dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
25
share rss forum feed


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to sagan45

Re: [Malware] Google / Firefox Redirects

Thanks. Just be sure to run OTL again, (scan) and post the new log.

Also, did running the fix make any difference to the redirects?

sagan45

join:2012-03-22
Parker, CO
Will do on additional OTL scan.

It did make a difference, I think. I uninstalled FF & installed the 12b2 then upon reboot Adaware instantly flagged a trojan here:

C:\Documents and Settings\Bill\Application Data\AdobeUM\AdobeUM\yvfpemrj.dll

Which is exactly where you directed me to earlier. Avast seemed to have moved that file to a chest, then the only other file in that directory was flagged as a trojan too. Now that folder is empty and I "think" I'm good again, at least not seeing any redirects. Just hope nothing is still running below the radar and getting past Avast & Comodo. Thank you again!

I have a class so will not be able to post new OTL log till later tonight.

sagan45

join:2012-03-22
Parker, CO
reply to LoPhatPhuud
Here is an OTL scan from this morning, LOP & Purity checked:

OTL logfile created on: 3/28/2012 7:57:35 AM - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.46% Memory free
3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 203.46 Gb Free Space | 43.68% Space Free | Partition Type: NTFS

Computer Name: WRIGHT2 | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/03/20 09:16:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\Google hiJack\~~Mandatory Steps Before Requesting Assistance\OTL.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/10/16 17:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 17:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 17:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 15:31:27 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2007/02/09 15:56:07 | 001,115,728 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cpf.exe
PRC - [2007/02/09 15:56:06 | 000,361,040 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe
PRC - [2003/12/25 18:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
PRC - [2003/10/23 04:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe
PRC - [2003/09/26 21:03:36 | 000,888,832 | ---- | M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe
PRC - [2003/07/29 21:04:06 | 000,630,272 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe
PRC - [1999/08/31 04:36:00 | 000,778,240 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt32\snagit32.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/03/28 01:16:02 | 001,751,040 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032801\algo.dll
MOD - [2012/03/27 14:35:40 | 001,751,040 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032702\algo.dll
MOD - [2011/03/27 13:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/16 16:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files\Seagate\DiscWizard\fox.dll
MOD - [2004/01/05 00:27:36 | 000,565,248 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll
MOD - [2003/12/25 18:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
MOD - [2003/12/25 18:53:08 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll
MOD - [2003/10/23 04:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe
MOD - [2003/09/26 21:03:36 | 000,888,832 | ---- | M] () -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\ERDAS.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/03/04 15:31:27 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/02/09 15:56:06 | 000,361,040 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (CmdAgent)
SRV - [2007/01/25 10:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/01/05 00:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/29 21:04:06 | 000,630,272 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe -- (ERDAS License Server)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbicp.sys -- (uisp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/15 14:12:34 | 000,025,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/09/08 11:36:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/08/19 08:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/04/16 15:10:30 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/04/16 15:10:30 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/04/16 15:10:28 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/04/16 15:10:25 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010/05/13 09:46:58 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009/09/29 21:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/04 15:31:25 | 000,008,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2008/02/05 21:22:59 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/01/23 01:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007/02/09 15:56:07 | 000,075,520 | ---- | M] (Comodo Research Lab., Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdmon.sys -- (CmdMon)
DRV - [2007/02/09 15:56:07 | 000,051,328 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2007/01/25 10:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2006/11/28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/08/02 09:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/08/19 06:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 19:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 19:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/12/25 18:53:10 | 000,067,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2003/12/25 18:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2003/12/25 18:53:10 | 000,008,440 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2003/07/10 02:40:38 | 000,145,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/07/10 02:38:28 | 000,651,792 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/06/27 01:24:54 | 000,159,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/06/27 01:24:42 | 000,860,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/06/19 20:33:40 | 000,136,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/06/19 20:33:24 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/06/19 20:33:16 | 000,190,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/19 20:33:02 | 000,509,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 19:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/05/22 12:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {A713DAD0-9506-4A26-A8E8-578BCD1D2613}
IE - HKCU\..\SearchScopes\{A713DAD0-9506-4A26-A8E8-578BCD1D2613}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Bill\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Bill\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/10 17:02:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/27 17:39:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 10:09:50 | 000,000,000 | ---D | M]

[2012/03/27 13:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Extensions
[2012/03/27 17:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\a291dqfd.default\extensions
[2012/03/27 17:41:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\a291dqfd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/27 17:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 21:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/03 10:16:18 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\mozilla firefox\plugins\npdbplug.dll
[2012/03/12 21:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 21:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/13 22:50:07 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\Comodo\Firewall\CPF.exe (COMODO)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKCU..\Run: [Alpha Clock] C:\Program Files\Alpha Clock\aclock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .m4v - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EB6E9C4-20D6-410C-9CF3-FC28F85C473F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\REEF-Panama-01.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\REEF-Panama-01.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/09 13:35:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0cceb712-093a-11df-b64c-0013d4abdac8}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/03/27 18:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Class-08-snags
[2012/03/27 14:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Plustek scanner-3600
[2012/03/27 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Red Frog marina
[2012/03/27 13:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\My Documents\Downloads
[2012/03/27 13:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Firefox Setup
[2012/03/27 12:15:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/22 11:49:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/21 13:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\QuickScan
[2012/03/21 09:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/20 17:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~LOGS
[2012/03/20 10:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes
[2012/03/20 10:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/20 10:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/16 16:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\4_H-2012
[2012/03/16 13:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Styx-The Grand Illusion
[2012/03/16 10:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\CENTRAL AMERICA
[2012/03/16 09:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\CHARTS-misc
[2012/03/16 09:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\WANT-GET
[2012/03/16 09:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\LIBRARYs
[2012/03/15 13:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/15 13:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/03/15 13:54:19 | 007,150,680 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe
[2012/03/15 12:27:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bill\IECompatCache
[2012/03/13 22:51:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/13 22:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/13 12:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Google hiJack
[2012/03/12 21:23:43 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012/03/07 11:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Star-Path Materials
[2012/03/07 09:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~~~ADE-test
[2012/03/07 09:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/03/03 16:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\~~NZBs
[2012/03/03 16:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Forte----------DOWNLOAD
[2012/03/03 15:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Forte
[2012/03/03 15:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Start Menu\Programs\Forte Agent
[2012/03/03 15:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Agent
[2012/03/02 20:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Panama Guide-Zydler-confusion
[2012/03/02 11:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\Forte
[2012/03/01 13:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\wilderness-survival.net

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/03/28 07:51:18 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 07:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/27 22:27:53 | 000,030,072 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,030,072 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,027,516 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20021102}.rfx
[2012/03/27 22:27:53 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/03/27 22:27:53 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/03/27 22:27:53 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat
[2012/03/27 22:27:53 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-20021102}.dat
[2012/03/27 21:56:41 | 000,007,080 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_27 21_56.rtf
[2012/03/27 21:38:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/27 18:26:16 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/03/27 17:55:11 | 002,910,937 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 8.pdf
[2012/03/27 17:39:33 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/27 17:39:33 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/27 14:41:04 | 000,517,663 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\banzai_lunch_5_2008.pdf
[2012/03/27 14:00:41 | 001,490,120 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\sleeps-4.jpg
[2012/03/27 14:00:16 | 000,069,211 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\sleeps-6.jpg
[2012/03/26 12:06:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012/03/26 11:16:54 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\ASO-result.htm
[2012/03/26 10:19:19 | 003,449,966 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Bookmarks-FF-2012-03-26.html
[2012/03/26 10:15:51 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2012/03/25 13:29:35 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/23 09:37:02 | 001,252,467 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\the emerald forest 6.4-GB.nzb
[2012/03/22 16:32:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/22 14:17:37 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Bill\default.pls
[2012/03/15 14:12:34 | 000,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/03/15 13:52:16 | 007,150,680 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Bill\Desktop\HitmanPro36.exe
[2012/03/12 21:25:10 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf
[2012/03/12 17:38:55 | 000,726,329 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf
[2012/03/10 17:02:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/09 12:06:41 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/06 22:06:08 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf
[2012/03/06 17:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 17:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 17:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 08:34:56 | 006,372,918 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2012/03/03 15:25:13 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk
[2012/02/28 22:03:42 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/03/27 21:56:41 | 000,007,080 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_27 21_56.rtf
[2012/03/27 17:55:09 | 002,910,937 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Coastal Class 8.pdf
[2012/03/27 17:39:33 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/27 17:39:33 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/27 17:39:33 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/27 14:49:43 | 001,252,467 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\the emerald forest 6.4-GB.nzb
[2012/03/27 14:41:04 | 000,517,663 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\banzai_lunch_5_2008.pdf
[2012/03/27 14:00:41 | 001,490,120 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\sleeps-4.jpg
[2012/03/27 14:00:15 | 000,069,211 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\sleeps-6.jpg
[2012/03/26 12:06:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/03/26 11:16:54 | 000,002,273 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\ASO-result.htm
[2012/03/26 10:19:17 | 003,449,966 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Bookmarks-FF-2012-03-26.html
[2012/03/16 16:24:51 | 012,345,782 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Half Life 2 - Triage At Dawn (longer version).mp3
[2012/03/15 13:59:06 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/03/12 21:25:10 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_12 21_25.rtf
[2012/03/12 17:38:54 | 000,726,329 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\p90xFitTest.pdf
[2012/03/10 13:58:07 | 004,852,889 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Cody-Primitive Technology - II - Ancestral Skills.jpg
[2012/03/07 09:12:52 | 000,001,832 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/03/06 22:06:08 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_03_06 22_06.rtf
[2012/03/03 15:25:13 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Forte Agent.lnk
[2012/02/28 22:03:42 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\ChatLog 2012 Coastal Navigation Course 2012_02_28 22_03.rtf
[2011/11/26 15:40:29 | 000,004,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh
[2010/10/03 10:16:19 | 000,894,616 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2010/10/03 10:16:19 | 000,245,840 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/06/17 15:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/04/30 15:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/10/31 14:01:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CENKEYS
[2007/05/07 09:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2007/05/07 09:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
[2007/05/15 21:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/05/26 15:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2009/01/05 12:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugawi
[2012/03/13 22:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/03/15 13:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/06/30 08:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/05/26 15:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2011/04/29 17:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/01/08 21:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2009/04/09 23:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/12/07 09:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/04/24 12:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rose Point Navigation Systems
[2008/03/18 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/06/14 16:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sctemp
[2011/04/16 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/10/21 08:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SeaTTY
[2007/05/15 21:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/01/02 10:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/03/05 13:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/07 05:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbsPlus
[2008/01/31 10:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/09/24 12:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2008/02/07 10:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2011/10/20 10:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/06 15:48:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AD4FF8EF-B0C1-424D-B091-EE480EE8C7B5}
[2011/04/29 15:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2007/04/16 12:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Acronis
[2010/01/11 08:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Amazon
[2009/06/21 18:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Auslogics
[2009/04/19 01:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\avidemux
[2011/11/11 13:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\butel
[2007/08/30 10:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Canon
[2008/10/30 13:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CARIS
[2009/06/24 14:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\CasaPortale.de
[2012/02/26 16:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2007/05/10 18:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Common Files
[2009/02/16 15:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ContentGuard
[2010/08/31 06:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\DataCast
[2009/06/24 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Design-Lib.Com
[2009/06/19 22:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\DNA
[2007/05/04 17:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\EBookSys
[2007/05/07 09:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\eFax Messenger
[2008/09/18 14:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Feedreader
[2012/03/27 16:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\FileZilla
[2008/07/09 08:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Flickr
[2010/05/28 08:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\foobar2000
[2012/03/03 15:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Forte
[2009/01/05 12:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Fugawi
[2007/06/25 08:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GARMIN
[2010/01/24 11:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Gearbox Software
[2008/02/04 11:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GetRightToGo
[2007/02/14 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Leadertech
[2012/02/11 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\MapTap
[2011/08/30 14:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Mobipocket
[2008/06/19 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Moyea
[2008/01/22 15:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\NewsBin
[2008/05/22 16:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\NewsLeecher
[2009/04/09 23:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Nitro PDF
[2010/12/06 13:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Opera
[2012/01/03 09:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\OverDrive
[2009/05/20 23:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\PolarNavy
[2012/03/22 09:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\QuickScan
[2011/11/11 13:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Radioshack
[2008/01/09 16:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ScanSoft
[2008/01/30 14:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SLAutoSave
[2007/05/15 21:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\SlySoft
[2010/05/26 13:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Stellarium
[2007/03/11 12:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Systweak
[2011/11/30 12:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Thinstall
[2010/03/07 05:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\ThumbsPlus
[2009/12/04 17:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Unity
[2010/07/24 16:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Vso
[2008/01/09 17:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Zeon

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:25AE869A9B611316
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C581A570
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2