Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

happili.com virus

This is a discussion on happili.com virus within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I wrote yesterday that believe i have the happili.com virus and cannot remove it. I was told to follow


 
 
Thread Tools Search this Thread
Old 04-09-2012, 02:24 PM   #1
Registered Member
 
Join Date: Apr 2012
Posts: 19
OS: Windows XP



Hi,
I wrote yesterday that believe i have the happili.com virus and cannot remove it. I was told to follow the pre-post instructions. However, I could not run dds.scr. It would open ans tell me to wait. It said the scan should not last more than 3 minutes. But it never ended and I could not close it. So basically it didn't work.
I would appreciate advice with this problem as well as the original.

Thank you

__________________
sharkfan12 is offline  
Old 04-09-2012, 07:59 PM   #2
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,486
OS: WinXP Home, Vista, Windows 7 64bit



Hello sharkfan12,

Download DDS.exe from here

Double click to start the tool.

In the panel, click 'Options for dds.txt' to expand the choices.
  • Check the box next to 'attach.txt'
  • Uncheck the box next to 'check mbr'
  • Click Start

Post both logs when it has completed.

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-10-2012, 08:10 AM   #3
Registered Member
 
Join Date: Apr 2012
Posts: 19
OS: Windows XP



DDS:

DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by rebecca levant at 1020 on 2012-04-10
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.175 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton 360 Premier Edition *Enabled*
.
============== Running Processes ================
.
K:\WINDOWS\system32\Ati2evxx.exe
k:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
K:\WINDOWS\system32\spoolsv.exe
K:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
K:\Program Files\Bonjour\mDNSResponder.exe
K:\WINDOWS\eHome\ehRecvr.exe
K:\WINDOWS\eHome\ehSched.exe
K:\Program Files\Java\jre6\bin\jqs.exe
K:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
K:\Nir\Postgre\bin\pg_ctl.exe
K:\WINDOWS\system32\wdfmgr.exe
K:\Nir\Postgre\bin\postgres.exe
K:\Nir\Postgre\bin\postgres.exe
K:\Nir\Postgre\bin\postgres.exe
K:\Nir\Postgre\bin\postgres.exe
K:\Nir\Postgre\bin\postgres.exe
K:\Nir\Postgre\bin\postgres.exe
K:\WINDOWS\system32\dllhost.exe
K:\WINDOWS\System32\alg.exe
K:\WINDOWS\system32\CTHELPER.EXE
K:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
K:\WINDOWS\Explorer.EXE
K:\WINDOWS\ehome\ehtray.exe
K:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
K:\Program Files\Dell Photo AIO Printer 942\memcard.exe
K:\WINDOWS\system32\CTHELPER.EXE
K:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
K:\Program Files\Common Files\AOL\1307225327\ee\AOLSoftware.exe
K:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
K:\WINDOWS\eHome\ehmsas.exe
K:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
K:\Program Files\Mozilla Firefox\firefox.exe
K:\Program Files\Microsoft Security Client\msseces.exe
K:\WINDOWS\system32\ctfmon.exe
K:\Program Files\Mozilla Firefox\plugin-container.exe
K:\WINDOWS\system32\wbem\wmiprvse.exe
K:\WINDOWS\System32\svchost.exe -k netsvcs
K:\WINDOWS\system32\svchost.exe -k NetworkService
K:\WINDOWS\system32\svchost.exe -k LocalService
K:\WINDOWS\system32\svchost.exe -k LocalService
K:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?ncid=customie8
uWindow Title = Windows Internet Explorer provided by AOL
uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie8
mStart Page = hxxp://www.aol.com/?ncid=customie8
mDefault_Page_URL = hxxp://www.aol.com/?ncid=customie8
uInternet Connection Wizard,ShellNext = "k:\program files\outlook express\msimn.exe" //mailurl:mailto:websales@lenovo.com
uProxyOverride = <local>
mSearchAssistant = hxxp://search.live.com/sphome.aspx
mWinlogon: Userinit = k:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - k:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - k:\program files\norton antivirus\engine\18.7.1.3\ips\ipsbho.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - k:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - k:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - k:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] k:\windows\system32\ctfmon.exe
mRun: [ehTray] k:\windows\ehome\ehtray.exe
mRun: [Dell Photo AIO Printer 942] "k:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [DellMCM] "k:\program files\dell photo aio printer 942\memcard.exe"
mRun: [ATIPTA] "k:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [Microsoft Default Manager] "k:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ArcSoft Connection Service] k:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HostManager] k:\program files\common files\aol\1307225327\ee\AOLSoftware.exe
mRun: [DLBUCATS] rundll32 k:\windows\system32\spool\drivers\w32x86\3\DLBUtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "k:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "k:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "k:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "k:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: k:\documents and settings\rebecca levant\start menu\programs\startup\OpenOffice.org 3.2.lnk.disabled
StartupFolder: k:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
StartupFolder: k:\documents and settings\all users\start menu\programs\startup\McAfee Online Backup Status.lnk.disabled
StartupFolder: k:\documents and settings\all users\start menu\programs\startup\WinZip Quick Pick.lnk.disabled
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - k:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - k:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - k:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - k:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - k:\program files\messenger\msmsgs.exe
DPF: {1C72E5E8-C622-4F09-A0B6-D0C0700999D1} - hxxp://test.zixi.com/Sport5Page/ZixiPlayer.ocx
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 8.8.8.8 8.8.4.4 192.168.1.1
TCP: Interfaces\{7FA0D2A8-223C-4B6F-B057-D380E52234A3} : DHCPNameServer = 8.8.8.8 8.8.4.4 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - k:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: GoToAssist - k:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Hosts: 94.63.147.17 Bing
.
================= FIREFOX ===================
.
FF - ProfilePath - k:\documents and settings\rebecca levant\application data\mozilla\firefox\profiles\dvkhk3oi.default\
FF - component: k:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: k:\documents and settings\rebecca levant\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: k:\documents and settings\rebecca levant\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: k:\documents and settings\rebecca levant\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: k:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: k:\program files\google\picasa3\npPicasa3.dll
FF - plugin: k:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: k:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: k:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: k:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: k:\program files\veetle\player\npvlc.dll
FF - plugin: k:\program files\veetle\plugins\npVeetle.dll
FF - plugin: k:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;k:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-3 340088]
R0 SymEFA;Symantec Extended File Attributes;k:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-3 744568]
R1 BHDrvx86;BHDrvx86;k:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20120402.001\BHDrvx86.sys [2012-4-2 821880]
R1 MOBKFilter;MOBKFilter;k:\windows\system32\drivers\MOBK.sys [2011-10-12 54776]
R1 MpFilter;Microsoft Malware Protection Driver;k:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SymIRON;Symantec Iron Driver;k:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-3 136312]
R2 NAV;Norton AntiVirus;k:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;K:/Nir/Postgre/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "K:/Nir/Postgre/data" -w --> K:/Nir/Postgre/bin/pg_ctl.exe runservice -N postgresql-9.0 [?]
R3 Angel;Angel MPEG Device;k:\windows\system32\drivers\Angel.sys [2009-3-14 376320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;k:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-8 106104]
R3 IDSxpx86;IDSxpx86;k:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20120406.003\IDSXpx86.sys [2012-4-9 356280]
R3 NAVENG;NAVENG;k:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20120409.034\NAVENG.SYS [2012-4-10 86136]
R3 NAVEX15;NAVEX15;k:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20120409.034\NAVEX15.SYS [2012-4-10 1576312]
S4 MOBKbackup;McAfee Online Backup;k:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
.
=============== Created Last 30 ================
.
2012-04-09 21:55:25 22344 ----a-w- k:\windows\system32\drivers\mbam.sys
2012-04-09 20:28:01 6582328 ----a-w- k:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e2c74a7-4b51-4fe5-82c6-f96bfbd42368}\mpengine.dll
2012-04-09 20:27:50 237072 ------w- k:\windows\system32\MpSigStub.exe
2012-04-09 20:26:00 -------- d-----w- k:\program files\Microsoft Security Client
2012-04-09 13:43:35 -------- d-----w- k:\program files\Malwarebytes' Anti-Malware
2012-04-09 04:48:44 -------- d-sh--w- k:\documents and settings\rebecca levant\IECompatCache
2012-04-09 03:05:49 -------- d-----w- k:\documents and settings\rebecca levant\application data\AVG2012
2012-04-09 03:01:57 -------- d--h--w- K:\$AVG
2012-04-09 03:01:57 -------- d-----w- k:\documents and settings\all users\application data\AVG2012
2012-04-09 03:01:13 -------- d-----w- k:\program files\AVG
2012-04-09 02:59:35 -------- d--h--w- k:\documents and settings\all users\application data\Common Files
2012-04-09 02:59:11 -------- d-----w- k:\documents and settings\all users\application data\MFAData
2012-04-09 02:21:38 -------- d-----w- k:\program files\PC Tools
2012-04-09 02:18:53 185560 ----a-w- k:\windows\system32\drivers\PCTSD.sys
2012-04-09 02:18:53 -------- d-----w- k:\program files\common files\PC Tools
2012-04-09 02:18:39 -------- d-----w- k:\documents and settings\all users\application data\PC Tools
2012-04-09 02:18:38 -------- d-----w- k:\documents and settings\rebecca levant\application data\TestApp
2012-04-08 21:50:19 -------- d-----w- k:\documents and settings\rebecca levant\application data\Malwarebytes
2012-04-08 21:50:02 -------- d-----w- k:\documents and settings\all users\application data\Malwarebytes
2012-04-08 14:56:50 -------- d-----w- k:\windows\system32\NtmsData
2012-04-03 22:17:41 744568 ----a-w- k:\windows\system32\drivers\nav\1207010.003\symefa.sys
2012-04-03 22:17:41 369784 ----a-w- k:\windows\system32\drivers\nav\1207010.003\symtdi.sys
2012-04-03 22:17:41 331384 ----a-w- k:\windows\system32\drivers\nav\1207010.003\symtdiv.sys
2012-04-03 22:17:41 299640 ----a-w- k:\windows\system32\drivers\nav\1207010.003\symnets.sys
2012-04-03 22:17:40 516216 ----a-w- k:\windows\system32\drivers\nav\1207010.003\srtsp.sys
2012-04-03 22:17:40 50168 ----a-w- k:\windows\system32\drivers\nav\1207010.003\srtspx.sys
2012-04-03 22:17:40 340088 ----a-w- k:\windows\system32\drivers\nav\1207010.003\symds.sys
2012-04-03 22:17:40 136312 ----a-w- k:\windows\system32\drivers\nav\1207010.003\ironx86.sys
2012-04-03 22:17:30 -------- d-----w- k:\windows\system32\drivers\nav\1207010.003
.
==================== Find3M ====================
.
2012-02-09 00:44:29 414368 ----a-w- k:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- k:\windows\system32\win32k.sys
.
============= FINISH: 10:07:11.67 ===============





Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-09-30.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/8/2009 2:30:28 PM
System Uptime: 4/9/2012 10:46:02 PM (12 hours ago)
.
Motherboard: Dell Inc. | | 0J8885
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is Removable
D: is Removable
E: is Removable
F: is Removable
G: is Removable
I: is CDROM ()
J: is CDROM ()
K: is FIXED (NTFS) - 298 GiB total, 265.812 GiB free.
L: is FIXED (NTFS) - 93 GiB total, 78.586 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: TI Technologies Inc.
Description: RADEON X600 256MB HyperMemory Secondary
Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X600 256MB HyperMemory Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Service: ati2mtag
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
CCScore
Compatibility Pack for the 2007 Office system
Creative MediaSource
Dell Photo AIO Printer 942
Dell Resource CD
Download Updater (AOL LLC)
Dungeon Keeper
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
GearDrvs
GemMaster Mystic
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InstallMgr
Intel(R) PRO Network Connections Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 21
Juniper Networks Setup Client Activex Control
Kodak EasyShare software
Malwarebytes Anti-Malware version 1.61.0.1400
Math Blaster Ages 6-9
Math Blaster Ages 9-12
McAfee Online Backup
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic Edition 2003
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Media Player
Mozilla Firefox 11.0 (x86 en-US)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Norton 360
Norton AntiVirus
OfotoXMI
OpenOffice.org 3.2
Otto
Picasa 3
PostgreSQL 9.0
QuickTime
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
SigmaTel Audio
skin0001
SKINXSDK
Skype Toolbars
Skype™ 5.3
Sonic Encoders
Sound Blaster Audigy 2 ZS
staticcr
tooltips
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Veetle TV 0.9.15
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 8
Windows Live installer
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 16.0
WIRELESS
Yahoo! BrowserPlus
.
==== Event Viewer Messages From Past Week ========
.
4/9/2012 12:01:03 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8053ac71, parameter3 eb4fb8f0, parameter4 00000000.
4/8/2012 11:40:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 BHDrvx86 eeCtrl Fips intelppm MOBKFilter SRTSPX SymIRON SYMTDI
4/8/2012 10:53:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/8/2012 10:27:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm MOBKFilter PCTSD SRTSPX SymIRON SYMTDI
4/8/2012 10:21:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/8/2012 10:16:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm MOBKFilter SRTSPX SymIRON SYMTDI
4/8/2012 10:16:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/4/2012 12:12:52 PM, error: DCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: K:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding
.
==== End Of File ===========================

__________________
sharkfan12 is offline  
Old 04-10-2012, 02:50 PM   #4
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,486
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. :)

