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\aryc.dat >[/color]
[2008/02/16 01:01:40 | 000,017,190 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\aryc.dat
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban >[/color]
[2008/02/16 01:01:40 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db >[/color]
[2008/02/16 01:01:40 | 000,012,072 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat >[/color]
[2008/02/16 01:01:40 | 000,011,738 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat
 
[color=\"#A23BEC\"]< C:\Program Files\Common Files\erywava.scr >[/color]
[2008/02/16 01:01:40 | 000,011,652 | ---- | M] () -- C:\Program Files\Common Files\erywava.scr
 
[color=\"#A23BEC\"]< C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban >[/color]
[2008/02/16 01:01:40 | 000,010,125 | ---- | M] () -- C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban
 
[color=\"#A23BEC\"]< C:\Documents and Settings\All Users\Application Data\xodaruximy.exe >[/color]
[2008/02/16 01:01:40 | 000,010,040 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xodaruximy.exe
 
[color=\"#A23BEC\"]< :Commands >[/color]
 
[color=\"#A23BEC\"]< [EmptyTemp] >[/color]
 
[color=\"#A23BEC\"]< [Reboot] >[/color]
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
« Last Edit: March 02, 2010, 12:07:24 AM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
serious issues
« Reply #21 on: March 02, 2010, 12:05:06 AM »
When you pasted the fix in quotes I had to OTL.exe you then clicked on the Run Scan button, not the Run Fix

Please follow these instructions closely
Double  click on OTL.exe and Run it
  • Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    Quote
    :OTL
    O36 - AppCertDlls: ipv6apir - (C:\WINDOWS\system32\auditrol.dll) - C:\WINDOWS\System32\auditrol.dll File not found
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    :Files
    C:\Documents and Settings\Jerame Farnum\DoctorWeb
    C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    c:\documents and settings\Melissa Quaranto\Start Menu\Programs\Startup\LimeWire On
    Startup.lnk
    C:\Program Files\Common Files\guculoq._sy
    C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll
    C:\Program Files\Common Files\yjihaz.dll
    C:\Documents and Settings\All Users\Application Data\obogyciwak.dl
    C:\Program Files\Common Files\hedizirec._sy
    C:\Program Files\Common Files\pewijeh.scr
    C:\Documents and Settings\All Users\Application Data\oxikucy.db
    C:\Documents and Settings\All Users\Application Data\myfaroxul.sys
    C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban
    C:\Documents and Settings\All Users\Application Data\quhudital.bin
    C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban
    C:\Program Files\Common Files\kuminyzage.com
    C:\Documents and Settings\All Users\Application Data\aryc.dat
    C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban
    C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db
    C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat
    C:\Program Files\Common Files\erywava.scr
    C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban
    C:\Documents and Settings\All Users\Application Data\xodaruximy.exe
    :Commands
    [EmptyTemp]
    [Reboot]

  • Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline germs

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
serious issues
« Reply #22 on: March 02, 2010, 09:41:28 AM »
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\ipv6apir:C:\WINDOWS\system32\auditrol.dll deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
========== FILES ==========
C:\Documents and Settings\Jerame Farnum\DoctorWeb\Quarantine folder moved successfully.
C:\Documents and Settings\Jerame Farnum\DoctorWeb folder moved successfully.
C:\Documents and Settings\Jerame Farnum\Desktop\drweb-cureit.exe moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk moved successfully.
File\Folder c:\documents and settings\Melissa Quaranto\Start Menu\Programs\Startup\LimeWire On not found.
File\Folder Startup.lnk not found.
C:\Program Files\Common Files\guculoq._sy moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ekixesy.dll moved successfully.
C:\Program Files\Common Files\yjihaz.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\obogyciwak.dl moved successfully.
C:\Program Files\Common Files\hedizirec._sy moved successfully.
C:\Program Files\Common Files\pewijeh.scr moved successfully.
C:\Documents and Settings\All Users\Application Data\oxikucy.db moved successfully.
C:\Documents and Settings\All Users\Application Data\myfaroxul.sys moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\wofo.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\quhudital.bin moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\esozeduve.ban moved successfully.
C:\Program Files\Common Files\kuminyzage.com moved successfully.
C:\Documents and Settings\All Users\Application Data\aryc.dat moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\owym.ban moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ajodegeqep.db moved successfully.
C:\Documents and Settings\Jerame Farnum\Application Data\qyfuxyq.dat moved successfully.
C:\Program Files\Common Files\erywava.scr moved successfully.
C:\Documents and Settings\Jerame Farnum\Local Settings\Application Data\ykyjoq.ban moved successfully.
C:\Documents and Settings\All Users\Application Data\xodaruximy.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2014696 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Jerame Farnum
->Temp folder emptied: 45690902 bytes
->Temporary Internet Files folder emptied: 440186038 bytes
->Java cache emptied: 683236 bytes
->FireFox cache emptied: 52429235 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Melissa Quaranto
->Temp folder emptied: 23444622 bytes
->Temporary Internet Files folder emptied: 185288381 bytes
->Java cache emptied: 23969248 bytes
->FireFox cache emptied: 62706194 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 533900 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4631665 bytes
%systemroot%\System32 .tmp files removed: 153122980 bytes
%systemroot%\System32\dllcache .tmp files removed: 1685504 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21278360 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 971.00 mb
 
 
OTL by OldTimer - Version 3.1.30.1 log created on 03022010_060909

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Logged

Offline germs

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
serious issues
« Reply #23 on: March 02, 2010, 09:42:46 AM »
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-02 06:06:41
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JERAME~1\LOCALS~1\Temp\uxtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwClose [0xEDF89C5A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwCreateKey [0xEDF89B16]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwDeleteKey [0xEDF8A0CA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwDeleteValueKey [0xEDF89FF4]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwDuplicateObject [0xEDF896EC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwOpenKey [0xEDF89BF0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwOpenProcess [0xEDF8962C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwOpenThread [0xEDF89690]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwQueryValueKey [0xEDF89D10]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwRenameKey [0xEDF8A198]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwRestoreKey [0xEDF89CD0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwSetValueKey [0xEDF89E50]
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xEE09B320]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwCreateProcessEx [0xEDF964FE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwCreateSection [0xEDF96322]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ZwLoadDriver [0xEDF9645C]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          NtCreateSection
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                          ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                         aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                         aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device          \FileSystem\Fastfat \FatCdrom                                                                                  aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                       aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                        SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                        EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                        SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                        EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                    aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \FileSystem\Fastfat \Fat                                                                                       aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                       fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                       aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----
« Last Edit: March 02, 2010, 09:48:30 AM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
serious issues
« Reply #24 on: March 02, 2010, 09:49:04 AM »
How is everything running on your end now?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline germs

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
serious issues
« Reply #25 on: March 03, 2010, 08:39:14 PM »
The general performance of the laptop is pretty good, thank you. I'm stoked about the firewall being enabled, and your reccomendation for installing avast seems to be paying off. I have a couple of lingering concerns that I'd like to run by you before we wrap this up.

1. Firefox was the browser that my wife was using when we became infected, and since that incident it will not run at all, even in safe mode, and it will not uninstall no matter what I try.

2. when my wife logs on under her settings, the computer slows down, and when I run super antispyware, tracking cookies keep showing up in her system files. She uses the internet for school, and other activities daily. it seems to me that she's revisiting sites that are hotspots for adware. Also I think a bunch of programs come on at the time of her start ups.
 
thoughts?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
serious issues
« Reply #26 on: March 06, 2010, 12:55:54 PM »
How many users on this computer?
Is the wifes profile the only slow one that you noticed?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline germs

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
serious issues
« Reply #27 on: March 07, 2010, 05:21:05 PM »
two profiles, me and my wife. i run photoshop, and animation programs simultaneously, and she has difficulty doing everyday stuff under her settings.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
serious issues
« Reply #28 on: March 07, 2010, 07:01:15 PM »
The wife's profile may just be corrupt, we can fix that
But one more scan with OTL please

Reopen OTL.exe, put a tick in "Scan All Users" at the top
Then click on "Run Scan"
Post the new log that opens
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 [2]
« previous next »