Jump to content

TrueBlueMajority

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you, Elise025, for all of your help. Please also mention my thanks to all the other software superheroes on this forum for the existence of this website offering free help. Thank you also for the donation system! I am supposed to get paid again on the 15th. We can close this topic thread now. Peace be with you!
  2. I disabled the Real Time protection and the pop up box is still there, but since it is benign I am not going to worry about it. I click on your link and it says I have to give in Euros! Are you allowed to say what country you are in? Does this money go to you or do you have to share it with others? Is there a recommended amount? I know your help is free but I wish I could afford to give you as much as this advice has been worth to me! I already spent my last paycheck but will have more $ on the 15th. thankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyou thankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyou THANK YOU VERY MUCH!!! :-D :-D :-D
  3. One very small thing is left: I keep getting a pop up in the system tray that says SUPERAntiSpyware Update, telling me there is an update available for download. But when I click on the SAS icon on my desktop and ask about updates on the screen that opens, it says I am completely updated. I am afraid to click on this thing in the system tray for fear it is fake--like those fake Windows Security XP things that were popping up all the time when I was infected. If my system is clean why is this thing still popping up? Do you have any ideas about this? I promise this is the last question!
  4. I just got a clean Secunia scan, so apparently I have successfully updated all my outdated software!
  5. I do not understand how to use the hosts file. I do not know what is meant by "protecting my computer by adding lines." I do not have anything called HostMan. Oops? When I click on the Hosts icon, I get a DOS window that says "the MVPS hosts file is now updated". Is this just a backup system to have so that in case I get hijacked again I can go back to a previous hosts file without the hijack? Thank you for answering all my other questions. This has been a tremendous education!!! :-D
  6. OK, just a few more questions. Securia keeps telling me I have insecure versions even though I have updated everything. Can I go through and manually delete with add/remove programs all the old versions of Java, Real Player, Adobe Flash, Adobe Reader, etc. Last time I tried this, I messed up my JRE and could not run anything for days until I figured out what I had done wrong. Then I think I will be all done!
  7. I think I have done everything now. You explained the outbound firewall, so I guess I don't need one? I have Avira AntiVir--should I upgrade to pro? I have SuperAntiSpyware pro, but am happy to switch to Malware Bytes pro since you have helped me so much. (I already have MalwareBytes free version.) I downloaded and ran Spyware Blaster and set the settings as recommended in the tutorial. Do you recommend Uniblue Registry Booster and Uniblue Driver Scanner? I downloaded those by mistake thinking they were part of Spyware Blaster but have removed them now. I do not understand how the hosts file works. I read the tutorial and I downloaded something and now I do not get doubleclick ads (which is fine with me) but I have clearly done something wrong. I updated all my Microsoft software. I ran the Securia program and am still working on updating everything. Should be all done sometime this evening! TBM
  8. Thank you for this comprehensive information and instruction! I am still working on completing all the steps in your previous message. I read the firewall tutorial but am not sure how to tell which systems provide an outbound firewall. Please do not close this topic until I let you know that I have done everything, since I may have more questions? Thanks.
  9. I ran ESET. No threats found/no report generated! Yaaayyy! Do you guys recommend the ESET security products over Avira?
  10. OK--I reinstalled MBAM and it was able to update. I ran a full scan and it came up clean! Here is the log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4162 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/2/2010 9:26:47 AM mbam-log-2010-06-02 (09-26-47).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|) Objects scanned: 201417 Time elapsed: 47 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I finally got my paycheck so I am ready to buy MBAM pro now. Is that the same as making a contribution to you, or should I do that separately? I am so grateful. I was thisclose to scrapping this computer completely. Do you have any other suggestions for keeping my computer clean in the future? thankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyou thankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyou t hankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyout h ankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouth a nkyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyoutha n kyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthan k youthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthank y outhankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthankyouthanky o u...
  11. OK--evidently i still have problems. I was unable to download MBAM-clean. I tried downloading it directly to my desktop, and I also tried downloading it to a disk. Both times when I clicked on the resulting file, I got this message: SHGetValue failed with error code 0 So I guess something is still preventing me from downloading correctly, but the file does not have 0 bytes--the size of the file is about 60KB. Google links are still working, and gmail is still working. I just thought of something--I will try to run it directly from the D drive instead of my desktop. TBM
  12. I tried to update MBAM and got this error message: MBAM_ERROR_UPDATING(0,0,SHRegGetPath) Should I run the scan anyway? MBAM full scans that I ran while I was having the problems all came back clean, so... should I wait until I get MBAM Pro?
  13. OK--I followed your OTL instructions about "none" and Extra Registry/Use Safelist here is the Extras.Txt log OTL Extras logfile created on: 5/30/2010 10:08:57 PM - Run 7 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\LKS\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.00 Mb Total Physical Memory | 467.00 Mb Available Physical Memory | 49.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 218.88 Gb Free Space | 93.99% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-82AA59282B Current User Name: LKS Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "8097:TCP" = 8097:TCP:*:Disabled:EarthLink UHP Modem Support ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java 6 Update 16 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79 "{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2 "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2 "{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{924CCB82-8E0A-4123-B33B-AFDDCF0AFC8F}" = Microsoft Carioca Rummy "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InterActual Player" = InterActual Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "RealArcade" = RealArcade "RealPlayer 6.0" = RealPlayer "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SLAMRNTV" = Smart Link 56K Voice Modem "SmartInstaller" = TotalAccess Smart Installer "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WordUp" = WordUp "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/27/2010 10:02:07 PM | Computer Name = YOUR-82AA59282B | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 5/27/2010 10:23:52 PM | Computer Name = YOUR-82AA59282B | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/27/2010 10:23:58 PM | Computer Name = YOUR-82AA59282B | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 5/27/2010 11:01:15 PM | Computer Name = YOUR-82AA59282B | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/27/2010 11:01:15 PM | Computer Name = YOUR-82AA59282B | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/27/2010 11:01:15 PM | Computer Name = YOUR-82AA59282B | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/27/2010 11:01:18 PM | Computer Name = YOUR-82AA59282B | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 5/27/2010 11:01:19 PM | Computer Name = YOUR-82AA59282B | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 5/27/2010 11:01:21 PM | Computer Name = YOUR-82AA59282B | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 5/29/2010 1:26:40 PM | Computer Name = YOUR-82AA59282B | Source = pctsSvc.exe | ID = 0 Description = [ System Events ] Error - 5/28/2010 5:11:27 PM | Computer Name = YOUR-82AA59282B | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 5/28/2010 5:15:21 PM | Computer Name = YOUR-82AA59282B | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 5/29/2010 8:59:56 AM | Computer Name = YOUR-82AA59282B | Source = Service Control Manager | ID = 7034 Description = The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s). Error - 5/29/2010 8:59:56 AM | Computer Name = YOUR-82AA59282B | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 5/29/2010 8:59:56 AM | Computer Name = YOUR-82AA59282B | Source = Service Control Manager | ID = 7034 Description = The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s). Error - 5/29/2010 8:59:56 AM | Computer Name = YOUR-82AA59282B | Source = Service Control Manager | ID = 7034 Description = The MozyHome Backup Service service terminated unexpectedly. It has done this 1 time(s). Error - 5/29/2010 8:59:56 AM | Computer Name = YOUR-82AA59282B | Source = Service Control Manager | ID = 7034 Description = The SmartLinkService service terminated unexpectedly. It has done this 1 time(s). Error - 5/29/2010 12:50:31 PM | Computer Name = YOUR-82AA59282B | Source = Print | ID = 6161 Description = The document research May 2010 diary owned by LKS failed to print on printer HP DeskJet 840C/841C/842C/843C. Data type: NT EMF 1.008. Size of the spool file in bytes: 272276. Number of bytes printed: 10108. Total number of pages in the document: 10. Number of pages printed: 1. Client machine: \\YOUR-82AA59282B. Win32 error code returned by the print processor: 0 (0x0). Error - 5/29/2010 5:59:33 PM | Computer Name = YOUR-82AA59282B | Source = Service Control Manager | ID = 7016 Description = The SmartLinkService service has reported an invalid current state 0. Error - 5/29/2010 6:09:01 PM | Computer Name = YOUR-82AA59282B | Source = Service Control Manager | ID = 7016 Description = The SmartLinkService service has reported an invalid current state 0. < End of report > do you need to see the OTL.Txt log as well? OTL logfile created on: 5/30/2010 10:08:57 PM - Run 7 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\LKS\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.00 Mb Total Physical Memory | 467.00 Mb Available Physical Memory | 49.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 218.88 Gb Free Space | 93.99% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-82AA59282B Current User Name: LKS Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard < End of report > There's light at the end of the tunnel... I can feel it!!! :-D
  14. I did not get an extra.txt log from ComboFix. is that a problem? Here is the one ComboFix log that it did generate: ComboFix 10-05-29.03 - LKS 05/29/2010 17:59:25.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.579 [GMT -4:00] Running from: c:\documents and settings\LKS\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Favorites\_favdata.dat c:\windows\system32\Thumbs.db ----- BITS: Possible infected sites ----- hxxp://updates.swarmcast.net . ((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 ))))))))))))))))))))))))))))))) . 2010-05-29 12:59 . 2010-05-29 12:59 -------- d-----w- C:\_OTL 2010-05-26 23:20 . 2010-05-26 23:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-05-24 16:57 . 2010-05-29 17:37 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-24 16:57 . 2010-05-29 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-24 14:42 . 2010-05-24 14:42 503808 ----a-w- c:\documents and settings\LKS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-502ad96b-n\msvcp71.dll 2010-05-24 14:42 . 2010-05-24 14:42 499712 ----a-w- c:\documents and settings\LKS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-502ad96b-n\jmc.dll 2010-05-24 14:42 . 2010-05-24 14:42 12800 ----a-w- c:\documents and settings\LKS\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5147d287-n\decora-d3d.dll 2010-05-24 14:42 . 2010-05-24 14:42 61440 ----a-w- c:\documents and settings\LKS\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5147d287-n\decora-sse.dll 2010-05-24 14:42 . 2010-05-24 14:42 348160 ----a-w- c:\documents and settings\LKS\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-502ad96b-n\msvcr71.dll 2010-05-17 23:47 . 2010-05-18 00:04 -------- d-----w- c:\documents and settings\LKS\Local Settings\Application Data\SUPERSystemInspector 2010-05-03 18:54 . 2010-05-03 18:54 -------- d-----w- c:\program files\Common Files\Java 2010-05-03 18:54 . 2010-05-03 18:53 411368 ----a-w- c:\windows\system32\deployJava1.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-29 17:26 . 2010-01-31 04:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-29 13:18 . 2010-03-23 14:54 1 ----a-w- c:\documents and settings\LKS\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-27 12:39 . 2010-03-18 01:44 439816 ----a-w- c:\documents and settings\LKS\Application Data\Real\Update\setup3.10\setup.exe 2010-05-26 18:15 . 2009-01-19 03:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-26 18:15 . 2009-01-19 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-26 18:07 . 2006-02-08 22:37 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-24 22:10 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-05-03 18:53 . 2006-08-16 04:08 -------- d-----w- c:\program files\Java 2010-04-17 11:06 . 2006-07-09 07:53 35656 ----a-w- c:\documents and settings\LKS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-16 00:00 . 2010-03-19 11:29 35656 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-15 03:40 . 2010-03-20 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-14 16:51 . 2010-04-14 16:51 7909728 ----a-w- c:\program files\driverscanner.exe 2010-03-29 19:24 . 2010-03-20 00:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 19:24 . 2010-03-20 00:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-24 01:42 . 2010-03-24 01:42 61440 ----a-w- c:\documents and settings\LKS\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-323921c5-n\decora-sse.dll 2010-03-24 01:42 . 2010-03-24 01:42 503808 ----a-w- c:\documents and settings\LKS\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-369838b9-n\msvcp71.dll 2010-03-24 01:42 . 2010-03-24 01:42 348160 ----a-w- c:\documents and settings\LKS\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-369838b9-n\msvcr71.dll 2010-03-24 01:42 . 2010-03-24 01:42 499712 ----a-w- c:\documents and settings\LKS\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-369838b9-n\jmc.dll 2010-03-24 01:42 . 2010-03-24 01:42 12800 ----a-w- c:\documents and settings\LKS\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-323921c5-n\decora-d3d.dll 2010-03-21 03:49 . 2010-03-20 02:58 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-03-20 01:59 . 2010-01-31 05:01 117760 ----a-w- c:\documents and settings\LKS\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-12 09:51 . 2010-03-12 09:51 20829680 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe 2010-03-12 09:51 . 2010-03-12 09:51 8405312 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2010-03-12 09:51 . 2010-03-12 09:51 149000 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe 2010-03-12 09:51 . 2010-03-12 09:51 10309448 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe 2010-03-12 09:51 . 2010-03-12 09:51 283280 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe 2010-03-12 09:51 . 2010-03-12 09:51 181768 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe 2010-03-12 09:51 . 2010-03-12 09:51 79368 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\RUP\vista.exe 2010-03-12 09:51 . 2010-03-12 09:51 64000 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll 2010-03-12 09:51 . 2010-03-12 09:51 52288 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll 2010-03-12 09:51 . 2010-03-12 09:51 50688 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll 2010-03-12 09:51 . 2010-03-12 09:51 49152 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll 2010-03-12 09:51 . 2010-03-12 09:51 118784 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll 2010-03-12 01:51 . 2010-03-12 01:51 439816 ----a-w- c:\documents and settings\guest 1\Application Data\Real\Update\setup3.10\setup.exe 2010-03-10 06:15 . 2006-02-08 19:57 420352 ----a-w- c:\windows\system32\vbscript.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-08-05 36864] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-23 339968] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968] "SoundMan"="SOUNDMAN.EXE" [2005-06-02 77824] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-06 198160] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-8-4 196608] MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2/8/2006 3:58 PM 97920] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/19/2010 10:58 PM 108289] S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\LKS\My Documents\SASKUTIL.SYS --> c:\documents and settings\LKS\My Documents\SASKUTIL.SYS [?] S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?] S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872] . . ------- Supplementary Scan ------- . uStart Page = about:blank mWindow Title = Windows Internet Explorer provided by Comcast Trusted Zone: dailykos.com\www Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\LKS\Application Data\Mozilla\Firefox\Profiles\5idik255.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.dailykos.com FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npLegitCheckPlugin.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppl3260.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprjplug.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprpjplug.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPSibelius.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - BHO-{ec4944ed-250f-4301-a9e1-5f06c38e8ed7} - hikagazu.dll HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\Nero\data\Xtras\mssysmgr.exe SafeBoot-klmdb.sys AddRemove-ComcastHSI - c:\program files\Support.com\uninstall\chsi_uninstaller.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-29 18:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(548) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\documents and settings\LKS\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\documents and settings\LKS\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2980) c:\windows\system32\WININET.dll c:\docume~1\LKS\LOCALS~1\Temp\IadHide5.dll c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\program files\MozyHome\mozyshell.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\MozyHome\mozybackup.exe c:\windows\system32\Ati2evxx.exe c:\windows\SOUNDMAN.EXE c:\program files\Logitech\MouseWare\system\em_exec.exe c:\windows\system32\ssmarque.scr . ************************************************************************** . Completion time: 2010-05-29 18:10:29 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-29 22:10 Pre-Run: 235,169,284,096 bytes free Post-Run: 235,040,862,208 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - E5DBC7D26A4E6505881569A5EE5A7BA7
  15. Here is the new OTL log: OTL logfile created on: 5/29/2010 5:49:11 PM - Run 6 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\LKS\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.00 Mb Total Physical Memory | 448.00 Mb Available Physical Memory | 47.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 219.11 Gb Free Space | 94.08% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-82AA59282B Current User Name: LKS Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/28 14:13:36 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LKS\Desktop\OTL.com PRC - [2010/04/02 21:19:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/01/04 12:36:28 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe PRC - [2009/10/08 13:13:52 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009/07/05 22:44:04 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/08/04 20:37:12 | 000,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2005/06/02 15:28:19 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2004/06/03 04:51:27 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe PRC - [2004/05/12 22:32:38 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe PRC - [2003/11/14 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE ========== Modules (SafeList) ========== MOD - [2010/05/28 14:13:36 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LKS\Desktop\OTL.com MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2006/08/04 18:39:17 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\LKS\Local Settings\Temp\IadHide5.dll MOD - [2003/11/14 09:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL MOD - [2003/11/14 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll ========== Win32 Services (SafeList) ========== SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) SRV - [2004/05/12 22:32:38 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService) ========== Driver Services (SafeList) ========== DRV - [2010/03/20 23:49:33 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/02/19 10:37:28 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/19 10:37:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2010/02/19 10:37:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2005/09/22 08:06:01 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023) DRV - [2005/06/02 15:28:16 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005/03/09 19:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005/02/22 22:36:04 | 000,986,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/08/27 04:18:50 | 000,097,920 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r) DRV - [2004/05/20 05:35:16 | 000,010,240 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - [2004/05/12 21:41:32 | 000,652,360 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr) DRV - [2004/05/12 21:38:02 | 000,014,408 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent) DRV - [2004/05/12 21:35:08 | 000,231,224 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5) DRV - [2004/05/12 21:29:50 | 000,100,384 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal) DRV - [2004/05/12 21:28:06 | 001,395,296 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm) DRV - [2004/05/12 21:21:18 | 000,013,232 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup) DRV - [2004/04/13 23:14:12 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2) DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2) DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb) DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2) DRV - [2001/08/17 17:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3701653516-458291496-3615524280-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3701653516-458291496-3615524280-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.dailykos.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/05 22:44:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 17:52:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 14:54:11 | 000,000,000 | ---D | M] [2008/08/26 08:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LKS\Application Data\Mozilla\Extensions [2010/05/28 16:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LKS\Application Data\Mozilla\Firefox\Profiles\5idik255.default\extensions [2009/09/04 12:32:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LKS\Application Data\Mozilla\Firefox\Profiles\5idik255.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2006/07/15 19:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LKS\Application Data\Mozilla\Firefox\Profiles\5idik255.default\extensions\{9A2DA8C0-A778-4438-A892-D5CCEFC7BB85} [2008/06/23 21:58:47 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\LKS\Application Data\Mozilla\Firefox\Profiles\5idik255.default\searchplugins\ask.xml [2008/06/02 18:52:31 | 000,001,340 | ---- | M] () -- C:\Documents and Settings\LKS\Application Data\Mozilla\Firefox\Profiles\5idik255.default\searchplugins\bbcnews.xml [2008/06/23 21:58:47 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\LKS\Application Data\Mozilla\Firefox\Profiles\5idik255.default\searchplugins\jeeves.xml [2010/05/27 09:31:18 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\LKS\Application Data\Mozilla\Firefox\Profiles\5idik255.default\searchplugins\weather.xml [2008/06/23 21:58:47 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\LKS\Application Data\Mozilla\Firefox\Profiles\5idik255.default\searchplugins\webster.xml [2008/06/23 21:58:48 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\LKS\Application Data\Mozilla\Firefox\Profiles\5idik255.default\searchplugins\wikipedia.xml [2010/05/28 16:21:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/05/03 14:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/05/03 14:53:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2003/11/18 13:37:32 | 000,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll O1 HOSTS File: ([2010/05/29 09:01:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {ec4944ed-250f-4301-a9e1-5f06c38e8ed7} - File not found O3 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005\..\Toolbar\ShellBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found. O3 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cleanup] Reg Error: Invalid data type. File not found O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O4 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech) O4 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.) O4 - Startup: C:\Documents and Settings\guest 1\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found O4 - Startup: C:\Documents and Settings\LKS\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKU\S-1-5-21-3701653516-458291496-3615524280-1005\..Trusted Domains: dailykos.com ([www] * in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246 O18 - Protocol\Handler\bw+0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw+0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw-0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw00 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw00s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw-0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw10 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw10s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw20 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw20s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw30 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw30s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw40 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw40s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw50 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw50s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw60 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw60s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw70 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw70s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw80 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw80s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw90 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw90s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwa0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwa0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwb0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwb0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwc0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwc0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwd0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwd0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwe0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwe0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwf0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwf0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwg0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwg0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwh0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwh0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwi0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwi0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwj0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwj0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwk0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwk0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwl0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwl0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwm0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwm0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwn0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwn0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwo0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwo0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwp0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwp0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwq0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwq0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwr0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwr0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bws0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bws0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwt0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwt0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwu0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwu0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwv0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwv0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bww0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bww0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwx0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwx0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwy0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwy0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwz0 {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwz0s {8f7c56a9-2af9-48c7-9564-69bbba330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\offline-8876480 {8F7C56A9-2AF9-48C7-9564-69BBBA330359} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\LKS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\LKS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/02/08 17:16:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/29 08:59:55 | 000,000,000 | ---D | C] -- C:\_OTL [2010/05/28 17:26:12 | 126,850,486 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\LKS\Desktop\OTLPENet.exe [2010/05/28 17:26:09 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LKS\Desktop\OTL.com [2010/05/28 17:25:39 | 126,850,486 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\LKS\My Documents\OTLPENet.exe [2010/05/28 17:25:29 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LKS\My Documents\OTL.com [2010/05/27 22:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LKS\Desktop\gmer [2010/05/26 14:20:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/05/24 15:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LKS\My Documents\tdsskiller [2010/05/24 12:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/05/24 12:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/05/24 12:55:19 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\LKS\My Documents\spybotsd162.exe [2010/05/17 19:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LKS\Local Settings\Application Data\SUPERSystemInspector [2010/05/17 19:46:58 | 000,913,544 | ---- | C] (SUPERAdBlocker.com) -- C:\Documents and Settings\LKS\My Documents\CSR00049181-1274139088.exe [2010/05/03 14:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/05/03 14:54:10 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/05/03 14:54:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/05/03 14:54:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/05/03 14:54:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2006/02/14 12:57:25 | 000,014,992 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys [2006/02/08 15:59:49 | 000,013,232 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2006/02/08 15:59:48 | 001,395,296 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2006/02/08 15:59:48 | 000,652,360 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys [2006/02/08 15:59:48 | 000,231,224 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2006/02/08 15:59:48 | 000,100,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys [2006/02/08 15:59:48 | 000,014,408 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys ========== Files - Modified Within 30 Days ========== [2010/05/29 17:36:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/29 17:35:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/29 17:34:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/29 17:34:49 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys [2010/05/29 14:12:49 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\LKS\NTUSER.DAT [2010/05/29 14:12:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\LKS\ntuser.ini [2010/05/29 14:12:30 | 005,886,376 | -H-- | M] () -- C:\Documents and Settings\LKS\Local Settings\Application Data\IconCache.db [2010/05/29 13:52:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LKS\Desktop\ComboFix.exe [2010/05/29 10:12:43 | 000,004,340 | ---- | M] () -- C:\WINDOWS\mozy.blk [2010/05/29 10:12:41 | 000,004,082 | ---- | M] () -- C:\WINDOWS\mozy.flt [2010/05/29 09:01:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/05/28 17:19:09 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\LKS\Desktop\Shortcut to OTL.com.pif [2010/05/28 14:30:51 | 126,850,486 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\LKS\My Documents\OTLPENet.exe [2010/05/28 14:30:51 | 126,850,486 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\LKS\Desktop\OTLPENet.exe [2010/05/28 14:13:36 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LKS\My Documents\OTL.com [2010/05/28 14:13:36 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LKS\Desktop\OTL.com [2010/05/27 22:07:43 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\LKS\Desktop\gmer.zip [2010/05/26 19:32:03 | 000,000,293 | ---- | M] () -- C:\WINDOWS\system.ini [2010/05/24 23:00:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/05/24 17:36:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LKS\My Documents\GooredFix.exe [2010/05/24 15:52:13 | 000,949,152 | ---- | M] () -- C:\Documents and Settings\LKS\My Documents\tdsskiller.zip [2010/05/24 12:55:17 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\LKS\My Documents\spybotsd162.exe [2010/05/24 09:16:01 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys [2010/05/24 07:46:45 | 000,002,025 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100524-141113.backup [2010/05/17 19:46:30 | 000,913,544 | ---- | M] (SUPERAdBlocker.com) -- C:\Documents and Settings\LKS\My Documents\CSR00049181-1274139088.exe [2010/05/16 07:20:08 | 000,020,074 | ---- | M] () -- C:\Documents and Settings\LKS\My Documents\easter 7 2010 notes.odt [2010/05/05 18:28:58 | 000,019,407 | ---- | M] () -- C:\Documents and Settings\LKS\My Documents\dkos5-5.odt [2010/05/03 14:53:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/05/03 14:53:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/05/03 14:53:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/05/03 14:53:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/05/03 14:53:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl ========== Files Created - No Company Name ========== [2010/05/29 13:52:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LKS\Desktop\ComboFix.exe [2010/05/28 17:19:09 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\LKS\Desktop\Shortcut to OTL.com.pif [2010/05/28 17:16:03 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys [2010/05/27 22:07:42 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\LKS\Desktop\gmer.zip [2010/05/24 15:52:31 | 000,949,152 | ---- | C] () -- C:\Documents and Settings\LKS\My Documents\tdsskiller.zip [2010/05/24 15:52:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LKS\My Documents\GooredFix.exe [2010/05/13 12:20:54 | 000,020,074 | ---- | C] () -- C:\Documents and Settings\LKS\My Documents\easter 7 2010 notes.odt [2010/05/05 18:05:00 | 000,019,407 | ---- | C] () -- C:\Documents and Settings\LKS\My Documents\dkos5-5.odt [2010/04/15 00:02:04 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007/12/28 13:22:27 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\wup_W1ssg.ini [2007/07/12 09:52:33 | 000,000,098 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007/03/31 17:09:51 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2007/03/22 11:59:51 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2007/01/11 10:55:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Webspace.INI [2006/07/30 10:08:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.Ini [2006/07/29 10:12:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI [2006/07/09 15:37:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2006/07/09 15:28:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/07/09 05:06:39 | 000,000,097 | ---- | C] () -- C:\WINDOWS\usrwiz.ini [2006/02/14 14:26:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/02/14 12:57:25 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll [2006/02/14 12:57:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll [2006/02/14 12:57:25 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll [2006/02/08 17:24:54 | 000,000,773 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/02/08 15:59:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll [2006/02/08 15:59:48 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll [2006/02/08 15:59:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll [2006/02/08 15:57:55 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2006/02/08 15:57:24 | 000,002,072 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > I was able to download ComboFix onto a CD from my work computer and will run that next.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.