Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Undected infections from bad search results


  • This topic is locked This topic is locked
13 replies to this topic

#1 emptyX

emptyX

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:I don't know. Where am I?
  • Local time:10:23 AM

Posted 03 August 2009 - 10:41 PM

I have a very, very bad problem. I've posted about this matter on TSF and even had some assistance in the Am I Infected? forum, Referred from here: http://www.bleepingcomputer.com/forums/t/246316/undetected-infections-from-clicking-on-wrong-google-results/ I don't know status of TSF topic. ~ OB but haven't had any luck yet. I'm just going to copy and paste, for the most part, what I wrote in that thread:

Tweeks ago I was doing a search on Google, and accidentally clicked on the wrong result. It took me to a page that didn't load and Chrome gave me a message that said my computer was infected. At the time, I had Avast! and SpyBot installed and neither program detected anything, so I thought nothing of it at first. But then after that, every time I went to close Chrome, I got a message that asked me if I was sure I wanted to close as there were downloads still in progress. I hadn't been downloading anything. I gave the trial scan of Webroot SpySweeper a try (as well as its Desktop Firewall product) and it found only Spy Cookies. Webroot Desktop Firewall works great, but I get a notice saying it's blocked something around every three seconds, which seems abnormal. As well, when I'm out of Safe Mode (with Networking) most things crash or just don't respond. My computer is also working at about 1/10th of its normal speed (The speed is worse than that now).

In the Am I Infected thread, I was advised to use Malwarebytes Anti Malware and SUPERAntiSpyware, but neither program detected anything. As well, I tried out Dr. Web Cureit, but was unable to complete a full scan as the computer would just shut down every time.

I have no backups of anything saved (I just learned of that Vista feature yesterday - I'm very computer-stupid), and anything added to my USB stick comes out infected and unreadable (I've tried the Flash Disinfector, but the files are still unreadable). It's only getting worse, and I would be eternally grateful to anyone who could help me. Here is the DDS Logs as required, however my computer for some reason will not allow me to upload the Attach file (it begins to upload, but does not appear).

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Lauren at 23:18:30.19 on Mon 08/03/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vistaāā€˛¢ Home Premium 6.0.6001.1.1252.1.1033.18.895.412 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: Webroot Desktop Firewall *disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF50}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Lauren\Desktop\DDS.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\lauren\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [Skytel] "Skytel.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [NvSvc] "RUNDLL32.EXE" c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LXCFCATS] "rundll32" c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,RunDLLEntry
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Webroot Desktop Firewall] "c:\program files\webroot\webroot desktop firewall\WDF.exe"
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRunOnce: [Launcher] "%WINDIR%\SMINST\launcher.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-24 130936]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2008-7-31 95624]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-13 24652]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-12 29744]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
S4 WDFNet;Webroot Desktop Firewall network service;c:\program files\webroot\webroot desktop firewall\wdfsvc.exe [2008-7-31 353672]
S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-22 1205760]

=============== Created Last 30 ================

2009-08-03 15:35 --d----- c:\users\lauren\DoctorWeb
2009-08-02 23:33 --d----- c:\programdata\SUPERAntiSpyware.com
2009-08-02 23:33 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-08-02 23:32 --d----- c:\users\lauren\appdata\roaming\SUPERAntiSpyware.com
2009-08-02 23:32 --d----- c:\program files\SUPERAntiSpyware
2009-08-02 23:28 --d----- c:\program files\common files\Wise Installation Wizard
2009-08-02 22:07 --d----- c:\users\lauren\appdata\roaming\Malwarebytes
2009-08-02 22:07 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 22:07 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:07 --d----- c:\programdata\Malwarebytes
2009-08-02 22:07 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 22:07 --d----- c:\progra~2\Malwarebytes
2009-08-02 15:11 a-dshr-- C:\autorun.inf
2009-07-26 16:28 --dsh--- C:\$RECYCLE.BIN
2009-07-26 16:13 219,648 a------- c:\windows\PEV.exe
2009-07-26 16:13 161,792 a------- c:\windows\SWREG.exe
2009-07-26 16:13 98,816 a------- c:\windows\sed.exe
2009-07-24 00:21 --d----- c:\users\lauren\appdata\roaming\PC Tools
2009-07-24 00:17 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-07-24 00:17 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-24 00:16 28,560 a------- c:\windows\system32\drivers\AVHook.sys
2009-07-24 00:16 21,904 a------- c:\windows\system32\drivers\AVRec.sys
2009-07-24 00:16 21,904 a------- c:\windows\system32\drivers\AVFilter.sys
2009-07-24 00:16 --d----- c:\programdata\PC Tools
2009-07-24 00:16 --d----- c:\program files\PC Tools AntiVirus
2009-07-24 00:16 --d----- c:\progra~2\PC Tools
2009-07-23 23:40 --d----- c:\program files\common files\PC Tools
2009-07-22 17:50 1,563,008 a------- c:\windows\WRSetup.dll
2009-07-22 17:50 --d----- c:\users\lauren\appdata\roaming\Webroot
2009-07-22 15:41 --d----- c:\program files\Webroot
2009-07-22 15:39 --d----- c:\programdata\Webroot
2009-07-22 15:39 --d----- c:\progra~2\Webroot
2009-07-15 15:19 --d----- c:\program files\iPod
2009-07-15 15:18 --d----- c:\program files\iTunes
2009-07-15 14:43 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 14:43 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 14:43 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 14:43 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-07-22 15:42 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-22 15:42 86,016 a------- c:\windows\inf\infstor.dat
2009-07-22 15:42 51,200 a------- c:\windows\inf\infpub.dat
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-06-06 15:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-03-19 17:10 174 a--sh--- c:\program files\desktop.ini
2009-03-19 02:39 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:20:17.84 ===============

Edited by Orange Blossom, 15 August 2009 - 04:25 PM.
I left out a word. ~ OB


BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:10:23 AM

Posted 13 August 2009 - 07:51 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 emptyX

emptyX
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:I don't know. Where am I?
  • Local time:10:23 AM

Posted 14 August 2009 - 12:57 PM

No problem, I understand you guys have lives too. Here are the new DDS Logs as requested. It seems I can also now upload the Attatch file.

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Lauren at 13:51:10.97 on Fri 08/14/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.895.448 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: Webroot Desktop Firewall *disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF50}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Lauren\Desktop\DDS.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\lauren\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [Skytel] "Skytel.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [NvSvc] "RUNDLL32.EXE" c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LXCFCATS] "rundll32" c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,RunDLLEntry
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Webroot Desktop Firewall] "c:\program files\webroot\webroot desktop firewall\WDF.exe"
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRunOnce: [Launcher] "%WINDIR%\SMINST\launcher.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-24 130936]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2008-7-31 95624]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-13 24652]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-12 29744]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
S4 WDFNet;Webroot Desktop Firewall network service;c:\program files\webroot\webroot desktop firewall\wdfsvc.exe [2008-7-31 353672]
S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-22 1205760]

=============== Created Last 30 ================

2009-08-03 15:35 <DIR> --d----- c:\users\lauren\DoctorWeb
2009-08-02 23:33 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-08-02 23:33 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-08-02 23:32 <DIR> --d----- c:\users\lauren\appdata\roaming\SUPERAntiSpyware.com
2009-08-02 23:32 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-02 23:28 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-02 22:07 <DIR> --d----- c:\users\lauren\appdata\roaming\Malwarebytes
2009-08-02 22:07 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 22:07 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:07 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-02 22:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 22:07 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-02 15:11 <DIR> a-dshr-- C:\autorun.inf
2009-07-26 16:28 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-26 16:13 219,648 a------- c:\windows\PEV.exe
2009-07-26 16:13 161,792 a------- c:\windows\SWREG.exe
2009-07-26 16:13 98,816 a------- c:\windows\sed.exe
2009-07-24 00:21 <DIR> --d----- c:\users\lauren\appdata\roaming\PC Tools
2009-07-24 00:17 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-07-24 00:17 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-24 00:16 28,560 a------- c:\windows\system32\drivers\AVHook.sys
2009-07-24 00:16 21,904 a------- c:\windows\system32\drivers\AVRec.sys
2009-07-24 00:16 21,904 a------- c:\windows\system32\drivers\AVFilter.sys
2009-07-24 00:16 <DIR> --d----- c:\programdata\PC Tools
2009-07-24 00:16 <DIR> --d----- c:\program files\PC Tools AntiVirus
2009-07-24 00:16 <DIR> --d----- c:\progra~2\PC Tools
2009-07-23 23:40 <DIR> --d----- c:\program files\common files\PC Tools
2009-07-22 17:50 1,563,008 a------- c:\windows\WRSetup.dll
2009-07-22 17:50 <DIR> --d----- c:\users\lauren\appdata\roaming\Webroot
2009-07-22 15:41 <DIR> --d----- c:\program files\Webroot
2009-07-22 15:39 <DIR> --d----- c:\programdata\Webroot
2009-07-22 15:39 <DIR> --d----- c:\progra~2\Webroot
2009-07-15 15:19 <DIR> --d----- c:\program files\iPod
2009-07-15 15:18 <DIR> --d----- c:\program files\iTunes
2009-07-15 14:43 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 14:43 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 14:43 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 14:43 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-07-22 15:42 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-22 15:42 86,016 a------- c:\windows\inf\infstor.dat
2009-07-22 15:42 51,200 a------- c:\windows\inf\infpub.dat
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-06-06 15:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-03-19 17:10 174 a--sh--- c:\program files\desktop.ini
2009-03-19 02:39 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:53:03.64 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:23 PM

Posted 15 August 2009 - 07:23 PM

Hi emptyX,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Yes, your system is unstable so we will take it gently at first.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Let's take a look at those logs before we go any further. If you have problems running either of these programs then please let me know before you go any further. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:23 AM

Posted 15 August 2009 - 09:09 PM

Allow me to interject a moment here:

I've posted about this matter on TSF


That topic is here: http://www.techsupportforum.com/security-c...le-results.html

Please note that you should only have one active topic for malware removal. This is to avoid complicating things and making the malware removal process more difficult not to mention unnecessarily tying up people's time.

Since you have not received a response over there, please post to that topic there and tell them you are receiving help elsewhere and want that topic closed.

Thank you,

Orange Blossom ~ forum moderator

Back to you m0le.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 emptyX

emptyX
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:I don't know. Where am I?
  • Local time:10:23 AM

Posted 16 August 2009 - 06:45 PM

Hello, here are all the logs you requested. :)

GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-16 19:34:21
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp pwipf6.sys (pwipf6/Webroot Software Inc (www.webroot.com))
AttachedDevice \Driver\tdx \Device\Udp pwipf6.sys (pwipf6/Webroot Software Inc (www.webroot.com))
AttachedDevice \Driver\tdx \Device\RawIp pwipf6.sys (pwipf6/Webroot Software Inc (www.webroot.com))

