dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
4536
share rss forum feed

sagan45

join:2012-03-22
Parker, CO

1 edit

[Malware] Google / Firefox Redirects

Greetings,

Problem: Clicking on a Google search redirects me to:

63.209.69.107
click.get-answers-fast.com
www.happili.com

Here are all the requested logs:
(in seperate posts, I keep hitting a 65k wall)
------------------------------------------
MBAM log

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Bill :: WRIGHT2 [administrator]

Protection: Enabled

3/20/2012 11:13:47 AM
mbam-log-2012-03-20 (11-13-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 525137
Time elapsed: 4 hour(s), 10 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\XP Deluxe Protector (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Documents and Settings\Bill\XP Deluxe Protector (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.

Files Detected: 14
C:\Documents and Settings\Bill\Desktop\DESK-2012\Google SketchUp-8 Software & Books\Google_SketchUP_PRO_8.0.4811\Crk\Patch google.sketchup.pro.8.0.4811-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Games\Valve\Portal-Valve\oggdec.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\NewsLeecher\crack-newslech38final.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\Thinstall\Advanced System Optimizer\4000001700002i\HighestAvailable.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\DESK-2012\Google SketchUp-8 Software & Books\Google_SketchUP_PRO_8.0.4811\Crk\keygen google.sketchup.pro.8.0.4811-MPT.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\RS-Downloads-2\Acronis True Image 11-keygen\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\Leslie-2010\Leslie - computers-INSTALL - DOWNLOADS\Acronis True Image 11-keygen\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\PCA-Project--ALL\Batch Watermark Creator v7.0.2\Batch Watermark Creator.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\PCA-Project--ALL\Batch Watermark Creator v7.0.2\Stubs\3db2aa111126ce7632e25c471e9ce5866358170\ImgEditor.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\PCA-Project--ALL\Batch Watermark Creator v7.0.2\Stubs\ffa483a1aca6dd6b3ad4c9464520f77994721a82\TplEditor.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Application Data\Thinstall\Cache\Stubs\e9316e47a7949413cc2a88267a8fae2574bb9e2\DfsdkS.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gdi32lib.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\XP Deluxe Protector\1.exe (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\XP Deluxe Protector\xpdeluxe.exe (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.

(end)
------------------------------------------

Many thanks for your help!


sagan45

join:2012-03-22
Parker, CO

OTL logfile created on: 3/20/2012 5:35:57 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.27% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 86.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 137.12 Gb Free Space | 29.44% Space Free | Partition Type: NTFS

Computer Name: WRIGHT2 | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/03/20 09:16:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance\OTL.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/31 08:55:38 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/10/16 17:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 17:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 17:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 15:31:27 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2007/02/09 15:56:06 | 000,361,040 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe
PRC - [2003/12/25 18:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
PRC - [2003/10/23 04:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe
PRC - [2003/09/26 21:03:36 | 000,888,832 | ---- | M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe
PRC - [2003/07/29 21:04:06 | 000,630,272 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe
PRC - [1999/08/31 04:36:00 | 000,778,240 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt32\snagit32.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/03/20 00:43:07 | 001,744,896 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032000\algo.dll
MOD - [2011/03/27 13:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/16 16:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files\Seagate\DiscWizard\fox.dll
MOD - [2004/01/22 18:36:28 | 000,120,832 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/01/05 00:27:36 | 000,565,248 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll
MOD - [2003/12/25 18:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
MOD - [2003/12/25 18:53:08 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll
MOD - [2003/10/23 04:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe
MOD - [2003/09/26 21:03:36 | 000,888,832 | ---- | M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe
MOD - [1998/09/22 07:00:00 | 000,033,792 | ---- | M] () -- C:\Program Files\WinZip\WZSHLEXT.DLL

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/03/04 15:31:27 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/02/09 15:56:06 | 000,361,040 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (CmdAgent)
SRV - [2007/01/25 10:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/01/05 00:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/29 21:04:06 | 000,630,272 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe -- (ERDAS License Server)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbicp.sys -- (uisp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/15 14:12:34 | 000,025,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/08 11:36:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/08/19 08:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/04/16 15:10:30 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/04/16 15:10:30 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/04/16 15:10:28 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/04/16 15:10:25 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010/05/13 09:46:58 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009/09/29 21:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/04 15:31:25 | 000,008,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2008/02/05 21:22:59 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/01/23 01:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007/02/09 15:56:07 | 000,075,520 | ---- | M] (Comodo Research Lab., Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdmon.sys -- (CmdMon)
DRV - [2007/02/09 15:56:07 | 000,051,328 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2007/01/25 10:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2006/11/28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/08/02 09:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/08/19 06:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 19:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 19:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/12/25 18:53:10 | 000,067,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2003/12/25 18:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2003/12/25 18:53:10 | 000,008,440 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2003/07/10 02:40:38 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/07/10 02:38:28 | 000,651,792 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/06/27 01:24:54 | 000,159,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/06/27 01:24:42 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/06/19 20:33:40 | 000,136,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/06/19 20:33:24 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/06/19 20:33:16 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/19 20:33:02 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 19:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/05/22 12:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {A713DAD0-9506-4A26-A8E8-578BCD1D2613}
IE - HKCU\..\SearchScopes\{A713DAD0-9506-4A26-A8E8-578BCD1D2613}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Bill\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Bill\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010/05/28 07:39:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/10 17:02:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 12:27:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 10:09:50 | 000,000,000 | ---D | M]

[2010/12/09 11:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Extensions
[2012/03/20 09:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\extensions
[2012/01/16 09:45:31 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/12/27 08:38:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/31 10:43:28 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2012/02/13 10:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/17 12:27:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/03 10:16:18 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\mozilla firefox\plugins\npdbplug.dll
[2012/02/08 10:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 10:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/13 22:50:07 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\Comodo\Firewall\CPF.exe (COMODO)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKCU..\Run: [Alpha Clock] C:\Program Files\Alpha Clock\aclock.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Update] C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll (eMajix.com, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .m4v - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Scuba-2048x1152.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Scuba-2048x1152.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/09 13:35:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0cceb712-093a-11df-b64c-0013d4abdac8}\Shell\AutoRun\command - "" = G:\SamsungSoftware\APPInst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/03/20 17:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Class-07
[2012/03/20 10:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes
[2012/03/20 10:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/20 10:39:27 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/20 10:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/20 10:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/16 16:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\4_H-2012
[2012/03/16 13:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Styx-The Grand Illusion
[2012/03/16 10:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\CENTRAL AMERICA
[2012/03/16 09:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\CHARTS-misc
[2012/03/16 09:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\WANT-GET
[2012/03/16 09:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\LIBRARYs
[2012/03/15 13:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/15 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/03/15 13:54:19 | 007,150,680 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe
[2012/03/15 12:27:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bill\IECompatCache
[2012/03/13 22:51:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/13 22:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/13 12:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Google hiJack
[2012/03/12 21:23:43 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012/03/07 11:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Star-Path Materials
[2012/03/07 09:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~~~ADE-test
[2012/03/07 09:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/03/03 16:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~~NZBs
[2012/03/03 16:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Forte----------DOWNLOAD
[2012/03/03 15:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Forte
[2012/03/03 15:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Start Menu\Programs\Forte Agent
[2012/03/03 15:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Agent
[2012/03/02 20:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Panama Guide-Zydler-confusion
[2012/03/02 11:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Forte
[2012/03/01 13:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\wilderness-survival.net
[2012/02/26 16:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2012/02/26 16:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Complete National Geographic
[2012/02/26 16:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\natgeo_temp
[2012/02/26 16:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\National Geographic
[2012/02/26 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\National Geographic
[2012/02/22 09:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\PCA-HTML-2012-test
[2012/02/22 09:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\PCA-Project--ALL
[2012/02/22 09:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\GARMIN World Charts!
[2012/02/21 17:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\COPIES from TB-VERIFY

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/03/20 17:38:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/20 15:31:58 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/20 15:31:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/20 15:30:33 | 000,030,072 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/20 15:30:33 | 000,030,072 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/20 15:30:33 | 000,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/20 15:30:33 | 000,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/20 15:30:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/03/20 15:30:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/03/20 15:30:33 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat
[2012/03/20 15:30:33 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat
[2012/03/20 14:56:58 | 002,566,888 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 7-partial.pdf
[2012/03/20 10:42:49 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/20 08:55:02 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/16 18:53:34 | 1468,936,192 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\At.Play.In.The.Fields.of.The.Lord.1991_www.club-classic.com.avi
[2012/03/15 14:12:34 | 000,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/03/15 13:52:16 | 007,150,680 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe
[2012/03/15 13:34:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/03/15 12:52:31 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2012/03/12 21:25:10 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf
[2012/03/12 17:38:55 | 000,726,329 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf
[2012/03/10 17:02:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/09 12:06:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/09 12:06:41 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/06 22:06:08 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf
[2012/03/06 17:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 17:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 17:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 08:34:56 | 006,372,918 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2012/03/03 15:25:13 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk
[2012/02/28 22:03:42 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf
[2012/02/26 16:47:03 | 000,001,023 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Complete National Geographic.lnk
[2012/02/24 12:45:43 | 018,000,054 | ---- | M] () -- C:\WINDOWS\~Miss Reef-Panama-boat 0001-PG.bmp
[2012/02/21 22:09:54 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_21 22_09.rtf
[2012/02/20 19:18:00 | 009,709,338 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Dominican Repiblic Cruising Guide.pdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/03/20 16:55:53 | 002,566,888 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 7-partial.pdf
[2012/03/20 10:39:29 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/16 16:37:17 | 1468,936,192 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\At.Play.In.The.Fields.of.The.Lord.1991_www.club-classic.com.avi
[2012/03/16 16:24:51 | 012,345,782 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Half Life 2 - Triage At Dawn (longer version).mp3
[2012/03/15 13:59:06 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/03/12 21:25:10 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf
[2012/03/12 17:38:54 | 000,726,329 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf
[2012/03/10 13:58:07 | 004,852,889 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Cody-Primitive Technology - II - Ancestral Skills.jpg
[2012/03/07 09:12:52 | 000,001,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/03/06 22:06:08 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf
[2012/03/03 15:25:13 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk
[2012/02/28 22:03:42 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf
[2012/02/26 16:47:03 | 000,001,023 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Complete National Geographic.lnk
[2012/02/24 12:46:03 | 018,000,054 | ---- | C] () -- C:\WINDOWS\~Miss Reef-Panama-boat 0001-PG.bmp
[2012/02/21 22:09:54 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_21 22_09.rtf
[2012/02/20 19:18:00 | 009,709,338 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Dominican Repiblic Cruising Guide.pdf
[2011/11/26 15:40:29 | 000,004,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh
[2011/03/30 14:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/03 10:16:19 | 000,894,616 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2010/10/03 10:16:19 | 000,245,840 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/06/17 15:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/04/30 15:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/10/31 14:01:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CENKEYS
[2007/05/07 09:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2007/05/07 09:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
[2007/05/15 21:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/05/26 15:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2009/01/05 12:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugawi
[2012/03/13 22:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/15 13:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/06/30 08:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/05/26 15:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2011/04/29 17:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/01/08 21:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2009/04/09 23:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/12/07 09:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/04/24 12:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rose Point Navigation Systems
[2008/03/18 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/06/14 16:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sctemp
[2011/04/16 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/10/21 08:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SeaTTY
[2007/05/15 21:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/01/02 10:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/03/05 13:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/07 05:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbsPlus
[2008/01/31 10:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/09/24 12:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2008/02/07 10:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2011/10/20 10:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/06 15:48:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AD4FF8EF-B0C1-424D-B091-EE480EE8C7B5}
[2011/04/29 15:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2007/04/16 12:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Acronis
[2010/01/11 08:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Amazon
[2009/06/21 18:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Auslogics
[2009/04/19 01:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\avidemux
[2011/11/11 13:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\butel
[2007/08/30 10:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Canon
[2008/10/30 13:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CARIS
[2009/06/24 14:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CasaPortale.de
[2012/02/26 16:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2007/05/10 18:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Common Files
[2009/02/16 15:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ContentGuard
[2010/08/31 06:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\DataCast
[2009/06/24 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Design-Lib.Com
[2009/06/19 22:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\DNA
[2007/05/04 17:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\EBookSys
[2007/05/07 09:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\eFax Messenger
[2008/09/18 14:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Feedreader
[2011/05/02 08:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\FileZilla
[2008/07/09 08:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Flickr
[2010/05/28 08:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\foobar2000
[2012/03/03 15:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Forte
[2009/01/05 12:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Fugawi
[2007/06/25 08:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GARMIN
[2010/01/24 11:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Gearbox Software
[2008/02/04 11:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GetRightToGo
[2007/02/14 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Leadertech
[2012/02/11 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\MapTap
[2011/08/30 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Mobipocket
[2008/06/19 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Moyea
[2008/01/22 15:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\NewsBin
[2008/05/22 16:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\NewsLeecher
[2009/04/09 23:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nitro PDF
[2010/12/06 13:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Opera
[2012/01/03 09:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\OverDrive
[2009/05/20 23:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\PolarNavy
[2011/11/11 13:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Radioshack
[2008/01/09 16:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ScanSoft
[2008/01/30 14:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SLAutoSave
[2007/05/15 21:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SlySoft
[2010/05/26 13:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Stellarium
[2007/03/11 12:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Systweak
[2011/11/30 12:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Thinstall
[2010/03/07 05:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ThumbsPlus
[2009/12/04 17:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Unity
[2010/07/24 16:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Vso
[2008/01/09 17:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Zeon

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:25AE869A9B611316
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C581A570
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

sagan45

join:2012-03-22
Parker, CO

OTL Extras - Re: [Malware] Google / Firefox Redirects

OTL Extras logfile created on: 3/20/2012 5:35:57 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.27% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 86.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 137.12 Gb Free Space | 29.44% Space Free | Partition Type: NTFS

Computer Name: WRIGHT2 | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.scr [@ = scrfile] -- "%1" /S "%3"

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S "%3"
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\WS_FTP\ws_ftp95.exe" = C:\Program Files\WS_FTP\ws_ftp95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
"C:\Program Files\Valve\Steam\SteamApps\common\portal 2\portal2.exe" = C:\Program Files\Valve\Steam\SteamApps\common\portal 2\portal2.exe:*:Enabled:Portal 2 -- ()

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{081541FC-89B0-4323-9E3D-23EF13663693}" = ARRL 2009 Handbook
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0C8364B1-AFD8-45B7-ACE8-B76113B6C418}" = FugVS2005
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}" = Volo View Express
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{254A2683-4128-47B1-85DF-7690E6119EC6}" = Garmin BlueChart Americas v9
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{430EE841-F35D-4DF4-8FD1-8F6006E7B126}_is1" = HamSphere 3.0.2.8
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4D92FD47-5138-48D2-B68B-9D0CCFA21CD7}" = Movavi Video Converter 9
"{5414086B-AE06-4332-8A59-26FF0F630D1B}" = Garmin Trip and Waypoint Manager v3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{602A205F-8D02-48EE-8782-262B2103B984}" = ScanSoft PDF Converter 3.0
"{62F79C52-E264-44ab-ABC2-7BEA2962C70D}" = 5500Trb
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{6675E71B-9843-4971-BC15-18AB52801134}" = Dragon NaturallySpeaking 7.0
"{692DF640-F6EE-4BA2-90FD-466B9A23A6B5}_is1" = dirhtml v4.842
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D4E56A1-22EE-44d8-BD14-7B9FB7F80D1B}" = 5500_Help
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C23496-A105-4b6f-B8F0-22523DFE4E4E}" = 5500
"{73DC80A0-6C60-4CCF-AB99-A9C180804886}" = LEAD JPEG 2000 PhotoShop® Plugin
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.2.153
"{76C8A611-8059-44EB-8513-C86A6B3A9C5F}" = Mathcad 2001i Professional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A5022D9-7ECF-4423-97EB-5D7EA8E32F1C}" = Transas Chart Catalogue
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89FDDAE2-D34F-455E-8FB4-4638781AAD68}" = PolarView
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8EBE1DB0-8687-43A7-8781-6445E62CAFA5}" = Nitro PDF Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{977CCCA9-B420-405A-9A4A-2A610F28D10F}" = Opera 11.10
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3D1ABD9-56B2-4857-97F4-792E5D3831F3}" = CARIS Easy View
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6A94280-5EA9-11DA-3D6C-12936E1F4AE1}" = ECU Pro Demo
"{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}" = ScanSoft PDF Create! 3.0
"{AD1FE8DD-0A6A-46E7-9B5F-8A70DD75CA93}" = ThumbsPlus
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8726461-A7C6-4628-A67C-FE5FC5FB3E9F}" = Software for Scanners
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop and Synchronization Software
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C0E97C6E-4B22-4779-903D-BDF4ECDABAED}" = CARIS Easy View
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CC379A36-DB26-4A29-877B-B6CE813FDDD5}" = ATI RADEON 9700 Debevec RNL Demo v1.1
"{CDBFDD5B-50E0-4021-94AF-516B80509ABE}" = 5500Tour
"{CF07A1C9-098F-47DD-99E0-B6558C33871B}" = Garmin MapSource
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DBCF0030-9149-11DE-B8B6-005056C00008}" = Paragon Drive Copy™ 9.5 Personal
"{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Gigabit Adapter
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E0EC3E0A-C0BA-B0F9-1756-92886982623A}" = The Complete National Geographic
"{E17984F8-A920-4889-8B9A-2CBAF9F4203C}_is1" = HL2 os beta 1
"{E6D205C0-3A84-4425-9CCB-5D7F26A63B6C}" = ERDAS IMAGINE 8.7
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7982D9E-D925-4E2E-8C24-1EFF7CCB14C5}" = Garmin BlueChart Americas v8.5
"{F8B6FBC3-C28F-49D9-A00A-16283E9A1180}" = ATI RADEON 9700 Pipe Dream Demo v1.1
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"693218053459EBF14C6505EA1172F17672B50DD1" = Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
"7-Zip" = 7-Zip 4.65
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"ABC Amber Palm Converter" = ABC Amber Palm Converter
"ACDSee 32" = ACDSee 32
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Kindle" = Amazon Kindle
"AnalogX SuperShredder" = AnalogX SuperShredder
"AnyDVD" = AnyDVD
"Applian FLV Player2.0.23" = Applian FLV Player
"ArcExplorer 2.0" = ESRI ArcExplorer 2.0
"ArcExplorer Java Edition" = ArcExplorer Java Edition
"ASUS Probe V2.23.03" = ASUS Probe V2.23.03
"ATI Display Driver" = ATI Display Driver
"AutocompletePro2_is1" = AutocompletePro
"avast" = avast! Free Antivirus
"Avidemux 2.4" = Avidemux 2.4
"Batch PNG to JPG1.51" = Batch PNG to JPG
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Cartes du Ciel" = Cartes du Ciel
"CdaC13Ba" = Cda Product Service - shared component
"CDisplay_is1" = CDisplay 1.8
"Celestia_is1" = Celestia 1.4.1
"Chart Navigator" = Chart Navigator
"CloneDVD2" = CloneDVD2
"Coastal Explorer Trial" = Coastal Explorer Trial
"CoffeeCup" = CoffeeCup Image Mapper++
"CoffeeCup HTML Editor++ 98" = CoffeeCup HTML Editor++ 98
"com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1" = The Complete National Geographic
"COMODO Firewall Pro" = COMODO Firewall Pro
"Cuneiform 6.0" = Cuneiform 6.0
"Digital Editions" = Adobe Digital Editions
"DJ Jukebox" = DJ Jukebox
"DjVuLibre+DjView" = DjVuLibre+DjView
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Earth Explorer 5.0_is1" = Earth Explorer 5.0
"FileZilla Client" = FileZilla Client 3.4.0
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"FlipViewer" = FlipViewer 4.0.0
"FLV Player" = FLV Player 2.0, build 23
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.0306
"foobar2000" = foobar2000 v1.0.3
"Forte Agent" = Forté Agent
"Fugawi45_is1" = Fugawi 4.5
"G4FON Koch Method Morse Trainer" = G4FON Koch Method Morse Trainer
"GIF Construction Set Professional 3" = GIF Construction Set Professional 3
"GoogleVideoPlayer" = Google Video Player
"Half-Life" = Half-Life
"HMS Defiance" = HMS Defiance
"HP Photo & Imaging" = HP Image Zone 3.5
"ICE Book Reader Professional" = ICE Book Reader Professional 8.8
"ie8" = Windows Internet Explorer 8
"Image2PDF OCR v3.2_is1" = Image2PDF OCR v3.2
"InstallShield_{76C8A611-8059-44EB-8513-C86A6B3A9C5F}" = Mathcad 2001i Professional
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"InstallShield_{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Smart Wizard Utility
"IrfanView" = IrfanView (remove only)
"Karen's Directory Printer" = Karen's Directory Printer
"LHTTSENG" = L&H TTS3000 British English
"LifeGlobe Sharks, Terrors of the Deep 2_is1" = LifeGlobe Sharks, Terrors of the Deep 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mathcad 2001i Online Documentation" = Mathcad 2001i Online Documentation
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MrSID Viewer" = MrSID Viewer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Naevius GVI Converter_is1" = Naevius GVI Converter 1.4
"NewsBinGN" = NewsBin for Giganews
"NewsLeecher_is1" = NewsLeecher v3.8 Final
"NOAA Chart Reprojector" = NOAA Chart Reprojector
"Opera 11.61.1250" = Opera 11.61
"Orbitron_is1" = Orbitron - Satellite Tracking System
"Paint Shop Pro 5.0 Evaluation" = Paint Shop Pro 5.0 Evaluation
"PDU Support Files" = PDU Support Files
"PhotoGenetics" = PhotoGenetics
"Poke646 1.0" = Poke646 1.0
"PosteRazor_is1" = PosteRazor
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Pub. 117 Radio Navigational Aids, 2005 Edition" = Pub. 117 Radio Navigational Aids, 2005 Edition
"Pub. 150 World Port Index 2005 Edition" = Pub. 150 World Port Index 2005 Edition
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"Sailing Directions (Enroute) - Pub 126 -- Pacific Islands (7th Ed) 2005" = Sailing Directions (Enroute) - Pub 126 -- Pacific Islands (7th Ed) 2005
"Sailing Directions (Enroute) - Pub 153 -- West Coasts of Mexico and Central America (11th Ed) 2007" = Sailing Directions (Enroute) - Pub 153 -- West Coasts of Mexico and Central America (11th Ed) 2007
"Sailing Directions (Enroute) - Pub 157 -- Coasts of Korea and China (11th Ed) 2007" = Sailing Directions (Enroute) - Pub 157 -- Coasts of Korea and China (11th Ed) 2007
"Sailing Directions (Planning Guide & Enroute) - Pub 200 -- Antarctica (7th Ed) 2007" = Sailing Directions (Planning Guide & Enroute) - Pub 200 -- Antarctica (7th Ed) 2007
"Sailing Directions (Planning Guide) - Pub 120 -- Pacific Ocean and Southeast Asia (5th Ed) 2007" = Sailing Directions (Planning Guide) - Pub 120 -- Pacific Ocean and Southeast Asia (5th Ed) 2007
"Sailing Directions (Planning Guide) - Pub 140 -- North Atlantic Ocean, Baltic Sea, North Sea, and the Mediterranean Sea (5th Ed) 2007" = Sailing Directions (Planning Guide) - Pub 140 -- North Atlantic Ocean, Baltic Sea, North Sea, and the Mediterranean Sea (5th Ed) 2007
"Sailing Directions (Planning Guide) - Pub 160 -- South Atlantic Ocean and Indian Ocean (5th Ed) 2007" = Sailing Directions (Planning Guide) - Pub 160 -- South Atlantic Ocean and Indian Ocean (5th Ed) 2007
"Sailing Directions (Planning Guide) - Pub 180 -- Arctic Ocean (5th Ed) 2007" = Sailing Directions (Planning Guide) - Pub 180 -- Arctic Ocean (5th Ed) 2007
"SCII_is1" = SeaClear II
"SeaTTY_is1" = SeaTTY V2.20
"SeeMyENC 2.0" = SeeMyENC 2.0
"Sierra Utilities" = Sierra Utilities
"SnagIt32" = SnagIt32 v4.3
"SOEPKey" = Solving and Optimization Extension Pack
"Starpath Elibra Reader" = Starpath Elibra Reader
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base 2007
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 620" = Portal 2
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"SysInfo" = Creative System Information
"Tech-Pro World Clock 2" = Tech-Pro World Clock 2
"The Complete National Geographic 1.14" = The Complete National Geographic
"ThumbsPlus" = ThumbsPlus
"ThumbsPlus7" = ThumbsPlus version 7.0sp1
"TOCR 1.1" = Transym TOCR
"Ugrib_is1" = Ugrib RC1
"ViceVersa FREE_is1" = ViceVersa Free 1.0.4
"Virtual Sailor_is1" = Virtual Sailor 7
"VirtualCloneDrive" = VirtualCloneDrive
"VisSim PE v.4.5" = VisSim PE v.4.5
"Visual Passage Planner 2 Demo" = Visual Passage Planner 2 Demo
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP LE" = Ipswitch WS_FTP LE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Zinio Reader" = Zinio Reader

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"DNA" = DNA
"GoToMeeting" = GoToMeeting 5.1.0.880
"Steam App 215" = Source SDK Base
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 3/16/2012 12:39:24 AM | Computer Name = WRIGHT2 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/16/2012 12:27:29 PM | Computer Name = WRIGHT2 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/16/2012 7:29:45 PM | Computer Name = WRIGHT2 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/18/2012 1:20:54 AM | Computer Name = WRIGHT2 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/18/2012 9:32:35 PM | Computer Name = WRIGHT2 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/20/2012 11:55:25 AM | Computer Name = WRIGHT2 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/20/2012 12:09:11 PM | Computer Name = WRIGHT2 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/20/2012 1:06:29 PM | Computer Name = WRIGHT2 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/20/2012 1:45:43 PM | Computer Name = WRIGHT2 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/20/2012 6:31:49 PM | Computer Name = WRIGHT2 | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 3/20/2012 1:06:29 PM | Computer Name = WRIGHT2 | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%3

Error - 3/20/2012 1:06:29 PM | Computer Name = WRIGHT2 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%2

Error - 3/20/2012 1:45:48 PM | Computer Name = WRIGHT2 | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 3/20/2012 1:45:48 PM | Computer Name = WRIGHT2 | Source = Service Control Manager | ID = 7000
Description = The Acronis Scheduler2 Service service failed to start due to the
following error: %%3

Error - 3/20/2012 1:45:48 PM | Computer Name = WRIGHT2 | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%3

Error - 3/20/2012 1:45:48 PM | Computer Name = WRIGHT2 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%2

Error - 3/20/2012 6:31:54 PM | Computer Name = WRIGHT2 | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 3/20/2012 6:31:54 PM | Computer Name = WRIGHT2 | Source = Service Control Manager | ID = 7000
Description = The Acronis Scheduler2 Service service failed to start due to the
following error: %%3

Error - 3/20/2012 6:31:54 PM | Computer Name = WRIGHT2 | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%3

Error - 3/20/2012 6:31:54 PM | Computer Name = WRIGHT2 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%2


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to sagan45

Re: [Malware] Google / Firefox Redirects

Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


sagan45

join:2012-03-22
Parker, CO

TDSS-Log Re: [Malware] Google / Firefox Redirects

11:47:32.0859 1504 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
11:47:32.0953 1504 ============================================================
11:47:32.0953 1504 Current date / time: 2012/03/22 11:47:32.0953
11:47:32.0953 1504 SystemInfo:
11:47:32.0953 1504
11:47:32.0953 1504 OS Version: 5.1.2600 ServicePack: 3.0
11:47:32.0953 1504 Product type: Workstation
11:47:32.0953 1504 ComputerName: WRIGHT2
11:47:32.0953 1504 UserName: Bill
11:47:32.0953 1504 Windows directory: C:\WINDOWS
11:47:32.0953 1504 System windows directory: C:\WINDOWS
11:47:32.0953 1504 Processor architecture: Intel x86
11:47:32.0953 1504 Number of processors: 2
11:47:32.0953 1504 Page size: 0x1000
11:47:32.0953 1504 Boot type: Normal boot
11:47:32.0953 1504 ============================================================
11:47:34.0656 1504 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:47:34.0656 1504 Drive \Device\Harddisk1\DR2 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:47:34.0656 1504 \Device\Harddisk0\DR0:
11:47:34.0656 1504 MBR used
11:47:34.0656 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
11:47:34.0656 1504 \Device\Harddisk1\DR2:
11:47:34.0656 1504 MBR used
11:47:34.0656 1504 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xF0FFC1
11:47:34.0718 1504 Initialize success
11:47:34.0718 1504 ============================================================
11:48:02.0156 0244 ============================================================
11:48:02.0156 0244 Scan started
11:48:02.0156 0244 Mode: Manual;
11:48:02.0156 0244 ============================================================
11:48:02.0531 0244 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:48:02.0531 0244 Aavmker4 - ok
11:48:02.0546 0244 Abiosdsk - ok
11:48:02.0546 0244 abp480n5 - ok
11:48:02.0625 0244 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\WINDOWS\System32\drivers\acedrv11.sys
11:48:02.0625 0244 acedrv11 - ok
11:48:02.0687 0244 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:48:02.0703 0244 ACPI - ok
11:48:02.0734 0244 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:48:02.0734 0244 ACPIEC - ok
11:48:02.0781 0244 AcrSch2Svc - ok
11:48:02.0796 0244 adpu160m - ok
11:48:02.0828 0244 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:48:02.0828 0244 aec - ok
11:48:02.0859 0244 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
11:48:02.0859 0244 AFD - ok
11:48:02.0890 0244 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:48:02.0890 0244 agp440 - ok
11:48:02.0906 0244 Aha154x - ok
11:48:02.0921 0244 aic78u2 - ok
11:48:02.0937 0244 aic78xx - ok
11:48:02.0984 0244 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:48:03.0015 0244 Alerter - ok
11:48:03.0046 0244 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:48:03.0046 0244 ALG - ok
11:48:03.0062 0244 AliIde - ok
11:48:03.0078 0244 amsint - ok
11:48:03.0140 0244 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\WINDOWS\system32\Drivers\AnyDVD.sys
11:48:03.0140 0244 AnyDVD - ok
11:48:03.0187 0244 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
11:48:03.0187 0244 APLMp50 - ok
11:48:03.0234 0244 Apple Mobile Device - ok
11:48:03.0296 0244 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:48:03.0296 0244 AppMgmt - ok
11:48:03.0359 0244 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:48:03.0359 0244 Arp1394 - ok
11:48:03.0375 0244 asc - ok
11:48:03.0390 0244 asc3350p - ok
11:48:03.0406 0244 asc3550 - ok
11:48:03.0453 0244 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys
11:48:03.0453 0244 aslm75 - ok
11:48:03.0578 0244 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:48:03.0609 0244 aspnet_state - ok
11:48:03.0656 0244 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:48:03.0656 0244 aswFsBlk - ok
11:48:03.0750 0244 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
11:48:03.0750 0244 aswMon2 - ok
11:48:03.0796 0244 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
11:48:03.0796 0244 aswRdr - ok
11:48:03.0828 0244 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
11:48:03.0828 0244 aswSnx - ok
11:48:03.0875 0244 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
11:48:03.0890 0244 aswSP - ok
11:48:03.0921 0244 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
11:48:03.0921 0244 aswTdi - ok
11:48:03.0968 0244 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:48:03.0968 0244 AsyncMac - ok
11:48:04.0000 0244 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:48:04.0015 0244 atapi - ok
11:48:04.0015 0244 Atdisk - ok
11:48:04.0078 0244 Ati HotKey Poller (454dfdc3d40b777455846e749d3b49ff) C:\WINDOWS\System32\Ati2evxx.exe
11:48:04.0078 0244 Ati HotKey Poller - ok
11:48:04.0109 0244 ATI Smart (ef94e95e9d5366a88275fbb15e9d6e74) C:\WINDOWS\system32\ati2sgag.exe
11:48:04.0125 0244 ATI Smart - ok
11:48:04.0250 0244 ati2mtag (c51608bba3248be2f6d21b132910752a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:48:04.0281 0244 ati2mtag - ok
11:48:04.0359 0244 atinrvxx (74e104ada8a304774713e9a9a9cb3556) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
11:48:04.0375 0244 atinrvxx - ok
11:48:04.0421 0244 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:48:04.0421 0244 Atmarpc - ok
11:48:04.0468 0244 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:48:04.0468 0244 AudioSrv - ok
11:48:04.0531 0244 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:48:04.0531 0244 audstub - ok
11:48:04.0671 0244 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:48:04.0671 0244 avast! Antivirus - ok
11:48:04.0734 0244 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
11:48:04.0734 0244 BANTExt - ok
11:48:04.0796 0244 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:48:04.0796 0244 Beep - ok
11:48:04.0875 0244 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\System32\qmgr.dll
11:48:04.0953 0244 BITS - ok
11:48:05.0015 0244 Bonjour Service - ok
11:48:05.0093 0244 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
11:48:05.0093 0244 Bridge - ok
11:48:05.0093 0244 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
11:48:05.0109 0244 BridgeMP - ok
11:48:05.0171 0244 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:48:05.0171 0244 Browser - ok
11:48:05.0218 0244 C-DillaCdaC11BA (604b4cf21ad1c1e3c7adb3616e72b6a4) C:\WINDOWS\System32\drivers\CDAC11BA.EXE
11:48:05.0218 0244 C-DillaCdaC11BA - ok
11:48:05.0265 0244 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:48:05.0281 0244 cbidf2k - ok
11:48:05.0328 0244 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:48:05.0328 0244 CCDECODE - ok
11:48:05.0343 0244 cd20xrnt - ok
11:48:05.0375 0244 CdaC15BA (c4dfe77bd5977335d54aedd21cd9e6a9) C:\WINDOWS\System32\drivers\CDAC15BA.SYS
11:48:05.0375 0244 CdaC15BA - ok
11:48:05.0421 0244 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:48:05.0421 0244 Cdaudio - ok
11:48:05.0437 0244 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:48:05.0437 0244 Cdfs - ok
11:48:05.0468 0244 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:48:05.0468 0244 Cdrom - ok
11:48:05.0484 0244 Changer - ok
11:48:05.0531 0244 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:48:05.0531 0244 CiSvc - ok
11:48:05.0562 0244 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:48:05.0578 0244 ClipSrv - ok
11:48:05.0671 0244 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:48:05.0687 0244 clr_optimization_v2.0.50727_32 - ok
11:48:05.0781 0244 CmdAgent (2edb74e72feeb39c8906e4c8c54d91a5) C:\Program Files\Comodo\Firewall\cmdagent.exe
11:48:05.0781 0244 CmdAgent - ok
11:48:05.0843 0244 CmdIde - ok
11:48:05.0906 0244 CmdMon (7399b62c07d2340826ccad5b4d661d35) C:\WINDOWS\system32\DRIVERS\cmdmon.sys
11:48:05.0906 0244 CmdMon - ok
11:48:05.0921 0244 COMSysApp - ok
11:48:05.0937 0244 Cpqarray - ok
11:48:06.0000 0244 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe
11:48:06.0000 0244 Creative Service for CDROM Access - ok
11:48:06.0031 0244 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:48:06.0046 0244 CryptSvc - ok
11:48:06.0093 0244 ctac32k (e7610aba1f551eb77b6bb2274d194f93) C:\WINDOWS\system32\drivers\ctac32k.sys
11:48:06.0109 0244 ctac32k - ok
11:48:06.0171 0244 ctaud2k (e9ee8b502acfbd0955d081d7a1ccce24) C:\WINDOWS\system32\drivers\ctaud2k.sys
11:48:06.0171 0244 ctaud2k - ok
11:48:06.0218 0244 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
11:48:06.0218 0244 ctdvda2k - ok
11:48:06.0250 0244 ctprxy2k (90fd30ea61c68df474a0b398f03e6d9b) C:\WINDOWS\system32\drivers\ctprxy2k.sys
11:48:06.0250 0244 ctprxy2k - ok
11:48:06.0265 0244 ctsfm2k (ab564ee9668bf9af1c3e5544cceade1d) C:\WINDOWS\system32\drivers\ctsfm2k.sys
11:48:06.0281 0244 ctsfm2k - ok
11:48:06.0281 0244 dac2w2k - ok
11:48:06.0296 0244 dac960nt - ok
11:48:06.0359 0244 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
11:48:06.0375 0244 DcomLaunch - ok
11:48:06.0437 0244 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:48:06.0437 0244 Dhcp - ok
11:48:06.0500 0244 Diag69xp (9afd0211790bb60ca4453e95e2fcfa34) C:\WINDOWS\system32\Drivers\Diag69xp.sys
11:48:06.0500 0244 Diag69xp - ok
11:48:06.0515 0244 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:48:06.0531 0244 Disk - ok
11:48:06.0531 0244 dmadmin - ok
11:48:06.0593 0244 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:48:06.0609 0244 dmboot - ok
11:48:06.0625 0244 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:48:06.0640 0244 dmio - ok
11:48:06.0656 0244 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:48:06.0656 0244 dmload - ok
11:48:06.0718 0244 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:48:06.0718 0244 dmserver - ok
11:48:06.0750 0244 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:48:06.0750 0244 DMusic - ok
11:48:06.0781 0244 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
11:48:06.0781 0244 Dnscache - ok
11:48:06.0859 0244 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:48:06.0875 0244 Dot3svc - ok
11:48:06.0890 0244 dpti2o - ok
11:48:06.0906 0244 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:48:06.0906 0244 drmkaud - ok
11:48:06.0921 0244 DS1410D - ok
11:48:06.0984 0244 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:48:07.0000 0244 EapHost - ok
11:48:07.0062 0244 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
11:48:07.0062 0244 ElbyCDIO - ok
11:48:07.0109 0244 emupia (8b2303cf5fdc7e97a975bd1069cd99d6) C:\WINDOWS\system32\drivers\emupia2k.sys
11:48:07.0125 0244 emupia - ok
11:48:07.0234 0244 ERDAS License Server (cc0aca87c80a1cfd548a0e729c6a7d0f) C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe
11:48:07.0234 0244 ERDAS License Server - ok
11:48:07.0296 0244 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:48:07.0296 0244 ERSvc - ok
11:48:07.0343 0244 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
11:48:07.0359 0244 Eventlog - ok
11:48:07.0390 0244 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\System32\es.dll
11:48:07.0406 0244 EventSystem - ok
11:48:07.0437 0244 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:48:07.0437 0244 Fastfat - ok
11:48:07.0500 0244 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
11:48:07.0515 0244 FastUserSwitchingCompatibility - ok
11:48:07.0531 0244 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:48:07.0531 0244 Fdc - ok
11:48:07.0562 0244 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:48:07.0562 0244 Fips - ok
11:48:07.0578 0244 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:48:07.0593 0244 Flpydisk - ok
11:48:07.0671 0244 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:48:07.0671 0244 FltMgr - ok
11:48:07.0687 0244 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:48:07.0687 0244 Fs_Rec - ok
11:48:07.0750 0244 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:48:07.0750 0244 Ftdisk - ok
11:48:07.0796 0244 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
11:48:07.0796 0244 gameenum - ok
11:48:07.0812 0244 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:48:07.0812 0244 Gpc - ok
11:48:07.0906 0244 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
11:48:07.0906 0244 grmnusb - ok
11:48:08.0031 0244 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:48:08.0046 0244 gupdate - ok
11:48:08.0046 0244 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:48:08.0046 0244 gupdatem - ok
11:48:08.0140 0244 ha10kx2k (e64325ba1ede4a2551a0be186c61d4d7) C:\WINDOWS\system32\drivers\ha10kx2k.sys
11:48:08.0140 0244 ha10kx2k - ok
11:48:08.0187 0244 hap16v2k (a28be5017b423a783dd0d0a4cd3b48f5) C:\WINDOWS\system32\drivers\hap16v2k.sys
11:48:08.0187 0244 hap16v2k - ok
11:48:08.0250 0244 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:48:08.0250 0244 helpsvc - ok
11:48:08.0281 0244 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:48:08.0296 0244 HidServ - ok
11:48:08.0328 0244 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:48:08.0328 0244 hidusb - ok
11:48:08.0375 0244 hitmanpro35 (11e085834b3876af95ca11ce3b948b5c) C:\WINDOWS\system32\drivers\hitmanpro36.sys
11:48:08.0375 0244 hitmanpro35 - ok
11:48:08.0421 0244 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:48:08.0421 0244 hkmsvc - ok
11:48:08.0484 0244 hotcore3 (70ec974265b06cf73f933dc37748e59b) C:\WINDOWS\system32\DRIVERS\hotcore3.sys
11:48:08.0484 0244 hotcore3 - ok
11:48:08.0500 0244 hpn - ok
11:48:08.0531 0244 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:48:08.0531 0244 HPZid412 - ok
11:48:08.0546 0244 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:48:08.0546 0244 HPZipr12 - ok
11:48:08.0578 0244 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:48:08.0578 0244 HPZius12 - ok
11:48:08.0625 0244 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
11:48:08.0625 0244 HTTP - ok
11:48:08.0671 0244 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:48:08.0687 0244 HTTPFilter - ok
11:48:08.0703 0244 i2omgmt - ok
11:48:08.0718 0244 i2omp - ok
11:48:08.0828 0244 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
11:48:08.0828 0244 i8042prt - ok
11:48:08.0937 0244 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:48:08.0937 0244 IDriverT - ok
11:48:08.0968 0244 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:48:08.0968 0244 Imapi - ok
11:48:09.0031 0244 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
11:48:09.0046 0244 ImapiService - ok
11:48:09.0062 0244 ini910u - ok
11:48:09.0125 0244 Inspect (76a44ea5960f2f7224f5e7c7a18a0e3b) C:\WINDOWS\system32\DRIVERS\inspect.sys
11:48:09.0125 0244 Inspect - ok
11:48:09.0140 0244 IntelIde - ok
11:48:09.0187 0244 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:48:09.0187 0244 intelppm - ok
11:48:09.0218 0244 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:48:09.0234 0244 ip6fw - ok
11:48:09.0265 0244 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:48:09.0265 0244 IpFilterDriver - ok
11:48:09.0296 0244 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:48:09.0296 0244 IpInIp - ok
11:48:09.0328 0244 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:48:09.0343 0244 IpNat - ok
11:48:09.0359 0244 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:48:09.0359 0244 IPSec - ok
11:48:09.0406 0244 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:48:09.0421 0244 IRENUM - ok
11:48:09.0453 0244 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:48:09.0453 0244 isapnp - ok
11:48:09.0609 0244 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
11:48:09.0625 0244 JavaQuickStarterService - ok
11:48:09.0640 0244 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:48:09.0640 0244 Kbdclass - ok
11:48:09.0656 0244 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:48:09.0671 0244 kbdhid - ok
11:48:09.0734 0244 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:48:09.0734 0244 kmixer - ok
11:48:09.0750 0244 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
11:48:09.0750 0244 KSecDD - ok
11:48:09.0796 0244 lanmanserver (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
11:48:09.0812 0244 lanmanserver - ok
11:48:09.0859 0244 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
11:48:09.0875 0244 lanmanworkstation - ok
11:48:09.0921 0244 LANPkt (8bbfbf256493035ae6105b334fce99df) C:\WINDOWS\system32\DRIVERS\LANPkt.sys
11:48:09.0921 0244 LANPkt - ok
11:48:09.0937 0244 lbrtfdc - ok
11:48:09.0984 0244 LHidFilt (c91206ca84684057118265e8377c77b6) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:48:09.0984 0244 LHidFilt - ok
11:48:10.0031 0244 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:48:10.0031 0244 LmHosts - ok
11:48:10.0093 0244 LMouFilt (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:48:10.0093 0244 LMouFilt - ok
11:48:10.0125 0244 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:48:10.0125 0244 MBAMProtector - ok
11:48:10.0203 0244 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:48:10.0218 0244 MBAMService - ok
11:48:10.0265 0244 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
11:48:10.0265 0244 MCSTRM - ok
11:48:10.0312 0244 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:48:10.0328 0244 Messenger - ok
11:48:10.0375 0244 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:48:10.0375 0244 mnmdd - ok
11:48:10.0437 0244 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
11:48:10.0453 0244 mnmsrvc - ok
11:48:10.0484 0244 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:48:10.0484 0244 Modem - ok
11:48:10.0515 0244 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:48:10.0515 0244 Mouclass - ok
11:48:10.0546 0244 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:48:10.0562 0244 mouhid - ok
11:48:10.0593 0244 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:48:10.0609 0244 MountMgr - ok
11:48:10.0656 0244 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys
11:48:10.0656 0244 mr7910 - ok
11:48:10.0671 0244 mraid35x - ok
11:48:10.0687 0244 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:48:10.0703 0244 MRxDAV - ok
11:48:10.0718 0244 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:48:10.0765 0244 MRxSmb - ok
