Theme

Welcome · log in · join	food

Home

Reviews

Speed Test

	All Forums		Hot Topics		Gallery

Forums → The Site → Old Forums →

Security Cleanup → [Malware] Google / Firefox Redirects

uniqs
5041

« Intermittent Firefox redirects • Trojans on Windows 7 x64. Ran MBAM. Now BSODS on startup »

sagan45 join:2012-03-22 Parker, CO	sagan45 Member 2012-Mar-27 2:26 pm Re: [Malware] Google / Firefox Redirects OTL Result from you custom "Run Fix" ________________________________ All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found. File C:\Program Files\AutocompletePro\AutocompletePro.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Administrator.WRIGHT2 ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Administrator.WRIGHT2.000 ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Administrator.WRIGHT2.001 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Bill ->Temp folder emptied: 3103313 bytes ->Temporary Internet Files folder emptied: 1280034 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 3841496 bytes ->Flash cache emptied: 470 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 8.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: Administrator.WRIGHT2 ->Flash cache emptied: 0 bytes User: Administrator.WRIGHT2.000 ->Flash cache emptied: 0 bytes User: Administrator.WRIGHT2.001 ->Flash cache emptied: 0 bytes User: All Users User: Bill ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.39.1 log created on 03272012_121535
	actions · 2012-Mar-27 2:26 pm · (locked)
LoPhatPhuud MVM join:2002-01-06 Albuquerque, NM	LoPhatPhuud to sagan45 MVM 2012-Mar-27 3:04 pm to sagan45 Thanks. Just be sure to run OTL again, (scan) and post the new log. Also, did running the fix make any difference to the redirects?
	actions · 2012-Mar-27 3:04 pm · (locked)
sagan45 join:2012-03-22 Parker, CO	sagan45 Member 2012-Mar-27 6:17 pm Will do on additional OTL scan. It did make a difference, I think. I uninstalled FF & installed the 12b2 then upon reboot Adaware instantly flagged a trojan here: C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll Which is exactly where you directed me to earlier. Avast seemed to have moved that file to a chest, then the only other file in that directory was flagged as a trojan too. Now that folder is empty and I "think" I'm good again, at least not seeing any redirects. Just hope nothing is still running below the radar and getting past Avast & Comodo. Thank you again! I have a class so will not be able to post new OTL log till later tonight.
	actions · 2012-Mar-27 6:17 pm · (locked)
sagan45	sagan45 to LoPhatPhuud Member 2012-Mar-28 10:16 am to LoPhatPhuud Here is an OTL scan from this morning, LOP & Purity checked: OTL logfile created on: 3/28/2012 7:57:35 AM - Run 3 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.55 Gb Available Physical Memory \| 77.46% Memory free 3.85 Gb Paging File \| 3.56 Gb Available in Paging File \| 92.54% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 465.76 Gb Total Space \| 203.46 Gb Free Space \| 43.68% Space Free \| Partition Type: NTFS Computer Name: WRIGHT2 \| User Name: Bill \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/03/20 09:16:35 \| 000,594,432 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance\OTL.exe PRC - [2012/03/06 17:15:17 \| 004,241,512 \| ---- \| M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/06 17:15:14 \| 000,044,768 \| ---- \| M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2009/10/16 17:42:54 \| 000,904,840 \| ---- \| M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe PRC - [2009/10/16 17:39:32 \| 000,136,544 \| ---- \| M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe PRC - [2009/10/16 17:39:28 \| 000,431,456 \| ---- \| M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe PRC - [2009/10/16 17:37:22 \| 001,325,936 \| ---- \| M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe PRC - [2008/04/14 04:42:20 \| 001,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/04 15:31:27 \| 000,039,936 \| ---- \| M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE PRC - [2007/02/09 15:56:07 \| 001,115,728 \| ---- \| M] (COMODO) -- C:\Program Files\Comodo\Firewall\cpf.exe PRC - [2007/02/09 15:56:06 \| 000,361,040 \| ---- \| M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe PRC - [2003/12/25 18:53:08 \| 000,270,336 \| ---- \| M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe PRC - [2003/10/23 04:17:06 \| 000,069,120 \| ---- \| M] () -- C:\Program Files\Alpha Clock\aclock.exe PRC - [2003/09/26 21:03:36 \| 000,888,832 \| ---- \| M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe PRC - [2003/07/29 21:04:06 \| 000,630,272 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe PRC - [1999/08/31 04:36:00 \| 000,778,240 \| ---- \| M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt32\snagit32.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/03/28 01:16:02 \| 001,751,040 \| ---- \| M] () -- C:\Program Files\AVAST Software\Avast\defs\12032801\algo.dll MOD - [2012/03/27 14:35:40 \| 001,751,040 \| ---- \| M] () -- C:\Program Files\AVAST Software\Avast\defs\12032702\algo.dll MOD - [2011/03/27 13:11:04 \| 000,094,208 \| ---- \| M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2009/10/16 16:59:30 \| 001,328,480 \| ---- \| M] () -- C:\Program Files\Seagate\DiscWizard\fox.dll MOD - [2004/01/05 00:27:36 \| 000,565,248 \| ---- \| M] () -- C:\WINDOWS\system32\hpotscl.dll MOD - [2003/12/25 18:53:08 \| 000,270,336 \| ---- \| M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe MOD - [2003/12/25 18:53:08 \| 000,049,152 \| ---- \| M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll MOD - [2003/10/23 04:17:06 \| 000,069,120 \| ---- \| M] () -- C:\Program Files\Alpha Clock\aclock.exe MOD - [2003/09/26 21:03:36 \| 000,888,832 \| ---- \| M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto \| Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - File not found [Auto \| Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - File not found [Auto \| Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2012/03/06 17:15:14 \| 000,044,768 \| ---- \| M] (AVAST Software) [Auto \| Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2009/10/16 17:39:28 \| 000,431,456 \| ---- \| M] (Seagate) [Auto \| Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc) SRV - [2008/03/04 15:31:27 \| 000,039,936 \| ---- \| M] (C-Dilla Ltd) [Auto \| Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA) SRV - [2007/02/09 15:56:06 \| 000,361,040 \| ---- \| M] (COMODO) [Auto \| Running] -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (CmdAgent) SRV - [2007/01/25 10:31:34 \| 000,093,048 \| ---- \| M] (CACE Technologies) [On_Demand \| Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2004/01/05 00:27:32 \| 000,065,795 \| ---- \| M] (HP) [On_Demand \| Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12) SRV - [2003/07/29 21:04:06 \| 000,630,272 \| ---- \| M] (Macrovision Corporation) [Auto \| Running] -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe -- (ERDAS License Server) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (WDICA) DRV - File not found [Kernel \| On_Demand \| Stopped] -- System32\Drivers\usbicp.sys -- (uisp) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRELI) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDCOMP) DRV - File not found [Kernel \| System \| Stopped] -- -- (PCIDump) DRV - File not found [Kernel \| System \| Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel \| System \| Stopped] -- -- (i2omgmt) DRV - File not found [Kernel \| Auto \| Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D) DRV - File not found [Kernel \| System \| Stopped] -- -- (Changer) DRV - [2012/03/15 14:12:34 \| 000,025,888 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro36.sys -- (hitmanpro35) DRV - [2012/03/06 17:03:51 \| 000,612,184 \| ---- \| M] (AVAST Software) [File_System \| System \| Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/03/06 17:03:38 \| 000,337,880 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/03/06 17:02:00 \| 000,035,672 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012/03/06 17:01:53 \| 000,053,848 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/03/06 17:01:39 \| 000,095,704 \| ---- \| M] (AVAST Software) [File_System \| Auto \| Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012/03/06 17:01:30 \| 000,020,696 \| ---- \| M] (AVAST Software) [File_System \| Auto \| Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/03/06 16:58:29 \| 000,024,920 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011/09/08 11:36:24 \| 000,691,696 \| ---- \| M] () [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2011/08/19 08:01:27 \| 000,121,464 \| ---- \| M] (SlySoft, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011/04/16 15:10:30 \| 000,441,760 \| ---- \| M] (Acronis) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2011/04/16 15:10:30 \| 000,044,384 \| ---- \| M] (Acronis) [File_System \| Auto \| Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2011/04/16 15:10:28 \| 000,132,224 \| ---- \| M] (Acronis) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2011/04/16 15:10:25 \| 000,368,480 \| ---- \| M] (Acronis) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman) DRV - [2010/05/13 09:46:58 \| 000,040,560 \| ---- \| M] (Paragon Software Group) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2009/09/29 21:18:22 \| 003,565,056 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008/04/13 23:23:10 \| 000,040,320 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/04/13 23:15:30 \| 000,010,624 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008/03/04 15:31:25 \| 000,008,864 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2008/02/05 21:22:59 \| 000,008,413 \| ---- \| M] (RealNetworks, Inc.) [Kernel \| Auto \| Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM) DRV - [2008/01/23 01:19:44 \| 000,501,560 \| ---- \| M] (Protect Software GmbH) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2007/02/09 15:56:07 \| 000,075,520 \| ---- \| M] (Comodo Research Lab., Inc.) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\cmdmon.sys -- (CmdMon) DRV - [2007/02/09 15:56:07 \| 000,051,328 \| ---- \| M] (COMODO) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect) DRV - [2007/01/25 10:31:34 \| 000,042,000 \| ---- \| M] (CACE Technologies) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2007/01/23 15:45:00 \| 000,034,576 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007/01/23 15:45:00 \| 000,033,296 \| ---- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2006/11/28 22:46:24 \| 000,028,224 \| ---- \| M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50) DRV - [2006/08/02 09:45:32 \| 000,114,560 \| ---- \| M] (Mars Semiconductor Corp.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910) DRV - [2005/04/07 16:18:34 \| 000,003,840 \| ---- \| M] () [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt) DRV - [2004/08/19 06:21:00 \| 000,189,568 \| ---- \| M] (Marvell) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2004/08/03 19:08:36 \| 000,013,824 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC) DRV - [2004/08/03 19:08:30 \| 000,105,984 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx) DRV - [2003/12/25 18:53:10 \| 000,067,456 \| ---- \| M] (Realtek Semiconductor Corporation ) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023) DRV - [2003/12/25 18:53:10 \| 000,011,237 \| ---- \| M] (Realtek Semiconductor Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp) DRV - [2003/12/25 18:53:10 \| 000,008,440 \| ---- \| M] (Windows (R) 2000 DDK provider) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt) DRV - [2003/07/10 02:40:38 \| 000,145,232 \| ---- \| M] (Creative Technology Ltd) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2003/07/10 02:38:28 \| 000,651,792 \| ---- \| M] (Creative Technology Ltd) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2003/06/27 01:24:54 \| 000,159,040 \| ---- \| M] (Creative Technology Ltd) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2003/06/27 01:24:42 \| 000,860,592 \| ---- \| M] (Creative Technology Ltd) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2003/06/19 20:33:40 \| 000,136,016 \| ---- \| M] (Creative Technology Ltd) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2003/06/19 20:33:24 \| 000,006,144 \| ---- \| M] (Creative Technology Ltd) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2003/06/19 20:33:16 \| 000,190,208 \| ---- \| M] (Creative Technology Ltd.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003/06/19 20:33:02 \| 000,509,328 \| ---- \| M] (Creative Technology Ltd) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2003/03/26 19:58:56 \| 000,287,920 \| ---- \| M] (Creative Technology Ltd) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2003/03/05 12:19:28 \| 000,015,840 \| ---- \| M] (Creative Technology Ltd.) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT) DRV - [2002/05/22 12:42:42 \| 000,015,326 \| ---- \| M] (Palm, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - [2001/07/13 13:56:14 \| 000,014,976 \| ---- \| M] () [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT) DRV - [1997/04/22 10:16:00 \| 000,006,272 \| ---- \| M] () [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll () IE - HKCU\..\SearchScopes,DefaultScope = {A713DAD0-9506-4A26-A8E8-578BCD1D2613} IE - HKCU\..\SearchScopes\{A713DAD0-9506-4A26-A8E8-578BCD1D2613}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Bill\Application Data\nprhapengine.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Bill\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/10 17:02:33 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/27 17:39:31 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 10:09:50 \| 000,000,000 \| ---D \| M] [2012/03/27 13:08:04 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Extensions [2012/03/27 17:41:34 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\a291dqfd.default\extensions [2012/03/27 17:41:34 \| 000,000,000 \| ---D \| M] (DownloadHelper) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\a291dqfd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/03/27 17:39:30 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/03/12 21:39:39 \| 000,097,208 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/10/03 10:16:18 \| 002,179,072 \| ---- \| M] (DNAML Pty Ltd) -- C:\Program Files\mozilla firefox\plugins\npdbplug.dll [2012/03/12 21:38:32 \| 000,002,252 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/12 21:38:32 \| 000,002,040 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/03/13 22:50:07 \| 000,000,736 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\Comodo\Firewall\CPF.exe (COMODO) O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate) O4 - HKCU..\Run: [Alpha Clock] C:\Program Files\Alpha Clock\aclock.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O12 - Plugin for: .m4v - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll (Apple Inc.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EB6E9C4-20D6-410C-9CF3-FC28F85C473F}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\WINDOWS\REEF-Panama-01.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\REEF-Panama-01.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/02/09 13:35:19 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0cceb712-093a-11df-b64c-0013d4abdac8}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/03/27 18:27:00 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\Class-08-snags [2012/03/27 14:47:51 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\Plustek scanner-3600 [2012/03/27 14:44:27 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\Red Frog marina [2012/03/27 13:08:30 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\My Documents\Downloads [2012/03/27 13:06:30 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\Firefox Setup [2012/03/27 12:15:35 \| 000,000,000 \| ---D \| C] -- C:\_OTL [2012/03/22 11:49:01 \| 000,000,000 \| ---D \| C] -- C:\TDSSKiller_Quarantine [2012/03/21 13:39:05 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Application Data\QuickScan [2012/03/21 09:01:12 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ESET [2012/03/20 17:47:53 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\~LOGS [2012/03/20 10:39:37 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes [2012/03/20 10:38:51 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/03/20 10:38:51 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/03/16 16:22:13 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\4_H-2012 [2012/03/16 13:57:07 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\Styx-The Grand Illusion [2012/03/16 10:17:05 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\CENTRAL AMERICA [2012/03/16 09:55:25 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\CHARTS-misc [2012/03/16 09:47:05 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\WANT-GET [2012/03/16 09:44:18 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\LIBRARYs [2012/03/15 13:54:37 \| 000,000,000 \| ---D \| C] -- C:\Program Files\HitmanPro [2012/03/15 13:54:24 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2012/03/15 13:54:19 \| 007,150,680 \| ---- \| C] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe [2012/03/15 12:27:40 \| 000,000,000 \| -HSD \| C] -- C:\Documents and Settings\Bill\IECompatCache [2012/03/13 22:51:48 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2012/03/13 22:20:58 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2012/03/13 12:47:27 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\Google hiJack [2012/03/12 21:23:43 \| 000,060,032 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys [2012/03/07 11:44:50 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\Star-Path Materials [2012/03/07 09:42:59 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\~~~ADE-test [2012/03/07 09:12:52 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe [2012/03/03 16:44:48 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\~~NZBs [2012/03/03 16:08:31 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\Forte----------DOWNLOAD [2012/03/03 15:25:17 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Application Data\Forte [2012/03/03 15:25:12 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Start Menu\Programs\Forte Agent [2012/03/03 15:25:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Agent [2012/03/02 20:15:04 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\Panama Guide-Zydler-confusion [2012/03/02 11:20:06 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\Forte [2012/03/01 13:45:15 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Bill\Desktop\wilderness-survival.net [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/03/28 07:51:18 \| 000,000,878 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/03/28 07:51:00 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2012/03/27 22:27:53 \| 000,030,072 \| ---- \| M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx [2012/03/27 22:27:53 \| 000,030,072 \| ---- \| M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx [2012/03/27 22:27:53 \| 000,027,516 \| ---- \| M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx [2012/03/27 22:27:53 \| 000,027,516 \| ---- \| M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx [2012/03/27 22:27:53 \| 000,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2012/03/27 22:27:53 \| 000,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settings.sfm [2012/03/27 22:27:53 \| 000,000,384 \| ---- \| M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat [2012/03/27 22:27:53 \| 000,000,384 \| ---- \| M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat [2012/03/27 21:56:41 \| 000,007,080 \| ---- \| M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_27 21_56.rtf [2012/03/27 21:38:26 \| 000,000,882 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/03/27 18:26:16 \| 000,054,156 \| -H-- \| M] () -- C:\WINDOWS\QTFont.qfn [2012/03/27 17:55:11 \| 002,910,937 \| ---- \| M] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 8.pdf [2012/03/27 17:39:33 \| 000,000,749 \| ---- \| M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/03/27 17:39:33 \| 000,000,731 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/03/27 14:41:04 \| 000,517,663 \| ---- \| M] () -- C:\Documents and Settings\Bill\Desktop\banzai_lunch_5_2008.pdf [2012/03/27 14:00:41 \| 001,490,120 \| ---- \| M] () -- C:\Documents and Settings\Bill\Desktop\sleeps-4.jpg [2012/03/27 14:00:16 \| 000,069,211 \| ---- \| M] () -- C:\Documents and Settings\Bill\Desktop\sleeps-6.jpg [2012/03/26 12:06:32 \| 000,000,000 \| ---- \| M] () -- C:\WINDOWS\ativpsrm.bin [2012/03/26 11:16:54 \| 000,002,273 \| ---- \| M] () -- C:\Documents and Settings\Bill\Desktop\ASO-result.htm [2012/03/26 10:19:19 \| 003,449,966 \| ---- \| M] () -- C:\Documents and Settings\Bill\Desktop\Bookmarks-FF-2012-03-26.html [2012/03/26 10:15:51 \| 000,000,282 \| RHS- \| M] () -- C:\boot.ini [2012/03/25 13:29:35 \| 000,002,422 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2012/03/23 09:37:02 \| 001,252,467 \| ---- \| M] () -- C:\Documents and Settings\Bill\Desktop\the emerald forest 6.4-GB.nzb [2012/03/22 16:32:05 \| 000,000,116 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2012/03/22 14:17:37 \| 000,000,176 \| ---- \| M] () -- C:\Documents and Settings\Bill\default.pls [2012/03/15 14:12:34 \| 000,025,888 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys [2012/03/15 13:52:16 \| 007,150,680 \| ---- \| M] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe [2012/03/12 21:25:10 \| 000,001,032 \| ---- \| M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf [2012/03/12 17:38:55 \| 000,726,329 \| ---- \| M] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf [2012/03/10 17:02:34 \| 000,002,625 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/03/09 12:06:41 \| 000,041,984 \| ---- \| M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/06 22:06:08 \| 000,000,757 \| ---- \| M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf [2012/03/06 17:15:19 \| 000,041,184 \| ---- \| M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012/03/06 17:15:14 \| 000,201,352 \| ---- \| M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012/03/06 17:03:51 \| 000,612,184 \| ---- \| M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012/03/06 17:03:38 \| 000,337,880 \| ---- \| M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012/03/06 17:02:00 \| 000,035,672 \| ---- \| M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012/03/06 17:01:53 \| 000,053,848 \| ---- \| M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012/03/06 17:01:39 \| 000,095,704 \| ---- \| M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012/03/06 17:01:35 \| 000,089,048 \| ---- \| M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012/03/06 17:01:30 \| 000,020,696 \| ---- \| M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012/03/06 16:58:29 \| 000,024,920 \| ---- \| M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012/03/06 08:34:56 \| 006,372,918 \| ---- \| M] () -- C:\WINDOWS\ACD Wallpaper.bmp [2012/03/03 15:25:13 \| 000,000,693 \| ---- \| M] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk [2012/02/28 22:03:42 \| 000,001,128 \| ---- \| M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/03/27 21:56:41 \| 000,007,080 \| ---- \| C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_27 21_56.rtf [2012/03/27 17:55:09 \| 002,910,937 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 8.pdf [2012/03/27 17:39:33 \| 000,000,749 \| ---- \| C] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/03/27 17:39:33 \| 000,000,737 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012/03/27 17:39:33 \| 000,000,731 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/03/27 14:49:43 \| 001,252,467 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\the emerald forest 6.4-GB.nzb [2012/03/27 14:41:04 \| 000,517,663 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\banzai_lunch_5_2008.pdf [2012/03/27 14:00:41 \| 001,490,120 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\sleeps-4.jpg [2012/03/27 14:00:15 \| 000,069,211 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\sleeps-6.jpg [2012/03/26 12:06:32 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\ativpsrm.bin [2012/03/26 11:16:54 \| 000,002,273 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\ASO-result.htm [2012/03/26 10:19:17 \| 003,449,966 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\Bookmarks-FF-2012-03-26.html [2012/03/16 16:24:51 \| 012,345,782 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\Half Life 2 - Triage At Dawn (longer version).mp3 [2012/03/15 13:59:06 \| 000,025,888 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys [2012/03/12 21:25:10 \| 000,001,032 \| ---- \| C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf [2012/03/12 17:38:54 \| 000,726,329 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf [2012/03/10 13:58:07 \| 004,852,889 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\Cody-Primitive Technology - II - Ancestral Skills.jpg [2012/03/07 09:12:52 \| 000,001,832 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk [2012/03/06 22:06:08 \| 000,000,757 \| ---- \| C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf [2012/03/03 15:25:13 \| 000,000,693 \| ---- \| C] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk [2012/02/28 22:03:42 \| 000,001,128 \| ---- \| C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf [2011/11/26 15:40:29 \| 000,004,939 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh [2010/10/03 10:16:19 \| 000,894,616 \| ---- \| C] () -- C:\WINDOWS\dbplugin.exe [2010/10/03 10:16:19 \| 000,245,840 \| ---- \| C] () -- C:\WINDOWS\System32\DNLEng.dll [color=#E56717]========== LOP Check ==========[/color] [2010/06/17 15:16:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2011/04/30 15:31:52 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2008/10/31 14:01:18 \| 000,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\CENKEYS [2007/05/07 09:57:27 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output [2007/05/07 09:57:21 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup [2007/05/15 21:33:47 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes [2010/05/26 15:55:47 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\explauncher [2009/01/05 12:53:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Fugawi [2012/03/13 22:20:58 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2012/03/15 13:59:08 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2009/06/30 08:54:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools [2010/05/26 15:55:40 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\launcher [2011/04/29 17:05:45 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2008/01/08 21:37:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\NewsBin [2009/04/09 23:39:44 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF [2010/12/07 09:23:58 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2010/04/24 12:46:27 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Rose Point Navigation Systems [2008/03/18 13:29:40 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2007/06/14 16:30:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\sctemp [2011/04/16 15:09:52 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Seagate [2008/10/21 08:31:24 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SeaTTY [2007/05/15 21:18:13 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2008/01/02 10:21:49 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2010/03/05 13:04:46 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/03/07 05:14:26 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ThumbsPlus [2008/01/31 10:57:23 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE [2010/09/24 12:50:19 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\xml_param [2008/02/07 10:08:43 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\zeon [2011/10/20 10:27:25 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/03/06 15:48:02 \| 000,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\{AD4FF8EF-B0C1-424D-B091-EE480EE8C7B5} [2011/04/29 15:01:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD} [2007/04/16 12:55:26 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Acronis [2010/01/11 08:19:34 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Amazon [2009/06/21 18:23:52 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Auslogics [2009/04/19 01:57:25 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\avidemux [2011/11/11 13:50:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\butel [2007/08/30 10:58:27 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Canon [2008/10/30 13:04:06 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\CARIS [2009/06/24 14:32:27 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\CasaPortale.de [2012/02/26 16:48:15 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1 [2007/05/10 18:36:44 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Common Files [2009/02/16 15:01:30 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\ContentGuard [2010/08/31 06:53:41 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\DataCast [2009/06/24 14:45:24 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Design-Lib.Com [2009/06/19 22:12:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\DNA [2007/05/04 17:50:12 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\EBookSys [2007/05/07 09:57:28 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\eFax Messenger [2008/09/18 14:30:38 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Feedreader [2012/03/27 16:01:47 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\FileZilla [2008/07/09 08:35:45 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Flickr [2010/05/28 08:24:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\foobar2000 [2012/03/03 15:25:17 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Forte [2009/01/05 12:51:40 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Fugawi [2007/06/25 08:54:59 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\GARMIN [2010/01/24 11:33:19 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Gearbox Software [2008/02/04 11:19:53 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\GetRightToGo [2007/02/14 17:36:24 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Leadertech [2012/02/11 11:15:26 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\MapTap [2011/08/30 14:47:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Mobipocket [2008/06/19 10:58:58 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Moyea [2008/01/22 15:28:22 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\NewsBin [2008/05/22 16:07:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\NewsLeecher [2009/04/09 23:40:49 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Nitro PDF [2010/12/06 13:24:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Opera [2012/01/03 09:33:38 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\OverDrive [2009/05/20 23:34:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\PolarNavy [2012/03/22 09:37:04 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\QuickScan [2011/11/11 13:27:34 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Radioshack [2008/01/09 16:43:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\ScanSoft [2008/01/30 14:10:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\SLAutoSave [2007/05/15 21:19:24 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\SlySoft [2010/05/26 13:34:36 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Stellarium [2007/03/11 12:21:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Systweak [2011/11/30 12:29:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Thinstall [2010/03/07 05:13:44 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\ThumbsPlus [2009/12/04 17:25:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Unity [2010/07/24 16:21:59 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Vso [2008/01/09 17:11:42 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Bill\Application Data\Zeon [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 24 bytes -> C:\WINDOWS:25AE869A9B611316 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C581A570 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
	actions · 2012-Mar-28 10:16 am · (locked)
LoPhatPhuud MVM join:2002-01-06 Albuquerque, NM 1 recommendation	LoPhatPhuud to sagan45 MVM 2012-Mar-28 10:55 am to sagan45 I don't trust any detects from AdAware so I want to verify the detect. Please go to »www.virustotal.com/ Press the 'Browse' button to the right of the yellow box. Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box. C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll Click on the Send File button Note: If you can't find the file, let me know in your next post. Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier. If the file has been previously scanned, the results webpage will show: "File has already been submitted:" Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned. Note: I'll be away for a few hours but I'll check in when I get back.
	actions · 2012-Mar-28 10:55 am · (locked)
sagan45 join:2012-03-22 Parker, CO	sagan45 Member 2012-Mar-28 11:31 am This directory is now empty: C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\
	actions · 2012-Mar-28 11:31 am · (locked)
sagan45	sagan45 to LoPhatPhuud Member 2012-Mar-28 12:26 pm to LoPhatPhuud My mistake again, AVAST! detected a trojan in C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll Not adaware.
	actions · 2012-Mar-28 12:26 pm · (locked)
LoPhatPhuud MVM join:2002-01-06 Albuquerque, NM 1 recommendation	LoPhatPhuud to sagan45 MVM 2012-Mar-28 4:37 pm to sagan45 The OTL log is clean. The Avast detect is most likely a false positive. To my knowledge it's safe. If it happens again, follow my instructions above and submit it to Virus Total. Are you still having the redirects???
	actions · 2012-Mar-28 4:37 pm · (locked)
sagan45 join:2012-03-22 Parker, CO 1 recommendation	sagan45 Member 2012-Mar-28 7:08 pm Will do. No redirects at this point. Thank you so very much! I'll buy you a big double cheese burger smothered in green next time I'm through Albuquerque. Cheers, Sagan45
	actions · 2012-Mar-28 7:08 pm · (locked)
LoPhatPhuud MVM join:2002-01-06 Albuquerque, NM 1 recommendation	LoPhatPhuud to sagan45 MVM 2012-Mar-29 12:33 pm to sagan45 Thanks. Only remaining thing to do is cleanup... Cleaning Up: Delete TFC: Delete the TFC icon on your Desktop Delete OTL: Double click the OTL icon on your Desktop Press the 'Cleanup' button Delete Security Check: Delete the SecurityCheck icon on your Desktop Delete Malware Bytes: We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it. Delete Sophos AntiRootkit If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs. Other Programs: If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.
	actions · 2012-Mar-29 12:33 pm · (locked)

Forums → The Site → Old Forums → Security Cleanup	« Intermittent Firefox redirects • Trojans on Windows 7 x64. Ran MBAM. Now BSODS on startup »

Security Cleanup → [Malware] Google / Firefox Redirects

Re: [Malware] Google / Firefox Redirects