---- EOF - GMER 1.0.15 ----


OTL logfile created on: 8/16/2009 7:35:26 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Lauren\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.82 Mb Total Physical Memory | 122.89 Mb Available Physical Memory | 13.73% Memory free
2.00 Gb Paging File | 1.41 Gb Available in Paging File | 70.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.55 Gb Total Space | 149.47 Gb Free Space | 68.08% Space Free | Partition Type: NTFS
Drive D: | 13.33 Gb Total Space | 7.17 Gb Free Space | 53.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAUREN-PC
Current User Name: Lauren
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/01/12 20:37:24 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/19 03:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/07/21 17:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/21 17:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/16 19:34:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/05 17:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Stopped])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/19 03:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - File not found -- -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/01/12 20:00:34 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2009/04/16 02:14:29 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/02/23 13:27:50 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcfcoms.exe -- (lxcf_device [Auto | Stopped])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 18:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2008/07/31 15:19:40 | 00,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe -- (WDFNet [Disabled | Stopped])
SRV - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/07/22 17:51:06 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 03:36:49 | 00,108,032 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/10/05 15:39:40 | 01,161,152 | ---- | M] (Agere Systems) -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 03:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 03:36:45 | 01,302,492 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007/09/19 20:11:48 | 01,959,832 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Stopped])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 03:30:56 | 02,589,184 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\DRIVERS\NETw2v32.sys -- (NETw2v32 [On_Demand | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2007/04/18 00:46:20 | 01,032,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
DRV - [2007/07/06 02:15:00 | 07,568,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Stopped])
DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2007/07/02 20:37:08 | 00,110,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2008/07/31 15:19:48 | 00,095,624 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\Windows\System32\DRIVERS\pwipf6.sys -- (pwipf6 [System | Running])
DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2009/07/28 10:53:16 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2009/07/28 10:53:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/07/28 10:53:14 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Stopped])
DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2009/04/21 18:27:02 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv [Boot | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2009/05/29 13:36:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/01/19 01:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3642
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3642
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3642
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\S-1-5-21-3927221255-2531625218-3392340522-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\S-1-5-21-3927221255-2531625218-3392340522-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/19 16:11:41 | 00,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LXCFCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Webroot Desktop Firewall] C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe (Webroot Software Inc (www.webroot.com))
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000..\Run: [Google Update] C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3927221255-2531625218-3392340522-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.46.156.1 142.166.86.18 142.166.86.19
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/02 15:11:08 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\ProgramData\*.tmp files]
[2009/08/16 19:34:39 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[2009/08/16 18:35:58 | 00,287,744 | ---- | C] () -- C:\Users\Lauren\Desktop\gmer.exe
[2009/08/14 14:14:02 | 03,413,992 | -H-- | C] () -- C:\Users\Lauren\AppData\Local\IconCache.db
[2009/08/14 13:54:52 | 00,001,876 | ---- | C] () -- C:\Users\Lauren\Desktop\Attach (2).zip
[2009/08/03 16:53:59 | 00,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Apple
[2009/08/03 15:11:53 | 15,272,528 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Lauren\Desktop\t42ame6b.exe
[2009/08/02 23:33:36 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/08/02 23:32:47 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/02 23:32:43 | 00,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\SUPERAntiSpyware.com
[2009/08/02 23:32:43 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/02 23:28:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/08/02 23:28:18 | 06,815,264 | ---- | C] () -- C:\Users\Lauren\Desktop\SUPERAntiSpyware.exe
[2009/08/02 23:26:32 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\Lauren\Desktop\ATF-Cleaner.exe
[2009/08/02 22:07:55 | 00,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\Malwarebytes
[2009/08/02 22:07:54 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/02 22:07:52 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/02 22:07:51 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/02 22:07:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/02 22:07:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/02 22:06:59 | 03,775,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lauren\Desktop\zztoy.exe
[2009/08/02 15:11:08 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/08/02 15:10:31 | 00,132,597 | ---- | C] () -- C:\Users\Lauren\Desktop\Flash_Disinfector.exe
[2009/08/02 14:56:15 | 00,028,915 | ---- | C] () -- C:\Users\Lauren\AppData\Roaming\UserTile.png
[2009/07/28 15:39:30 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/28 15:39:26 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/28 15:39:24 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/28 15:39:23 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/28 15:39:21 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/28 15:39:21 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/28 15:39:20 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/28 15:39:20 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/28 15:39:18 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/28 15:39:17 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/28 15:39:17 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/28 15:39:16 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/28 15:39:16 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/28 15:39:16 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/28 15:39:15 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/28 15:39:15 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/28 15:39:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/28 15:39:14 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/28 15:39:14 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/28 15:39:13 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/28 15:39:12 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/07/26 18:51:56 | 00,003,821 | ---- | C] () -- C:\Users\Lauren\Desktop\Attach.zip
[2009/07/26 16:29:15 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/07/26 16:29:04 | 00,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\temp
[2009/07/26 16:28:07 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/07/26 16:13:03 | 00,219,648 | ---- | C] () -- C:\Windows\PEV.exe
[2009/07/26 16:13:03 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/07/26 16:13:03 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/07/26 16:13:03 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/07/26 16:13:03 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/07/26 16:13:03 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/07/26 16:13:03 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/07/26 16:13:03 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/07/26 16:13:00 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/26 16:00:20 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/24 00:15:12 | 47,416,088 | ---- | C] (PC Tools ) -- C:\Users\Lauren\Desktop\avinstall.exe
[2009/07/23 02:01:57 | 00,001,744 | ---- | C] () -- C:\Users\Lauren\Desktop\Trillian.lnk
[2009/07/23 02:01:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009/07/22 23:38:54 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/07/22 17:51:00 | 00,001,809 | ---- | C] () -- C:\Users\Public\Desktop\.lnk
[2009/07/22 17:50:14 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2009/07/22 17:50:14 | 00,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\Webroot
[2009/07/22 15:41:12 | 00,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Webroot Desktop Firewall.lnk
[2009/07/22 15:41:08 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/07/22 15:39:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2009/07/21 22:31:44 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/07/21 22:31:01 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/02/05 22:47:25 | 00,000,208 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/01/13 00:09:44 | 00,274,432 | ---- | C] () -- C:\Windows\System32\lxcfinst.dll
[2009/01/13 00:09:43 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcfinpa.dll
[2009/01/13 00:09:43 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcfhcp.dll
[2009/01/13 00:09:42 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcfusb1.dll
[2009/01/13 00:09:42 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcfiesc.dll
[2009/01/13 00:09:41 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcfserv.dll
[2009/01/13 00:09:41 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcfpmui.dll
[2009/01/13 00:09:41 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcfprox.dll
[2009/01/13 00:09:41 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcfpplc.dll
[2009/01/13 00:09:40 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcfhbn3.dll
[2009/01/13 00:09:40 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcflmpm.dll
[2009/01/13 00:09:38 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcfcomc.dll
[2009/01/13 00:09:38 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcfcomm.dll
[2009/01/12 20:55:02 | 00,000,494 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2007/01/22 10:49:34 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxcfcoin.dll
[2006/11/22 18:16:18 | 00,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 14:50:06 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,281 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/18 07:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxcfvs.dll

========== Files - Modified Within 30 Days ==========

[2 C:\ProgramData\*.tmp files]
[2009/08/16 19:34:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[2009/08/16 18:36:04 | 00,287,744 | ---- | M] () -- C:\Users\Lauren\Desktop\gmer.exe
[2009/08/16 18:30:20 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/14 14:15:52 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/14 14:15:52 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/14 14:15:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/14 14:14:04 | 03,413,992 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\IconCache.db
[2009/08/14 14:05:15 | 00,692,118 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/14 14:05:15 | 00,596,194 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/14 14:05:15 | 00,101,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/14 14:04:54 | 00,002,047 | ---- | M] () -- C:\Users\Lauren\Desktop\Google Chrome.lnk
[2009/08/14 13:54:52 | 00,001,876 | ---- | M] () -- C:\Users\Lauren\Desktop\Attach (2).zip
[2009/08/03 23:06:56 | 16,016,1427 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/03 22:19:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927221255-2531625218-3392340522-1000UA.job
[2009/08/03 15:11:53 | 15,272,528 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Lauren\Desktop\t42ame6b.exe
[2009/08/02 23:32:47 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/02 23:28:18 | 06,815,264 | ---- | M] () -- C:\Users\Lauren\Desktop\SUPERAntiSpyware.exe
[2009/08/02 23:26:32 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\Lauren\Desktop\ATF-Cleaner.exe
[2009/08/02 22:07:54 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/02 22:06:59 | 03,775,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lauren\Desktop\zztoy.exe
[2009/08/02 15:10:32 | 00,132,597 | ---- | M] () -- C:\Users\Lauren\Desktop\Flash_Disinfector.exe
[2009/08/02 14:56:15 | 00,028,915 | ---- | M] () -- C:\Users\Lauren\AppData\Roaming\UserTile.png
[2009/08/02 14:47:21 | 00,001,356 | ---- | M] () -- C:\Users\Lauren\AppData\Local\d3d9caps.dat
[2009/07/28 15:21:40 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/07/26 18:51:56 | 00,003,821 | ---- | M] () -- C:\Users\Lauren\Desktop\Attach.zip
[2009/07/26 16:26:29 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/07/24 10:19:06 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927221255-2531625218-3392340522-1000Core.job
[2009/07/24 00:15:23 | 47,416,088 | ---- | M] (PC Tools ) -- C:\Users\Lauren\Desktop\avinstall.exe
[2009/07/23 15:54:29 | 00,307,145 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.bak
[2009/07/23 02:21:32 | 00,001,744 | ---- | M] () -- C:\Users\Lauren\Desktop\Trillian.lnk
[2009/07/22 17:51:00 | 00,001,809 | ---- | M] () -- C:\Users\Public\Desktop\.lnk
[2009/07/22 15:41:15 | 00,000,494 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/07/22 15:41:12 | 00,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Webroot Desktop Firewall.lnk
[2009/07/21 22:31:44 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/07/21 21:37:27 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/21 17:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/21 17:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/21 17:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/21 17:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/21 17:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/21 17:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/21 17:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/21 17:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/21 17:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/21 17:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/21 17:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/21 17:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/21 17:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/21 17:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/21 17:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/21 17:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/21 16:13:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/21 16:13:51 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/21 16:13:15 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/21 16:12:49 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/21 14:31:43 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7E95B6FD
< End of report >

OTL Extras logfile created on: 8/16/2009 7:35:26 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Lauren\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.82 Mb Total Physical Memory | 122.89 Mb Available Physical Memory | 13.73% Memory free
2.00 Gb Paging File | 1.41 Gb Available in Paging File | 70.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.55 Gb Total Space | 149.47 Gb Free Space | 68.08% Space Free | Partition Type: NTFS
Drive D: | 13.33 Gb Total Space | 7.17 Gb Free Space | 53.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAUREN-PC
Current User Name: Lauren
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3927221255-2531625218-3392340522-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{730C68B9-D75F-4C07-9159-5AADCB9DDDEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FDC2B248-090E-40F4-B9D7-B29ABF70105D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E73AABC-315B-491D-A494-FECA9E7667B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{37258C3A-5285-49EB-BB85-6CA54A054779}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{375C6375-8497-4B66-8CE6-896AC57712CC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{619BCA9E-AA65-470D-9ABD-45D2C3A07C02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69BAC6DD-B569-49D0-96DC-F5005B3C4C64}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{6CFB5397-9829-413A-9AD7-2ED21A87BB93}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{76B6A5FD-B074-4B72-AF75-8BA508B964DA}" = protocol=6 | dir=in | app=c:\program files\spyware doctor\pctsgui.exe |
"{88B0E85C-C35B-447B-9B70-7646BB230089}" = protocol=6 | dir=in | app=c:\windows\system32\lxcfcoms.exe |
"{9EC1B160-2BF6-42B0-BF36-E9DAE49657BB}" = protocol=17 | dir=in | app=c:\program files\spyware doctor\pctsgui.exe |
"{A9697837-7238-454A-8ECF-4743299B7E7D}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B755A88F-7ACC-452E-A1BD-1D10CF3B425C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B86112D3-8DC1-4E16-B938-5E5839810D06}" = protocol=17 | dir=in | app=c:\windows\system32\lxcfcoms.exe |
"{C695AA6D-DE9B-443B-B75E-38D68B1D2351}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E00E31BC-CAAB-41D3-880B-4424E2DE9066}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E019BD97-BD13-43FC-8EA2-C745E9059E42}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcfpswx.exe |
"{E9577AA1-F23D-46F9-BB4A-4DE48C5FAD98}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F1FA6E08-424E-4DD5-9276-4246D91AF48D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcfpswx.exe |
"TCP Query User{047E1909-FBA8-4FE8-B2E9-69EA55E56330}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{0960A97F-7513-46A6-8D16-BB4848C4B069}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{49F5C32D-F26E-432C-AD5D-F99D46EFCAA5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F576C46A-7DFF-48A2-8FC7-277D45CCC3A5}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" =
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7F2EAC76-8BC7-473F-9E2D-3373FD693797}" = Webroot Desktop Firewall
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hoyle Card Games 5" = Hoyle Card Games 5
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Lexmark 730 Series" = Lexmark 730 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"SimCity 3000" = SimCity 3000
"Soulseek" = SoulSeek Client 156c
"Titanic" = Titanic
"Trillian" = Trillian
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3927221255-2531625218-3392340522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2009 9:34:31 PM | Computer Name = Lauren-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/29/2009 9:39:59 PM | Computer Name = Lauren-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/30/2009 2:16:34 AM | Computer Name = Lauren-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/30/2009 1:37:51 PM | Computer Name = Lauren-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/30/2009 5:33:45 PM | Computer Name = Lauren-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/30/2009 9:46:24 PM | Computer Name = Lauren-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/30/2009 11:45:11 PM | Computer Name = Lauren-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/31/2009 1:02:39 AM | Computer Name = Lauren-PC | Source = Perflib | ID = 1010
Description =

Error - 7/31/2009 1:02:43 AM | Computer Name = Lauren-PC | Source = Perflib | ID = 1008
Description =

Error - 7/31/2009 2:43:38 PM | Computer Name = Lauren-PC | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 6/14/2009 12:43:33 PM | Computer Name = Lauren-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 5/23/2009 1:01:19 PM | Computer Name = Lauren-PC | Source = HTTP | ID = 15016
Description =

Error - 5/23/2009 1:02:05 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 5/23/2009 1:02:05 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 5/23/2009 9:04:07 PM | Computer Name = Lauren-PC | Source = HTTP | ID = 15016
Description =

Error - 5/24/2009 1:08:52 PM | Computer Name = Lauren-PC | Source = HTTP | ID = 15016
Description =

Error - 5/25/2009 3:10:58 PM | Computer Name = Lauren-PC | Source = HTTP | ID = 15016
Description =

Error - 5/25/2009 3:16:42 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 5/25/2009 3:16:42 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 5/26/2009 12:27:19 AM | Computer Name = Lauren-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:26:00 AM on 5/26/2009 was unexpected.

Error - 5/26/2009 12:27:33 AM | Computer Name = Lauren-PC | Source = HTTP | ID = 15016
Description =


< End of report >

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:23 PM

Posted 17 August 2009 - 04:44 PM

Hi emptyX and thanks for closing off the other forum topic.

Your log looks very good on the surface but the symptoms of redirection coupled with system slow-down and adding in the other details you have provided and it looks like you may have some infections.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 emptyX

emptyX
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:I don't know. Where am I?
  • Local time:10:23 AM

Posted 17 August 2009 - 10:27 PM

Here's the log. Haha, I wish I could understand some of it. :P

ComboFix 09-08-10.06 - Lauren 08/17/2009 22:39.3.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.895.62 [GMT -4:00]
Running from: c:\users\Lauren\Desktop\Combo-Fix.exe
FW: Webroot Desktop Firewall *disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF50}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 02:49 . 2009-08-18 02:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-18 02:49 . 2009-08-18 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-03 20:53 . 2009-08-03 20:53 -------- d-----w- c:\users\Lauren\AppData\Local\Apple
2009-08-03 19:35 . 2009-08-03 19:37 -------- d-----w- c:\users\Lauren\DoctorWeb
2009-08-03 03:34 . 2009-08-18 02:01 117760 ----a-w- c:\users\Lauren\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-03 03:33 . 2009-08-03 03:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-03 03:32 . 2009-08-03 03:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-03 03:32 . 2009-08-03 03:32 -------- d-----w- c:\users\Lauren\AppData\Roaming\SUPERAntiSpyware.com
2009-08-03 03:28 . 2009-08-03 03:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-03 02:07 . 2009-08-03 02:07 -------- d-----w- c:\users\Lauren\AppData\Roaming\Malwarebytes
2009-08-03 02:07 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 02:07 . 2009-08-03 02:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 02:07 . 2009-08-03 02:07 -------- d-----w- c:\programdata\Malwarebytes
2009-08-03 02:07 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 20:29 . 2009-08-18 02:49 -------- d-----w- c:\users\Lauren\AppData\Local\temp
2009-07-23 06:01 . 2009-07-23 06:52 -------- d-----w- c:\program files\Trillian
2009-07-23 03:38 . 2009-07-23 04:52 -------- d-----w- c:\windows\BDOSCAN8
2009-07-22 21:50 . 2009-07-23 03:31 -------- d-----w- c:\users\Lauren\AppData\Roaming\Webroot
2009-07-22 21:50 . 2009-05-13 19:39 1563008 ----a-w- c:\windows\WRSetup.dll
2009-07-22 19:41 . 2009-07-22 21:50 -------- d-----w- c:\program files\Webroot
2009-07-22 19:39 . 2009-07-22 22:01 -------- d-----w- c:\programdata\Webroot
2009-07-22 02:31 . 2009-07-22 02:32 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 02:03 . 2009-01-12 19:11 -------- d-----w- c:\users\Lauren\AppData\Roaming\Spare Backup
2009-08-02 19:42 . 2009-01-13 06:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-02 18:47 . 2009-01-15 06:55 1356 ----a-w- c:\users\Lauren\AppData\Local\d3d9caps.dat
2009-07-26 19:33 . 2009-06-03 19:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 03:24 . 2009-06-03 19:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-23 20:33 . 2009-02-01 19:15 -------- d-----w- c:\program files\Soulseek
2009-07-23 03:30 . 2009-01-13 23:00 -------- d-----w- c:\program files\Common Files\AOL
2009-07-22 21:47 . 2009-01-13 23:01 -------- d-----w- c:\program files\Viewpoint
2009-07-21 21:52 . 2009-07-28 19:39 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 19:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 19:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 19:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 19:19 . 2009-07-15 19:18 -------- d-----w- c:\program files\iTunes
2009-07-15 19:19 . 2009-07-15 19:19 -------- d-----w- c:\program files\iPod
2009-07-15 19:19 . 2009-01-13 01:52 -------- d-----w- c:\program files\Common Files\Apple
2009-07-15 18:55 . 2009-07-15 18:55 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-15 18:27 . 2009-01-12 19:10 84424 ----a-w- c:\users\Lauren\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-01 15:47 . 2009-02-13 21:34 -------- d-----w- c:\program files\EA GAMES
2009-06-22 04:51 . 2009-01-13 04:17 -------- d-----w- c:\program files\Lx_cats
2009-06-19 20:20 . 2009-01-12 16:55 -------- d-----w- c:\programdata\Microsoft Help
2009-06-15 15:24 . 2009-07-15 18:43 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 18:43 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 18:43 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 18:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-06 19:09 . 2009-06-06 19:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-29 17:36 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 17:36 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-18_02.27.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-12 16:43 . 2009-08-18 02:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-12 16:43 . 2009-08-18 02:31 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-12 16:43 . 2009-08-18 02:26 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-12 16:43 . 2009-08-18 02:31 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-12 16:43 . 2009-08-18 02:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-12 16:43 . 2009-08-18 02:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-18 02:09 . 2009-08-18 02:38 6332416 c:\windows\ERDNT\Hiv-backup\schema.dat
- 2009-08-18 02:09 . 2009-08-18 02:09 6332416 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-06-02 07:01 . 2009-08-18 02:28 97298489 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
"Google Update"="c:\users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-31 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-13 29744]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-09-14 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-06 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Webroot Desktop Firewall"="c:\program files\Webroot\Webroot Desktop Firewall\WDF.exe" [2008-07-31 2401672]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-19 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E00E31BC-CAAB-41D3-880B-4424E2DE9066}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E73AABC-315B-491D-A494-FECA9E7667B6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88B0E85C-C35B-447B-9B70-7646BB230089}"= UDP:c:\windows\System32\lxcfcoms.exe:Lexmark Communications System
"{B86112D3-8DC1-4E16-B938-5E5839810D06}"= TCP:c:\windows\System32\lxcfcoms.exe:Lexmark Communications System
"{E019BD97-BD13-43FC-8EA2-C745E9059E42}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxcfpswx.exe:Printer Status Window
"{F1FA6E08-424E-4DD5-9276-4246D91AF48D}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxcfpswx.exe:Printer Status Window
"{37258C3A-5285-49EB-BB85-6CA54A054779}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{375C6375-8497-4B66-8CE6-896AC57712CC}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{69BAC6DD-B569-49D0-96DC-F5005B3C4C64}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{A9697837-7238-454A-8ECF-4743299B7E7D}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{B755A88F-7ACC-452E-A1BD-1D10CF3B425C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{619BCA9E-AA65-470D-9ABD-45D2C3A07C02}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{047E1909-FBA8-4FE8-B2E9-69EA55E56330}c:\\program files\\soulseek\\slsk.exe"= UDP:c:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{F576C46A-7DFF-48A2-8FC7-277D45CCC3A5}c:\\program files\\soulseek\\slsk.exe"= TCP:c:\program files\soulseek\slsk.exe:SoulSeek
"{76B6A5FD-B074-4B72-AF75-8BA508B964DA}"= UDP:c:\program files\Spyware Doctor\pctsGui.exe:Spyware Doctor
"{9EC1B160-2BF6-42B0-BF36-E9DAE49657BB}"= TCP:c:\program files\Spyware Doctor\pctsGui.exe:Spyware Doctor
"{6CFB5397-9829-413A-9AD7-2ED21A87BB93}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E9577AA1-F23D-46F9-BB4A-4DE48C5FAD98}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 pwipf6;Privacyware Filter Driver;c:\windows\System32\drivers\pwipf6.sys [7/31/2008 3:19 PM 95624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/13/2009 7:01 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/12/2009 12:58 PM 29744]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 6:25 AM 2589184]
S4 WDFNet;Webroot Desktop Firewall network service;c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [7/31/2008 3:19 PM 353672]
S4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [7/22/2009 5:51 PM 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927221255-2531625218-3392340522-1000Core.job
- c:\users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 20:54]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927221255-2531625218-3392340522-1000UA.job
- c:\users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 20:54]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 22:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-08-18 22:55
ComboFix-quarantined-files.txt 2009-08-18 02:55
ComboFix2.txt 2009-08-18 02:35
ComboFix3.txt 2009-07-26 20:29

Pre-Run: 159,870,844,928 bytes free
Post-Run: 159,186,829,312 bytes free

196 --- E O F --- 2009-08-18 02:07

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:23 PM

Posted 18 August 2009 - 06:45 AM

The Combofix log is clean.

the symptoms that you have explained, are they still happening now?

Have you used any other removal tools before you posted here?
Posted Image
m0le is a proud member of UNITE

#10 emptyX

emptyX
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:I don't know. Where am I?
  • Local time:10:23 AM

Posted 18 August 2009 - 02:21 PM

That's strange...

I've mostly been working out of Safe Mode, but when I do reboot into regular mode, it seems to be not as slow as before, but still slow. As well, Webroot Desktop Firewall is still blocking quite a lot of things, but I'm not sure if that's really normal or not. I don't seem to be getting the message from Chrome that says that I still have downloads in progress. It's kind of suspicious that it's suddenly better...

The only other removal tool I can think of is a PCTools product that I downloaded just to try another scan, but it picked up nothing.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:23 PM

Posted 18 August 2009 - 04:33 PM

It's kind of suspicious that it's suddenly better...


Yes, it is strange but not suspicious. I think (and Combofix's log bears it out) that your PC is clean. There are no symptoms either.

Your logs are clean...

Good stuff! :thumbup2:

Let's do some housekeeping

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

I recommend that you download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Here's some advice on how you can keep your PC clean

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it emptyX, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#12 emptyX

emptyX
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:I don't know. Where am I?
  • Local time:10:23 AM

Posted 18 August 2009 - 05:32 PM

That's a relief that it's clean. Thanks so much for your time and help. I would donate if I had any money. :thumbup2:

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:23 PM

Posted 18 August 2009 - 05:48 PM

You're welcome emptyX :thumbup2:
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:23 PM

Posted 23 August 2009 - 06:17 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users