Quote:
believe i have the happili.com virus
Can you give me more detail on this? What symptoms are you experiencing? Did one of your onboard Anti Virus or Anti Malware programs alert you to this? If so, do you have a log you can post for me?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-10-2012, 03:49 PM   #5
Registered Member
 
Join Date: Apr 2012
Posts: 19
OS: Windows XP



Hi,
So when I search on google (and other search engines) I get results as they would normally appear. However, when I click on a result I get redirected. It is not always the same site doing the redirecting and not always the same site I get redirected to.
For example: I searched for basketball on google and after clicking a result got to:

hxxp://173.231.21.176/click.php?id=pa7jcUqdqWxZjhRsz1CoXWmHJZ2pDr5arOKDU1rmtQ86cAokxZmAMLdRN1ZVcLJWLxA09FE%2C

which redirected me to:

hxxp://www.happili.com/bc_rus3/innerxy.php?q=basketball&xy=10539

However, it does not always redirect me. In fact after returning to the search results it seems that I can click any result (including the one which originally sent me to the bad site) and get to the right site. Also if I type in a new search from the same page the results were on, it seems as though the results are fine and I get to where I want. But if I leave and come back to google or click the search link to return to google.com and then type in a new search, it happens again. For example I searched for "world news" (after re-entering google.com) and after clicking a result I got redirected through 4 different websites (here are the links):

hxxp://206.51.231.116/c.php?p=mBZVeUp2YL--9MAr9eySyWNpv8Yu0PPo0DkMy9toWJ7df0UAarzDGPukNkYhSLR9LjkkZ4aF61bCxCJDg9F7TMXZzEIq-Hg0ck8NnjetnwyvUhecexFx8ZpVPzxZTKkDY1z4g2SviOw7Dn7bBGAQA6aJ1zSIkQnutJiu98q7w7TlX-4Q2oXi33Q1fm6jH_sNsWtyYOgmbEMHzEfZUqgsgNMgmwYmjGoO3qWfoVVdITbVSjfDOAIAQ0ffuKkY5P06ALcKzREG9tND6Tbo1SPmOttN5j85-sFU7pC3FSbqGk8I2uLPrnMtrWvKsgD3ySFobY_Ca0noiU_z6LfOvyT68UnaQVc-qE-uo-n7c51v04EF829K5cc1JWgvVuZN3Bjeue2gcr8MPy5dDwbMH3Gaw3E3ays3CTvL1om70-S6b-KWIDS3dyJBQjo8pa0wnGGBxPt7qZqRw6z8lS-HP9bb5tfmKuz7neAUOqIghLet5bGaxz8eSU0LXxEYovajnrk23ZQf3ZFKYDnX5HPbFrWZ7VoPrUXxqqM_JVwCmG6zQgAhm4HBRk_iy6al7WhNhTsGzwoHCqhkuMNui4HrwRZyZSYphRRxGN91TfmNKQNlogRzrqYskWxlEyxGkQR-OU_aQ-0MDE5pYSlfVQywqqGFZ3ddQDDxh5gc2pPGyCK1IFEes5JylWSy14SmfewlHo1iqhSTZ1LZE9OJFFGtXg39qMJBy96INQ-8S8TYELfir1qzSWDxWVrtIKvJ65nfnLiwsMgUdNofqoaO5cgTIwCGmyQlLDWBaQZMcLtGEDPadHDEMFmwDjjO5awj3S0tnkAUlYukUeyDrpo2Jhkyj3eoyZJtCYmW4zZFMuEGmVCFMAnxNBAW5AA0lAQ9Icd8x7pbW4JMvkrl4ybN3aB09NwECfj_8EQPVrNZMk_42fdxD4hy735ylQsszwDzsCmOnmqR0H0chxhy-DBLxNgQt-KvWjkoRGjzKoZpbQa5EYI9g0VYI0ZDnYBmQjOB9XVTITYS2cd1aMDgLfDpvg3-mOcavPQuLro-0iyCBP-JRVxGRWc

hxxp://64.15.72.104/click.php?go=aHR0cDovL21ldGEuN3NlYXJjaC5jb20vY2xpY2svY2xpY2suYXNweD94PTRSbEZGNlN4OWg5V2dibEtsRE1qNHclM2QlM2Rfb0V6T3lWM1hMZW9wWSUyZjYyRXFFV3VNSmVQdUVGVWp0VjNnMkZsVG9xRjBaTVJKR3FGa1E2MWVlR3FVdHNENzJzZCUyZiUyZlFFeXlsJTJiNWlPWml5VWVHMkpwOUZ5eG5Dbk4lMmJHOVpzWEtrQ1F3RERKeSUyZiUyZjV6Rk9sVTB0UnNSaE5BUllzRmZMeHBPM296V2NLR0hKaGw0TkNFMWNLRjJSaWdodVNkajdmN0JaVWRGUHpmY2dNb0R4a1FRdm56RWYxekpsJTJmc1JEUnd6dEcxS0Rkb3E1bHBLb29LeSUyZmREciUyYm94a0FGUkc4R0dqUXY1M0g2eTBiYkQlMmZseWptaWJFQ0dmc3AwYVg=&b=MC4wMjc=&aff=8911&subaff=1234&time=1334093908&searcher_ip=67.85.30.237&cnt=21843&qq=world+news&mode=&seid=cjESgskx0ng/SJTs9nO/zLS80kkI9RfbnuI9SQ67&se=N3NlYXJjaA==&sid=18&pos=1

hxxp://64.15.72.104/click_second_new3.php?go=aHR0cDovL21ldGEuN3NlYXJjaC5jb20vY2xpY2svY2xpY2suYXNweD94PTRSbEZGNlN4OWg5V2dibEtsRE1qNHclM2QlM2Rfb0V6T3lWM1hMZW9wWSUyZjYyRXFFV3VNSmVQdUVGVWp0VjNnMkZsVG9xRjBaTVJKR3FGa1E2MWVlR3FVdHNENzJzZCUyZiUyZlFFeXlsJTJiNWlPWml5VWVHMkpwOUZ5eG5Dbk4lMmJHOVpzWEtrQ1F3RERKeSUyZiUyZjV6Rk9sVTB0UnNSaE5BUllzRmZMeHBPM296V2NLR0hKaGw0TkNFMWNLRjJSaWdodVNkajdmN0JaVWRGUHpmY2dNb0R4a1FRdm56RWYxekpsJTJmc1JEUnd6dEcxS0Rkb3E1bHBLb29LeSUyZmREciUyYm94a0FGUkc4R0dqUXY1M0g2eTBiYkQlMmZseWptaWJFQ0dmc3AwYVg=&b=MC4wMjc=&aff=8911&subaff=1234&time=1334093908&searcher_ip=67.85.30.237&cnt=21843&qq=world+news&mode=&seid=cjESgskx0ng/SJTs9nO/zLS80kkI9RfbnuI9SQ67&se=N3NlYXJjaA==&sid=18&pos=1&country=US

hxxp://meta.7search.com/click/click.aspx?x=4RlFF6Sx9h9WgblKlDMj4w%3d%3d_oEzOyV3XLeopY%2f62EqEWuMJePuEFUjtV3g2FlToqF0ZMRJGqFkQ61eeGqUtsD72sd%2f%2fQEyyl%2b5iOZiyUeG2Jp9FyxnCnN%2bG9ZsXKkCQwDDJy%2f%2f5zFOlU0tRsRhNARYsFfLxpO3ozWcKGHJhl4NCE1cKF2RighuSdj7f7BZUdFPzfcgMoDxkQQvnzEf1zJl%2fsRDRwztG1KDdoq5lpKooKy%2fdDr%2boxkAFRG8GGjQv53H6y0bbD%2flyjmibECGfsp0aX




to this website:

hxxp://www.gimmeanswers.org/search/ss_srnvii/results.php?search=world+news&refid=65285-8911_1234



There may be more problems (slower computer, reading keyboard etc.) but I am not sure of this.

Thanks for the help
__________________
sharkfan12 is offline  
Old 04-10-2012, 06:39 PM   #6
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,486
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome, and thanks for the great detail.

I'll need you to run another tool and hopefully this one should give me what I'm looking for.

Download OTL to your desktop.

Double click the icon to start the tool.
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created, OTL.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.

I only need to see the contents of the OTL.txt. Please post that in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-10-2012, 07:27 PM   #7
Registered Member
 
Join Date: Apr 2012
Posts: 19
OS: Windows XP



OTL logfile created on: 4/10/2012 8:50:01 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = K:\Documents and Settings\rebecca levant\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 361.64 Mb Available Physical Memory | 35.38% Memory free
2.40 Gb Paging File | 1.55 Gb Available in Paging File | 64.40% Paging File free
Paging file location(s): K:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = K: | %SystemRoot% = K:\WINDOWS | %ProgramFiles% = K:\Program Files
Drive K: | 298.08 Gb Total Space | 265.81 Gb Free Space | 89.17% Space Free | Partition Type: NTFS
Drive L: | 93.36 Gb Total Space | 78.59 Gb Free Space | 84.18% Space Free | Partition Type: NTFS

Computer Name: BARRY-C87035552 | User Name: rebecca levant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 20:49:11 | 000,594,432 | ---- | M] (OldTimer Tools) -- K:\Documents and Settings\rebecca levant\My Documents\Downloads\OTL.com
PRC - [2012/03/13 00:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- K:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- K:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- k:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- K:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- K:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/17 04:59:10 | 000,094,720 | ---- | M] (PostgreSQL Global Development Group) -- K:\Nir\Postgre\bin\pg_ctl.exe
PRC - [2010/09/17 04:58:27 | 004,909,568 | ---- | M] (PostgreSQL Global Development Group) -- K:\Nir\Postgre\bin\postgres.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- K:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- K:\Program Files\Common Files\AOL\1307225327\ee\aolsoftware.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- K:\WINDOWS\explorer.exe
PRC - [2005/02/03 11:34:58 | 000,102,400 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
PRC - [2005/02/03 04:08:52 | 000,294,912 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
PRC - [2004/07/27 10:08:22 | 000,262,144 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\memcard.exe
PRC - [2004/03/10 21:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- K:\WINDOWS\system32\CTHELPER.EXE


========== Modules (No Company Name) ==========

MOD - [2012/03/13 00:39:07 | 001,969,080 | ---- | M] () -- K:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- K:\WINDOWS\system32\quartz.dll
MOD - [2011/10/07 13:07:08 | 008,522,400 | ---- | M] () -- K:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/04/13 20:12:42 | 000,148,992 | ---- | M] () -- K:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- K:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- K:\WINDOWS\system32\devenum.dll
MOD - [2005/02/03 11:34:58 | 000,102,400 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
MOD - [2005/02/03 04:08:52 | 000,294,912 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
MOD - [2005/02/03 04:08:24 | 000,007,680 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\dlbumcro.dll
MOD - [2005/02/03 04:07:16 | 000,036,864 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\JetPrint.dll
MOD - [2005/02/03 0450 | 000,061,440 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\JetScan.dll
MOD - [2005/02/03 04:05:54 | 000,135,168 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\JetDecmp.dll
MOD - [2005/02/03 04:05:40 | 000,065,536 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\JetImage.dll
MOD - [2005/02/03 04:05:21 | 000,028,672 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\JetPDF.dll
MOD - [2005/02/03 04:05:05 | 000,036,864 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\JetFunc.dll
MOD - [2004/10/08 14:47:26 | 000,075,264 | ---- | M] () -- K:\WINDOWS\system32\spool\prtprocs\w32x86\DLBUPP5C.DLL
MOD - [2004/08/10 07:00:00 | 000,331,776 | ---- | M] () -- K:\WINDOWS\system32\encdec.dll
MOD - [2004/08/10 07:00:00 | 000,268,288 | ---- | M] () -- K:\WINDOWS\system32\sbe.dll
MOD - [2004/08/10 07:00:00 | 000,154,112 | ---- | M] () -- K:\WINDOWS\system32\vbicodec.ax
MOD - [2004/07/29 17:54:20 | 000,061,440 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\ConvDIB.dll
MOD - [2004/07/27 10:08:22 | 000,262,144 | ---- | M] () -- K:\Program Files\Dell Photo AIO Printer 942\memcard.exe
MOD - [2004/04/30 17:46:38 | 000,102,480 | ---- | M] () -- K:\WINDOWS\system32\EzRating.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- k:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- K:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2010/09/17 04:59:10 | 000,094,720 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- K:\Nir\Postgre\bin\pg_ctl.exe -- (postgresql-9.0)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- K:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- K:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/08 16:45:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- K:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- K:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/25 17:13:32 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- K:\WINDOWS\system32\dlbucoms.exe -- (dlbu_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- K:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120402.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/06 17:04:10 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- K:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120410.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/02/03 23:21:40 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- K:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 23:21:40 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- K:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 22:19:34 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- K:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120410.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 22:19:34 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- K:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120410.020\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/02 19:00:29 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- K:\WINDOWS\system32\drivers\NAV\1207010.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- K:\WINDOWS\system32\drivers\NAV\1207010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- K:\WINDOWS\system32\drivers\NAV\1207010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- K:\WINDOWS\system32\drivers\NAV\1207010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- K:\WINDOWS\system32\drivers\NAV\1207010.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- K:\WINDOWS\system32\drivers\NAV\1207010.003\ironx86.sys -- (SymIRON)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- K:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/02/09 21:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/02 16:05:04 | 000,376,320 | ---- | M] (Lumanate, Inc.) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\Angel.sys -- (Angel)
DRV - [2004/08/12 03:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/05 22:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/07/12 22:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/12 22:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2004/07/12 22:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/12 22:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/12 22:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/07/12 22:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/07/12 21:53:14 | 000,585,728 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\ctaudfx.dll -- (CTAUDFX.DLL)
DRV - [2004/06/09 19:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2003/11/13 06:04:08 | 000,606,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\ctsblfx.dll -- (CTSBLFX.DLL)
DRV - [2003/11/13 06:02:14 | 000,114,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\commonfx.dll -- (COMMONFX.DLL)
DRV - [2003/11/12 08:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - News, Sports, Weather, Entertainment, Local & Lifestyle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - News, Sports, Weather, Entertainment, Local & Lifestyle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer 6 Search Companion is no longer supported.
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - News, Sports, Weather, Entertainment, Local & Lifestyle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - News, Sports, Weather, Entertainment, Local & Lifestyle
IE - HKCU\..\SearchScopes,DefaultScope = {045D890A-83B6-4EB8-AF81-4B8A3AC81D6E}
IE - HKCU\..\SearchScopes\{045D890A-83B6-4EB8-AF81-4B8A3AC81D6E}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={SearchTerms}&invocationType=tb50-ie-aolmailtb-chromesbox-en-us
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: K:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: K:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: K:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: K:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: k:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: K:\Documents and Settings\rebecca levant\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.15: K:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.15: K:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: K:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: K:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: K:\Documents and Settings\rebecca levant\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21: K:\Documents and Settings\rebecca levant\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: K:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/01/31 21:09:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: K:\Program Files\Mozilla Firefox\components [2012/03/21 08:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: K:\Program Files\Mozilla Firefox\plugins [2012/03/21 08:59:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: K:\Documents and Settings\rebecca levant\Application Data\Move Networks [2010/01/25 09:53:23 | 000,000,000 | ---D | M]

[2009/04/25 22:01:56 | 000,000,000 | ---D | M] (No name found) -- K:\Documents and Settings\rebecca levant\Application Data\Mozilla\Extensions
[2012/04/01 2256 | 000,000,000 | ---D | M] (No name found) -- K:\Documents and Settings\rebecca levant\Application Data\Mozilla\Firefox\Profiles\dvkhk3oi.default\extensions
[2012/03/21 08:59:33 | 000,000,000 | ---D | M] (No name found) -- K:\Program Files\Mozilla Firefox\extensions
() (No name found) -- K:\DOCUMENTS AND SETTINGS\REBECCA LEVANT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVKHK3OI.DEFAULT\EXTENSIONS\CZUPYVQSIX@CZUPYVQSIX.ORG.XPI
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- K:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- K:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- K:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- K:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- K:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/29 05:57:30 | 000,000,855 | RH-- | M]) - K:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.17 Bing
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - K:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - K:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] K:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CTHelper] K:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] K:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] K:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [DLBUCATS] K:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
O4 - HKLM..\Run: [HostManager] K:\Program Files\Common Files\AOL\1307225327\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [MSC] k:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: K:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: K:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk.disabled ()
O4 - Startup: K:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk.disabled ()
O4 - Startup: K:\Documents and Settings\rebecca levant\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = K:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = K:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - K:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - K:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - K:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - K:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1C72E5E8-C622-4F09-A0B6-D0C0700999D1} http://test.zixi.com/Sport5Page/ZixiPlayer.ocx (zixi viewer)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/J...etupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FA0D2A8-223C-4B6F-B057-D380E52234A3}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - K:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - K:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (K:\WINDOWS\system32\userinit.exe) - K:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (K:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - K:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop BackupWallPaper: K:\Documents and Settings\rebecca levant\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/08 15:27:49 | 000,000,000 | ---- | M] () - L:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/07/16 09:51:42 | 000,000,031 | ---- | M] () - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{20425385-592d-11de-aa2b-00123f9be258}\Shell\AutoRun\command - "" = L:\WDSetup.exe
O33 - MountPoints2\{95fe26af-c6b2-11df-aad3-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{95fe26af-c6b2-11df-aad3-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95fe26af-c6b2-11df-aad3-00038a000015}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{bce12787-cd4a-11de-aa60-00123f9be258}\Shell\AutoRun\command - "" = L:\KEYGEN_NOUPX.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 17:55:40 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/09 17:55:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- K:\WINDOWS\System32\drivers\mbam.sys
[2012/04/09 16:27:50 | 000,237,072 | ---- | C] (Microsoft Corporation) -- K:\WINDOWS\System32\MpSigStub.exe
[2012/04/09 16:26:00 | 000,000,000 | ---D | C] -- K:\Program Files\Microsoft Security Client
[2012/04/09 16:25:42 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/04/09 14:07:08 | 000,000,000 | R--D | C] -- K:\Documents and Settings\rebecca levant\Start Menu\Programs\Administrative Tools
[2012/04/09 09:43:35 | 000,000,000 | ---D | C] -- K:\Program Files\Malwarebytes' Anti-Malware
[2012/04/09 00:48:44 | 000,000,000 | -HSD | C] -- K:\Documents and Settings\rebecca levant\IECompatCache
[2012/04/08 23:05:49 | 000,000,000 | ---D | C] -- K:\Documents and Settings\rebecca levant\Application Data\AVG2012
[2012/04/08 23:01:57 | 000,000,000 | -H-D | C] -- K:\$AVG
[2012/04/08 23:01:57 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\AVG2012
[2012/04/08 23:01:13 | 000,000,000 | ---D | C] -- K:\Program Files\AVG
[2012/04/08 22:59:35 | 000,000,000 | -H-D | C] -- K:\Documents and Settings\All Users\Application Data\Common Files
[2012/04/08 22:59:11 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\MFAData
[2012/04/08 22:21:38 | 000,000,000 | ---D | C] -- K:\Program Files\PC Tools
[2012/04/08 22:18:53 | 000,185,560 | ---- | C] (PC Tools) -- K:\WINDOWS\System32\drivers\PCTSD.sys
[2012/04/08 22:18:53 | 000,000,000 | ---D | C] -- K:\Program Files\Common Files\PC Tools
[2012/04/08 22:18:40 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/08 22:18:39 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\PC Tools
[2012/04/08 22:18:38 | 000,000,000 | ---D | C] -- K:\Documents and Settings\rebecca levant\Application Data\TestApp
[2012/04/08 22:15:12 | 000,000,000 | -HSD | C] -- K:\WINDOWS\CSC
[2012/04/08 17:50:19 | 000,000,000 | ---D | C] -- K:\Documents and Settings\rebecca levant\Application Data\Malwarebytes
[2012/04/08 17:50:02 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/08 10:56:50 | 000,000,000 | ---D | C] -- K:\WINDOWS\System32\NtmsData
[6 K:\Documents and Settings\rebecca levant\My Documents\*.tmp files -> K:\Documents and Settings\rebecca levant\My Documents\*.tmp -> ]
[4 K:\WINDOWS\*.tmp files -> K:\WINDOWS\*.tmp -> ]
[1 K:\WINDOWS\System32\*.tmp files -> K:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 19:57:00 | 000,001,006 | ---- | M] () -- K:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1078081533-1801674531-1003UA.job
[2012/04/10 05:57:05 | 000,000,954 | ---- | M] () -- K:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1078081533-1801674531-1003Core.job
[2012/04/09 22:51:41 | 000,000,424 | -H-- | M] () -- K:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/09 22:46:29 | 000,002,048 | --S- | M] () -- K:\WINDOWS\bootstat.dat
[2012/04/09 22:45:49 | 000,032,592 | ---- | M] () -- K:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-20061102}.rfx
[2012/04/09 22:45:49 | 000,032,592 | ---- | M] () -- K:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-20061102}.rfx
[2012/04/09 22:45:49 | 000,032,088 | ---- | M] () -- K:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-20061102}.rfx
[2012/04/09 22:45:49 | 000,032,088 | ---- | M] () -- K:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-20061102}.rfx
[2012/04/09 22:45:49 | 000,001,080 | ---- | M] () -- K:\WINDOWS\System32\settingsbkup.sfm
[2012/04/09 22:45:49 | 000,001,080 | ---- | M] () -- K:\WINDOWS\System32\settings.sfm
[2012/04/09 22:45:49 | 000,000,384 | ---- | M] () -- K:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20061102}.dat
[2012/04/09 22:45:49 | 000,000,384 | ---- | M] () -- K:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20061102}.dat
[2012/04/09 22:45:14 | 004,932,601 | ---- | M] () -- K:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20061102}.CDF
[2012/04/09 16:26:40 | 000,001,945 | ---- | M] () -- K:\WINDOWS\epplauncher.mif
[2012/04/09 16:26:25 | 000,676,788 | ---- | M] () -- K:\WINDOWS\System32\drivers\NAV\1207010.003\Cat.DB
[2012/04/09 16:25:42 | 000,002,206 | ---- | M] () -- K:\WINDOWS\System32\wpa.dbl
[2012/04/09 00:47:16 | 000,017,446 | ---- | M] () -- K:\Documents and Settings\rebecca levant\Local Settings\Application Data\dt.dat
[2012/04/08 22:18:39 | 000,001,591 | ---- | M] () -- K:\Documents and Settings\rebecca levant\Desktop\SD_Online_aff_GenericRevenueWire_207.exe.lnk
[2012/04/07 15:15:22 | 000,000,897 | ---- | M] () -- K:\WINDOWS\dellstat.ini
[2012/04/07 07:59:02 | 000,000,284 | ---- | M] () -- K:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/04 21:50:00 | 000,001,876 | ---- | M] () -- K:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- K:\WINDOWS\System32\drivers\mbam.sys
[2012/04/02 19:57:31 | 000,000,664 | ---- | M] () -- K:\WINDOWS\System32\d3d9caps.dat
[2012/04/01 17:26:01 | 000,000,450 | ---- | M] () -- K:\WINDOWS\tasks\EasyShare Registration Task.job
[2012/03/29 05:57:30 | 000,000,855 | RH-- | M] () -- K:\WINDOWS\System32\drivers\etc\hosts
[2012/03/27 20:54:09 | 000,000,172 | ---- | M] () -- K:\WINDOWS\System32\drivers\NAV\1207010.003\isolate.ini
[2012/03/21 08:59:36 | 000,000,742 | ---- | M] () -- K:\Documents and Settings\rebecca levant\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/21 08:59:35 | 000,000,724 | ---- | M] () -- K:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/14 03:07:19 | 000,181,040 | ---- | M] () -- K:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 03:01:37 | 000,001,374 | ---- | M] () -- K:\WINDOWS\imsins.BAK
[2012/03/13 07:51:40 | 000,444,456 | ---- | M] () -- K:\WINDOWS\System32\perfh009.dat
[2012/03/13 07:51:40 | 000,072,332 | ---- | M] () -- K:\WINDOWS\System32\perfc009.dat
[6 K:\Documents and Settings\rebecca levant\My Documents\*.tmp files -> K:\Documents and Settings\rebecca levant\My Documents\*.tmp -> ]
[4 K:\WINDOWS\*.tmp files -> K:\WINDOWS\*.tmp -> ]
[1 K:\WINDOWS\System32\*.tmp files -> K:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 16:31:32 | 000,000,424 | -H-- | C] () -- K:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/09 16:26:40 | 000,001,945 | ---- | C] () -- K:\WINDOWS\epplauncher.mif
[2012/04/09 16:26:15 | 000,001,680 | ---- | C] () -- K:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/09 00:47:16 | 000,017,446 | ---- | C] () -- K:\Documents and Settings\rebecca levant\Local Settings\Application Data\dt.dat
[2012/04/08 22:18:39 | 000,001,591 | ---- | C] () -- K:\Documents and Settings\rebecca levant\Desktop\SD_Online_aff_GenericRevenueWire_207.exe.lnk
[2012/03/21 08:59:35 | 000,000,730 | ---- | C] () -- K:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/14 03:01:24 | 000,001,374 | ---- | C] () -- K:\WINDOWS\imsins.BAK
[2010/10/14 18:13:15 | 000,001,940 | ---- | C] () -- K:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/19 06:31:46 | 000,000,384 | ---- | C] () -- K:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20061102}.dat
[2010/07/19 06:31:46 | 000,000,384 | ---- | C] () -- K:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20061102}.dat
[2010/07/19 06:30:43 | 000,127,226 | ---- | C] () -- K:\WINDOWS\System32\ctdlang.dat
[2010/07/19 06:30:43 | 000,053,932 | ---- | C] () -- K:\WINDOWS\System32\ctdaught.dat
[2010/07/19 06:30:41 | 000,184,320 | ---- | C] () -- K:\WINDOWS\PSCONV.EXE
[2010/07/19 06:30:41 | 000,053,248 | ---- | C] ( ) -- K:\WINDOWS\System32\killapps.exe
[2010/07/19 06:30:41 | 000,036,864 | ---- | C] () -- K:\WINDOWS\System32\regplib.exe
[2010/07/19 06:30:41 | 000,000,194 | ---- | C] () -- K:\WINDOWS\System32\kill.ini
[2010/07/19 06:30:35 | 000,065,536 | ---- | C] ( ) -- K:\WINDOWS\System32\a3d.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> K:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
__________________
sharkfan12 is offline  
Old 04-10-2012, 09:22 PM   #8
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,486
OS: WinXP Home, Vista, Windows 7 64bit



Double click on the OTL icon to run it, then copy/paste the entire contents of the codebox below into the Custom Scans Box

Code:
:files
K:\DOCUMENTS AND SETTINGS\REBECCA LEVANT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVKHK3OI.DEFAULT\EXTENSIONS\CZUPYVQSIX@CZUPYVQSIX.ORG.XPI
Close all other programs, then click the Run Fix button at the top.

OTL may ask to reboot the machine. Please do so if asked.

Post the log located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Are you still getting redirected?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-10-2012, 09:37 PM   #9
Registered Member
 
Join Date: Apr 2012
Posts: 19
OS: Windows XP



Hi,
I am still getting redirected. It did not ask me to reboot so I didn't.
Here is the log:

========== FILES ==========
K:\DOCUMENTS AND SETTINGS\REBECCA LEVANT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVKHK3OI.DEFAULT\EXTENSIONS\czupyvqsix@czupyvqsix.org.xpi moved successfully.

OTL by OldTimer - Version 3.2.39.1 log created on 04102012_233435

Thanks
__________________
sharkfan12 is offline  
Old 04-10-2012, 09:40 PM   #10
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,486
OS: WinXP Home, Vista, Windows 7 64bit



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

================================

Are you still getting redirects, and if so, does this happen in both browsers?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-10-2012, 11:00 PM   #11
Registered Member
 
Join Date: Apr 2012
Posts: 19
OS: Windows XP



Hi,
I followed the instructions. At some point however it said that AVG antivirus 2012 free edition may interfere. However, although I did have it installed at some point, I had removed it via add/remove programs in the control panel. It seemed to me that it did not exist on the computer anymore so I do not know what the meaning of this warning was.
I continued anyway, and after beginning the scan it said "Access is denied". I waited about a half hour longer and nothing happened. So I tried to close the window. This didn't work so I tried simply restarting the computer which also didn't work. I eventually had to turn the computer off using the computers off button.
I tried again after the computer was back on and the same thing happened except this time I did not get the "Access is denied message". There was simply no response for over 20 minutes.
Any advice?

Thanks
__________________
sharkfan12 is offline  
Old 04-11-2012, 05:49 AM   #12
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,486
OS: WinXP Home, Vista, Windows 7 64bit



AVG did not de-register itself from the Security Center when it uninstalled. This is not an uncommon thing for this AV.

We'll deal with that later - for now, download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-11-2012, 11:32 AM   #13
Registered Member
 
Join Date: Apr 2012
Posts: 19
OS: Windows XP



13:30:51.0218 2700 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
13:30:51.0484 2700 ============================================================
13:30:51.0484 2700 Current date / time: 2012/04/11 13:30:51.0484
13:30:51.0484 2700 SystemInfo:
13:30:51.0484 2700
13:30:51.0484 2700 OS Version: 5.1.2600 ServicePack: 3.0
13:30:51.0484 2700 Product type: Workstation
13:30:51.0484 2700 ComputerName: BARRY-C87035552
13:30:51.0484 2700 UserName: rebecca levant
13:30:51.0484 2700 Windows directory: K:\WINDOWS
13:30:51.0484 2700 System windows directory: K:\WINDOWS
13:30:51.0484 2700 Processor architecture: Intel x86
13:30:51.0484 2700 Number of processors: 2
13:30:51.0484 2700 Page size: 0x1000
13:30:51.0484 2700 Boot type: Normal boot
13:30:51.0484 2700 ============================================================
13:30:53.0328 2700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:30:53.0390 2700 Drive \Device\Harddisk1\DR2 - Size: 0x1757BDA000 (93.37 Gb), SectorSize: 0x200, Cylinders: 0x2F9C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:30:53.0421 2700 \Device\Harddisk0\DR0:
13:30:53.0421 2700 MBR used
13:30:53.0421 2700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
13:30:53.0421 2700 \Device\Harddisk1\DR2:
13:30:53.0421 2700 MBR used
13:30:53.0437 2700 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBAB6D9C
13:30:53.0484 2700 Initialize success
13:30:53.0484 2700 ============================================================
13:30:59.0468 2568 ============================================================
13:30:59.0468 2568 Scan started
13:30:59.0468 2568 Mode: Manual;
13:30:59.0468 2568 ============================================================
13:30:59.0750 2568 Abiosdsk - ok
13:30:59.0765 2568 abp480n5 - ok
13:30:59.0906 2568 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) K:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:30:59.0906 2568 ACDaemon - ok
13:30:59.0984 2568 ACPI (8fd99680a539792a30e97944fdaecf17) K:\WINDOWS\system32\DRIVERS\ACPI.sys
13:31:00.0031 2568 ACPI - ok
13:31:00.0109 2568 ACPIEC (9859c0f6936e723e4892d7141b1327d5) K:\WINDOWS\system32\drivers\ACPIEC.sys
13:31:00.0125 2568 ACPIEC - ok
13:31:00.0187 2568 adpu160m - ok
13:31:00.0281 2568 aec (8bed39e3c35d6a489438b8141717a557) K:\WINDOWS\system32\drivers\aec.sys
13:31:00.0312 2568 aec - ok
13:31:00.0437 2568 AFD (1e44bc1e83d8fd2305f8d452db109cf9) K:\WINDOWS\System32\drivers\afd.sys
13:31:00.0468 2568 AFD - ok
13:31:00.0484 2568 Aha154x - ok
13:31:00.0578 2568 aic78u2 - ok
13:31:00.0640 2568 aic78xx - ok
13:31:00.0765 2568 Alerter (a9a3daa780ca6c9671a19d52456705b4) K:\WINDOWS\system32\alrsvc.dll
13:31:00.0812 2568 Alerter - ok
13:31:00.0906 2568 ALG (8c515081584a38aa007909cd02020b3d) K:\WINDOWS\System32\alg.exe
13:31:00.0937 2568 ALG - ok
13:31:00.0984 2568 AliIde - ok
13:31:01.0046 2568 amsint - ok
13:31:01.0218 2568 Angel (2d1c6ff086b8091f8fd897dbb1a2e432) K:\WINDOWS\system32\DRIVERS\Angel.sys
13:31:01.0265 2568 Angel - ok
13:31:01.0390 2568 AOL ACS (85180cf88c5ebad73b452a43a004ca51) K:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
13:31:01.0406 2568 AOL ACS - ok
13:31:01.0531 2568 Apple Mobile Device (a8aa9d47f971570a5162b862b80f87e8) K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
13:31:01.0578 2568 Apple Mobile Device - ok
13:31:01.0718 2568 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) K:\WINDOWS\System32\appmgmts.dll
13:31:01.0734 2568 AppMgmt - ok
13:31:01.0828 2568 Arp1394 (b5b8a80875c1dededa8b02765642c32f) K:\WINDOWS\system32\DRIVERS\arp1394.sys
13:31:01.0859 2568 Arp1394 - ok
13:31:01.0890 2568 asc - ok
13:31:01.0968 2568 asc3350p - ok
13:31:01.0984 2568 asc3550 - ok
13:31:02.0171 2568 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) K:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:31:02.0250 2568 aspnet_state - ok
13:31:02.0531 2568 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) K:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:31:02.0546 2568 AsyncMac - ok
13:31:02.0625 2568 atapi (9f3a2f5aa6875c72bf062c712cfa2674) K:\WINDOWS\system32\DRIVERS\atapi.sys
13:31:02.0625 2568 atapi - ok
13:31:02.0718 2568 Atdisk - ok
13:31:02.0859 2568 Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed) K:\WINDOWS\system32\Ati2evxx.exe
13:31:02.0921 2568 Ati HotKey Poller - ok
13:31:03.0062 2568 ATI Smart (d41eb535e2b2d8872463e5f59f215d4e) K:\WINDOWS\system32\ati2sgag.exe
13:31:03.0109 2568 ATI Smart - ok
13:31:03.0359 2568 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) K:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:31:03.0468 2568 ati2mtag - ok
13:31:03.0609 2568 Atmarpc (9916c1225104ba14794209cfa8012159) K:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:31:03.0625 2568 Atmarpc - ok
13:31:03.0718 2568 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) K:\WINDOWS\System32\audiosrv.dll
13:31:03.0750 2568 AudioSrv - ok
13:31:03.0843 2568 audstub (d9f724aa26c010a217c97606b160ed68) K:\WINDOWS\system32\DRIVERS\audstub.sys
13:31:03.0875 2568 audstub - ok
13:31:03.0968 2568 Beep (da1f27d85e0d1525f6621372e7b685e9) K:\WINDOWS\system32\drivers\Beep.sys
13:31:04.0000 2568 Beep - ok
13:31:04.0343 2568 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) K:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120402.001\BHDrvx86.sys
13:31:04.0406 2568 BHDrvx86 - ok
13:31:04.0593 2568 BITS (574738f61fca2935f5265dc4e5691314) K:\WINDOWS\system32\qmgr.dll
13:31:04.0687 2568 BITS - ok
13:31:04.0812 2568 Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) K:\Program Files\Bonjour\mDNSResponder.exe
13:31:04.0890 2568 Bonjour Service - ok
13:31:05.0078 2568 Browser (a06ce3399d16db864f55faeb1f1927a9) K:\WINDOWS\System32\browser.dll
13:31:05.0109 2568 Browser - ok
13:31:05.0312 2568 catchme - ok
13:31:05.0515 2568 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) K:\WINDOWS\system32\drivers\cbidf2k.sys
13:31:05.0515 2568 cbidf2k - ok
13:31:05.0562 2568 CCDECODE (0be5aef125be881c4f854c554f2b025c) K:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:31:05.0562 2568 CCDECODE - ok
13:31:05.0562 2568 cd20xrnt - ok
13:31:05.0625 2568 Cdaudio (c1b486a7658353d33a10cc15211a873b) K:\WINDOWS\system32\drivers\Cdaudio.sys
13:31:05.0625 2568 Cdaudio - ok
13:31:05.0640 2568 Cdfs (c885b02847f5d2fd45a24e219ed93b32) K:\WINDOWS\system32\drivers\Cdfs.sys
13:31:05.0640 2568 Cdfs - ok
13:31:05.0687 2568 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) K:\WINDOWS\system32\DRIVERS\cdrom.sys
13:31:05.0703 2568 Cdrom - ok
13:31:05.0734 2568 cercsr6 (84853b3fd012251690570e9e7e43343f) K:\WINDOWS\system32\drivers\cercsr6.sys
13:31:05.0734 2568 cercsr6 - ok
13:31:05.0781 2568 Changer - ok
13:31:05.0828 2568 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) K:\WINDOWS\system32\cisvc.exe
13:31:05.0828 2568 CiSvc - ok
13:31:05.0875 2568 ClipSrv (34cbe729f38138217f9c80212a2a0c82) K:\WINDOWS\system32\clipsrv.exe
13:31:05.0875 2568 ClipSrv - ok
13:31:05.0953 2568 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) K:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:31:05.0984 2568 clr_optimization_v2.0.50727_32 - ok
13:31:06.0031 2568 CmdIde - ok
13:31:06.0078 2568 COMMONFX.DLL (638549431887f59905f28a38f82d31e8) K:\WINDOWS\system32\COMMONFX.DLL
13:31:06.0078 2568 COMMONFX.DLL - ok
13:31:06.0093 2568 COMSysApp - ok
13:31:06.0109 2568 Cpqarray - ok
13:31:06.0140 2568 CryptSvc (3d4e199942e29207970e04315d02ad3b) K:\WINDOWS\System32\cryptsvc.dll
13:31:06.0156 2568 CryptSvc - ok
13:31:06.0203 2568 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) K:\WINDOWS\system32\CT20XUT.DLL
13:31:06.0203 2568 CT20XUT.DLL - ok
13:31:06.0265 2568 ctac32k (1e41b8a10b9d78240c8bfacc269db155) K:\WINDOWS\system32\drivers\ctac32k.sys
13:31:06.0265 2568 ctac32k - ok
13:31:06.0328 2568 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) K:\WINDOWS\system32\drivers\ctaud2k.sys
13:31:06.0343 2568 ctaud2k - ok
13:31:06.0359 2568 CTAUDFX.DLL (519eabe1cdd2342fff6648b0189558b5) K:\WINDOWS\system32\CTAUDFX.DLL
13:31:06.0375 2568 CTAUDFX.DLL - ok
13:31:06.0406 2568 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) K:\WINDOWS\system32\drivers\ctdvda2k.sys
13:31:06.0421 2568 ctdvda2k - ok
13:31:06.0453 2568 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) K:\WINDOWS\system32\CTEAPSFX.DLL
13:31:06.0453 2568 CTEAPSFX.DLL - ok
13:31:06.0468 2568 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) K:\WINDOWS\system32\CTEDSPFX.DLL
13:31:06.0484 2568 CTEDSPFX.DLL - ok
13:31:06.0562 2568 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) K:\WINDOWS\system32\CTEDSPIO.DLL
13:31:06.0562 2568 CTEDSPIO.DLL - ok
13:31:06.0593 2568 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) K:\WINDOWS\system32\CTEDSPSY.DLL
13:31:06.0593 2568 CTEDSPSY.DLL - ok
13:31:06.0625 2568 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) K:\WINDOWS\system32\CTERFXFX.DLL
13:31:06.0625 2568 CTERFXFX.DLL - ok
13:31:06.0671 2568 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) K:\WINDOWS\system32\CTEXFIFX.DLL
13:31:06.0703 2568 CTEXFIFX.DLL - ok
13:31:06.0734 2568 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) K:\WINDOWS\system32\CTHWIUT.DLL
13:31:06.0734 2568 CTHWIUT.DLL - ok
13:31:06.0765 2568 ctprxy2k (a6f4c70da545230d001915d8eb08d881) K:\WINDOWS\system32\drivers\ctprxy2k.sys
13:31:06.0765 2568 ctprxy2k - ok
13:31:06.0828 2568 CTSBLFX.DLL (9a559c11882a134d1efda87346d51bd0) K:\WINDOWS\system32\CTSBLFX.DLL
13:31:06.0843 2568 CTSBLFX.DLL - ok
13:31:06.0875 2568 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) K:\WINDOWS\system32\drivers\ctsfm2k.sys
13:31:06.0890 2568 ctsfm2k - ok
13:31:06.0890 2568 dac2w2k - ok
13:31:06.0906 2568 dac960nt - ok
13:31:06.0968 2568 DcomLaunch (6b27a5c03dfb94b4245739065431322c) K:\WINDOWS\system32\rpcss.dll
13:31:06.0984 2568 DcomLaunch - ok
13:31:07.0031 2568 Dhcp (5e38d7684a49cacfb752b046357e0589) K:\WINDOWS\System32\dhcpcsvc.dll
13:31:07.0031 2568 Dhcp - ok
13:31:07.0093 2568 Disk (044452051f3e02e7963599fc8f4f3e25) K:\WINDOWS\system32\DRIVERS\disk.sys
13:31:07.0093 2568 Disk - ok
13:31:07.0093 2568 dlbu_device - ok
13:31:07.0109 2568 dmadmin - ok
13:31:07.0156 2568 dmboot (d992fe1274bde0f84ad826acae022a41) K:\WINDOWS\system32\drivers\dmboot.sys
13:31:07.0171 2568 dmboot - ok
13:31:07.0234 2568 dmio (7c824cf7bbde77d95c08005717a95f6f) K:\WINDOWS\system32\drivers\dmio.sys
13:31:07.0234 2568 dmio - ok
13:31:07.0250 2568 dmload (e9317282a63ca4d188c0df5e09c6ac5f) K:\WINDOWS\system32\drivers\dmload.sys
13:31:07.0250 2568 dmload - ok
13:31:07.0312 2568 dmserver (57edec2e5f59f0335e92f35184bc8631) K:\WINDOWS\System32\dmserver.dll
13:31:07.0312 2568 dmserver - ok
13:31:07.0359 2568 DMusic (8a208dfcf89792a484e76c40e5f50b45) K:\WINDOWS\system32\drivers\DMusic.sys
13:31:07.0359 2568 DMusic - ok
13:31:07.0406 2568 Dnscache (5f7e24fa9eab896051ffb87f840730d2) K:\WINDOWS\System32\dnsrslvr.dll
13:31:07.0406 2568 Dnscache - ok
13:31:07.0453 2568 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) K:\WINDOWS\System32\dot3svc.dll
13:31:07.0453 2568 Dot3svc - ok
13:31:07.0468 2568 dpti2o - ok
13:31:07.0500 2568 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) K:\WINDOWS\system32\drivers\drmkaud.sys
13:31:07.0500 2568 drmkaud - ok
13:31:07.0609 2568 E100B (95974e66d3de4951d29e28e8bc0b644c) K:\WINDOWS\system32\DRIVERS\e100b325.sys
13:31:07.0625 2568 E100B - ok
13:31:07.0718 2568 EapHost (2187855a7703adef0cef9ee4285182cc) K:\WINDOWS\System32\eapsvc.dll
13:31:07.0734 2568 EapHost - ok
13:31:08.0062 2568 eeCtrl (579a6b6135d32b857faf0e3a974535d8) K:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:31:08.0093 2568 eeCtrl - ok
13:31:08.0234 2568 ehRecvr (27434c42a13c11f92ca45840b720d671) K:\WINDOWS\eHome\ehRecvr.exe
13:31:08.0234 2568 ehRecvr - ok
13:31:08.0250 2568 ehSched (16910f8b482919bb6035ed053b691692) K:\WINDOWS\eHome\ehSched.exe
13:31:08.0250 2568 ehSched - ok
13:31:08.0312 2568 emupia (5d70013d7e6602ec0a482f2985558c2d) K:\WINDOWS\system32\drivers\emupia2k.sys
13:31:08.0312 2568 emupia - ok
13:31:08.0359 2568 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) K:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:31:08.0359 2568 EraserUtilRebootDrv - ok
13:31:08.0390 2568 ERSvc (bc93b4a066477954555966d77fec9ecb) K:\WINDOWS\System32\ersvc.dll
13:31:08.0390 2568 ERSvc - ok
13:31:08.0437 2568 Eventlog (65df52f5b8b6e9bbd183505225c37315) K:\WINDOWS\system32\services.exe
13:31:08.0437 2568 Eventlog - ok
13:31:08.0500 2568 EventSystem (d4991d98f2db73c60d042f1aef79efae) K:\WINDOWS\system32\es.dll
13:31:08.0500 2568 EventSystem - ok
13:31:08.0546 2568 Fastfat (38d332a6d56af32635675f132548343e) K:\WINDOWS\system32\drivers\Fastfat.sys
13:31:08.0546 2568 Fastfat - ok
13:31:08.0593 2568 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) K:\WINDOWS\System32\shsvcs.dll
13:31:08.0609 2568 FastUserSwitchingCompatibility - ok
13:31:08.0656 2568 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) K:\WINDOWS\system32\drivers\Fdc.sys
13:31:08.0671 2568 Fdc - ok
13:31:08.0906 2568 Fips (d45926117eb9fa946a6af572fbe1caa3) K:\WINDOWS\system32\drivers\Fips.sys
13:31:08.0906 2568 Fips - ok
13:31:08.0968 2568 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) K:\WINDOWS\system32\drivers\Flpydisk.sys
13:31:08.0968 2568 Flpydisk - ok
13:31:09.0031 2568 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) K:\WINDOWS\system32\drivers\fltmgr.sys
13:31:09.0031 2568 FltMgr - ok
13:31:09.0093 2568 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) k:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:31:09.0093 2568 FontCache3.0.0.0 - ok
13:31:09.0156 2568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) K:\WINDOWS\system32\drivers\Fs_Rec.sys
13:31:09.0156 2568 Fs_Rec - ok
13:31:09.0187 2568 Ftdisk (6ac26732762483366c3969c9e4d2259d) K:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:31:09.0203 2568 Ftdisk - ok
13:31:09.0281 2568 gameenum (065639773d8b03f33577f6cdaea21063) K:\WINDOWS\system32\DRIVERS\gameenum.sys
13:31:09.0281 2568 gameenum - ok
13:31:09.0343 2568 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) K:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:31:09.0343 2568 GEARAspiWDM - ok
13:31:09.0421 2568 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) K:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
13:31:09.0421 2568 GoToAssist - ok
13:31:09.0453 2568 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) K:\WINDOWS\system32\DRIVERS\msgpc.sys
13:31:09.0453 2568 Gpc - ok
13:31:09.0500 2568 gusvc (c1b577b2169900f4cf7190c39f085794) K:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:31:09.0500 2568 gusvc - ok
13:31:09.0562 2568 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) K:\WINDOWS\system32\drivers\ha10kx2k.sys
13:31:09.0609 2568 ha10kx2k - ok
13:31:09.0625 2568 hap16v2k (02a6bad64177c56d8b86b198b38db361) K:\WINDOWS\system32\drivers\hap16v2k.sys
13:31:09.0625 2568 hap16v2k - ok
13:31:09.0671 2568 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) K:\WINDOWS\system32\drivers\hap17v2k.sys
13:31:09.0671 2568 hap17v2k - ok
13:31:09.0750 2568 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) K:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:31:09.0750 2568 helpsvc - ok
13:31:09.0796 2568 HidIr (bb1a6fb7d35a91e599973fa74a619056) K:\WINDOWS\system32\DRIVERS\hidir.sys
13:31:09.0796 2568 HidIr - ok
13:31:09.0875 2568 HidServ (deb04da35cc871b6d309b77e1443c796) K:\WINDOWS\System32\hidserv.dll
13:31:09.0875 2568 HidServ - ok
13:31:09.0921 2568 hidusb (ccf82c5ec8a7326c3066de870c06daf1) K:\WINDOWS\system32\DRIVERS\hidusb.sys
13:31:09.0921 2568 hidusb - ok
13:31:09.0953 2568 hkmsvc (8878bd685e490239777bfe51320b88e9) K:\WINDOWS\System32\kmsvc.dll
13:31:09.0968 2568 hkmsvc - ok
13:31:09.0968 2568 hpn - ok
13:31:10.0031 2568 HTTP (f80a415ef82cd06ffaf0d971528ead38) K:\WINDOWS\system32\Drivers\HTTP.sys
13:31:10.0031 2568 HTTP - ok
13:31:10.0078 2568 HTTPFilter (6100a808600f44d999cebdef8841c7a3) K:\WINDOWS\System32\w3ssl.dll
13:31:10.0078 2568 HTTPFilter - ok
13:31:10.0093 2568 i2omgmt - ok
13:31:10.0125 2568 i2omp - ok
13:31:10.0203 2568 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) K:\WINDOWS\system32\drivers\i8042prt.sys
13:31:10.0218 2568 i8042prt - ok
13:31:10.0375 2568 IDriverT (1cf03c69b49acb70c722df92755c0c8c) K:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:31:10.0421 2568 IDriverT - ok
13:31:10.0734 2568 idsvc (c01ac32dc5c03076cfb852cb5da5229c) k:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:31:10.0750 2568 idsvc - ok
13:31:11.0015 2568 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) K:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120410.002\IDSxpx86.sys
13:31:11.0015 2568 IDSxpx86 - ok
13:31:11.0109 2568 Imapi (083a052659f5310dd8b6a6cb05edcf8e) K:\WINDOWS\system32\DRIVERS\imapi.sys
13:31:11.0109 2568 Imapi - ok
13:31:11.0171 2568 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) K:\WINDOWS\system32\imapi.exe
13:31:11.0171 2568 ImapiService - ok
13:31:11.0187 2568 ini910u - ok
13:31:11.0203 2568 IntelIde - ok
13:31:11.0234 2568 intelppm (8c953733d8f36eb2133f5bb58808b66b) K:\WINDOWS\system32\DRIVERS\intelppm.sys
13:31:11.0234 2568 intelppm - ok
13:31:11.0265 2568 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) K:\WINDOWS\system32\drivers\ip6fw.sys
13:31:11.0265 2568 Ip6Fw - ok
13:31:11.0296 2568 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) K:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:31:11.0312 2568 IpFilterDriver - ok
13:31:11.0328 2568 IpInIp (b87ab476dcf76e72010632b5550955f5) K:\WINDOWS\system32\DRIVERS\ipinip.sys
13:31:11.0343 2568 IpInIp - ok
13:31:11.0375 2568 IpNat (cc748ea12c6effde940ee98098bf96bb) K:\WINDOWS\system32\DRIVERS\ipnat.sys
13:31:11.0375 2568 IpNat - ok
13:31:11.0468 2568 iPod Service (62937a89470af8ff172f0980ca8aefc9) K:\Program Files\iPod\bin\iPodService.exe
13:31:11.0484 2568 iPod Service - ok
13:31:11.0531 2568 IPSec (23c74d75e36e7158768dd63d92789a91) K:\WINDOWS\system32\DRIVERS\ipsec.sys
13:31:11.0531 2568 IPSec - ok
13:31:11.0562 2568 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) K:\WINDOWS\system32\DRIVERS\IrBus.sys
13:31:11.0578 2568 IrBus - ok
13:31:11.0593 2568 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) K:\WINDOWS\system32\DRIVERS\irenum.sys
13:31:11.0593 2568 IRENUM - ok
13:31:11.0625 2568 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) K:\WINDOWS\system32\DRIVERS\isapnp.sys
13:31:11.0625 2568 isapnp - ok
13:31:11.0687 2568 JavaQuickStarterService (126a16f569122ae00ad3d12ef831d651) K:\Program Files\Java\jre6\bin\jqs.exe
13:31:11.0687 2568 JavaQuickStarterService - ok
13:31:11.0734 2568 Kbdclass (463c1ec80cd17420a542b7f36a36f128) K:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:31:11.0734 2568 Kbdclass - ok
13:31:11.0843 2568 kbdhid (9ef487a186dea361aa06913a75b3fa99) K:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:31:11.0843 2568 kbdhid - ok
13:31:11.0921 2568 kmixer (692bcf44383d056aed41b045a323d378) K:\WINDOWS\system32\drivers\kmixer.sys
13:31:11.0921 2568 kmixer - ok
13:31:11.0968 2568 KSecDD (b467646c54cc746128904e1654c750c1) K:\WINDOWS\system32\drivers\KSecDD.sys
13:31:11.0968 2568 KSecDD - ok
13:31:12.0015 2568 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) K:\WINDOWS\System32\srvsvc.dll
13:31:12.0015 2568 lanmanserver - ok
13:31:12.0078 2568 lanmanworkstation (a8888a5327621856c0cec4e385f69309) K:\WINDOWS\System32\wkssvc.dll
13:31:12.0078 2568 lanmanworkstation - ok
13:31:12.0078 2568 lbrtfdc - ok
13:31:12.0156 2568 LmHosts (a7db739ae99a796d91580147e919cc59) K:\WINDOWS\System32\lmhsvc.dll
13:31:12.0156 2568 LmHosts - ok
13:31:12.0187 2568 Messenger (986b1ff5814366d71e0ac5755c88f2d3) K:\WINDOWS\System32\msgsvc.dll
13:31:12.0203 2568 Messenger - ok
13:31:12.0218 2568 MHN (b7521f69c0a9b29d356157229376fb21) K:\WINDOWS\System32\mhn.dll
13:31:12.0218 2568 MHN - ok
13:31:12.0234 2568 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) K:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:31:12.0234 2568 MHNDRV - ok
13:31:12.0250 2568 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) K:\WINDOWS\system32\drivers\mnmdd.sys
13:31:12.0265 2568 mnmdd - ok
13:31:12.0281 2568 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) K:\WINDOWS\system32\mnmsrvc.exe
13:31:12.0281 2568 mnmsrvc - ok
13:31:12.0359 2568 MOBKbackup (35176fa09a0fc58db630991a81a0ba39) K:\Program Files\McAfee Online Backup\MOBKbackup.exe
13:31:12.0359 2568 MOBKbackup - ok
13:31:12.0453 2568 MOBKFilter (e896775837a8bce436348df460522394) K:\WINDOWS\system32\DRIVERS\MOBK.sys
13:31:12.0453 2568 MOBKFilter - ok
13:31:12.0500 2568 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) K:\WINDOWS\system32\drivers\Modem.sys
13:31:12.0500 2568 Modem - ok
13:31:12.0531 2568 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) K:\WINDOWS\system32\DRIVERS\mouclass.sys
13:31:12.0531 2568 Mouclass - ok
13:31:12.0546 2568 mouhid (b1c303e17fb9d46e87a98e4ba6769685) K:\WINDOWS\system32\DRIVERS\mouhid.sys
13:31:12.0546 2568 mouhid - ok
13:31:12.0562 2568 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) K:\WINDOWS\system32\drivers\MountMgr.sys
13:31:12.0562 2568 MountMgr - ok
13:31:12.0593 2568 MpFilter (fee0baded54222e9f1dae9541212aab1) K:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:31:12.0593 2568 MpFilter - ok
13:31:12.0609 2568 mraid35x - ok
13:31:12.0625 2568 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) K:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:31:12.0625 2568 MRxDAV - ok
13:31:12.0671 2568 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) K:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:31:12.0687 2568 MRxSmb - ok
13:31:12.0750 2568 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) K:\WINDOWS\system32\msdtc.exe
13:31:12.0750 2568 MSDTC - ok
13:31:12.0796 2568 Msfs (c941ea2454ba8350021d774daf0f1027) K:\WINDOWS\system32\drivers\Msfs.sys
13:31:12.0796 2568 Msfs - ok
13:31:12.0859 2568 MSIServer - ok
13:31:12.0921 2568 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) K:\WINDOWS\system32\drivers\MSKSSRV.sys
13:31:12.0937 2568 MSKSSRV - ok
13:31:13.0125 2568 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) k:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
13:31:13.0140 2568 MsMpSvc - ok
13:31:13.0281 2568 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) K:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:31:13.0296 2568 MSPCLOCK - ok
13:31:13.0312 2568 MSPQM (bad59648ba099da4a17680b39730cb3d) K:\WINDOWS\system32\drivers\MSPQM.sys
13:31:13.0328 2568 MSPQM - ok
13:31:13.0375 2568 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) K:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:31:13.0390 2568 mssmbios - ok
13:31:13.0421 2568 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) K:\WINDOWS\system32\drivers\MSTEE.sys
13:31:13.0421 2568 MSTEE - ok
13:31:13.0468 2568 Mup (de6a75f5c270e756c5508d94b6cf68f5) K:\WINDOWS\system32\drivers\Mup.sys
13:31:13.0468 2568 Mup - ok
13:31:13.0500 2568 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) K:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:31:13.0500 2568 NABTSFEC - ok
13:31:13.0562 2568 napagent (0102140028fad045756796e1c685d695) K:\WINDOWS\System32\qagentrt.dll
13:31:13.0578 2568 napagent - ok
13:31:13.0625 2568 NAV (e78a365cc3e0fbfc018a33dce01909f8) K:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
13:31:13.0625 2568 NAV - ok
13:31:13.0750 2568 NAVENG (862f55824ac81295837b0ab63f91071f) K:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120411.003\NAVENG.SYS
13:31:13.0750 2568 NAVENG - ok
13:31:13.0812 2568 NAVEX15 (529d571b551cb9da44237389b936f1ae) K:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120411.003\NAVEX15.SYS
13:31:13.0843 2568 NAVEX15 - ok
13:31:13.0953 2568 NDIS (1df7f42665c94b825322fae71721130d) K:\WINDOWS\system32\drivers\NDIS.sys
13:31:13.0953 2568 NDIS - ok
13:31:14.0000 2568 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) K:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:31:14.0000 2568 NdisIP - ok
13:31:14.0031 2568 NdisTapi (0109c4f3850dfbab279542515386ae22) K:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:31:14.0031 2568 NdisTapi - ok
13:31:14.0093 2568 Ndisuio (f927a4434c5028758a842943ef1a3849) K:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:31:14.0093 2568 Ndisuio - ok
13:31:14.0093 2568 NdisWan (edc1531a49c80614b2cfda43ca8659ab) K:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:31:14.0109 2568 NdisWan - ok
13:31:14.0156 2568 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) K:\WINDOWS\system32\drivers\NDProxy.sys
13:31:14.0156 2568 NDProxy - ok
13:31:14.0203 2568 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) K:\WINDOWS\system32\DRIVERS\netbios.sys
13:31:14.0203 2568 NetBIOS - ok
13:31:14.0218 2568 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) K:\WINDOWS\system32\DRIVERS\netbt.sys
13:31:14.0218 2568 NetBT - ok
13:31:14.0265 2568 NetDDE (b857ba82860d7ff85ae29b095645563b) K:\WINDOWS\system32\netdde.exe
13:31:14.0265 2568 NetDDE - ok
13:31:14.0281 2568 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) K:\WINDOWS\system32\netdde.exe
13:31:14.0281 2568 NetDDEdsdm - ok
13:31:14.0312 2568 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) K:\WINDOWS\system32\lsass.exe
13:31:14.0312 2568 Netlogon - ok
13:31:14.0359 2568 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) K:\WINDOWS\System32\netman.dll
13:31:14.0375 2568 Netman - ok
13:31:14.0484 2568 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) k:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:31:14.0484 2568 NetTcpPortSharing - ok
13:31:14.0578 2568 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) K:\WINDOWS\system32\DRIVERS\nic1394.sys
13:31:14.0578 2568 NIC1394 - ok
13:31:14.0656 2568 Nla (943337d786a56729263071623bbb9de5) K:\WINDOWS\System32\mswsock.dll
13:31:14.0656 2568 Nla - ok
13:31:14.0718 2568 Npfs (3182d64ae053d6fb034f44b6def8034a) K:\WINDOWS\system32\drivers\Npfs.sys
13:31:14.0718 2568 Npfs - ok
13:31:14.0734 2568 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) K:\WINDOWS\system32\drivers\Ntfs.sys
13:31:14.0750 2568 Ntfs - ok
13:31:14.0750 2568 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) K:\WINDOWS\system32\lsass.exe
13:31:14.0750 2568 NtLmSsp - ok
13:31:14.0781 2568 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) K:\WINDOWS\system32\ntmssvc.dll
13:31:14.0796 2568 NtmsSvc - ok
13:31:14.0843 2568 Null (73c1e1f395918bc2c6dd67af7591a3ad) K:\WINDOWS\system32\drivers\Null.sys
13:31:14.0843 2568 Null - ok
13:31:14.0875 2568 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) K:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:31:14.0875 2568 NwlnkFlt - ok
13:31:14.0906 2568 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) K:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:31:14.0906 2568 NwlnkFwd - ok
13:31:14.0984 2568 odserv (785f487a64950f3cb8e9f16253ba3b7b) K:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:31:14.0984 2568 odserv - ok
13:31:15.0000 2568 ohci1394 (ca33832df41afb202ee7aeb05145922f) K:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:31:15.0000 2568 ohci1394 - ok
13:31:15.0046 2568 ose (5a432a042dae460abe7199b758e8606c) K:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:31:15.0046 2568 ose - ok
13:31:15.0093 2568 ossrv (c52548b920482db03af8b49babd9fc48) K:\WINDOWS\system32\drivers\ctoss2k.sys
13:31:15.0093 2568 ossrv - ok
13:31:15.0203 2568 Parport (5575faf8f97ce5e713d108c2a58d7c7c) K:\WINDOWS\system32\drivers\Parport.sys
13:31:15.0203 2568 Parport - ok
13:31:15.0218 2568 PartMgr (beb3ba25197665d82ec7065b724171c6) K:\WINDOWS\system32\drivers\PartMgr.sys
13:31:15.0218 2568 PartMgr - ok
13:31:15.0250 2568 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) K:\WINDOWS\system32\drivers\ParVdm.sys
13:31:15.0250 2568 ParVdm - ok
13:31:15.0265 2568 PCI (a219903ccf74233761d92bef471a07b1) K:\WINDOWS\system32\DRIVERS\pci.sys
13:31:15.0265 2568 PCI - ok
13:31:15.0281 2568 PCIDump - ok
13:31:15.0312 2568 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) K:\WINDOWS\system32\DRIVERS\pciide.sys
13:31:15.0312 2568 PCIIde - ok
13:31:15.0406 2568 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) K:\WINDOWS\system32\drivers\Pcmcia.sys
13:31:15.0421 2568 Pcmcia - ok
13:31:15.0453 2568 PDCOMP - ok
13:31:15.0484 2568 PDFRAME - ok
13:31:15.0500 2568 PDRELI - ok
13:31:15.0609 2568 PDRFRAME - ok
13:31:15.0625 2568 perc2 - ok
13:31:15.0640 2568 perc2hib - ok
13:31:15.0718 2568 PlugPlay (65df52f5b8b6e9bbd183505225c37315) K:\WINDOWS\system32\services.exe
13:31:15.0718 2568 PlugPlay - ok
13:31:15.0796 2568 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) K:\WINDOWS\system32\lsass.exe
13:31:15.0796 2568 PolicyAgent - ok
13:31:15.0859 2568 postgresql-9.0 - ok
13:31:15.0906 2568 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) K:\WINDOWS\system32\DRIVERS\raspptp.sys
13:31:15.0906 2568 PptpMiniport - ok
13:31:15.0921 2568 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) K:\WINDOWS\system32\lsass.exe
13:31:15.0921 2568 ProtectedStorage - ok
13:31:15.0937 2568 PSched (09298ec810b07e5d582cb3a3f9255424) K:\WINDOWS\system32\DRIVERS\psched.sys
13:31:15.0937 2568 PSched - ok
13:31:15.0968 2568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) K:\WINDOWS\system32\DRIVERS\ptilink.sys
13:31:15.0968 2568 Ptilink - ok
13:31:16.0015 2568 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) K:\WINDOWS\system32\Drivers\PxHelp20.sys
13:31:16.0015 2568 PxHelp20 - ok
13:31:16.0015 2568 ql1080 - ok
13:31:16.0031 2568 Ql10wnt - ok
13:31:16.0046 2568 ql12160 - ok
13:31:16.0062 2568 ql1240 - ok
13:31:16.0062 2568 ql1280 - ok
13:31:16.0078 2568 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) K:\WINDOWS\system32\DRIVERS\rasacd.sys
13:31:16.0078 2568 RasAcd - ok
13:31:16.0125 2568 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) K:\WINDOWS\System32\rasauto.dll
13:31:16.0125 2568 RasAuto - ok
13:31:16.0156 2568 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) K:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:31:16.0171 2568 Rasl2tp - ok
13:31:16.0187 2568 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) K:\WINDOWS\System32\rasmans.dll
13:31:16.0187 2568 RasMan - ok
13:31:16.0203 2568 RasPppoe (5bc962f2654137c9909c3d4603587dee) K:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:31:16.0203 2568 RasPppoe - ok
13:31:16.0203 2568 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) K:\WINDOWS\system32\DRIVERS\raspti.sys
13:31:16.0203 2568 Raspti - ok
13:31:16.0234 2568 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) K:\WINDOWS\system32\DRIVERS\rdbss.sys
13:31:16.0234 2568 Rdbss - ok
13:31:16.0250 2568 RDPCDD (4912d5b403614ce99c28420f75353332) K:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:31:16.0250 2568 RDPCDD - ok
13:31:16.0265 2568 rdpdr (15cabd0f7c00c47c70124907916af3f1) K:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:31:16.0265 2568 rdpdr - ok
13:31:16.0312 2568 RDPWD (5b3055daa788bd688594d2f5981f2a83) K:\WINDOWS\system32\drivers\RDPWD.sys
13:31:16.0312 2568 RDPWD - ok
13:31:16.0359 2568 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) K:\WINDOWS\system32\sessmgr.exe
13:31:16.0359 2568 RDSessMgr - ok
13:31:16.0390 2568 redbook (f828dd7e1419b6653894a8f97a0094c5) K:\WINDOWS\system32\DRIVERS\redbook.sys
13:31:16.0390 2568 redbook - ok
13:31:16.0437 2568 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) K:\WINDOWS\System32\mprdim.dll
13:31:16.0437 2568 RemoteAccess - ok
13:31:16.0468 2568 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) K:\WINDOWS\system32\regsvc.dll
13:31:16.0468 2568 RemoteRegistry - ok
13:31:16.0500 2568 RpcLocator (aaed593f84afa419bbae8572af87cf6a) K:\WINDOWS\system32\locator.exe
13:31:16.0500 2568 RpcLocator - ok
13:31:16.0625 2568 RpcSs (6b27a5c03dfb94b4245739065431322c) K:\WINDOWS\system32\rpcss.dll
13:31:16.0640 2568 RpcSs - ok
13:31:16.0687 2568 RSVP (471b3f9741d762abe75e9deea4787e47) K:\WINDOWS\system32\rsvp.exe
13:31:16.0687 2568 RSVP - ok
13:31:16.0750 2568 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) K:\WINDOWS\system32\lsass.exe
13:31:16.0750 2568 SamSs - ok
13:31:16.0781 2568 SCardSvr (86d007e7a654b9a71d1d7d856b104353) K:\WINDOWS\System32\SCardSvr.exe
13:31:16.0781 2568 SCardSvr - ok
13:31:16.0828 2568 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) K:\WINDOWS\system32\schedsvc.dll
13:31:16.0843 2568 Schedule - ok
13:31:16.0890 2568 Secdrv (90a3935d05b494a5a39d37e71f09a677) K:\WINDOWS\system32\DRIVERS\secdrv.sys
13:31:16.0890 2568 Secdrv - ok
13:31:16.0921 2568 seclogon (cbe612e2bb6a10e3563336191eda1250) K:\WINDOWS\System32\seclogon.dll
13:31:16.0937 2568 seclogon - ok
13:31:16.0984 2568 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) K:\WINDOWS\system32\sens.dll
13:31:16.0984 2568 SENS - ok
13:31:17.0031 2568 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) K:\WINDOWS\system32\drivers\Serial.sys
13:31:17.0031 2568 Serial - ok
13:31:17.0078 2568 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) K:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:31:17.0078 2568 Sfloppy - ok
13:31:17.0125 2568 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) K:\WINDOWS\System32\ipnathlp.dll
13:31:17.0125 2568 SharedAccess - ok
13:31:17.0171 2568 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) K:\WINDOWS\System32\shsvcs.dll
13:31:17.0187 2568 ShellHWDetection - ok
13:31:17.0187 2568 Simbad - ok
13:31:17.0218 2568 SLIP (866d538ebe33709a5c9f5c62b73b7d14) K:\WINDOWS\system32\DRIVERS\SLIP.sys
13:31:17.0218 2568 SLIP - ok
13:31:17.0234 2568 Sparrow - ok
13:31:17.0281 2568 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) K:\WINDOWS\system32\drivers\splitter.sys
13:31:17.0281 2568 splitter - ok
13:31:17.0312 2568 Spooler (60784f891563fb1b767f70117fc2428f) K:\WINDOWS\system32\spoolsv.exe
13:31:17.0312 2568 Spooler - ok
13:31:17.0343 2568 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) K:\WINDOWS\system32\DRIVERS\sr.sys
13:31:17.0343 2568 sr - ok
13:31:17.0468 2568 srservice (3805df0ac4296a34ba4bf93b346cc378) K:\WINDOWS\system32\srsvc.dll
13:31:17.0468 2568 srservice - ok
13:31:17.0562 2568 SRTSP (83726cf02eced69138948083e06b6eac) K:\WINDOWS\System32\Drivers\NAV\1207010.003\SRTSP.SYS
13:31:17.0562 2568 SRTSP - ok
13:31:17.0593 2568 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) K:\WINDOWS\system32\drivers\NAV\1207010.003\SRTSPX.SYS
13:31:17.0609 2568 SRTSPX - ok
13:31:17.0765 2568 Srv (47ddfc2f003f7f9f0592c6874962a2e7) K:\WINDOWS\system32\DRIVERS\srv.sys
13:31:17.0812 2568 Srv - ok
13:31:17.0921 2568 SSDPSRV (0a5679b3714edab99e357057ee88fca6) K:\WINDOWS\System32\ssdpsrv.dll
13:31:17.0921 2568 SSDPSRV - ok
13:31:17.0953 2568 stisvc (8bad69cbac032d4bbacfce0306174c30) K:\WINDOWS\system32\wiaservc.dll
13:31:17.0968 2568 stisvc - ok
13:31:18.0046 2568 streamip (77813007ba6265c4b6098187e6ed79d2) K:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:31:18.0046 2568 streamip - ok
13:31:18.0093 2568 swenum (3941d127aef12e93addf6fe6ee027e0f) K:\WINDOWS\system32\DRIVERS\swenum.sys
13:31:18.0093 2568 swenum - ok
13:31:18.0140 2568 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) K:\WINDOWS\system32\drivers\swmidi.sys
13:31:18.0140 2568 swmidi - ok
13:31:18.0156 2568 SwPrv - ok
13:31:18.0171 2568 symc810 - ok
13:31:18.0171 2568 symc8xx - ok
13:31:18.0218 2568 SymDS (9bbeb8c6258e72d62e7560e6667aad39) K:\WINDOWS\system32\drivers\NAV\1207010.003\SYMDS.SYS
13:31:18.0218 2568 SymDS - ok
13:31:18.0265 2568 SymEFA (d5c02629c02a820a7e71bca3d44294a3) K:\WINDOWS\system32\drivers\NAV\1207010.003\SYMEFA.SYS
13:31:18.0281 2568 SymEFA - ok
13:31:18.0328 2568 SymEvent (ab33c3b196197ca467cbdda717860dba) K:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:31:18.0328 2568 SymEvent - ok
13:31:18.0343 2568 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) K:\WINDOWS\system32\drivers\NAV\1207010.003\Ironx86.SYS
13:31:18.0343 2568 SymIRON - ok
13:31:18.0375 2568 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) K:\WINDOWS\System32\Drivers\NAV\1207010.003\SYMTDI.SYS
13:31:18.0375 2568 SYMTDI - ok
13:31:18.0390 2568 sym_hi - ok
13:31:18.0390 2568 sym_u3 - ok
13:31:18.0453 2568 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) K:\WINDOWS\system32\drivers\sysaudio.sys
13:31:18.0453 2568 sysaudio - ok
13:31:18.0484 2568 SysmonLog (c7abbc59b43274b1109df6b24d617051) K:\WINDOWS\system32\smlogsvc.exe
13:31:18.0484 2568 SysmonLog - ok
13:31:18.0515 2568 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) K:\WINDOWS\System32\tapisrv.dll
13:31:18.0531 2568 TapiSrv - ok
13:31:18.0593 2568 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) K:\WINDOWS\system32\DRIVERS\tcpip.sys
13:31:18.0593 2568 Tcpip - ok
13:31:18.0718 2568 TDPIPE (6471a66807f5e104e4885f5b67349397) K:\WINDOWS\system32\drivers\TDPIPE.sys
13:31:18.0734 2568 TDPIPE - ok
13:31:18.0765 2568 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) K:\WINDOWS\system32\drivers\TDTCP.sys
13:31:18.0765 2568 TDTCP - ok
13:31:18.0812 2568 TermDD (88155247177638048422893737429d9e) K:\WINDOWS\system32\DRIVERS\termdd.sys
13:31:18.0812 2568 TermDD - ok
13:31:18.0859 2568 TermService (ff3477c03be7201c294c35f684b3479f) K:\WINDOWS\System32\termsrv.dll
13:31:18.0875 2568 TermService - ok
13:31:18.0921 2568 Themes (99bc0b50f511924348be19c7c7313bbf) K:\WINDOWS\System32\shsvcs.dll
13:31:18.0921 2568 Themes - ok
13:31:18.0953 2568 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) K:\WINDOWS\system32\tlntsvr.exe
13:31:18.0953 2568 TlntSvr - ok
13:31:18.0968 2568 TosIde - ok
13:31:19.0031 2568 TrkWks (55bca12f7f523d35ca3cb833c725f54e) K:\WINDOWS\system32\trkwks.dll
13:31:19.0031 2568 TrkWks - ok
13:31:19.0062 2568 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) K:\WINDOWS\system32\drivers\Udfs.sys
13:31:19.0078 2568 Udfs - ok
13:31:19.0078 2568 ultra - ok
13:31:19.0109 2568 UMWdf (1977313e362c8732c1af4d1bcb9c06b7) K:\WINDOWS\system32\wdfmgr.exe
13:31:19.0109 2568 UMWdf - ok
13:31:19.0156 2568 Update (402ddc88356b1bac0ee3dd1580c76a31) K:\WINDOWS\system32\DRIVERS\update.sys
13:31:19.0156 2568 Update - ok
13:31:19.0187 2568 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) K:\WINDOWS\System32\upnphost.dll
13:31:19.0187 2568 upnphost - ok
13:31:19.0203 2568 UPS (05365fb38fca1e98f7a566aaaf5d1815) K:\WINDOWS\System32\ups.exe
13:31:19.0203 2568 UPS - ok
13:31:19.0250 2568 usbaudio (e919708db44ed8543a7c017953148330) K:\WINDOWS\system32\drivers\usbaudio.sys
13:31:19.0250 2568 usbaudio - ok
13:31:19.0281 2568 usbccgp (173f317ce0db8e21322e71b7e60a27e8) K:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:31:19.0281 2568 usbccgp - ok
13:31:19.0312 2568 USBCM (d21cde1c635bcc5053463579eee453cf) K:\WINDOWS\system32\DRIVERS\Sacm2A.sys
13:31:19.0312 2568 USBCM - ok
13:31:19.0343 2568 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) K:\WINDOWS\system32\DRIVERS\usbehci.sys
13:31:19.0343 2568 usbehci - ok
13:31:19.0359 2568 usbhub (1ab3cdde553b6e064d2e754efe20285c) K:\WINDOWS\system32\DRIVERS\usbhub.sys
13:31:19.0359 2568 usbhub - ok
13:31:19.0375 2568 usbprint (a717c8721046828520c9edf31288fc00) K:\WINDOWS\system32\DRIVERS\usbprint.sys
13:31:19.0375 2568 usbprint - ok
13:31:19.0390 2568 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) K:\WINDOWS\system32\DRIVERS\usbscan.sys
13:31:19.0390 2568 usbscan - ok
13:31:19.0406 2568 usbstor (a32426d9b14a089eaa1d922e0c5801a9) K:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:31:19.0406 2568 usbstor - ok
13:31:19.0421 2568 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) K:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:31:19.0421 2568 usbuhci - ok
13:31:19.0531 2568 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) K:\WINDOWS\system32\Drivers\usbvideo.sys
13:31:19.0531 2568 usbvideo - ok
13:31:19.0578 2568 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) K:\WINDOWS\System32\drivers\vga.sys
13:31:19.0578 2568 VgaSave - ok
13:31:19.0578 2568 ViaIde - ok
13:31:19.0593 2568 VolSnap (4c8fcb5cc53aab716d810740fe59d025) K:\WINDOWS\system32\drivers\VolSnap.sys
13:31:19.0593 2568 VolSnap - ok
13:31:19.0640 2568 VSS (7a9db3a67c333bf0bd42e42b8596854b) K:\WINDOWS\System32\vssvc.exe
13:31:19.0640 2568 VSS - ok
13:31:19.0687 2568 W32Time (54af4b1d5459500ef0937f6d33b1914f) K:\WINDOWS\system32\w32time.dll
13:31:19.0687 2568 W32Time - ok
13:31:19.0734 2568 Wanarp (e20b95baedb550f32dd489265c1da1f6) K:\WINDOWS\system32\DRIVERS\wanarp.sys
13:31:19.0750 2568 Wanarp - ok
13:31:19.0796 2568 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) K:\WINDOWS\system32\DRIVERS\wanatw4.sys
13:31:19.0796 2568 wanatw - ok
13:31:19.0796 2568 WDICA - ok
13:31:19.0859 2568 wdmaud (6768acf64b18196494413695f0c3a00f) K:\WINDOWS\system32\drivers\wdmaud.sys
13:31:19.0859 2568 wdmaud - ok
13:31:19.0921 2568 WebClient (77a354e28153ad2d5e120a5a8687bc06) K:\WINDOWS\System32\webclnt.dll
13:31:19.0953 2568 WebClient - ok
13:31:20.0062 2568 winmgmt (2d0e4ed081963804ccc196a0929275b5) K:\WINDOWS\system32\wbem\WMIsvc.dll
13:31:20.0078 2568 winmgmt - ok
13:31:20.0187 2568 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) K:\Program Files\Windows Live\installer\WLSetupSvc.exe
13:31:20.0218 2568 WLSetupSvc - ok
13:31:20.0359 2568 WmdmPmSN (6eaa72fd9ef993ec1fa9a06de65105da) K:\WINDOWS\system32\mspmsnsv.dll
13:31:20.0359 2568 WmdmPmSN - ok
13:31:20.0406 2568 Wmi (e76f8807070ed04e7408a86d6d3a6137) K:\WINDOWS\System32\advapi32.dll
13:31:20.0421 2568 Wmi - ok
13:31:20.0468 2568 WmiApSrv (e0673f1106e62a68d2257e376079f821) K:\WINDOWS\system32\wbem\wmiapsrv.exe
13:31:20.0468 2568 WmiApSrv - ok
13:31:20.0484 2568 WpdUsb (d87ea9f191df6731818ffd93659badf4) K:\WINDOWS\system32\Drivers\wpdusb.sys
13:31:20.0500 2568 WpdUsb - ok
13:31:20.0515 2568 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) K:\WINDOWS\System32\drivers\ws2ifsl.sys
13:31:20.0515 2568 WS2IFSL - ok
13:31:20.0562 2568 wscsvc (7c278e6408d1dce642230c0585a854d5) K:\WINDOWS\system32\wscsvc.dll
13:31:20.0578 2568 wscsvc - ok
13:31:20.0625 2568 WSTCODEC (c98b39829c2bbd34e454150633c62c78) K:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:31:20.0625 2568 WSTCODEC - ok
13:31:20.0625 2568 wuauserv - ok
13:31:20.0687 2568 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) K:\WINDOWS\System32\wzcsvc.dll
13:31:20.0718 2568 WZCSVC - ok
13:31:20.0750 2568 xmlprov (295d21f14c335b53cb8154e5b1f892b9) K:\WINDOWS\System32\xmlprov.dll
13:31:20.0750 2568 xmlprov - ok
13:31:20.0796 2568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:31:20.0890 2568 \Device\Harddisk0\DR0 - ok
13:31:20.0906 2568 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
13:31:20.0906 2568 \Device\Harddisk1\DR2 - ok
13:31:20.0906 2568 Boot (0x1200) (6cc11485d4695744a16f7b14960c38c8) \Device\Harddisk0\DR0\Partition0
13:31:20.0921 2568 \Device\Harddisk0\DR0\Partition0 - ok
13:31:20.0921 2568 Boot (0x1200) (6f711b18ff6c8b511e1277c7c0ea88d2) \Device\Harddisk1\DR2\Partition0
13:31:20.0921 2568 \Device\Harddisk1\DR2\Partition0 - ok
13:31:20.0921 2568 ============================================================
13:31:20.0921 2568 Scan finished
13:31:20.0921 2568 ============================================================
13:31:20.0937 0272 Detected object count: 0
13:31:20.0937 0272 Actual detected object count: 0
13:31:48.0109 2596 Deinitialize success
__________________
sharkfan12 is offline  
Old 04-11-2012, 08:35 PM   #14
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,486
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. Click Start>Run and copy/paste the following into the Run box and click OK:

ComboFix /nombr

Follow all prompts, then post the C:\ComboFix.txt when it has completed, along with an update on machine behavior.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-12-2012, 10:25 AM   #15
Registered Member
 
Join Date: Apr 2012
Posts: 19
OS: Windows XP



Hi,
It seems as though I am no longer being redirected. Does it look to you like the virus is gone? Here is the ComboFix.txt file (it also create a log file which I am not posting because you didn't ask me to), thank you very much:

ComboFix 12-04-10.02 - rebecca levant 04/12/2012 11:55:56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.462 [GMT -4:00]
Running from: k:\documents and settings\rebecca levant\My Documents\Downloads\ComboFix.exe
Command switches used :: /nombr
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
k:\documents and settings\All Users\Application Data\TEMP
k:\documents and settings\barry levant\GoToAssistDownloadHelper.exe
k:\documents and settings\barry levant\WINDOWS
k:\documents and settings\rebecca levant\GoToAssistDownloadHelper.exe
k:\documents and settings\rebecca levant\My Documents\~WRL0004.tmp
k:\documents and settings\rebecca levant\My Documents\~WRL0634.tmp
k:\documents and settings\rebecca levant\My Documents\~WRL2017.tmp
k:\documents and settings\rebecca levant\My Documents\~WRL3120.tmp
k:\documents and settings\rebecca levant\My Documents\~WRL4039.tmp
k:\documents and settings\rebecca levant\My Documents\~WRL4073.tmp
k:\documents and settings\rebecca levant\WINDOWS
k:\documents and settings\sarah levant\WINDOWS
k:\program files\Common Files\Uninstall
k:\program files\PAV
k:\program files\PAV\pav.exe.tmp1
k:\windows\system\MSVCIRT.DLL
k:\windows\system\olepro32.dll
L:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-11 03:34 . 2012-04-11 03:34 -------- d-----w- K:\_OTL
2012-04-11 02:55 . 2012-03-13 23:15 6582328 ----a-w- k:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-11 02:53 . 2012-03-13 23:15 6582328 ----a-w- k:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1EEBAE5-554F-46F5-8517-979BDEDA8D84}\mpengine.dll
2012-04-09 21:55 . 2012-04-04 19:56 22344 ----a-w- k:\windows\system32\drivers\mbam.sys
2012-04-09 20:27 . 2012-01-31 12:44 237072 ------w- k:\windows\system32\MpSigStub.exe
2012-04-09 20:26 . 2012-04-09 20:26 -------- d-----w- k:\program files\Microsoft Security Client
2012-04-09 13:43 . 2012-04-09 21:55 -------- d-----w- k:\program files\Malwarebytes' Anti-Malware
2012-04-09 04:48 . 2012-04-09 04:48 -------- d-sh--w- k:\documents and settings\rebecca levant\IECompatCache
2012-04-09 03:14 . 2012-04-09 03:14 -------- d-----w- k:\documents and settings\barry levant\Application Data\AVG2012
2012-04-09 03:05 . 2012-04-09 03:05 -------- d-----w- k:\documents and settings\rebecca levant\Application Data\AVG2012
2012-04-09 03:01 . 2012-04-09 20:05 -------- d-----w- k:\documents and settings\All Users\Application Data\AVG2012
2012-04-09 03:01 . 2012-04-09 18:05 -------- d-----w- K:\$AVG
2012-04-09 03:01 . 2012-04-09 03:01 -------- d-----w- k:\program files\AVG
2012-04-09 02:59 . 2012-04-09 02:59 -------- d--h--w- k:\documents and settings\All Users\Application Data\Common Files
2012-04-09 02:59 . 2012-04-09 18:05 -------- d-----w- k:\documents and settings\All Users\Application Data\MFAData
2012-04-09 02:21 . 2012-04-09 02:21 -------- d-----w- k:\program files\PC Tools
2012-04-09 02:18 . 2012-04-09 02:55 -------- d-----w- k:\program files\Common Files\PC Tools
2012-04-09 02:18 . 2012-02-24 14:36 185560 ----a-w- k:\windows\system32\drivers\PCTSD.sys
2012-04-09 02:18 . 2012-04-09 02:54 -------- d-----w- k:\documents and settings\All Users\Application Data\PC Tools
2012-04-09 02:18 . 2012-04-09 02:18 -------- d-----w- k:\documents and settings\rebecca levant\Application Data\TestApp
2012-04-08 21:50 . 2012-04-08 21:50 -------- d-----w- k:\documents and settings\rebecca levant\Application Data\Malwarebytes
2012-04-08 21:50 . 2012-04-08 21:50 -------- d-----w- k:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-08 14:56 . 2012-04-08 14:59 -------- d-----w- k:\windows\system32\NtmsData
2012-04-03 22:17 . 2012-04-05 01:49 -------- d-----w- k:\windows\system32\drivers\NAV\1207010.003
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 00:44 . 2011-10-07 17:07 414368 ----a-w- k:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-10 11:00 1860096 ----a-w- k:\windows\system32\win32k.sys
2012-03-13 04:39 . 2012-03-21 12:59 97208 ----a-w- k:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2009-04-26 00:30 324976 ----a-w- k:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- k:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- k:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- k:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="k:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Dell Photo AIO Printer 942"="k:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-02-03 294912]
"DellMCM"="k:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"ATIPTA"="k:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"Microsoft Default Manager"="k:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"ArcSoft Connection Service"="k:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HostManager"="k:\program files\Common Files\AOL\1307225327\ee\AOLSoftware.exe" [2010-03-08 41800]
"DLBUCATS"="k:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 69632]
"Adobe Reader Speed Launcher"="k:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="k:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="k:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"MSC"="k:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
k:\documents and settings\susan levant\Start Menu\Programs\Startup\
Dropbox.lnk.disabled [2011-8-19 1019]
.
k:\documents and settings\barry levant\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-11-26 947]
.
k:\documents and settings\rebecca levant\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk.disabled [2010-9-27 864]
.
k:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk.disabled [2009-3-8 1837]
McAfee Online Backup Status.lnk.disabled [2011-10-12 780]
WinZip Quick Pick.lnk.disabled [2012-3-7 1670]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-08 20:45 10536 ----a-w- k:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 05:00 45056 ----a-w- k:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 14:43 57344 ----a-w- k:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 17:32 19968 ----a-w- k:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 18:06 290088 ----a-w- k:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- k:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- k:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- k:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"k:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"k:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"k:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"k:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"k:\\Program Files\\Messenger\\msmsgs.exe"=
"k:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"k:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"k:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"k:\\Program Files\\Skype\\Phone\\Skype.exe"=
"k:\\Program Files\\Common Files\\AOL\\1307225327\\ee\\aolsoftware.exe"=
"k:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"k:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"k:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"k:\\Documents and Settings\\susan levant\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"k:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 SymDS;Symantec Data Store;k:\windows\system32\drivers\NAV\1207010.003\symds.sys [4/3/2012 6:17 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;k:\windows\system32\drivers\NAV\1207010.003\symefa.sys [4/3/2012 6:17 PM 744568]
R1 BHDrvx86;BHDrvx86;k:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120402.001\BHDrvx86.sys [4/2/2012 7:38 PM 821880]
R1 MOBKFilter;MOBKFilter;k:\windows\system32\drivers\MOBK.sys [10/12/2011 11:31 PM 54776]
R1 SymIRON;Symantec Iron Driver;k:\windows\system32\drivers\NAV\1207010.003\ironx86.sys [4/3/2012 6:17 PM 136312]
R2 NAV;Norton AntiVirus;k:\program files\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe [4/3/2012 6:17 PM 130008]
R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;K:/Nir/Postgre/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "K:/Nir/Postgre/data" -w --> K:/Nir/Postgre/bin/pg_ctl.exe runservice -N postgresql-9.0 [?]
R3 Angel;Angel MPEG Device;k:\windows\system32\drivers\Angel.sys [3/14/2009 9:38 AM 376320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;k:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/8/2012 4:27 AM 106104]
R3 IDSxpx86;IDSxpx86;k:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120411.001\IDSXpx86.sys [4/11/2012 6:30 PM 356280]
S4 MOBKbackup;McAfee Online Backup;k:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 k:\windows\Tasks\AppleSoftwareUpdate.job
- k:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-04-12 k:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1078081533-1801674531-1003Core.job
- k:\documents and settings\barry levant\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-28 21:12]
.
2012-04-12 k:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1078081533-1801674531-1003UA.job
- k:\documents and settings\barry levant\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-28 21:12]
.
2012-04-12 k:\windows\Tasks\MP Scheduled Scan.job
- k:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?ncid=customie8
mStart Page = hxxp://www.aol.com/?ncid=customie8
uInternet Connection Wizard,ShellNext = "k:\program files\Outlook Express\msimn.exe" //mailurl:mailto:websales@lenovo.com
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - k:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - k:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.1
DPF: {1C72E5E8-C622-4F09-A0B6-D0C0700999D1} - hxxp://test.zixi.com/Sport5Page/ZixiPlayer.ocx
FF - ProfilePath - k:\documents and settings\rebecca levant\Application Data\Mozilla\Firefox\Profiles\dvkhk3oi.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Mb9_12 - I:\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-04-12 12:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 k:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"k:\program files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"k:\program files\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-9.0]
"ImagePath"="K:/Nir/Postgre/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"K:/Nir/Postgre/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-9.0]
"ImagePath"="K:/Nir/Postgre/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"K:/Nir/Postgre/data\" -w"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
k:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2012-04-12 12:13:17
ComboFix-quarantined-files.txt 2012-04-12 16:13
.
Pre-Run: 284,890,525,696 bytes free
Post-Run: 285,177,663,488 bytes free
.
- - End Of File - - E6AED06533E68137600851E57AD18A37
__________________
sharkfan12 is offline  
Old 04-12-2012, 04:14 PM   #16
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,486
OS: WinXP Home, Vista, Windows 7 64bit



To be on the safe side, we'll run an online scan to get a look from the outside, into the machine.

Before we do that, you need to choose between Microsoft Security Essentials, and Norton AV. It's never a good idea to have more than 1 AV installed at a given time. They will conflict with one another and cause system slow downs.

Remove one of them via Control Panel>Add or Remove programs.

Reboot.

========================================

To remove AVG from the Security Center --




1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in or copy/paste SELECT * FROM AntiVirusProduct and click on Apply

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed., in your case....AVG.

==================================


Lastly, please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked

  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-12-2012, 06:52 PM   #17
Registered Member
 
Join Date: Apr 2012
Posts: 19
OS: Windows XP



K:\Documents and Settings\sarah levant\Application Data\FCBD683EFD31786408325E3DE3F0A92D\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
K:\Documents and Settings\sarah levant\Application Data\FCBD683EFD31786408325E3DE3F0A92D\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
__________________
sharkfan12 is offline  
Old 04-12-2012, 07:00 PM   #18
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,486
OS: WinXP Home, Vista, Windows 7 64bit



Click Start>My Computer to open Windows Explorer.

Navigate to the following folder and delete it (right click the folder and select Delete):

K:\Documents and Settings\sarah levant\Application Data\FCBD683EFD31786408325E3DE3F0A92D

If it resists deletion, open that folder and delete the files within it first, then delete the folder.


How is the machine behaving? Redirects still gone?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-12-2012, 07:45 PM   #19
Registered Member
 
Join Date: Apr 2012
Posts: 19
OS: Windows XP



I deleted the folder. The machine still seems fine. No more redirects as far as I can tell.
__________________
sharkfan12 is offline  
Old 04-12-2012, 08:56 PM   #20
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,486
OS: WinXP Home, Vista, Windows 7 64bit



That's good to hear. Use the internet and computer for another day or so and get back to me. If all is still well, I'll have final cleanup instructions for you at that time.

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 09:39 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts