Active Google Redirect Virus Removal

roxigrrrl · 2010/01/04

[Active] Google Redirect Virus Removal

Hello,

I was having issues where my browsers both Firefox and internet explorer were opening random web pages when I clicked on links from a google search. After reading other posts about this same topic I went ahead and ran Combofix. It seems to have resolved the issue, but it was highly recommended that I post the log to a forum like this to make sure there were no additional problems. Here is the log:

ComboFix 10-01-03.05 - Roxanne 01/04/2010 13:15:32.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.3061.1832 [GMT -5:00]
Running from: c:\users\Roxanne\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1816827839-3229183560-1768524742-500
c:\$recycle.bin\S-1-5-21-2347180839-3205931739-3509662-500
c:\users\Roxanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll
c:\users\Roxanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\system32\oem7.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-04 18:23 . 2010-01-04 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-11 23:06 . 2010-01-04 14:22 -------- d-----w- c:\program files\Norton Security Scan
2009-12-09 15:43 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 15:43 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 15:43 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 15:42 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 15:42 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 14:22 . 2009-12-02 23:30 -------- d-----w- c:\programdata\Norton
2010-01-04 14:22 . 2009-12-02 23:30 -------- d-----w- c:\programdata\Symantec
2010-01-03 06:16 . 2010-01-03 06:16 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb37E0.tmp.exe
2010-01-02 19:41 . 2009-12-04 23:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-01 00:11 . 2009-02-20 15:55 680 ----a-w- c:\users\Roxanne\AppData\Local\d3d9caps.dat
2010-01-01 00:08 . 2008-12-27 16:51 -------- d-----w- c:\program files\SugarSync
2009-12-12 08:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-12 08:05 . 2008-12-27 03:54 -------- d-----w- c:\programdata\Microsoft Help
2009-12-11 23:06 . 2009-12-02 23:30 -------- d-----w- c:\programdata\NortonInstaller
2009-11-25 22:18 . 2008-12-27 16:29 -------- d-----w- c:\program files\McAfee
2009-11-16 23:18 . 2009-11-16 23:18 -------- d-----w- c:\programdata\eBay
2009-11-16 23:17 . 2009-11-16 23:17 -------- d-----w- c:\program files\eBay
2009-11-16 23:17 . 2008-12-13 06:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-16 15:18 . 2008-12-25 18:58 58896 ----a-w- c:\users\Roxanne\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-16 08:06 . 2009-03-05 15:31 -------- d-----w- c:\program files\Microsoft Works
2009-11-10 17:56 . 2009-01-30 15:37 8293568 ----a-w- c:\users\Roxanne\AppData\Roaming\DataSafeDotNet.exe
2009-11-10 17:56 . 2009-01-30 15:37 8293568 ----a-w- c:\users\Roxanne\AppData\Roaming\DataSafeDotNet.exe
2009-11-10 14:46 . 2009-11-10 14:46 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3B52.tmp.exe
2009-11-09 17:39 . 2009-11-09 17:39 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb506E.tmp.exe
2009-11-09 00:32 . 2009-11-09 00:32 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbFE62.tmp.exe
2009-11-08 00:36 . 2009-11-08 00:36 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb69.tmp.exe
2009-11-06 22:35 . 2009-11-06 22:35 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb578F.tmp.exe
2009-11-03 01:42 . 2009-10-03 13:34 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-25 22:15 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20 . 2009-12-09 15:44 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 15:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-09 15:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-21 16:36 . 2009-10-21 16:36 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-10-17 22:34 . 2009-06-15 14:38 2380538 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-12-03 00:25 . 2008-12-25 20:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-13 07:40 . 2008-12-13 07:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@= "{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} "
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2009-12-10 02:22 143360 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@= "{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} "
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2009-12-10 02:22 143360 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@= "{A759AFF6-5851-457D-A540-F4ECED148351} "
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2009-12-10 02:22 143360 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@= "{1574C9EF-7D58-488F-B358-8B78C1538F51} "
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2009-12-10 02:22 143360 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-13 39408]
"SugarSync "= "c:\program files\SugarSync\SugarSyncManager.exe" [2009-12-10 11653120]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-03 30192]
"PCMService "= "c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online "= "c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"FPCCSMiddleware "= "c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-03-07 536184]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"EEventManager "= "c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Samsung PanelMgr "= "c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-04 548864]
"eBayToolbar "= "c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-03-19 632048]

c:\users\Roxanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2008-12-13 53248]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-13 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-13 06:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [12/12/2008 6:57 PM 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/23/2008 11:09 PM 155648]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [10/22/2009 11:32 AM 5120]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [12/13/2008 2:53 AM 111616]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/21/2009 3:48 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/13/2008 1:25 AM 30192]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [10/22/2009 11:32 AM 127656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2008-12-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\d8gwrzef.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\d8gwrzef.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 13:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3936)
c:\program files\SugarSync\SugarSyncShellExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\EPSON\eEBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-01-04 13:35:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-04 18:35

Pre-Run: 57,225,318,400 bytes free
Post-Run: 57,531,871,232 bytes free

- - End Of File - - 0730BE45DDB6EE569D50C8B100C8ED5C

Admin. · 2010/01/04

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

roxigrrrl · 2010/01/04

I didn't really understand what a dds log was but then I realized to gave the link and it was super easy. Here are the logs

DDS LOG

DDS (Ver_09-12-01.01) - NTFSx86
Run by Roxanne at 19:29:10.31 on Mon 01/04/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.3061.1308 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\aestsrv.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\notepad.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Roxanne\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe "
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe "
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [FPCCSMiddleware] c:\program files\fisher-price\computer cool school\FPCCSMiddleware.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [eBayToolbar] c:\program files\ebay\ebay toolbar2\eBayTBDaemon.exe
StartupFolder: c:\users\roxanne\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\roxanne\appdata\roaming\mozilla\firefox\profiles\d8gwrzef.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\roxanne\appdata\roaming\mozilla\firefox\profiles\d8gwrzef.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-27 214664]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-12 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-10-22 5120]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-13 111616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-27 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-27 40552]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-13 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-27 34248]

=============== Created Last 30 ================

2010-01-04 18:27:02 0 d-----w- C:\$RECYCLE.BIN
2010-01-04 18:10:55 98816 ----a-w- c:\windows\sed.exe
2010-01-04 18:10:55 77312 ----a-w- c:\windows\MBR.exe
2010-01-04 18:10:55 261632 ----a-w- c:\windows\PEV.exe
2010-01-04 18:10:55 161792 ----a-w- c:\windows\SWREG.exe
2009-12-11 23:06:31 0 d-----w- c:\program files\Norton Security Scan
2009-12-09 15:43:40 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 15:43:40 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 15:43:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 15:42:31 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-09 15:42:31 244224 ----a-w- c:\windows\system32\rastls.dll

==================== Find3M ====================

2009-11-10 17:56:19 8293568 ----a-w- c:\users\roxanne\appdata\roaming\DataSafeDotNet.exe
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-22 16:34:49 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-22 16:34:49 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-22 16:34:48 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-12-13 07:52:33 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-12-13 07:40:25 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 19:30:08.47 ===============

roxigrrrl · 2010/01/04

ATTACH LOG

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/12/2008 6:59:39 PM
System Uptime: 1/4/2010 2:53:04 PM (5 hours ago)

Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | Microprocessor | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 99 GiB total, 54.572 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.913 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP226: 12/12/2009 3:00:42 AM - Windows Update
RP227: 12/14/2009 2:23:17 PM - Scheduled Checkpoint
RP228: 12/14/2009 5:21:12 PM - Windows Update
RP229: 12/15/2009 3:19:29 PM - Scheduled Checkpoint
RP230: 12/18/2009 10:31:20 AM - Windows Update
RP231: 12/21/2009 10:27:30 AM - Windows Update
RP232: 12/24/2009 1:00:06 PM - Windows Update
RP233: 12/28/2009 11:56:26 AM - Windows Update
RP234: 12/31/2009 12:31:02 PM - Windows Update
RP235: 1/4/2010 11:38:16 AM - Scheduled Checkpoint
RP236: 1/4/2010 11:40:24 AM - Windows Update

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.2
Adobe Shockwave Player 11.5
AOL Install
ArcSoft MediaImpression
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Quick Photo Book
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft RAW Thumbnail Viewer
ArcSoft Video Downloader
Banctec Service Agreement
Browser Address Error Redirector
Chinese Simplified Fonts Support For Adobe Reader 9
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
DELL0604
Digital Line Detect
EarthLink Setup Files
eBay Toolbar Featuring Yahoo!
EDocs
Epson Event Manager
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3
EpsonNet Print
Fisher-Price Computer Cool School
Fisher-Price Scooby-Doo's Classroom
Fisher-Price Sesame Street Classroom
Google Desktop
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Java(TM) 6 Update 7
Junk Mail filter update
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
Mozilla Firefox (3.0.16)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NetZeroInstallers
OutlookAddinSetup
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Samsung Universal Print Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Spelling Dictionaries Support For Adobe Reader 9
SugarSync Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

==== Event Viewer Messages From Past Week ========

12/31/2009 7:16:01 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/31/2009 7:10:38 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/31/2009 7:10:38 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
12/31/2009 4:01:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/31/2009 3:36:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
12/30/2009 9:53:29 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{8B15B803-9ED0-42DB-835D-38DE0699C7E5} because another computer on the network has the same name. The server could not start.
12/30/2009 9:53:29 PM, Error: netbt [4321] - The name "ROXANNE-PC :20" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
12/30/2009 9:53:29 PM, Error: netbt [4321] - The name "ROXANNE-PC :0" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
12/30/2009 2:29:48 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
12/29/2009 7:10:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
12/28/2009 7:49:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
1/4/2010 3:21:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
1/4/2010 12:21:51 PM, Error: EventLog [6008] - The previous system shutdown at 12:20:50 PM on 1/4/2010 was unexpected.
1/4/2010 1:14:59 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/4/2010 1:14:58 PM, Error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2010 1:14:41 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

broni · 2010/01/04

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Restart computer.

===============================================================

I assume, McAfee is your current security program?
I can see some Norton's leftovers, so, download and run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

===============================================================

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3.
Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

roxigrrrl · 2010/01/05

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/05/2010 at 10:19 AM

Application Version : 4.32.1000

Core Rules Database Version : 4445
Trace Rules Database Version: 2268

Scan type : Custom Scan
Total Scan Time : 01:16:47

Memory items scanned : 328
Memory threats detected : 0
Registry items scanned : 6371
Registry threats detected : 0
File items scanned : 173693
File threats detected : 68

Adware.Tracking Cookie
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@qnsr[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@zedo[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@mediaplex[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@content.yieldmanager[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@doubleclick[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@c7.zedo[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@imrworldwide[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@questionmarket[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@ads.pointroll[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@apmebf[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@bluestreak[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@msnportal.112.2o7[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@bs.serving-sys[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@www.clickinks[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@serving-sys[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@atdmt[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@ad.yieldmanager[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@pointroll[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@microsoftwlmessengermkt.112.2o7[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@247realmedia[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@ad.yieldmanager[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@adbrite[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@ads.bleepingcomputer[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@ads.infinisource[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@ads.lucidmedia[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@ads.undertone[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@advertising[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@apmebf[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@atdmt[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@bs.serving-sys[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@burstnet[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@casalemedia[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@collective-media[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@content.yieldmanager.edgesuite[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@content.yieldmanager[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@content.yieldmanager[3].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@counter.surfcounters[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@doubleclick[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@fastclick[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@imrworldwide[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@insightexpressai[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@interclick[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@intermundomedia[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@invitemedia[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@linksynergy[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@mediaplex[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@msnportal.112.2o7[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@questionmarket[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@realmedia[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@revsci[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@richmedia.yahoo[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@serving-sys[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@socialmedia[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@specificclick[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@specificmedia[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@trafficmp[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@tribalfusion[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\Low\roxanne@zedo[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@2o7[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@advertising[1].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@atdmt[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@bs.serving-sys[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@doubleclick[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@mediaplex[2].txt
C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Cookies\roxanne@serving-sys[2].txt

Trojan.Agent/Gen-FakeAlert[Calc]
C:\QOOBOX\QUARANTINE\C\USERS\ROXANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\SCANDISK.DLL.VIR
C:\USERS\ROXANNE\NTLOAD.DLL

Adware.MyWebSearch-Installer
C:\USERS\ROXANNE\DOWNLOADS\MYWEBFACESETUP2.3.50.62.GRFOX000.EXE

roxigrrrl · 2010/01/05

I cannot get Hijack this to run. I am running Vista, but there is no option to run as an administrator when I right click on the program. Here is the Malwarebyte's log. Let me know what I can do about Hijack this and if it is still necessary to run it.

Malwarbytes' Log

Malwarebytes' Anti-Malware 1.43
Database version: 3496
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/5/2010 12:09:10 PM
mbam-log-2010-01-05 (12-09-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 283754
Time elapsed: 1 hour(s), 30 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/01/05

...and HJT...

roxigrrrl · 2010/01/05

I cannot get Hijack this to run. I am running Vista, but there is no option to run as an administrator when I right click on the program. Here is the Malwarebyte's log. Let me know what I can do about Hijack this and if it is still necessary to run it.

broni · 2010/01/05

Did you download 2.0.2, or 2.0.3 (beta)?

roxigrrrl · 2010/01/05

2.0.3 (beta)

broni · 2010/01/05

Try to run it normally, without right clicking.

roxigrrrl · 2010/01/05

If I try to click scan it says:

For some reason your system denied write access to the Hosts file. If any hiijacked domains are in this file, HiiJackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HiijackThis reports and delete them.
Save the file as 'hosts.' (with quotes), and reboot.

For Vista: simply exit HiijackThis, right click on the HiijacThis icon, choose 'Run as Administrator'.

OK...Maybe I was missing something because when I closed out that box there was a button that said save log file. So here it is:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:20:36 PM, on 1/5/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe "
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [SugarSync] "C:\Program Files\SugarSync\SugarSyncManager.exe" -startInTray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\Windows\System32\SUPDSvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11435 bytes

broni · 2010/01/05

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

roxigrrrl · 2010/01/06

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, January 6, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, January 06, 2010 11:26:54
Records in database: 3334392
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 174816
Threats found: 1
Infected objects found: 0
Suspicious objects found: 4
Scan duration: 02:29:53

File name / Threat / Threats count
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0A0D155F-00002FCF.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0BB32EA6-00003948.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\6A500376-00002FD1.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\7CF91BB6-000037DB.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned.

broni · 2010/01/06

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:
Code:
:OTL

:Services

:Reg

:Files
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\7CF91BB6-000037DB.eml
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\6A500376-00002FD1.eml
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0BB32EA6-00003948.eml
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0A0D155F-00002FCF.eml

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

roxigrrrl · 2010/01/06

At first when I clicked on you OTL link Mcafee said there was a Trojan and shut it down. When I try again I get this message in the browser:

File Not Found

Firefox can't find the file at http://oldtimer.geekstogo.com/OTL.exe.

* Could the item have been renamed, removed, or relocated?
* Is there a spelling, capitalization, or other typographical error in the address?
* Do you have sufficient access permissions to the requested item?

Should I shut down Mcafee temporarily?

broni · 2010/01/06

Shut down McAfee for the moment and try again.

roxigrrrl · 2010/01/06

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\7CF91BB6-000037DB.eml moved successfully.
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\6A500376-00002FD1.eml moved successfully.
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0BB32EA6-00003948.eml moved successfully.
C:\Users\Roxanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0A0D155F-00002FCF.eml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Roxanne
->Temp folder emptied: 2024 bytes
->Temporary Internet Files folder emptied: 71464597 bytes
->Java cache emptied: 6226242 bytes
->FireFox cache emptied: 118057603 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 25376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 225280 bytes

Total Files Cleaned = 187.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.21.0 log created on 01062010_224424

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_TTjpcxSG1RGeV7b not found!
File\Folder C:\Windows\temp\mcmsc_jSyauGW7bzlnowk not found!
File\Folder C:\Windows\temp\mcmsc_ZjCbYZEc0ZIooCi not found!

Registry entries deleted on Reboot...

roxigrrrl · 2010/01/06

OTL logfile created on: 1/6/2010 10:53:03 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Roxanne\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.48 Gb Total Space | 54.55 Gb Free Space | 54.83% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.91 Gb Free Space | 50.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROXANNE-PC
Current User Name: Roxanne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/06 22:52:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Roxanne\Downloads\OTL.exe
PRC - [2010/01/06 21:36:23 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/09 21:21:08 | 11,653,120 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2009/12/02 19:25:08 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/10/29 06:54:44 | 01,497,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcshell.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/10 12:32:18 | 00,305,664 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2009/10/10 12:32:18 | 00,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/09/28 08:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/25 11:25:48 | 00,262,672 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsmap.exe
PRC - [2009/09/16 10:23:32 | 00,262,160 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/07 12:22:48 | 00,150,032 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Core\mchost.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/19 10:12:38 | 00,632,048 | ---- | M] (eBay Inc.) -- C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/02/04 17:55:38 | 00,548,864 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/12/13 01:25:03 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/03 09:54:00 | 01,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/04 14:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 14:58:02 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/30 11:03:14 | 00,820,464 | ---- | M] (Dell Inc.) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
PRC - [2008/09/30 11:03:12 | 00,464,112 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Remote Access\ezi_ra.exe
PRC - [2008/09/23 23:09:52 | 01,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/23 23:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/07/03 08:43:28 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/07/03 08:43:26 | 03,563,520 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/07/03 08:42:08 | 02,654,208 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2008/06/23 07:45:42 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2008/05/04 04:25:32 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 04:25:26 | 00,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 04:25:26 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 04:25:26 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/03/06 19:47:06 | 00,536,184 | ---- | M] () -- C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
PRC - [2008/03/06 02:58:24 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/03/06 02:58:24 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/03/06 02:58:14 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/03/06 02:58:10 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/22 18:01:38 | 01,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/19 17:05:24 | 00,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/01/20 21:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 21:33:24 | 00,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008/01/20 21:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/21 11:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 06:07:20 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 06:07:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 14:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 14:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/12/19 18:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe
PRC - [2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/01/06 22:52:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Roxanne\Downloads\OTL.exe
MOD - [2008/01/20 21:33:14 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/02 19:25:08 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/28 08:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/24 07:16:12 | 00,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/27 14:45:05 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/24 08:45:58 | 00,127,656 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2008/12/20 21:10:26 | 00,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/13 01:32:10 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/04 14:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/30 11:03:14 | 00,820,464 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/09/23 23:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/07/03 08:43:28 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/06/23 07:45:42 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2008/03/24 08:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/20 21:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:20 | 00,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 00,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/12/19 18:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search "
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q= "
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157 "
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 21:36:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 21:36:25 | 00,000,000 | ---D | M]

[2008/12/25 15:15:52 | 00,000,000 | ---D | M] -- C:\Users\Roxanne\AppData\Roaming\Mozilla\Extensions
[2010/01/06 15:25:36 | 00,000,000 | ---D | M] -- C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\d8gwrzef.default\extensions
[2009/11/10 13:08:07 | 00,000,000 | ---D | M] (WOT) -- C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\d8gwrzef.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/13 07:47:43 | 00,000,000 | ---D | M] -- C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\d8gwrzef.default\extensions\moveplayer@movenetworks.com
[2009/08/14 06:55:51 | 00,001,957 | ---- | M] () -- C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\d8gwrzef.default\searchplugins\bing.xml
[2008/12/25 15:15:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (98 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Roxanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/06 22:31:14 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/05 13:03:32 | 00,000,000 | ---D | C] -- C:\Users\Roxanne\AppData\Local\Stardock_Corporation
[2010/01/05 12:21:10 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/05 10:30:56 | 00,000,000 | ---D | C] -- C:\Users\Roxanne\AppData\Roaming\Malwarebytes
[2010/01/05 10:30:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/05 10:30:48 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/05 10:30:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/05 10:30:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/05 08:54:04 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/05 08:53:27 | 00,000,000 | ---D | C] -- C:\Users\Roxanne\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/05 08:53:27 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/05 08:52:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/04 13:35:18 | 00,000,000 | ---D | C] -- C:\Users\Roxanne\AppData\Local\temp
[2010/01/04 13:27:02 | 00,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/01/04 13:10:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/04 13:10:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/04 13:10:55 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/04 13:10:46 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/04 13:10:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/04 13:10:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/01/30 10:37:25 | 08,293,568 | ---- | C] (Dell, Inc. ) -- C:\Users\Roxanne\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Users\Roxanne\Documents\*.tmp files -> C:\Users\Roxanne\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/06 22:53:32 | 02,621,440 | -HS- | M] () -- C:\Users\Roxanne\NTUSER.DAT
[2010/01/06 22:53:12 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/06 22:53:12 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/06 22:53:12 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/06 22:47:39 | 00,023,077 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/01/06 22:46:33 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/06 22:46:32 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/06 22:46:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/06 22:46:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/06 22:46:21 | 32,107,84768 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/06 22:45:50 | 00,524,288 | -HS- | M] () -- C:\Users\Roxanne\NTUSER.DAT{9c6a4d88-90b8-11de-a1ca-0023ae0b2842}.TMContainer00000000000000000001.regtrans-ms
[2010/01/06 22:45:50 | 00,065,536 | -HS- | M] () -- C:\Users\Roxanne\NTUSER.DAT{9c6a4d88-90b8-11de-a1ca-0023ae0b2842}.TM.blf
[2010/01/06 22:45:33 | 00,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/01/06 22:39:52 | 01,525,308 | -H-- | M] () -- C:\Users\Roxanne\AppData\Local\IconCache.db
[2010/01/06 22:33:27 | 00,000,680 | ---- | M] () -- C:\Users\Roxanne\AppData\Local\d3d9caps.dat
[2010/01/06 15:05:14 | 00,512,512 | ---- | M] () -- C:\Users\Roxanne\Desktop\Order0108-Rox.xls
[2010/01/06 12:46:16 | 00,377,856 | ---- | M] () -- C:\Users\Roxanne\Documents\Transgenomic Order GC-010610-TRANS.doc
[2010/01/05 22:04:45 | 00,002,521 | ---- | M] () -- C:\Users\Roxanne\Desktop\HiJackThis.lnk
[2010/01/05 10:30:53 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/05 08:53:31 | 00,000,904 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/04 13:27:38 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/03 01:04:04 | 00,007,680 | ---- | M] () -- C:\Users\Roxanne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/29 08:04:30 | 00,027,136 | ---- | M] () -- C:\Users\Roxanne\Documents\Gift shopping list 2009.xls
[2 C:\Users\Roxanne\Documents\*.tmp files -> C:\Users\Roxanne\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/06 15:09:06 | 00,512,512 | ---- | C] () -- C:\Users\Roxanne\Desktop\Order0108-Rox.xls
[2010/01/06 12:46:15 | 00,377,856 | ---- | C] () -- C:\Users\Roxanne\Documents\Transgenomic Order GC-010610-TRANS.doc
[2010/01/05 12:21:11 | 00,002,521 | ---- | C] () -- C:\Users\Roxanne\Desktop\HiJackThis.lnk
[2010/01/05 10:30:53 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/05 10:21:12 | 32,107,84768 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/05 08:53:31 | 00,000,904 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/04 13:10:55 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/04 13:10:55 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/04 13:10:55 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/04 13:10:55 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/04 13:10:55 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/22 11:32:22 | 00,339,968 | ---- | C] () -- C:\Windows\System32\DscPnt1.dll
[2009/10/22 11:32:22 | 00,026,624 | ---- | C] () -- C:\Windows\System32\spd__l3.dll
[2009/10/22 11:32:21 | 00,233,472 | ---- | C] () -- C:\Windows\System32\DscPnt0.dll
[2009/10/22 11:32:21 | 00,229,376 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2009/10/10 19:46:59 | 00,008,248 | ---- | C] () -- C:\Users\Roxanne\AppData\Local\en.ini
[2009/02/20 10:55:19 | 00,000,680 | ---- | C] () -- C:\Users\Roxanne\AppData\Local\d3d9caps.dat
[2009/01/03 16:40:58 | 00,007,680 | ---- | C] () -- C:\Users\Roxanne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 15:21:31 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/12/27 15:19:49 | 00,000,079 | ---- | C] () -- C:\Windows\EPWF600.ini
[2008/12/13 02:53:08 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/12/13 02:53:08 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/12/13 02:53:08 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/12/13 02:53:08 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/12/13 02:53:08 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/12/13 02:53:04 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/12/13 01:17:39 | 00,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 05:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/10/21 11:34:15 | 00,000,000 | ---D | M] -- C:\Users\Roxanne\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/31 09:55:19 | 00,000,000 | ---D | M] -- C:\Users\Roxanne\AppData\Roaming\EPSON
[2009/08/27 22:03:40 | 00,000,000 | ---D | M] -- C:\Users\Roxanne\AppData\Roaming\GetRightToGo
[2008/12/27 15:36:30 | 00,000,000 | ---D | M] -- C:\Users\Roxanne\AppData\Roaming\Leadertech
[2009/08/27 22:04:03 | 00,000,000 | ---D | M] -- C:\Users\Roxanne\AppData\Roaming\Pavtube
[2008/12/26 12:46:26 | 00,000,000 | ---D | M] -- C:\Users\Roxanne\AppData\Roaming\WildTangent
[2008/12/31 03:14:45 | 00,000,344 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2008/12/31 03:14:45 | 00,000,336 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/01/06 22:45:52 | 00,031,232 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >

Log in or Sign up

Active Google Redirect Virus Removal

roxigrrrl Inactive Thread Starter

Admin. Administrator Administrator Staff

roxigrrrl Inactive Thread Starter

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

roxigrrrl Inactive Thread Starter

Share This Page

Log in or Sign up

Active Google Redirect Virus Removal

roxigrrrl Inactive Thread Starter

Admin. Administrator Administrator Staff

roxigrrrl Inactive Thread Starter

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

broni Moderator Malware Analyst

roxigrrrl Inactive Thread Starter

roxigrrrl Inactive Thread Starter

Share This Page

Useful Searches