Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect with both firefox and IE


  • This topic is locked This topic is locked
2 replies to this topic

#1 Theresa Lang

Theresa Lang

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 31 August 2011 - 05:32 AM

Please help me fix this.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Theresa at 6:12:07 on 2011-08-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1311 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atibtmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pogo.com/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunServices: [PoppyCelly] C:\Users\Theresa\Downloads\movie.exe
mRunServices: [ZoppyTumbly814.00] c:\users\theresa\downloads\movie.exe
uPolicies-explorer: LegacyDrive = e88a842cdf72a57540e1e54e2712e1f1bc1e9c65b57220971d7f69ac54b37e9658a9e1e5429d29e01322eed5b117e5ad2dd74cc347b089f634960efd9f197ffbed951754c5a948bed0eaa19bdbbdd8f5868910ba2cfdc4af5d7869c162eeaf309231b6ee206f7f4737fca0c749523d59a35633ac46dd96dbf26f5e4c834b5dd880ab742df24907717221ae2886792e582e1fa7ebb9f20e54ddd2a3de7607bd0bc1f0e3389e7159290d98c67b8cfb39933b4c69d43f2e411564479c5206974da1310862680746a9ce62d0746fbb4f9a544b27be226f4dd4915158e020c5da010771f0af6e3118ec41dcb943b2f27c2ba459cde7a5f945bdb26c6437f9b27b79e326c9d152b0e490273d5a19086c9937608a0cb4a7c18727e38ce50d6f6eef1bfbe480d3d498e75665d78d79fe45d81ad5d04fb4ed4be2fe3270db1c01c8beeb694f2ae01dbc8d041103949a8b1de5027d0b11dd1219c47287603f503c8e09350beae12fd892f60169075bc878ecb5df070b36fff499d0abcdbba2cbe548b796a8dfd1efb62bdf3da7077b136168f41b3661dc28fd83546c70ad89ebd3257f2fd6e80e3ebd3f29c9be9366a6ab82bb80d03286ce1fe6d1018acfd302b124badbbd74a7b48c3bfb020eb4d1fbefefedcb4d7623120fad4598f8c2daa1cfad09812213f4a73b6a48da505e13c3fa74d7ace8eedc87d5eeca32b7de76f93a0efd5c6c9f0f13baa18e501b7858448b8460e4bb0004ed072b9b26a8a64dc2e52b1e27d4212a6ef5197734e4cb222a5c9665b5fd2d76444d8cace0fc32e4046c8a23b070aa7cb9543f35631fc82531140360fc7fa51743ae4eb9c23dbc5e46963f66bfb96d5d9739162242ae877a491773babd5ef08daaaa18349a6870b0ddb96c322f7d36d395b0ab8588faa64a558182a4c402da4cf820932696fc1d752905f54bc6116f44ebadb274adb2049e131948a7bd11c44ac94ec5280cf6a3cc730ad33a7372a5ec29293656cbda9327e04987cdacefb237efe4dbdecf0387061248cb41907c5e36e815f2a07357c59976c073199ca30ebaa31370be5502d052baaa94148c2c66e3d4eb788a97526c6fe2ca4084355d214cd5ce1cb5ce873ea639d3fad7bb4dcae54e9819a6445161b98842916228d9b19510d8c851184dfe2f42c5fe3b3cbd9e022d59c2ecad587dcd15487ab69afaf69b11f429dfeda4908996f5f87f69a1c2f0e6f7953907dc500ad01143c428b39e26e70829293078362801dad44408f24607b937b4479dd91f4eed029a375f5cb89b40d4416ec39e292399f87ac217c135302ca2721db457aaaf924a72b79b04fd2c4243e1d7754d1e4fc2855c28be3c7468a7c9323a48dc59e71d0fe801b8be9ce16319b6540777fe924ded08700220b6d6c057fe72cbd5f9eeae3965ede0563643c146e9dc21ece948d90bfb0700ab150462bf745f2d04e96fee2c7408bc3c13f9b333dcd9a4ec4a040b45d5e04281c565f4eb47dcd3bcc1e68e3f63c1fd33fec79f711add3747ce42381243a31b9c4cd6e1748df9fdcdbb045a76ba5aa00c039fb36d49ca7d715c7beed54d8e4178d3f080caedb14a81c95bd48de5832e4f749dc8060314348a5c9a2d3cabbdd93ddfbca44bde53984c58ae6e5bbd0703f22f4da10b50e722e3f9974afe2fa45a6b5338e1499807d68aba31e4f7ee6a057414585286343c191228d5316796818a7f22a60882e150928c101c65b00654afcb3d675b59409b4c244a7edef773598b779e11f1d9ff9f78f4dbc0359b8fee0e29d48e1f5d416b5d6911637945276007494f8ae0fbc7bcc526fe34452c9b8ee09cc1f36c07928eb810f23f70c3d48d9440281bf53c17e21e804d7dd213c0ddce11308dfc0aff3aeaa542727a8918acdb7d3a89b8cdd459aff094e10469005b97eb0cbf13c0ec41696b271b7d8ded8c1e05aa213c5bdb33555f2095b1310d931fcfb459df9f5776b0f154e674ae43e93646219e6be9aed378fa131c75c1c8223160b53e760898478e6ca6a7057675b5b139193ff0288d65318555aeb61b6255973036e40bb6480495e3c1aa94573ee9f805e135b4375fc23965de6dfefaa9a3d35b297f7226103258b7d8a8d3f16c685b3b25bd25c8f713f61ceda335ccd253458531d7114f801de91399e88c5b69ba865aecf8bcbf2c5949455e993f7bb1fe39521b3288e90f6ed05ffeecb1e81e9ea7206a202f9eeaeb2ccd34cc88f733951ea32713d821ed40146381b94d0ec172f7d174a8aaf68a178337a56ec7d2d900cadff2b0bc10e2725fb19da3e80228cc4c71437e6cb1ea9544182aba6545342ba505afbf15775324336fb46c61195bc896df1b93548ca292dab14f7a9a4743b2ed97bb5b06579d8e241650e40cd9d1953cb70704b84882470940174dedf5182af54047aa8c77f6e7359b6d1b14d28cb2b017b1a4f730dc0182e012cd1b5fff0f7d07de255a509e5aa3fe3dba03997825ac1ea7a357f4e3f786216977ea0dbe431bd0a825d3ce79951e5fb74ed8b94ae753b934b0aae17cdc529c6be6f2cafb2d75788de15defda235af12c681b3fce1f645ec193619bb012394d264fe75aff0545fd1cdd6ac65b9236d1e2c7532b9c0b697f242d196f8f79ccd520ba6dfdc6b113b5e5bfe0a359e528dcb8eed6b1d8eb0ccc92e00a7cc5bd514e9d9008dd15f89eebbaddb1b0b25e2f71fe0bbb55fc55527530422e32954365eacb4c0ee82e4fbef00f03de1938d9b0ed203985c8be0f31819f86bc4c37135adf74b69dd4997dea4f4a4929e0e3d4c1ab0ef3c4c6951966e2741db42e333d83787362a695c6a56404c4ab1328ce5bad7bb066b3307c8123debd1c7c939acfc7c7fdedd88ff35cd21356a4e942aa456cc5464e0231b42b33805abf2bc259b2bb10b50da1c2b60409e18f1253df3e4c1786b3ee672f343bfb54340084b3a833862045e9f844a5a66554b5f638da675015b8a840706a92c5588be2f8939baceff0ff4de1d949a28b28ba77d23b0543a94b561235f993c22f2ae2728b156b38579a5f12e5d6c239202cf444106c465dd91194faacdab46b273a5a60ccfe32acb3312c487b3d179b865272f8660c7f69925098ab5e76c6792aae900dd99c11e584464dc37030c5f73ec549e062f90eb1d62d01957110535a45315273f27facdb9e155ea6d6d90708d6af4d2204ec7d1cbd0e717454aab79658a5efac16a775b75fcd41df8c9f0b07be41b2a56aedded116a0e49b5d14eba239ef4de2823a40cefbb114b69feaa881eb3a5cbb791c4b655443f64e1e933637a7707534be3c1e55481b52868efaddb4dbcf68324722f05acecc7777a5fff9e2cd86a16ce84e3dfc4c26ef7956c326eb0007cdddb69582c205663a8a27d7a743363b02dabc07bf7e7d025854579c4d6c6d8269f3846f46abad451399255c95fd791a6c87eec498c81f933ce7e80ba19583887d43f11a76929c92e20b3addd110f491954d12c8c6e0052c275711f448c68b753acc23eb5e185f18762c482e026162efc92ce213b69f1ceae5333b42fec4348bc2ddfc39e336f96a197bb7c9724fddb2e9915f963bdef5a2f657cb9bd3d1a47a0d453837a452d74adaa256c2d2d6a368841a04f11bfea4789b814b2bc76f6d4442ee663af4530439af3a46d013d563eaaf840e0068a6f98d1faf98c18e7b277973e2ee6ff18dc4ae33089bd24a5218994d794e36f447dce51c74a8c5f7b89fda03e84c583d62a91f91ac35829658464c782ba105357d48710de3935a330c828fc9e9522d0b114e1dcb63e8de1ded0885530ca4022cd591aaa448b499dfdf53cd4eb3be1cf443c425c742a04a6f47d8064bc66680b53f166087b52fe1dd6255271da9aed3354c44d624dfab82bc7de3e7a6b97f5ca6d7075c203c9c94dc24da390693029ff2798e59083c8acbb94d25d4549e14a1615e5d722e79c642d9628daaab105903a74671ca63182c4917aba874f43cbf12b764371d7d9a396ad9f9058c2443e3f614275d6190bfab6dc35d6f8b70d787a31a8540cfd0f2897f5cbb28f44a4ca81a260da1bae43739f17fe6ebe1e16f88a603f37b8b5535507e60a878c2aacc46e4dabb3ef01cff8fe4c7a7de653d9a45b1132b9cd573edf720bec89c6fd7754c262a59468567d191c86e8d2fbd656998c8ad94522b14f1c2844cbd42979b72734ed5ecd5fe88cb95ec7618a510482b121980cc93b0b0985d01e9a63f78776beac8cbdb9032b9d1b2ec04e4b13260764cb03e140413b410306675e1c1e698d126599cf66ea1a863ad90179fa0fe33569419414f83fdbf9e8184e91b566081136d67d03ded2de8ef25d82d912d301452caf6291b9377ef57c15260647fadd4bba306bc6e879f5f7bc302324ea1a0f188d1b8eeff5f7aa906e16ca2eef50e6bccebb9017dbecd5ce8490b4583b74068193c24aaca0281bd536798f18f65c04d3e5150deda06c9bf4fb7e70abad3bb56be4ef9d7d292eef0d8c6b99cf550b70ca1993f91fa1090bd5e7107c53847952a1aaf71990d600a0f24e840405838d33a8f631c46fea3fb0fb19d100668e62e04a5cfc50c31033b3e25c940644ebf50a2924126503591c7f2fc71c36a93f2b86c2c871733695d2b727cef578e8cd49f0a5bdc6942275c855dcdc66c7d347dc538e9e72e4c07c3388e5abdb324c43fff2df4df8bb55ce307e424cbd71fb1b3b1167b85ed90c0d4dc6b7a085bde8fbca80249647491053339ed2f3bcd646ed737b21b46c2c7f89851cb1fcef260383db627ef33bf85a5dd9aa76668cf95c31c67b7a102758e5b5b1bc96063f3aabf860e11a3d0949519a5aad31ab29906c5232cd8ec165978d25024ed332fc1aa85e0f9627ed2ce1ed66b628c4ef9159af1ebee439a413ca9b6417d65be4b6c7e1b39b0c451c0df2b814360cd6c4c2425b2cfdc74a0b36a64498e95ecd8b1007324645d388572def1e6e9ecb21c1b1c1176e85f889640781a7fe3b43aee6bd5e8ee8d4f1da79cb76977954e78db44c3c82110c3daf0cd4755a6733c062f5183d125a03cee3b5e4451db59fc6a0e8a4d0f9da5e9b775eed3e8504e21f292a600de7163faa2595374968fb77b2c1499c0dbcc60e05cdfa1bbe91960381ae32d98ebe3165f4dd3412d336dccb75124b5172413f7663233f68d93d01d58b03ec6cc4bc85abbc0e9b9958abedc8108bcb8ad819e66e266a2825bd8f5d1d76a6c26ed287486a095d84c8a337f72053e285ae702e06661fa05134ab2c170c2dcd1d515a18bd1e1351f647cae1d6f9016376808bf485230d696ed173b542a38906be15a907bc6b5a31c9a56af699ec530bf4de48bf3c24a1a9fa198b19e9b097d1bc3f9bf64003b48115754e2dd6de7ebb54771430f5536687daf7be0829ef6d8a45e830ac22218e4a859fbe6e130334bcc583cedf209ff639747006c8f64da9053ccc6e80454ea46cf90a9f82b62ba682e9e7916a9dde68b5016f18e1c6ff59bee52829175c25fab51f0cfb179091470da5332674078f5c37a21358eb9c759233ac61ae525b48930b4f05490977e95453198120b977b6a3d8f28e19c660b429858bcda164bdbd171bd3eb9bffc4f685595af038d0e205cc6d8a17ead7fda85bb24bbb4ff2d61c11e3b3973985c676f4d82694f3f35f7f599842e1fd7f141ee3bca6e817c5df27d2d9890eb46681aa83d34e20c1ea972cadebd7d17ecee140f0acb1d545bb602f8bde8a69d58b59dda77129ce197542e5fbe3aa9a40f2e61049ac81b7d7894c5991895156496d40a4dc5c8ef9830e3c7d27f3e19f21dad398e9694c84f43fd7ea32ae727b120e0ec9230d6d4be412a8ac4f206613fc9f195058da0d4a1f00ffd0471d1277781a4e5d4e549c8f65b93b7266e80bd1a77f100cc2cb165f3f9cbd89850387f1c9d024a7c7baacad428c7462236f10c4d84dd05666dc98c2d3f1b80d7ef45980e0bebf73aef4801ff3cce6c06860c9a014dd526e92f9fbcc28a5b292f424960c506a884d5a5988795511ab62d5bc59a103eba218bdfdaf99e13363d0c62c653ae0a5e140c47df2e2ed2aac7b0a85b63150cb3085dcfd5a0dacfb69e3fbecfe5fa2514e5c495a82a07768bd54b1e75af2f527420d3c4428a5c17c7c496f1decadd525cb33d244ee3d8128381889e4b2bc66e7de9cbe7bf60f4fd01496b4a4b21045db9216554c3706aadc298c759b036f012bf30f635efcebf3236872b66718c3a22c44347a57d8f3b85ed510050762f3874e693305c03f70fdc676154cf8f297fff2e020d44c738aaf07a37a36b1e4d9a1b91b17d874cc3b8bb3b95aaeecbf3ab566244ff5c8c59482775fd7c67607994c2adbc8fc6fdf2b92397582d170a4e992914ad411ac35c4719da1e293676ae8b19f20e37f4071c62b6386630816d3f7b5fde12d03132f7bbe7e884d345f7f7e6ba07b130b0ededf244da650ea7d25dc7da60861bb58721532efb67d8d8912948aaf5b4c9029bf79ee9f8e8f799f1230e3c94d46ff706d89727bc1fc1ebee55fde249c18236e56d45e3d97687cb0ec6073b2c6392b79e949eec2f92d8e884f5c22cea6da10352b296129abe0b2f0f3950762f35869ab31bbd7acde559f5ae8ebafe4bc71cf361ecbb2ab6363bcda23248e9cf7279c1953d827b68891d6b8f6ea1839b8cc1f9fa687a24b8b548e14dd29935ba938234d444b121dfeba3d65ece16662a35c202c2714419e21d5bc357a456601103cd7c7ad190f6067cdd620bd5d6abd4aacf31fdf08332e2d078d6ab9122511117a8bb1c5bea074406c334d63e8bc79ac0e178b32fa72cc6ab4d235fa6537390f309b5da209afe51064810fc9ef9d27b16f3feec25e41a0e9b25a9a73c9c3fa224ceaf218071e65d672f94da9ad426df95008d2b6f7a42e403c787d04dfcefc716d02069d4f5d80ccca92ef879871bd731a4386706d7c972ea58fb00178d6acbae20e6f39f5577f3c89bb59ed46160dea0972a7b1a77e482ac0e7509a1cf97b89434e78929a838cbfaa52d6dd51a0779240fbbdfac8b48747bb6473a1b3bc4e20cf04c8f71b947dd0aa98822626b23f34ae17feb850aac95a7c529f615d624baef1a2a788235982ab4091ed445e51d5d55f9549d270ebcb72473b0a9233b5121e7a52992e9dc0e8858e14a385fc5f85ca61bb13e1bad6912f26e9388eab08ca2d39736c3b74dcee309d27876ddf76ac4c9ee97408950cbd864199d1abcf49e9be5bad799333573df5729b8e9eb953c494b365549a74dd1d256a2e78d6dc96e4791a44d9a092933ca176588ed89c1a34f8b95853d14bf9a251f90943633c2ef86584e99e1816eb1766bf48fcfc8df04079d30e337e9fac03187b9f77155e4f05096c6a27b958956a48b94ae77c316e5d0fce3582b0f80465bd279d47f3bfbae5433c99ec6031f839f25f29fca672656ed66344ced01cf78b40dc77a324a2d2ea196b8810e616783156168beec8739c6a2310d12a9a1710a93ae2f6119b973a561e32c15807db5b23ec0b598fa1abf448f8e994fde95f33d5f69a6d2d991b454891b81ed0227405138a5aba0d75ef78ed93907c157b7e07a9fc15d7888a323190258d8c3f10890823ccf88f320c01760cb2ae12c26194e72f2df203ae91656ef0b379f50768a2d5692e646c1741e4707028de99158f2c3266b7e10a7ec2cb3fe6f517851cd749d7bc75f91bcec76fbafbc48fe7d0d64bb51ae6e180c4b72c03990776b4391589560e56acf38e322d3e4f8d624f20f13240bb583e8c1cfcc8f8788b5d2018e8add7f7ec25dc39ce0db0bc897484bad31d9bb3c31149159382b10d4258ac19a80ac012d1932bb51ec36770848ddbf94c1312bd1cd021c121256f0610329c634cf3b6ceed9b576a8690f8d30a1310a52b2d9c3574f3c25cc62f08484ff09aee09682c64e6cdf50104c11883f799af80fe8f24954ac285a46b2cc8f9581ae0d6b4f551f622acddfe87d62baceab7acbce52cb4365d1cb0ee00868b4ba5efa7d250976d8e789e4fd677613d2087c8b0bb5a4c396bdd59436e29aee6dac25caa003945f76fd749981f5e184c720ddbb93a4d58c38b1fc68efe78685aac20ede05bf2e7a7ac14ef2d4b2b92de66df66f7cdc5592925dc892c46bf450067a888f9522ce432d807f0b7ddadcfcd881faa02dfc5e3e3962c9955cfb085583695cc14261110a75e27d3bc77c3f8576052492568e4b17199588a9cd7c07d1a63a3262fe51d40a9a007e282fb929dd25d51e669a8713a9aa0f970dee30b08f42e3c212cc4db2f7a139ef4cee4a1de20c90b1361d73009a3b790d569fc5fd4ab8decbd57ab33df5f9db17af36218eb1393fff3660eae12af60ff88e075dcc1f73035a3242bb09e33707e06ea8baf5dd8cbb29e4d6fe06120901f33907edbb8675e938f8a311ec99c5da45b253eb1f3baf2f8b950828cf7b7f86ad3689f8e9119542050dee8f4fd6e2091df524a858466f4737ad6cfd4d05d6aac659dcd0ee57c7a5d1f201dc66eba684ed1811aa866b0065ff48d7d7fe89965497c509c71ed23e523a883c353bc8f2f1aebd6ead2e6250d87c457d10d28a18437532ae148a9db0802a4e27c1b9efa372739574f547f7441d12e9b606e0235871e96b96af89bb5894979dcd284785679f4f64278c497a1a51596c23da0f96fc8b8fa27876ef5a0bd2e0ba8ba8914a38d0d0aafb1c726febd3f62d156165d57d4c7c4295606a0d0ebc52a3aa121065ae6b1d3d6d998d39cdbf8b31551403aa88e39efa72d6f3ad8075fb2895eac68c59076dddd48a48643d9f61510ca628a55637684f5a637995573db7b6a19934cef4ed14aaf90855b4bb66913da07955381fe88091c4238e648e3c1d6e96f9a9c0f2279bbbd931823808f1a00764c5a89be0e6c603a1f5e01c60d71b0611c3a2d4c299a288c576993e1185d1a7e618b327b9b0f711a52ef7e00ad3cf42686d280ad704f334f905ff232d9fcb2e056e985bfa57c36a5fb3521694afcd977cf24f6b3181dc56f6e0f5a86c7a6abe094370cbc79cf3d819772e0a23bb78ed242aea614c4a01fd1267a080ae656a0b899cafc60086482f64bbc3b14520c079f05b9b85368a4cfe6f348bc7bf7f375698a4f8c380a1231e152ddf064ef1867703f54ee4b05929867645eaf3e86222a8f2f20b678ed57ef569f3581353ad00d51b66e24ca5421f613d2d82042b20b687889fb74450868786b70622a7c1ebb3750d2008daf17444bccc9ed423987fa49abfa892d7301c229eb1ac5774e2778f742df4395143f0cf3002dbd1218d620952aa40148267571eb904ffed370d9e21aac778baa4cdc9da4bfb11cc528bb046297eb2eb713eec14b38148d051705d29bd0943aae8c2a5a01dfe6f17995065aabd91e0be3646a2188778dd3409ac53dd3014bcfa110768ab21af259540026379f6f3960cfce9dc03fe70e06d9f2efe45bd19a848f7e808046dc7e632c74fcd4579b56943bd454234d4010351989ac1b8be593394d36573e9d78aaf7a963821ea35cf41210c1939f1b31899fa60034ccb708bca49436290554dfecda96a9a5f03727ffd860e81b65dcacc9aa16be1b77d82d0db479041f727928e538b3b56f6f0602411535ff284a1be3ea46e0f613ce9171dd1102f752b20e9c11050f70153be49720daa765f2be25d3a297d0ceb1ccce068f68eee860663a20ebe83a614ecb9b00684fc6991fe7d6182e4e13060b18a47228cd129971c90d8059fe48e103631aede8366fa79768206756456edd25a8d4223b0eb4af0e1d2685a990ad8fd10c1a01b97d1c4f67042ba7de39a101d2b8e2ea52dfdca57c37bd3f9e827b9c9354a746e03e7c72fd094c663e389962933f77459869af8bad6929b75f86f77c97f8b4f01df9ccfa3ce8915ebf07d6f77b23a674476b1fdd9f1cff233c2d299cf40a57b5c3ff6dd7288b9f83738e9e8267170020f4f47675f1eded9a2cabece46966dc3a21192d336465988353419f1407e34f575623fe6a8ef6459f07304366633a00b2960f9a6daa64676e216c5c7c14705c8bba066a8565fb64af726a7ebf8b68006fafa12747d47eed8ade2d53a7fc370f2fd9841c8de0dda595a4b4dbc3cbee366391c114b80a3a74692a14bbb543a267b63d566dde8a739c3592b674cc02c07c5896f9743c6d841da8a395c0f9268368f2b9411214fd96bd91211838e3cee188f384574922dada9ed6a491b0907e23e13c939a1f4479b2c844bb5a5fa7baae079a73963bae5c726644aaf6be42162ebdb1a1ff91f401615022ccebfd878c489b37754707123dd6cf9572146c13feaaa930cf37d92ec0570783961d621f05eb24d665315a136b7a7f07e8783efb94be848f1510e6c02e05cd41313cda28a4a924fcfdbfcf953059dfed225aac9d42da4ec7a51386f770363685d22d9cc1a6fa885c24019c58f78d79925b653c11bcd66bfb875382efa3f625597ddcf4ffcd945e87eadfc70205b77aca174984812951376e83223d850927ba0c21b80f5d9d0b599621877cab3c1ea663e443352664be81b9070c4de7e48a066d8a09e950c06a805588b19ee25dec8b94b971fef386243329fdffbc1135f2394fcbff392f53c830472898f4aa61f78cca4d58c34c4b087da48fc5a803f9c2b40aa9e9cc2de1250b2291dab72b849da0cb81f146abcf81fc95f10bd156b2adc688cb89e24981736749b723b68f9ed4af55fd19e3df9e9e111e62b42b5e99bc8e3616de6127b6a4ff7a6940b4d470dcbd2ae357a924913146718f6bbc1615c08a3a5129feed29d06cae2bad9b7e2c4e07377e22dda98c30139294906a3c13d3343b042eff0410779023cc18764afd92debeee101e6d9cd7df75d60a5213de4e921131e4c029181c6ec0da2e73c3decbeda3f95f9c7cfdcd04df60d45195dbebe464bd32371fc69a84c6b5e454167136659e970e45da529353adf40dfaa80cb33116900
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23B25FDF-E625-459D-914C-1F2461AAAB71} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23B25FDF-E625-459D-914C-1F2461AAAB71}\34166716C6965627F584967686D23507565646F5836363D243D23414654554C4 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunServices-x64: [PoppyCelly] C:\Users\Theresa\Downloads\movie.exe
mRunServices-x64: [ZoppyTumbly814.00] c:\users\theresa\downloads\movie.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\3ia3k09m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Theresa\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-15 1151096]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110830.030\IDSviA64.sys [2011-8-31 488568]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [2011-4-17 126392]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-27 136824]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-9 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-9 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-08-29 18:14:18 -------- d-----w- C:\Program Files (x86)\GiftAuto
2011-08-27 00:12:54 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-26 22:51:31 -------- d-----w- C:\ProgramData\XFINITY
2011-08-26 15:08:50 -------- d-----w- C:\Program Files\iTunes
2011-08-26 15:08:50 -------- d-----w- C:\Program Files\iPod
2011-08-26 15:08:50 -------- d-----w- C:\Program Files (x86)\iTunes
2011-08-26 15:07:48 -------- d-----w- C:\Users\Theresa\AppData\Local\Apple Computer
2011-08-24 21:24:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 21:24:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-23 14:00:55 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
2011-08-23 13:51:25 -------- d-----w- C:\ProgramData\Smith Micro
2011-08-23 13:51:24 -------- d-----w- C:\Program Files (x86)\Smith Micro Software, Inc
2011-08-23 13:10:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-22 15:59:06 -------- d-----w- C:\Users\Theresa\AppData\Local\{E3FE71CC-D69A-40B5-8495-1824224FBF2E}
2011-08-21 19:34:32 -------- d-----w- C:\Users\Theresa\AppData\Local\{6814C539-F57E-4E6B-B81C-56FA5509B865}
2011-08-20 15:21:37 -------- d-----w- C:\Users\Theresa\AppData\Local\Apple
2011-08-15 13:40:07 -------- d-----w- C:\Users\Theresa\AppData\Local\{F821F203-7ABA-4F30-A70B-AFB453352C06}
2011-08-01 12:01:58 -------- d-----w- C:\Users\Theresa\AppData\Local\Adobe
.
==================== Find3M ====================
.
2011-08-11 12:13:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-19 09:05:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 6:13:13.94 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:31 AM

Posted 04 September 2011 - 11:55 AM

Hi Theresa Lang, and welcome to Bleeping Computer.

Firstly,
Please go to http://www.virustotal.com/ , click on Browse, and upload the following file for analysis:

c:\users\theresa\downloads\movie.exe

Then click Send File. Allow the file to be uploaded and scanned. Then, please post a link to the results page for me to see.

Secondly,
Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Thirdly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:31 AM

Posted 16 September 2011 - 05:18 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users