11:48:10.0828 0244 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
11:48:10.0828 0244 MSDTC - ok
11:48:10.0843 0244 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:48:10.0859 0244 Msfs - ok
11:48:10.0859 0244 MSIServer - ok
11:48:10.0890 0244 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:48:10.0890 0244 MSKSSRV - ok
11:48:10.0921 0244 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:48:10.0921 0244 MSPCLOCK - ok
11:48:10.0937 0244 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:48:10.0937 0244 MSPQM - ok
11:48:10.0984 0244 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:48:10.0984 0244 mssmbios - ok
11:48:11.0031 0244 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:48:11.0046 0244 MSTEE - ok
11:48:11.0062 0244 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:48:11.0062 0244 Mup - ok
11:48:11.0109 0244 MVDCODEC (514829ed3e7f140aac16154106d04981) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
11:48:11.0125 0244 MVDCODEC - ok
11:48:11.0140 0244 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:48:11.0140 0244 NABTSFEC - ok
11:48:11.0203 0244 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:48:11.0218 0244 napagent - ok
11:48:11.0468 0244 NBService (f46070ddada5c396b1f2ebf1c46dbb08) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
11:48:11.0468 0244 NBService - ok
11:48:11.0531 0244 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:48:11.0546 0244 NDIS - ok
11:48:11.0578 0244 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:48:11.0578 0244 NdisIP - ok
11:48:11.0625 0244 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:48:11.0625 0244 NdisTapi - ok
11:48:11.0640 0244 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:48:11.0656 0244 Ndisuio - ok
11:48:11.0671 0244 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:48:11.0671 0244 NdisWan - ok
11:48:11.0687 0244 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:48:11.0687 0244 NDProxy - ok
11:48:11.0750 0244 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:48:11.0750 0244 NetBIOS - ok
11:48:11.0765 0244 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:48:11.0765 0244 NetBT - ok
11:48:11.0828 0244 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:48:11.0843 0244 NetDDE - ok
11:48:11.0843 0244 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:48:11.0859 0244 NetDDEdsdm - ok
11:48:11.0921 0244 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
11:48:11.0921 0244 Netlogon - ok
11:48:11.0937 0244 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:48:11.0953 0244 Netman - ok
11:48:12.0015 0244 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:48:12.0015 0244 NIC1394 - ok
11:48:12.0078 0244 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
11:48:12.0093 0244 Nla - ok
11:48:12.0125 0244 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
11:48:12.0125 0244 nm - ok
11:48:12.0281 0244 NMIndexingService (433049770b810d7c83c5c94cdb3e09d2) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
11:48:12.0281 0244 NMIndexingService - ok
11:48:12.0343 0244 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\WINDOWS\system32\drivers\npf.sys
11:48:12.0359 0244 NPF - ok
11:48:12.0406 0244 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:48:12.0406 0244 Npfs - ok
11:48:12.0437 0244 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:48:12.0453 0244 Ntfs - ok
11:48:12.0500 0244 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
11:48:12.0515 0244 NtLmSsp - ok
11:48:12.0609 0244 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:48:12.0625 0244 NtmsSvc - ok
11:48:12.0656 0244 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:48:12.0656 0244 Null - ok
11:48:12.0718 0244 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:48:12.0734 0244 NwlnkFlt - ok
11:48:12.0750 0244 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:48:12.0750 0244 NwlnkFwd - ok
11:48:12.0796 0244 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:48:12.0796 0244 ohci1394 - ok
11:48:12.0859 0244 ossrv (8db15d0105d92c2fbca5e83cd882a477) C:\WINDOWS\system32\drivers\ctoss2k.sys
11:48:12.0859 0244 ossrv - ok
11:48:12.0921 0244 PalmUSBD (f49e3b9fb2dd84fca2f6310a147c43fe) C:\WINDOWS\system32\drivers\PalmUSBD.sys
11:48:12.0921 0244 PalmUSBD - ok
11:48:12.0937 0244 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:48:12.0937 0244 Parport - ok
11:48:12.0953 0244 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:48:12.0968 0244 PartMgr - ok
11:48:13.0015 0244 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:48:13.0015 0244 ParVdm - ok
11:48:13.0031 0244 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:48:13.0031 0244 PCI - ok
11:48:13.0046 0244 PCIDump - ok
11:48:13.0093 0244 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:48:13.0093 0244 PCIIde - ok
11:48:13.0140 0244 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:48:13.0140 0244 Pcmcia - ok
11:48:13.0171 0244 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
11:48:13.0187 0244 pcouffin - ok
11:48:13.0187 0244 PDCOMP - ok
11:48:13.0203 0244 PDFRAME - ok
11:48:13.0218 0244 PDRELI - ok
11:48:13.0234 0244 PDRFRAME - ok
11:48:13.0250 0244 perc2 - ok
11:48:13.0265 0244 perc2hib - ok
11:48:13.0375 0244 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys
11:48:13.0375 0244 PfModNT - ok
11:48:13.0437 0244 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
11:48:13.0453 0244 PlugPlay - ok
11:48:13.0500 0244 Pml Driver HPZ12 (5c1cadd1cb67c0b9d8a84ec6e4d6b5cc) C:\WINDOWS\System32\HPZipm12.exe
11:48:13.0515 0244 Pml Driver HPZ12 - ok
11:48:13.0546 0244 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
11:48:13.0562 0244 PolicyAgent - ok
11:48:13.0609 0244 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:48:13.0609 0244 PptpMiniport - ok
11:48:13.0625 0244 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:48:13.0625 0244 Processor - ok
11:48:13.0640 0244 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:48:13.0656 0244 ProtectedStorage - ok
11:48:13.0671 0244 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:48:13.0671 0244 PSched - ok
11:48:13.0718 0244 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:48:13.0718 0244 Ptilink - ok
11:48:13.0796 0244 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:48:13.0796 0244 PxHelp20 - ok
11:48:13.0812 0244 ql1080 - ok
11:48:13.0828 0244 Ql10wnt - ok
11:48:13.0843 0244 ql12160 - ok
11:48:13.0890 0244 ql1240 - ok
11:48:13.0921 0244 ql1280 - ok
11:48:13.0937 0244 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:48:13.0953 0244 RasAcd - ok
11:48:13.0984 0244 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:48:14.0000 0244 RasAuto - ok
11:48:14.0015 0244 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:48:14.0031 0244 Rasl2tp - ok
11:48:14.0093 0244 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:48:14.0093 0244 RasMan - ok
11:48:14.0109 0244 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:48:14.0125 0244 RasPppoe - ok
11:48:14.0140 0244 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:48:14.0140 0244 Raspti - ok
11:48:14.0203 0244 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:48:14.0218 0244 Rdbss - ok
11:48:14.0234 0244 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:48:14.0234 0244 RDPCDD - ok
11:48:14.0281 0244 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:48:14.0281 0244 rdpdr - ok
11:48:14.0328 0244 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:48:14.0343 0244 RDPWD - ok
11:48:14.0375 0244 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:48:14.0390 0244 RDSessMgr - ok
11:48:14.0406 0244 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:48:14.0406 0244 redbook - ok
11:48:14.0468 0244 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:48:14.0484 0244 RemoteAccess - ok
11:48:14.0531 0244 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:48:14.0546 0244 RemoteRegistry - ok
11:48:14.0640 0244 rpcapd (9ed13880478f14900a5840ff048d174c) C:\Program Files\WinPcap\rpcapd.exe
11:48:14.0640 0244 rpcapd - ok
11:48:14.0703 0244 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
11:48:14.0718 0244 RpcLocator - ok
11:48:14.0750 0244 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
11:48:14.0765 0244 RpcSs - ok
11:48:14.0796 0244 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
11:48:14.0843 0244 RSVP - ok
11:48:14.0890 0244 RTL8023 (471e91c38bd05cb024f9c02017235424) C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS
11:48:14.0906 0244 RTL8023 - ok
11:48:14.0953 0244 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:48:14.0968 0244 SamSs - ok
11:48:15.0031 0244 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\System32\Drivers\SBKUPNT.SYS
11:48:15.0031 0244 SBKUPNT - ok
11:48:15.0078 0244 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:48:15.0078 0244 SCardSvr - ok
11:48:15.0125 0244 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:48:15.0156 0244 Schedule - ok
11:48:15.0171 0244 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:48:15.0171 0244 Secdrv - ok
11:48:15.0187 0244 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:48:15.0203 0244 seclogon - ok
11:48:15.0234 0244 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:48:15.0250 0244 SENS - ok
11:48:15.0281 0244 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:48:15.0281 0244 serenum - ok
11:48:15.0296 0244 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:48:15.0312 0244 Serial - ok
11:48:15.0328 0244 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:48:15.0328 0244 Sfloppy - ok
11:48:15.0421 0244 SgtSch2Svc (c240035fb95c2faef99cfc2403edcd46) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
11:48:15.0421 0244 SgtSch2Svc - ok
11:48:15.0468 0244 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:48:15.0484 0244 SharedAccess - ok
11:48:15.0531 0244 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
11:48:15.0546 0244 ShellHWDetection - ok
11:48:15.0562 0244 Simbad - ok
11:48:15.0687 0244 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:48:15.0687 0244 SLIP - ok
11:48:15.0750 0244 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
11:48:15.0750 0244 snapman - ok
11:48:15.0765 0244 Sparrow - ok
11:48:15.0781 0244 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:48:15.0796 0244 splitter - ok
11:48:15.0843 0244 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
11:48:15.0859 0244 Spooler - ok
11:48:15.0906 0244 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
11:48:15.0906 0244 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
11:48:15.0921 0244 sptd ( LockedFile.Multi.Generic ) - warning
11:48:15.0921 0244 sptd - detected LockedFile.Multi.Generic (1)
11:48:15.0937 0244 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:48:15.0937 0244 sr - ok
11:48:15.0968 0244 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
11:48:15.0984 0244 srservice - ok
11:48:16.0015 0244 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
11:48:16.0031 0244 Srv - ok
11:48:16.0062 0244 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:48:16.0078 0244 SSDPSRV - ok
11:48:16.0125 0244 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:48:16.0140 0244 stisvc - ok
11:48:16.0234 0244 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:48:16.0234 0244 streamip - ok
11:48:16.0265 0244 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:48:16.0265 0244 swenum - ok
11:48:16.0328 0244 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:48:16.0328 0244 swmidi - ok
11:48:16.0359 0244 SwPrv - ok
11:48:16.0390 0244 symc810 - ok
11:48:16.0421 0244 symc8xx - ok
11:48:16.0437 0244 sym_hi - ok
11:48:16.0468 0244 sym_u3 - ok
11:48:16.0500 0244 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:48:16.0515 0244 sysaudio - ok
11:48:16.0562 0244 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:48:16.0578 0244 SysmonLog - ok
11:48:16.0656 0244 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:48:16.0671 0244 TapiSrv - ok
11:48:16.0718 0244 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:48:16.0734 0244 Tcpip - ok
11:48:16.0781 0244 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:48:16.0781 0244 TDPIPE - ok
11:48:16.0843 0244 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
11:48:16.0859 0244 tdrpman - ok
11:48:16.0890 0244 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:48:16.0890 0244 TDTCP - ok
11:48:16.0937 0244 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:48:16.0953 0244 TermDD - ok
11:48:17.0015 0244 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:48:17.0031 0244 TermService - ok
11:48:17.0093 0244 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
11:48:17.0109 0244 Themes - ok
11:48:17.0171 0244 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
11:48:17.0171 0244 tifsfilter - ok
11:48:17.0203 0244 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
11:48:17.0218 0244 timounter - ok
11:48:17.0312 0244 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
11:48:17.0328 0244 TlntSvr - ok
11:48:17.0343 0244 TosIde - ok
11:48:17.0359 0244 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:48:17.0375 0244 TrkWks - ok
11:48:17.0437 0244 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:48:17.0453 0244 Udfs - ok
11:48:17.0468 0244 uisp - ok
11:48:17.0484 0244 ultra - ok
11:48:17.0578 0244 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:48:17.0578 0244 Update - ok
11:48:17.0609 0244 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:48:17.0625 0244 upnphost - ok
11:48:17.0687 0244 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:48:17.0703 0244 UPS - ok
11:48:17.0781 0244 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:48:17.0781 0244 USBAAPL - ok
11:48:17.0828 0244 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:48:17.0843 0244 usbaudio - ok
11:48:17.0890 0244 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:48:17.0890 0244 usbccgp - ok
11:48:17.0953 0244 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:48:17.0953 0244 usbehci - ok
11:48:17.0968 0244 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:48:17.0984 0244 usbhub - ok
11:48:18.0000 0244 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:48:18.0000 0244 usbprint - ok
11:48:18.0015 0244 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:48:18.0015 0244 usbscan - ok
11:48:18.0046 0244 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:48:18.0046 0244 USBSTOR - ok
11:48:18.0078 0244 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:48:18.0078 0244 usbuhci - ok
11:48:18.0140 0244 VClone (1a131c2ca1b99542f9b0dd0c901f6587) C:\WINDOWS\system32\DRIVERS\VClone.sys
11:48:18.0140 0244 VClone - ok
11:48:18.0156 0244 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:48:18.0171 0244 VgaSave - ok
11:48:18.0187 0244 ViaIde - ok
11:48:18.0265 0244 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:48:18.0265 0244 VolSnap - ok
11:48:18.0328 0244 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:48:18.0343 0244 VSS - ok
11:48:18.0406 0244 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
11:48:18.0421 0244 W32Time - ok
11:48:18.0484 0244 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:48:18.0484 0244 Wanarp - ok
11:48:18.0546 0244 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:48:18.0546 0244 Wdf01000 - ok
11:48:18.0562 0244 WDICA - ok
11:48:18.0625 0244 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:48:18.0625 0244 wdmaud - ok
11:48:18.0640 0244 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:48:18.0656 0244 WebClient - ok
11:48:18.0718 0244 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:48:18.0734 0244 winmgmt - ok
11:48:18.0796 0244 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\System32\MsPMSPSv.exe
11:48:18.0796 0244 WMDM PMSP Service - ok
11:48:18.0859 0244 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:48:18.0859 0244 WmdmPmSN - ok
11:48:18.0921 0244 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
11:48:18.0921 0244 Wmi - ok
11:48:18.0953 0244 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
11:48:18.0953 0244 WmiApSrv - ok
11:48:19.0109 0244 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:48:19.0125 0244 WMPNetworkSvc - ok
11:48:19.0171 0244 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:48:19.0171 0244 WpdUsb - ok
11:48:19.0234 0244 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:48:19.0250 0244 wscsvc - ok
11:48:19.0390 0244 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:48:19.0390 0244 WSTCODEC - ok
11:48:19.0406 0244 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\System32\wuauserv.dll
11:48:19.0437 0244 wuauserv - ok
11:48:19.0468 0244 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:48:19.0484 0244 WudfPf - ok
11:48:19.0578 0244 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:48:19.0578 0244 WudfRd - ok
11:48:19.0609 0244 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:48:19.0640 0244 WudfSvc - ok
11:48:19.0750 0244 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:48:19.0796 0244 WZCSVC - ok
11:48:19.0843 0244 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:48:19.0859 0244 xmlprov - ok
11:48:19.0906 0244 yukonwxp (a8d429e2268792638cffc57552c5e736) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
11:48:19.0921 0244 yukonwxp - ok
11:48:19.0953 0244 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:48:20.0140 0244 \Device\Harddisk0\DR0 - ok
11:48:20.0140 0244 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
11:48:23.0140 0244 \Device\Harddisk1\DR2 - ok
11:48:23.0156 0244 Boot (0x1200) (9dd22a0f64e80c1abb71eb2dd3facd0f) \Device\Harddisk0\DR0\Partition0
11:48:23.0156 0244 \Device\Harddisk0\DR0\Partition0 - ok
11:48:23.0156 0244 Boot (0x1200) (d7393d7df7add43e3789714da619edcd) \Device\Harddisk1\DR2\Partition0
11:48:23.0156 0244 \Device\Harddisk1\DR2\Partition0 - ok
11:48:23.0171 0244 ============================================================
11:48:23.0171 0244 Scan finished
11:48:23.0171 0244 ============================================================
11:48:23.0171 1384 Detected object count: 1
11:48:23.0171 1384 Actual detected object count: 1
11:49:01.0906 1384 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
11:49:01.0906 1384 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine


sagan45

join:2012-03-22
Parker, CO
reply to LoPhatPhuud

checkup.txt - Re: [Malware] Google / Firefox Redirects

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 6 [color=red]Out of date![/color]
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]

Windows Firewall Disabled!
avast! Free Antivirus
COMODO Firewall Pro
Antivirus up to date!
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]

Spybot - Search & Destroy
ArcExplorer Java Edition
Java(TM) 6 Update 17
[color=red]Java version out of date![/color]
Adobe Flash Player 11.1.102.55
Adobe Reader 9 [color=red]Adobe Reader out of date![/color]
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]

Malwarebytes' Anti-Malware mbamservice.exe
Comodo Firewall cmdagent.exe
Comodo Firewall CPF.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````


sagan45

join:2012-03-22
Parker, CO
reply to LoPhatPhuud

BitDefender-Report - Re: [Malware] Google / Firefox Redirects

QuickScan 32-bit v0.9.9.111
---------------------------
Scan date: Thu Mar 22 09:37:04 2012
Machine ID: 44A77D1

No infection found.
-------------------

Processes
---------
Adobe Reader and Acrobat Manager 2248 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(unsigned) ERDAS.exe 2060 C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe

(verified) aclock.exe 3376 C:\Program Files\Alpha Clock\aclock.exe
(verified) Acronis True Image 2644 C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
(verified) ATI External Event Utility for Windows 496 C:\WINDOWS\system32\ati2evxx.exe
(verified) ATI External Event Utility for Windows 1468 C:\WINDOWS\system32\ati2evxx.exe
(verified) avast! Antivirus 584 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(verified) avast! Antivirus 2696 C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) Comodo Firewall 1560 C:\Program Files\Comodo\Firewall\cmdagent.exe
(verified) COMODO Firewall Pro 2252 C:\Program Files\Comodo\Firewall\cpf.exe
(verified) Creative Service for CDROM Access 1712 C:\WINDOWS\system32\CTSVCCDA.EXE
(verified) Firefox 2840 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 2488 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 3336 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 824 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 3276 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 3620 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 3964 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 2416 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 2360 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 3844 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 3952 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) GA311 Configuration Utility 3872 C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
(verified) Java(TM) Platform SE 6 U17 2020 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) lmgrd.exe 1192 C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe
(verified) Malwarebytes Anti-Malware 2132 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(verified) Microsoft (R) DRM 2676 C:\WINDOWS\system32\MsPMSPSv.exe
(verified) Microsoft® Windows® Operating System 1548 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3472 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 1172 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 3384 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 3452 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 3928 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 1272 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 1116 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 692 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 2016 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1872 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1616 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2580 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1488 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 356 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1228 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 3888 C:\WINDOWS\system32\wuauclt.exe
(verified) Opera Internet Browser 2352 C:\Program Files\Opera\opera.exe
(verified) SafeCast Windows NT 1160 C:\WINDOWS\system32\drivers\CDAC11BA.EXE
(verified) Seagate DiscWizard 2588 C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
(verified) Seagate Scheduler 2 2528 C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(verified) Seagate Scheduler Helper 2684 C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
(verified) SNAGIT32 1104 C:\Program Files\TechSmith\SnagIt32\snagit32.exe
(verified) Virtual CloneDrive 2448 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

Network activity
----------------
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.108
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.97
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.140
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.108
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.140
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.112
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.97
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.140
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.142
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 66.235.142.20
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.140
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.140
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.143
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.97
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 72.5.58.53
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.140
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.97
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.47
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.102
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 96.17.239.139
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.114
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.47
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 188.165.220.204
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.143
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.135
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 23.3.68.99
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 173.194.69.120
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.143
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 23.3.68.121
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.143
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.100
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.108
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.97
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.137
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.108
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.138
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.140
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.114
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.138
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.140
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.97
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.108
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.140
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.108
Process AvastSvc.exe (584) connected on port 80 (HTTP) --> 74.125.227.97
Process firefox.exe (2840) connected on port 443 (HTTP over SSL) --> 74.125.227.100
Process firefox.exe (2840) connected on port 443 (HTTP over SSL) --> 74.125.227.129
Process firefox.exe (2840) connected on port 443 (HTTP over SSL) --> 74.125.227.47

Process lmgrd.exe (1192) listens on ports: 27000
Process svchost.exe (1616) listens on ports: 135 (RPC)
Process ERDAS.exe (2060) listens on ports: 1056

Autoruns and critical files
---------------------------
(unsigned) ClearVideo Decoder DLL C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll

(verified) aclock.exe C:\Program Files\Alpha Clock\aclock.exe
(verified) Acronis True Image C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
(verified) AnyDVD C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(verified) ATI External Event Utility for Windows C:\WINDOWS\system32\ati2evxx.dll
(verified) avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) COMODO Firewall Pro C:\Program Files\Comodo\Firewall\cpf.exe
(verified) GA311 Configuration Utility C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\scrnsave.scr
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Seagate DiscWizard C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
(verified) Seagate Scheduler Helper C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
(verified) Virtual CloneDrive C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(verified) Windows® Internet Explorer C:\WINDOWS\System32\webcheck.dll

Browser plugins
---------------
(unsigned) DNL Reader C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll
(unsigned) Garmin Communicator Plug-In C:\Program Files\Garmin GPS Plugin\npGarmin.dll
(unsigned) Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

(verified) AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) AutocompletePro c:\program files\autocompletepro\autocompletepro.dll
(verified) Bitdefender QuickScan C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) DefaultSearch Module c:\program files\asksearch\bin\defaultsearch.dll
(verified) DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
(verified) DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
(verified) DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
(verified) DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
(verified) DivX® Content Upload Plugin C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
(verified) FlashGot.exe C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\FlashGot.exe
(verified) FlpLaunch Module c:\program files\e-book systems\flipviewer\fplaunch.dll
(verified) Google Update C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
(verified) Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
(verified) Java(TM) Platform SE 6 U17 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U17 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\SHDOCVW.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) QuickTime Plug-in 7.1.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.1.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.1.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.1.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.1.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.1.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.1.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
(verified) RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
(verified) RealNetworks Rhapsody Player Engine C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
(verified) RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
(verified) RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
(verified) RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
(verified) RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
(verified) sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
(verified) SnagIt c:\program files\techsmith\snagit 8\snagitbho.dll
(verified) SnagIt c:\program files\techsmith\snagit 8\snagitieaddin.dll
(verified) Unity Player C:\Documents and Settings\Bill\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
(verified) Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

Missing files
-------------
File not found: C:\Program Files\Bonjour\mdnsNSP.dll
--> HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\"LibraryPath"

File not found: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"APSDaemon"

Scan
----
MD5: e807ee2ccfa29a5cc2e8a1a7d4200696 C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\seyjrfa.dll
MD5: 752156a216aa1e5c6bc09947182cc129 C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll
MD5: 232c3abb353e3a5a1c900e4b17a8cc02 C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll
MD5: a67de4ea6801603d66e4611f3f30f9ca C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll
MD5: c1c3799c4251bdb9a0260e245cb94407 C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll
MD5: 3c0f5a7fa9908c1dd25e7bb97df22295 C:\Program Files\Adobe\Reader 9.0\Reader\bib.dll
MD5: 042bfb51141456398b5029134c175905 C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll
MD5: 8704c9eacaa260cb1ebf51a083cf80cb C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
MD5: bdb16eef7602126f9bf44b97d769dcd2 C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.api
MD5: 67bad3c76dee7609579cf248386931d9 C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Updater.api
MD5: faef2d2f360416f01297ad16a88bff5e C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MD5: 2c17e759f719a9d6adcb09397c4ce384 C:\Program Files\AVAST Software\Avast\defs\12032100\algo.dll
MD5: f1a8ddf61d9cb361798f15f5ae0e77db C:\Program Files\AVAST Software\Avast\defs\12032200\algo.dll
MD5: 4d79f2538e789c988db0ecab8bef79f4 C:\Program Files\AVAST Software\Avast\defs\12032200\uiExt.dll
MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 71221415676eb426775cb410ce9e9832 C:\Program Files\FileZilla FTP Client\fzshellext.dll
MD5: fa62cb8c9b7dc884692dc519f9203403 C:\Program Files\Garmin GPS Plugin\npGarmin.dll
MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: b7ac1fb1376cb3b5d61f80f7b2b9ea94 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 1b160e88efa65663179d3fb7d7f41cab C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe
MD5: 2423cf371ffe31b219e5d9e58101fde3 C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll
MD5: 174864806518cf559998e0b833f8e554 C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
MD5: b2f0feb158bf81bdf2af28b754f923f1 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 029dfe30b45e7f2c8a50f2f48a9ece7f C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
MD5: 7f2fdce28f3c3c3397179c9322fa5e2d C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
MD5: 7a78c0aea5189e3aa5ab4ecf1f0a4ad6 C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
MD5: daa4fe9a4e7bb93a9e3e2edd6297c13d C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
MD5: f09572d67b6fa5a8e1eb719ebb168ab4 C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
MD5: 1a9cfa68a7704fdefef3ff66796db192 C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
MD5: 79b6b9a3d9cab0b2ed6ef5ef0a8ec570 C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
MD5: 19f00e91c61e3b35f4bc19ffa958f4dc C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
MD5: 272002fa4c170f529f82e57db471b37f C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
MD5: c69db7d48df9674c3badb9825d6de1d8 C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
MD5: bcd3e78a9da295062f272e0600091f1f C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
MD5: 610dd8280c22884a9652940631a68891 C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
MD5: 07c8de0ffb2f65f360e5487b57aac35a C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
MD5: e109d6a27ccf2197790d7408cac1797c C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
MD5: 970fd056796942b881e8a86097635551 C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.qtx
MD5: a1da90b9ea5eaf6b5716d0c4a9240b65 C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
MD5: 6a1ae1631fcc65044658ccd3d32ac118 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
MD5: 42b3e15802709a61e0a5d6b8fb46af00 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
MD5: 12da382d17caf7677224a3be5b1de2f5 C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
MD5: 823d4d171e0ada744b43912d6f10e5e6 C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.qtx
MD5: 5d41bcd19a3d90e4ebb58a6bfb79e4f7 C:\Program Files\Windows Media Player\npdsplay.dll
MD5: 452705ac9e4c0dde91a61f0e02292423 C:\WINDOWS\System32\l3codeca.acm
MD5: 13001eb0a58b4de96126b16ab15fd8cc C:\WINDOWS\system32\PNCRT.dll
MD5: f1dac7969c1337af790bd1d981aa780c C:\WINDOWS\System32\qmgrprxy.dll
MD5: 7facb452456ef5c053af3ee4b228fe0d C:\WINDOWS\System32\XPOB2RES.DLL

No file uploaded.

Scan finished - communication took 9 sec
Total traffic - 0.00 MB sent, 0.20 KB recvd
Scanned 733 files and modules - 75 seconds

==============================================================================


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
reply to sagan45

Re: [Malware] Google / Firefox Redirects

Sagan...to keep everything in one thread for easier analysis..please use the topic "reply" button found under my post, vs the "new topic" button. Thanks

I'm adding your separate thread info here for you:

MBAM log

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Bill :: WRIGHT2 [administrator]

Protection: Enabled

3/20/2012 11:13:47 AM
mbam-log-2012-03-20 (11-13-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 525137
Time elapsed: 4 hour(s), 10 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\XP Deluxe Protector (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Documents and Settings\Bill\XP Deluxe Protector (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.

Files Detected: 14
C:\Documents and Settings\Bill\Desktop\DESK-2012\Google SketchUp-8 Software & Books\Google_SketchUP_PRO_8.0.4811\Crk\Patch google.sketchup.pro.8.0.4811-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Games\Valve\Portal-Valve\oggdec.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\NewsLeecher\crack-newslech38final.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\Thinstall\Advanced System Optimizer\4000001700002i\HighestAvailable.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\DESK-2012\Google SketchUp-8 Software & Books\Google_SketchUP_PRO_8.0.4811\Crk\keygen google.sketchup.pro.8.0.4811-MPT.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\RS-Downloads-2\Acronis True Image 11-keygen\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\Leslie-2010\Leslie - computers-INSTALL - DOWNLOADS\Acronis True Image 11-keygen\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\PCA-Project--ALL\Batch Watermark Creator v7.0.2\Batch Watermark Creator.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\PCA-Project--ALL\Batch Watermark Creator v7.0.2\Stubs\3db2aa111126ce7632e25c471e9ce5866358170\ImgEditor.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Desktop\PCA-Project--ALL\Batch Watermark Creator v7.0.2\Stubs\ffa483a1aca6dd6b3ad4c9464520f77994721a82\TplEditor.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Application Data\Thinstall\Cache\Stubs\e9316e47a7949413cc2a88267a8fae2574bb9e2\DfsdkS.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gdi32lib.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\XP Deluxe Protector\1.exe (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\XP Deluxe Protector\xpdeluxe.exe (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.

(end)
-------------------------
Many thanks!
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


sagan45

join:2012-03-22
Parker, CO

Will do, sorry for the error, this is new to me. Very grateful for the help!

Cheers



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to sagan45

First:
Use Add/Remove Programs to uninstall AutocompletePro

Second:
Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:


:OTL
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Once you see a message box "Fix complete! Click OK to open the fix log."
[*]Click the OK button
[*]The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Third:

Please go to »www.virustotal.com/

Press the 'Browse' button to the right of the yellow box.

Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.


C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll



Click on the Send File button

Note: If you can't find the file, let me know in your next post.

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.

If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.

If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

sagan45

join:2012-03-22
Parker, CO

Steps 1 & 2 Done
--------------------
OTL logfile created on: 3/22/2012 7:28:37 PM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.54% Memory free
3.85 Gb Paging File | 3.47 Gb Available in Paging File | 90.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 197.09 Gb Free Space | 42.32% Space Free | Partition Type: NTFS

Computer Name: WRIGHT2 | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/03/20 09:16:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance\OTL.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/10/16 17:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 17:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 17:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 15:31:27 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2007/02/09 15:56:06 | 000,361,040 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe
PRC - [2003/12/25 18:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
PRC - [2003/10/23 04:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe
PRC - [2003/09/26 21:03:36 | 000,888,832 | ---- | M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe
PRC - [2003/07/29 21:04:06 | 000,630,272 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe
PRC - [1999/08/31 04:36:00 | 000,778,240 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt32\snagit32.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/03/21 22:58:43 | 001,744,896 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032200\algo.dll
MOD - [2011/03/27 13:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/16 16:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files\Seagate\DiscWizard\fox.dll
MOD - [2004/01/22 18:36:28 | 000,120,832 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/01/05 00:27:36 | 000,565,248 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll
MOD - [2003/12/25 18:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
MOD - [2003/12/25 18:53:08 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll
MOD - [2003/10/23 04:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe
MOD - [2003/09/26 21:03:36 | 000,888,832 | ---- | M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe
MOD - [1998/09/22 07:00:00 | 000,033,792 | ---- | M] () -- C:\Program Files\WinZip\WZSHLEXT.DLL

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/03/04 15:31:27 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/02/09 15:56:06 | 000,361,040 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (CmdAgent)
SRV - [2007/01/25 10:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/01/05 00:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/29 21:04:06 | 000,630,272 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe -- (ERDAS License Server)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbicp.sys -- (uisp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/15 14:12:34 | 000,025,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/08 11:36:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/08/19 08:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/04/16 15:10:30 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/04/16 15:10:30 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/04/16 15:10:28 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/04/16 15:10:25 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010/05/13 09:46:58 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009/09/29 21:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/04 15:31:25 | 000,008,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2008/02/05 21:22:59 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/01/23 01:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007/02/09 15:56:07 | 000,075,520 | ---- | M] (Comodo Research Lab., Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdmon.sys -- (CmdMon)
DRV - [2007/02/09 15:56:07 | 000,051,328 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2007/01/25 10:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2006/11/28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/08/02 09:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/08/19 06:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 19:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 19:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/12/25 18:53:10 | 000,067,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2003/12/25 18:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2003/12/25 18:53:10 | 000,008,440 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2003/07/10 02:40:38 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/07/10 02:38:28 | 000,651,792 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/06/27 01:24:54 | 000,159,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/06/27 01:24:42 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/06/19 20:33:40 | 000,136,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/06/19 20:33:24 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/06/19 20:33:16 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/19 20:33:02 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 19:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/05/22 12:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {A713DAD0-9506-4A26-A8E8-578BCD1D2613}
IE - HKCU\..\SearchScopes\{A713DAD0-9506-4A26-A8E8-578BCD1D2613}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Bill\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Bill\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/10 17:02:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 12:27:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 10:09:50 | 000,000,000 | ---D | M]

[2010/12/09 11:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Extensions
[2012/03/21 13:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\extensions
[2012/01/16 09:45:31 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/12/27 08:38:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/21 13:38:55 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/31 10:43:28 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\fc1r2p8j.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2012/02/13 10:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/17 12:27:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/03 10:16:18 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\mozilla firefox\plugins\npdbplug.dll
[2012/02/08 10:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 10:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/13 22:50:07 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\Comodo\Firewall\CPF.exe (COMODO)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKCU..\Run: [Alpha Clock] C:\Program Files\Alpha Clock\aclock.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Update] C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll (eMajix.com, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .m4v - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Scuba-2048x1152.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Scuba-2048x1152.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/09 13:35:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0cceb712-093a-11df-b64c-0013d4abdac8}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/03/22 11:49:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/21 13:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\QuickScan
[2012/03/21 09:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/20 17:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~LOGS
[2012/03/20 17:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Class-07
[2012/03/20 10:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes
[2012/03/20 10:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/20 10:39:27 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/20 10:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/20 10:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/16 16:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\4_H-2012
[2012/03/16 13:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Styx-The Grand Illusion
[2012/03/16 10:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\CENTRAL AMERICA
[2012/03/16 09:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\CHARTS-misc
[2012/03/16 09:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\WANT-GET
[2012/03/16 09:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\LIBRARYs
[2012/03/15 13:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/15 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/03/15 13:54:19 | 007,150,680 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe
[2012/03/15 12:27:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bill\IECompatCache
[2012/03/13 22:51:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/13 22:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/13 12:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Google hiJack
[2012/03/12 21:23:43 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012/03/07 11:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Star-Path Materials
[2012/03/07 09:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~~~ADE-test
[2012/03/07 09:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/03/03 16:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~~NZBs
[2012/03/03 16:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Forte----------DOWNLOAD
[2012/03/03 15:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Forte
[2012/03/03 15:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Start Menu\Programs\Forte Agent
[2012/03/03 15:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Agent
[2012/03/02 20:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Panama Guide-Zydler-confusion
[2012/03/02 11:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Forte
[2012/03/01 13:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\wilderness-survival.net
[2012/02/26 16:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2012/02/26 16:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Complete National Geographic
[2012/02/26 16:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\natgeo_temp
[2012/02/26 16:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\National Geographic
[2012/02/26 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\National Geographic
[2012/02/22 09:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\PCA-HTML-2012-test
[2012/02/22 09:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\PCA-Project--ALL

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/03/22 19:38:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/22 18:24:31 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/22 18:21:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/22 18:19:51 | 000,030,072 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/22 18:19:51 | 000,030,072 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/22 18:19:51 | 000,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/22 18:19:51 | 000,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/22 18:19:51 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/03/22 18:19:51 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/03/22 18:19:51 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat
[2012/03/22 18:19:51 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat
[2012/03/22 16:32:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/22 14:17:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/03/22 14:17:37 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Bill\default.pls
[2012/03/20 14:56:58 | 002,566,888 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 7-partial.pdf
[2012/03/20 10:42:49 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/20 08:55:02 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/15 14:12:34 | 000,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/03/15 13:52:16 | 007,150,680 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe
[2012/03/15 12:52:31 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2012/03/12 21:25:10 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf
[2012/03/12 17:38:55 | 000,726,329 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf
[2012/03/10 17:02:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/09 12:06:41 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/06 22:06:08 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf
[2012/03/06 17:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 17:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 17:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 08:34:56 | 006,372,918 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2012/03/03 15:25:13 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk
[2012/02/28 22:03:42 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf
[2012/02/26 16:47:03 | 000,001,023 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Complete National Geographic.lnk
[2012/02/24 12:45:43 | 018,000,054 | ---- | M] () -- C:\WINDOWS\~Miss Reef-Panama-boat 0001-PG.bmp
[2012/02/21 22:09:54 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_21 22_09.rtf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/03/20 16:55:53 | 002,566,888 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 7-partial.pdf
[2012/03/20 10:39:29 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/16 16:24:51 | 012,345,782 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Half Life 2 - Triage At Dawn (longer version).mp3
[2012/03/15 13:59:06 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/03/12 21:25:10 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf
[2012/03/12 17:38:54 | 000,726,329 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf
[2012/03/10 13:58:07 | 004,852,889 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Cody-Primitive Technology - II - Ancestral Skills.jpg
[2012/03/07 09:12:52 | 000,001,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/03/06 22:06:08 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf
[2012/03/03 15:25:13 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk
[2012/02/28 22:03:42 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf
[2012/02/26 16:47:03 | 000,001,023 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Complete National Geographic.lnk
[2012/02/24 12:46:03 | 018,000,054 | ---- | C] () -- C:\WINDOWS\~Miss Reef-Panama-boat 0001-PG.bmp
[2012/02/21 22:09:54 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_21 22_09.rtf
[2011/11/26 15:40:29 | 000,004,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh
[2011/03/30 14:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/03 10:16:19 | 000,894,616 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2010/10/03 10:16:19 | 000,245,840 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:25AE869A9B611316
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C581A570
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

----------------------------------------------------
After reboot there was no folder: C:\_OTL\MovedFiles
Will post your additional steps later.
Thank you!

sagan45

join:2012-03-22
Parker, CO

1 recommendation

virustotal.com results -Re: [Malware] Google / Firefox Redirects

virustotal.com results link:

»www.virustotal.com/file/842b5890···nalysis/

No problem finding
C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll

I saw no other files listed for scanning.

Thank you again!


sagan45

join:2012-03-22
Parker, CO

Re: virustotal.com results -Re: [Malware] Google / Firefox Redir

I think this is the last of the items you requested me to do. The virustotal site looked a bit different than your description so I hope I did it right. Please let me know if I did OK or need to do more.

Thank you again!



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to sagan45

Re: [Malware] Google / Firefox Redirects

No that was fine.

Time for a status update. What problem(s) have not been resolved?


sagan45

join:2012-03-22
Parker, CO

Still getting intermittent Google redirects in Firefox.
The two this morning were:

www.gimmeanswers.com
www.localdouble.com

When I mouse over a link in Googles search results it show a different URL at the bottom of the page than the one listed in the search. If I right-click to copy the link it is a valid URL but if I open the link in a new tab it redirects to places like above. Oddly a few minutes later the correct URL is visible when hover the mouse over the same link. Last, within a few minutes the computer freezes and nothing will respond. The clock on the desktop keeps ticking and the nums-lock key works. When I restart the machine with the internet cable unplugged it doesn't freeze. I have screen shots if it would be helpful and possible.

Thank you!



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to sagan45

To eliminate an add-on as as the source, run Firefox for a day with all add-ons disabled, then post back and let me know if you are still re-directed.

Note: To run Firefox without add-ons, select Firefox -> Help -> Restart with Add-ons Disabled.....


sagan45

join:2012-03-22
Parker, CO

Roger Wilco


sagan45

join:2012-03-22
Parker, CO
reply to LoPhatPhuud

Click for full size
Click for full size
Here are two screen caps that show the redirect link, (red arrow) with the mouse hovering over the exact same link. These were taken after disabling all add-ons in Firefox and within just a few minutes of each other.

I don't suppose un-installing and re-installing Firefox would help?

Thanks again!


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to sagan45

Thanks. I don't get the redirect using Firefox 12b2.

I'ld like a current OTL log, and then we'll go from there. Run OTL again, and post the log in this thread. Note that there will not be a new Extras log this time.


sagan45

join:2012-03-22
Parker, CO

Will do, I just went through my screen captures again and found I made a mistake. When you gave me the code to paste into OTL I clicked "Run Scan" rather than "Run Fix". I am going to do that portion again and will post that log. Very sorry for not following more closely.


sagan45

join:2012-03-22
Parker, CO

OTL Result from you custom "Run Fix"
________________________________
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
File C:\Program Files\AutocompletePro\AutocompletePro.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2.000
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Bill
->Temp folder emptied: 3103313 bytes
->Temporary Internet Files folder emptied: 1280034 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 3841496 bytes
->Flash cache emptied: 470 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2.000
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2.001
->Flash cache emptied: 0 bytes

User: All Users

User: Bill
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.39.1 log created on 03272012_121535



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to sagan45

Thanks. Just be sure to run OTL again, (scan) and post the new log.

Also, did running the fix make any difference to the redirects?


sagan45

join:2012-03-22
Parker, CO

Will do on additional OTL scan.

It did make a difference, I think. I uninstalled FF & installed the 12b2 then upon reboot Adaware instantly flagged a trojan here:

C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll

Which is exactly where you directed me to earlier. Avast seemed to have moved that file to a chest, then the only other file in that directory was flagged as a trojan too. Now that folder is empty and I "think" I'm good again, at least not seeing any redirects. Just hope nothing is still running below the radar and getting past Avast & Comodo. Thank you again!

I have a class so will not be able to post new OTL log till later tonight.


sagan45

join:2012-03-22
Parker, CO
reply to LoPhatPhuud

Here is an OTL scan from this morning, LOP & Purity checked:

OTL logfile created on: 3/28/2012 7:57:35 AM - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.46% Memory free
3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 203.46 Gb Free Space | 43.68% Space Free | Partition Type: NTFS

Computer Name: WRIGHT2 | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/03/20 09:16:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance\OTL.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/10/16 17:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 17:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 17:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 15:31:27 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2007/02/09 15:56:07 | 001,115,728 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cpf.exe
PRC - [2007/02/09 15:56:06 | 000,361,040 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe
PRC - [2003/12/25 18:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
PRC - [2003/10/23 04:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe
PRC - [2003/09/26 21:03:36 | 000,888,832 | ---- | M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe
PRC - [2003/07/29 21:04:06 | 000,630,272 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe
PRC - [1999/08/31 04:36:00 | 000,778,240 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt32\snagit32.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/03/28 01:16:02 | 001,751,040 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032801\algo.dll
MOD - [2012/03/27 14:35:40 | 001,751,040 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032702\algo.dll
MOD - [2011/03/27 13:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/16 16:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files\Seagate\DiscWizard\fox.dll
MOD - [2004/01/05 00:27:36 | 000,565,248 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll
MOD - [2003/12/25 18:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
MOD - [2003/12/25 18:53:08 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll
MOD - [2003/10/23 04:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe
MOD - [2003/09/26 21:03:36 | 000,888,832 | ---- | M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/03/04 15:31:27 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/02/09 15:56:06 | 000,361,040 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (CmdAgent)
SRV - [2007/01/25 10:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/01/05 00:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/29 21:04:06 | 000,630,272 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe -- (ERDAS License Server)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbicp.sys -- (uisp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/15 14:12:34 | 000,025,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/09/08 11:36:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/08/19 08:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/04/16 15:10:30 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/04/16 15:10:30 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/04/16 15:10:28 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/04/16 15:10:25 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010/05/13 09:46:58 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009/09/29 21:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/04 15:31:25 | 000,008,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2008/02/05 21:22:59 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/01/23 01:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007/02/09 15:56:07 | 000,075,520 | ---- | M] (Comodo Research Lab., Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdmon.sys -- (CmdMon)
DRV - [2007/02/09 15:56:07 | 000,051,328 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2007/01/25 10:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2006/11/28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/08/02 09:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/08/19 06:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 19:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 19:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/12/25 18:53:10 | 000,067,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2003/12/25 18:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2003/12/25 18:53:10 | 000,008,440 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2003/07/10 02:40:38 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/07/10 02:38:28 | 000,651,792 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/06/27 01:24:54 | 000,159,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/06/27 01:24:42 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/06/19 20:33:40 | 000,136,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/06/19 20:33:24 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/06/19 20:33:16 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/19 20:33:02 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 19:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/05/22 12:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {A713DAD0-9506-4A26-A8E8-578BCD1D2613}
IE - HKCU\..\SearchScopes\{A713DAD0-9506-4A26-A8E8-578BCD1D2613}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Bill\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Bill\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/10 17:02:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/27 17:39:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 10:09:50 | 000,000,000 | ---D | M]

[2012/03/27 13:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Extensions
[2012/03/27 17:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\a291dqfd.default\extensions
[2012/03/27 17:41:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\a291dqfd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/27 17:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 21:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/03 10:16:18 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\mozilla firefox\plugins\npdbplug.dll
[2012/03/12 21:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 21:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/13 22:50:07 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\Comodo\Firewall\CPF.exe (COMODO)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKCU..\Run: [Alpha Clock] C:\Program Files\Alpha Clock\aclock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .m4v - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EB6E9C4-20D6-410C-9CF3-FC28F85C473F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\REEF-Panama-01.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\REEF-Panama-01.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/09 13:35:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0cceb712-093a-11df-b64c-0013d4abdac8}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/03/27 18:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Class-08-snags
[2012/03/27 14:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Plustek scanner-3600
[2012/03/27 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Red Frog marina
[2012/03/27 13:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\Downloads
[2012/03/27 13:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Firefox Setup
[2012/03/27 12:15:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/22 11:49:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/21 13:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\QuickScan
[2012/03/21 09:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/20 17:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~LOGS
[2012/03/20 10:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes
[2012/03/20 10:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/20 10:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/16 16:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\4_H-2012
[2012/03/16 13:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Styx-The Grand Illusion
[2012/03/16 10:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\CENTRAL AMERICA
[2012/03/16 09:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\CHARTS-misc
[2012/03/16 09:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\WANT-GET
[2012/03/16 09:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\LIBRARYs
[2012/03/15 13:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/15 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/03/15 13:54:19 | 007,150,680 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe
[2012/03/15 12:27:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bill\IECompatCache
[2012/03/13 22:51:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/13 22:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/13 12:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Google hiJack
[2012/03/12 21:23:43 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012/03/07 11:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Star-Path Materials
[2012/03/07 09:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~~~ADE-test
[2012/03/07 09:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/03/03 16:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~~NZBs
[2012/03/03 16:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Forte----------DOWNLOAD
[2012/03/03 15:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Forte
[2012/03/03 15:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Start Menu\Programs\Forte Agent
[2012/03/03 15:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Agent
[2012/03/02 20:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Panama Guide-Zydler-confusion
[2012/03/02 11:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Forte
[2012/03/01 13:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\wilderness-survival.net

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/03/28 07:51:18 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 07:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/27 22:27:53 | 000,030,072 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,030,072 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/03/27 22:27:53 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/03/27 22:27:53 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat
[2012/03/27 22:27:53 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat
[2012/03/27 21:56:41 | 000,007,080 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_27 21_56.rtf
[2012/03/27 21:38:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/27 18:26:16 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/03/27 17:55:11 | 002,910,937 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 8.pdf
[2012/03/27 17:39:33 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/27 17:39:33 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/27 14:41:04 | 000,517,663 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\banzai_lunch_5_2008.pdf
[2012/03/27 14:00:41 | 001,490,120 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\sleeps-4.jpg
[2012/03/27 14:00:16 | 000,069,211 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\sleeps-6.jpg
[2012/03/26 12:06:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012/03/26 11:16:54 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\ASO-result.htm
[2012/03/26 10:19:19 | 003,449,966 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Bookmarks-FF-2012-03-26.html
[2012/03/26 10:15:51 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2012/03/25 13:29:35 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/23 09:37:02 | 001,252,467 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\the emerald forest 6.4-GB.nzb
[2012/03/22 16:32:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/22 14:17:37 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Bill\default.pls
[2012/03/15 14:12:34 | 000,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/03/15 13:52:16 | 007,150,680 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe
[2012/03/12 21:25:10 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf
[2012/03/12 17:38:55 | 000,726,329 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf
[2012/03/10 17:02:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/09 12:06:41 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/06 22:06:08 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf
[2012/03/06 17:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 17:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 17:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 08:34:56 | 006,372,918 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2012/03/03 15:25:13 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk
[2012/02/28 22:03:42 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/03/27 21:56:41 | 000,007,080 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_27 21_56.rtf
[2012/03/27 17:55:09 | 002,910,937 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 8.pdf
[2012/03/27 17:39:33 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/27 17:39:33 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/27 17:39:33 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/27 14:49:43 | 001,252,467 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\the emerald forest 6.4-GB.nzb
[2012/03/27 14:41:04 | 000,517,663 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\banzai_lunch_5_2008.pdf
[2012/03/27 14:00:41 | 001,490,120 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\sleeps-4.jpg
[2012/03/27 14:00:15 | 000,069,211 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\sleeps-6.jpg
[2012/03/26 12:06:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/03/26 11:16:54 | 000,002,273 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\ASO-result.htm
[2012/03/26 10:19:17 | 003,449,966 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Bookmarks-FF-2012-03-26.html
[2012/03/16 16:24:51 | 012,345,782 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Half Life 2 - Triage At Dawn (longer version).mp3
[2012/03/15 13:59:06 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/03/12 21:25:10 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf
[2012/03/12 17:38:54 | 000,726,329 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf
[2012/03/10 13:58:07 | 004,852,889 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Cody-Primitive Technology - II - Ancestral Skills.jpg
[2012/03/07 09:12:52 | 000,001,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/03/06 22:06:08 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf
[2012/03/03 15:25:13 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk
[2012/02/28 22:03:42 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf
[2011/11/26 15:40:29 | 000,004,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh
[2010/10/03 10:16:19 | 000,894,616 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2010/10/03 10:16:19 | 000,245,840 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/06/17 15:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/04/30 15:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/10/31 14:01:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CENKEYS
[2007/05/07 09:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2007/05/07 09:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
[2007/05/15 21:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/05/26 15:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2009/01/05 12:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugawi
[2012/03/13 22:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/15 13:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/06/30 08:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/05/26 15:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2011/04/29 17:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/01/08 21:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2009/04/09 23:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/12/07 09:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/04/24 12:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rose Point Navigation Systems
[2008/03/18 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/06/14 16:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sctemp
[2011/04/16 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/10/21 08:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SeaTTY
[2007/05/15 21:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/01/02 10:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/03/05 13:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/07 05:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbsPlus
[2008/01/31 10:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/09/24 12:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2008/02/07 10:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2011/10/20 10:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/06 15:48:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AD4FF8EF-B0C1-424D-B091-EE480EE8C7B5}
[2011/04/29 15:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2007/04/16 12:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Acronis
[2010/01/11 08:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Amazon
[2009/06/21 18:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Auslogics
[2009/04/19 01:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\avidemux
[2011/11/11 13:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\butel
[2007/08/30 10:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Canon
[2008/10/30 13:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CARIS
[2009/06/24 14:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CasaPortale.de
[2012/02/26 16:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2007/05/10 18:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Common Files
[2009/02/16 15:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ContentGuard
[2010/08/31 06:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\DataCast
[2009/06/24 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Design-Lib.Com
[2009/06/19 22:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\DNA
[2007/05/04 17:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\EBookSys
[2007/05/07 09:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\eFax Messenger
[2008/09/18 14:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Feedreader
[2012/03/27 16:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\FileZilla
[2008/07/09 08:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Flickr
[2010/05/28 08:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\foobar2000
[2012/03/03 15:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Forte
[2009/01/05 12:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Fugawi
[2007/06/25 08:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GARMIN
[2010/01/24 11:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Gearbox Software
[2008/02/04 11:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GetRightToGo
[2007/02/14 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Leadertech
[2012/02/11 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\MapTap
[2011/08/30 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Mobipocket
[2008/06/19 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Moyea
[2008/01/22 15:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\NewsBin
[2008/05/22 16:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\NewsLeecher
[2009/04/09 23:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nitro PDF
[2010/12/06 13:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Opera
[2012/01/03 09:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\OverDrive
[2009/05/20 23:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\PolarNavy
[2012/03/22 09:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\QuickScan
[2011/11/11 13:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Radioshack
[2008/01/09 16:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ScanSoft
[2008/01/30 14:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SLAutoSave
[2007/05/15 21:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SlySoft
[2010/05/26 13:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Stellarium
[2007/03/11 12:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Systweak
[2011/11/30 12:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Thinstall
[2010/03/07 05:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ThumbsPlus
[2009/12/04 17:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Unity
[2010/07/24 16:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Vso
[2008/01/09 17:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Zeon

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:25AE869A9B611316
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C581A570
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to sagan45

I don't trust any detects from AdAware so I want to verify the detect.

Please go to »www.virustotal.com/

Press the 'Browse' button to the right of the yellow box.

Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.


C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll


Click on the Send File button

Note: If you can't find the file, let me know in your next post.

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.

If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.

If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.

Note: I'll be away for a few hours but I'll check in when I get back.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


sagan45

join:2012-03-22
Parker, CO

This directory is now empty:
C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\


sagan45

join:2012-03-22
Parker, CO
reply to LoPhatPhuud

My mistake again, AVAST! detected a trojan in C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll
Not adaware.



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

1 recommendation

reply to sagan45

The OTL log is clean. The Avast detect is most likely a false positive. To my knowledge it's safe. If it happens again, follow my instructions above and submit it to Virus Total.

Are you still having the redirects???


sagan45

join:2012-03-22
Parker, CO

1 recommendation

Will do. No redirects at this point. Thank you so very much! I'll buy you a big double cheese burger smothered in green next time I'm through Albuquerque.

Cheers,
Sagan45



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to sagan45

Thanks. Only remaining thing to do is cleanup...

Cleaning Up:

Delete TFC:

  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum