dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
4626
share rss forum feed

sagan45

join:2012-03-22
Parker, CO
reply to sagan45

Re: [Malware] Google / Firefox Redirects

OTL Result from you custom "Run Fix"
________________________________
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
File C:\Program Files\AutocompletePro\AutocompletePro.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2.000
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Bill
->Temp folder emptied: 3103313 bytes
->Temporary Internet Files folder emptied: 1280034 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 3841496 bytes
->Flash cache emptied: 470 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2.000
->Flash cache emptied: 0 bytes

User: Administrator.WRIGHT2.001
->Flash cache emptied: 0 bytes

User: All Users

User: Bill
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.39.1 log created on 03272012_121535


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to sagan45
Thanks. Just be sure to run OTL again, (scan) and post the new log.

Also, did running the fix make any difference to the redirects?

sagan45

join:2012-03-22
Parker, CO
Will do on additional OTL scan.

It did make a difference, I think. I uninstalled FF & installed the 12b2 then upon reboot Adaware instantly flagged a trojan here:

C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll

Which is exactly where you directed me to earlier. Avast seemed to have moved that file to a chest, then the only other file in that directory was flagged as a trojan too. Now that folder is empty and I "think" I'm good again, at least not seeing any redirects. Just hope nothing is still running below the radar and getting past Avast & Comodo. Thank you again!

I have a class so will not be able to post new OTL log till later tonight.

sagan45

join:2012-03-22
Parker, CO
reply to LoPhatPhuud
Here is an OTL scan from this morning, LOP & Purity checked:

OTL logfile created on: 3/28/2012 7:57:35 AM - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.46% Memory free
3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 203.46 Gb Free Space | 43.68% Space Free | Partition Type: NTFS

Computer Name: WRIGHT2 | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/03/20 09:16:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance\OTL.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/10/16 17:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 17:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 17:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 15:31:27 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2007/02/09 15:56:07 | 001,115,728 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cpf.exe
PRC - [2007/02/09 15:56:06 | 000,361,040 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe
PRC - [2003/12/25 18:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
PRC - [2003/10/23 04:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe
PRC - [2003/09/26 21:03:36 | 000,888,832 | ---- | M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe
PRC - [2003/07/29 21:04:06 | 000,630,272 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe
PRC - [1999/08/31 04:36:00 | 000,778,240 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt32\snagit32.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/03/28 01:16:02 | 001,751,040 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032801\algo.dll
MOD - [2012/03/27 14:35:40 | 001,751,040 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032702\algo.dll
MOD - [2011/03/27 13:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/16 16:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files\Seagate\DiscWizard\fox.dll
MOD - [2004/01/05 00:27:36 | 000,565,248 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll
MOD - [2003/12/25 18:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
MOD - [2003/12/25 18:53:08 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll
MOD - [2003/10/23 04:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe
MOD - [2003/09/26 21:03:36 | 000,888,832 | ---- | M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/03/04 15:31:27 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/02/09 15:56:06 | 000,361,040 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (CmdAgent)
SRV - [2007/01/25 10:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/01/05 00:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/29 21:04:06 | 000,630,272 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe -- (ERDAS License Server)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbicp.sys -- (uisp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/15 14:12:34 | 000,025,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/09/08 11:36:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/08/19 08:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/04/16 15:10:30 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/04/16 15:10:30 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/04/16 15:10:28 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/04/16 15:10:25 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010/05/13 09:46:58 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009/09/29 21:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/04 15:31:25 | 000,008,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2008/02/05 21:22:59 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/01/23 01:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007/02/09 15:56:07 | 000,075,520 | ---- | M] (Comodo Research Lab., Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdmon.sys -- (CmdMon)
DRV - [2007/02/09 15:56:07 | 000,051,328 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2007/01/25 10:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2006/11/28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/08/02 09:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/08/19 06:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 19:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 19:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/12/25 18:53:10 | 000,067,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2003/12/25 18:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2003/12/25 18:53:10 | 000,008,440 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2003/07/10 02:40:38 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/07/10 02:38:28 | 000,651,792 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/06/27 01:24:54 | 000,159,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/06/27 01:24:42 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/06/19 20:33:40 | 000,136,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/06/19 20:33:24 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/06/19 20:33:16 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/19 20:33:02 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 19:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/05/22 12:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {A713DAD0-9506-4A26-A8E8-578BCD1D2613}
IE - HKCU\..\SearchScopes\{A713DAD0-9506-4A26-A8E8-578BCD1D2613}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Bill\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Bill\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/10 17:02:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/27 17:39:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 10:09:50 | 000,000,000 | ---D | M]

[2012/03/27 13:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Extensions
[2012/03/27 17:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\a291dqfd.default\extensions
[2012/03/27 17:41:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\a291dqfd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/27 17:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 21:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/03 10:16:18 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\mozilla firefox\plugins\npdbplug.dll
[2012/03/12 21:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 21:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/13 22:50:07 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\Comodo\Firewall\CPF.exe (COMODO)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKCU..\Run: [Alpha Clock] C:\Program Files\Alpha Clock\aclock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .m4v - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EB6E9C4-20D6-410C-9CF3-FC28F85C473F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\REEF-Panama-01.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\REEF-Panama-01.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/09 13:35:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0cceb712-093a-11df-b64c-0013d4abdac8}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/03/27 18:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Class-08-snags
[2012/03/27 14:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Plustek scanner-3600
[2012/03/27 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Red Frog marina
[2012/03/27 13:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\Downloads
[2012/03/27 13:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Firefox Setup
[2012/03/27 12:15:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/22 11:49:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/21 13:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\QuickScan
[2012/03/21 09:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/20 17:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~LOGS
[2012/03/20 10:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes
[2012/03/20 10:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/20 10:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/16 16:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\4_H-2012
[2012/03/16 13:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Styx-The Grand Illusion
[2012/03/16 10:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\CENTRAL AMERICA
[2012/03/16 09:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\CHARTS-misc
[2012/03/16 09:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\WANT-GET
[2012/03/16 09:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\LIBRARYs
[2012/03/15 13:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/15 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/03/15 13:54:19 | 007,150,680 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe
[2012/03/15 12:27:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bill\IECompatCache
[2012/03/13 22:51:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/13 22:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/13 12:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Google hiJack
[2012/03/12 21:23:43 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012/03/07 11:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Star-Path Materials
[2012/03/07 09:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~~~ADE-test
[2012/03/07 09:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/03/03 16:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~~NZBs
[2012/03/03 16:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Forte----------DOWNLOAD
[2012/03/03 15:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Forte
[2012/03/03 15:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Start Menu\Programs\Forte Agent
[2012/03/03 15:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Agent
[2012/03/02 20:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Panama Guide-Zydler-confusion
[2012/03/02 11:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Forte
[2012/03/01 13:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\wilderness-survival.net

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/03/28 07:51:18 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 07:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/27 22:27:53 | 000,030,072 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,030,072 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/03/27 22:27:53 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/03/27 22:27:53 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat
[2012/03/27 22:27:53 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat
[2012/03/27 21:56:41 | 000,007,080 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_27 21_56.rtf
[2012/03/27 21:38:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/27 18:26:16 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/03/27 17:55:11 | 002,910,937 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 8.pdf
[2012/03/27 17:39:33 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/27 17:39:33 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/27 14:41:04 | 000,517,663 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\banzai_lunch_5_2008.pdf
[2012/03/27 14:00:41 | 001,490,120 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\sleeps-4.jpg
[2012/03/27 14:00:16 | 000,069,211 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\sleeps-6.jpg
[2012/03/26 12:06:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012/03/26 11:16:54 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\ASO-result.htm
[2012/03/26 10:19:19 | 003,449,966 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Bookmarks-FF-2012-03-26.html
[2012/03/26 10:15:51 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2012/03/25 13:29:35 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/23 09:37:02 | 001,252,467 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\the emerald forest 6.4-GB.nzb
[2012/03/22 16:32:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/22 14:17:37 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Bill\default.pls
[2012/03/15 14:12:34 | 000,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/03/15 13:52:16 | 007,150,680 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe
[2012/03/12 21:25:10 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf
[2012/03/12 17:38:55 | 000,726,329 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf
[2012/03/10 17:02:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/09 12:06:41 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/06 22:06:08 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf
[2012/03/06 17:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 17:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 17:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 08:34:56 | 006,372,918 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2012/03/03 15:25:13 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk
[2012/02/28 22:03:42 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/03/27 21:56:41 | 000,007,080 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_27 21_56.rtf
[2012/03/27 17:55:09 | 002,910,937 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 8.pdf
[2012/03/27 17:39:33 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/27 17:39:33 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/27 17:39:33 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/27 14:49:43 | 001,252,467 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\the emerald forest 6.4-GB.nzb
[2012/03/27 14:41:04 | 000,517,663 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\banzai_lunch_5_2008.pdf
[2012/03/27 14:00:41 | 001,490,120 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\sleeps-4.jpg
[2012/03/27 14:00:15 | 000,069,211 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\sleeps-6.jpg
[2012/03/26 12:06:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/03/26 11:16:54 | 000,002,273 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\ASO-result.htm
[2012/03/26 10:19:17 | 003,449,966 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Bookmarks-FF-2012-03-26.html
[2012/03/16 16:24:51 | 012,345,782 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Half Life 2 - Triage At Dawn (longer version).mp3
[2012/03/15 13:59:06 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/03/12 21:25:10 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf
[2012/03/12 17:38:54 | 000,726,329 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf
[2012/03/10 13:58:07 | 004,852,889 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Cody-Primitive Technology - II - Ancestral Skills.jpg
[2012/03/07 09:12:52 | 000,001,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/03/06 22:06:08 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf
[2012/03/03 15:25:13 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk
[2012/02/28 22:03:42 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf
[2011/11/26 15:40:29 | 000,004,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh
[2010/10/03 10:16:19 | 000,894,616 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2010/10/03 10:16:19 | 000,245,840 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/06/17 15:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/04/30 15:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/10/31 14:01:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CENKEYS
[2007/05/07 09:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2007/05/07 09:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
[2007/05/15 21:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/05/26 15:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2009/01/05 12:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugawi
[2012/03/13 22:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/15 13:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/06/30 08:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/05/26 15:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2011/04/29 17:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/01/08 21:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2009/04/09 23:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/12/07 09:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/04/24 12:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rose Point Navigation Systems
[2008/03/18 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/06/14 16:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sctemp
[2011/04/16 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/10/21 08:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SeaTTY
[2007/05/15 21:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/01/02 10:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/03/05 13:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/07 05:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbsPlus
[2008/01/31 10:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/09/24 12:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2008/02/07 10:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2011/10/20 10:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/06 15:48:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AD4FF8EF-B0C1-424D-B091-EE480EE8C7B5}
[2011/04/29 15:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2007/04/16 12:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Acronis
[2010/01/11 08:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Amazon
[2009/06/21 18:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Auslogics
[2009/04/19 01:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\avidemux
[2011/11/11 13:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\butel
[2007/08/30 10:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Canon
[2008/10/30 13:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CARIS
[2009/06/24 14:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CasaPortale.de
[2012/02/26 16:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2007/05/10 18:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Common Files
[2009/02/16 15:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ContentGuard
[2010/08/31 06:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\DataCast
[2009/06/24 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Design-Lib.Com
[2009/06/19 22:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\DNA
[2007/05/04 17:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\EBookSys
[2007/05/07 09:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\eFax Messenger
[2008/09/18 14:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Feedreader
[2012/03/27 16:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\FileZilla
[2008/07/09 08:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Flickr
[2010/05/28 08:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\foobar2000
[2012/03/03 15:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Forte
[2009/01/05 12:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Fugawi
[2007/06/25 08:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GARMIN
[2010/01/24 11:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Gearbox Software
[2008/02/04 11:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GetRightToGo
[2007/02/14 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Leadertech
[2012/02/11 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\MapTap
[2011/08/30 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Mobipocket
[2008/06/19 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Moyea
[2008/01/22 15:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\NewsBin
[2008/05/22 16:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\NewsLeecher
[2009/04/09 23:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nitro PDF
[2010/12/06 13:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Opera
[2012/01/03 09:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\OverDrive
[2009/05/20 23:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\PolarNavy
[2012/03/22 09:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\QuickScan
[2011/11/11 13:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Radioshack
[2008/01/09 16:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ScanSoft
[2008/01/30 14:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SLAutoSave
[2007/05/15 21:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SlySoft
[2010/05/26 13:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Stellarium
[2007/03/11 12:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Systweak
[2011/11/30 12:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Thinstall
[2010/03/07 05:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ThumbsPlus
[2009/12/04 17:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Unity
[2010/07/24 16:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Vso
[2008/01/09 17:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Zeon

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:25AE869A9B611316
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C581A570
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to sagan45
I don't trust any detects from AdAware so I want to verify the detect.

Please go to »www.virustotal.com/

Press the 'Browse' button to the right of the yellow box.

Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.


C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll


Click on the Send File button

Note: If you can't find the file, let me know in your next post.

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.

If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.

If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.

Note: I'll be away for a few hours but I'll check in when I get back.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

sagan45

join:2012-03-22
Parker, CO
This directory is now empty:
C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\

sagan45

join:2012-03-22
Parker, CO
reply to LoPhatPhuud
My mistake again, AVAST! detected a trojan in C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll
Not adaware.


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

1 recommendation

reply to sagan45
The OTL log is clean. The Avast detect is most likely a false positive. To my knowledge it's safe. If it happens again, follow my instructions above and submit it to Virus Total.

Are you still having the redirects???

sagan45

join:2012-03-22
Parker, CO

1 recommendation

Will do. No redirects at this point. Thank you so very much! I'll buy you a big double cheese burger smothered in green next time I'm through Albuquerque.

Cheers,
Sagan45


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to sagan45
Thanks. Only remaining thing to do is cleanup...

Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum