System:
Quad core Q6600
2.4Ghz @ Gb RAM
Wacom CTE-440 Tablet
Windows XP SP2
I am experiencing vexing redirects from search page results. On the 2nd attempt to follow a link (after closing suspicious redirects to bogus search pages or non-loading pages) I can load the real page, and my bookmarks lead directly to correct pages. I am guessing that my MVPS HOSTS file is stopping some of the redirects.
Spysweeper found several items as did Zonealarm. I was unable to update Spy Sweeper, although Zonealarm's Kaspersky Anti Virus engine appeared to update sucessfully. After searching online, I downloaded TDSS and ran it, then Combofix (renamed CbFx.exe so it would run) and I was then able to update Spy Sweeper, although neither it nor ZoneAlarm have eliminated the problem after additional scans.
When running ComboFix it noted that ZoneAlarm was still running, even though I had shut it down, as well as SpySweeper. I shut down WRConsumerService.exe in Task Manager, but was unable to kill SpySweeper.exe. I noticed that Wallmaster stopped loading at startup, although I assume that this happened with the recovery during ComboFix's efforts.
I also updated CCleaner and let it have a go. I have run OTM and Gooredfix and have run TDSS several more times. TDSS appears to find malware each time and has rebooted my machine after seeing "rootkit activity", but the redirect problem persists.
I was unable to start Superantispyware, the free version which I used for backup scanning - not running resident. I also downloaded Malwarebytes AM, but it also refuses to start.
I have now run OTL, log follows:
OTL logfile created on: 4/8/2011 2:16:48 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 24.17 Gb Free Space | 40.28% Space Free | Partition Type: NTFS
Drive D: | 89.04 Gb Total Space | 42.25 Gb Free Space | 47.44% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 43.45 Gb Free Space | 18.66% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 53.32 Gb Free Space | 35.77% Space Free | Partition Type: NTFS
Computer Name: JEFFDESK | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/08 02:15:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/16 23:54:50 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/08/09 06:03:10 | 000,389,352 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/08/09 06:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/07/20 21:24:38 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/07/20 21:22:56 | 001,038,848 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/15 07:09:48 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/06/15 07:09:44 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/07 13:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006/03/23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005/12/05 17:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/01/19 20:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
========== Modules (SafeList) ==========
MOD - [2011/04/08 02:15:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
MOD - [2010/06/15 07:09:52 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 04:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 04:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2006/09/07 13:18:56 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/01/19 20:34:24 | 000,014,848 | ---- | M] ( ) -- C:\Program Files\CursorXP\CurXP0.dll
MOD - [2004/08/03 18:56:44 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll
MOD - [2004/08/03 18:56:44 | 000,120,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvfw32.dll
MOD - [2004/02/23 22:42:40 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/08/16 23:54:50 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/08/09 06:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/07/20 21:24:38 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/15 07:09:48 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2005/12/05 17:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2003/03/09 16:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2010/08/11 05:25:45 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010/08/09 06:03:04 | 000,123,112 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/06/15 07:09:40 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/06/09 19:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/06 15:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 15:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 15:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/10/12 18:15:30 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/12 18:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kl1.sys -- (kl1)
DRV - [2007/03/27 04:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 02:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/11/29 17:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2000/07/24 04:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 06:07:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 20:48:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 20:48:35 | 000,000,000 | ---D | M]
[2010/08/11 03:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2011/04/03 02:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions
[2011/01/16 13:39:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/03 02:52:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/12 21:45:26 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\94urjx0q.default\extensions\[email protected]
[2011/03/29 20:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/11 03:50:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/17 19:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/16 14:06:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/04/08 01:41:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions )
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/11 05:46:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe (Ziff Davis Media, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O4 - Startup: C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe (Ziff Davis Media, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.2 64.233.217.3
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/11 02:46:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/08 02:15:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2011/04/08 02:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Redirect Fixes
[2011/04/08 01:41:39 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/08 01:28:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/08 01:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 01:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/08 01:28:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/08 01:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/08 00:03:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeff\Recent
[2011/04/08 00:03:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/07 22:14:49 | 006,836,912 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeff\Desktop\mbam-rules.exe
[2011/04/07 21:52:13 | 000,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2011/04/07 21:15:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/07 21:15:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/07 21:15:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/07 21:15:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/07 21:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/07 21:00:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/07 20:50:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/04/06 01:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Application Data\jah
[2011/04/06 01:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\OpenLibraries
[2011/04/06 01:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\jahPlayer
[2011/04/05 23:05:49 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\sipr3260.dll
[2011/04/05 23:05:49 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\cook3260.dll
[2011/04/05 23:05:48 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2011/04/05 23:05:48 | 000,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2011/03/23 01:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\RFID Zapper
[2011/03/19 12:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\CubePortable
[2011/03/19 12:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\pazera
[2011/03/19 11:42:32 | 002,329,003 | ---- | C] (boilsoft, Inc. ) -- C:\Documents and Settings\Jeff\Desktop\avi_mpg_splitter.exe
[2011/03/17 20:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Portable Apps
[2010/08/15 21:52:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jeff\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/08 02:15:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2011/04/08 02:05:00 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Geeks to go redirect fix Page.url
[2011/04/08 02:01:42 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/04/08 01:44:33 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/04/08 01:44:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/08 01:41:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/08 01:28:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 23:59:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/07 22:15:12 | 006,836,912 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeff\Desktop\mbam-rules.exe
[2011/04/07 21:14:13 | 004,315,987 | R--- | M] () -- C:\Documents and Settings\Jeff\Desktop\CbFx.exe
[2011/04/07 20:50:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/07 06:34:37 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/04/06 06:45:14 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\vso_ts_preview.xml
[2011/04/06 01:48:45 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\jahPlayer.lnk
[2011/04/06 01:45:08 | 000,193,024 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 23:23:13 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/05 23:11:32 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Jeff\Application Data\pcouffin.sys
[2011/04/05 23:11:32 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.cat
[2011/04/05 23:11:31 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.inf
[2011/03/29 20:48:40 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/28 01:57:55 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Publisher.lnk
[2011/03/22 22:03:00 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/22 22:03:00 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/20 11:45:38 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Word.lnk
[2011/03/19 12:24:02 | 000,001,592 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2011/03/19 11:42:37 | 002,329,003 | ---- | M] (boilsoft, Inc. ) -- C:\Documents and Settings\Jeff\Desktop\avi_mpg_splitter.exe
[2011/03/13 15:54:38 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/08 02:04:37 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Geeks to go redirect fix Page.url
[2011/04/08 01:28:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 23:59:30 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/07 21:15:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/07 21:15:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/07 21:15:31 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/07 21:15:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/07 21:15:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/07 21:13:56 | 004,315,987 | R--- | C] () -- C:\Documents and Settings\Jeff\Desktop\CbFx.exe
[2011/04/06 01:48:45 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\jahPlayer.lnk
[2011/04/05 23:06:17 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\vso_ts_preview.xml
[2010/11/07 23:19:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/05 00:51:38 | 000,000,066 | ---- | C] () -- C:\WINDOWS\drD3D.ini
[2010/08/18 04:24:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/16 12:04:31 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/16 04:46:07 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2010/08/16 04:46:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2010/08/16 01:36:18 | 000,001,592 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/15 21:52:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.cat
[2010/08/15 21:52:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\pcouffin.inf
[2010/08/12 01:03:49 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/08/12 01:03:48 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/08/12 01:03:48 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/08/12 00:13:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/12 00:12:54 | 000,193,024 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 13:04:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/11 06:06:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/11 05:54:02 | 000,016,560 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/08/11 05:53:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/11 05:43:21 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/08/11 05:43:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2010/08/11 05:43:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini
[2010/08/11 05:43:19 | 000,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/08/11 05:43:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/08/11 05:42:34 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/08/11 05:42:34 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/08/11 05:42:34 | 000,000,026 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2010/08/11 05:42:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/08/11 05:42:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/08/11 05:42:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BRVPDNTA.DLL
[2010/08/11 05:42:17 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/08/11 05:42:17 | 000,011,568 | ---- | C] () -- C:\WINDOWS\HL-1440.INI
[2010/08/11 05:42:17 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/08/11 05:20:23 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/08/11 05:20:23 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/08/11 05:15:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/08/11 04:47:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/08/11 04:43:07 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/08/11 04:13:24 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/11 04:13:22 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/08/11 04:13:22 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/08/11 04:13:20 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/08/11 04:13:20 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/08/11 04:02:57 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010/08/11 03:46:38 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/08/11 03:39:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/08/11 03:13:34 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/08/11 03:07:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/11 02:48:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/11 02:43:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/10 19:27:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/10 19:26:45 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/06 15:00:20 | 000,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2004/12/20 14:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 14:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/03 19:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
< End of report >
OTL Extras logfile created on: 4/8/2011 2:16:48 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 24.17 Gb Free Space | 40.28% Space Free | Partition Type: NTFS
Drive D: | 89.04 Gb Total Space | 42.25 Gb Free Space | 47.44% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 43.45 Gb Free Space | 18.66% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 53.32 Gb Free Space | 35.77% Space Free | Partition Type: NTFS
Computer Name: JEFFDESK | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 23
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.7.343
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled Twist 1.0.3" = Bejeweled Twist 1.0.3
"Brother 1440" = Brother 1440
"BROWNIE" = Brownie
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"CursorXP" = CursorXP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.0.1
"ffdshow_is1" = ffdshow [rev 1431] [2007-08-21]
"FLVPlayer" = FLV Player 1.3.3
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.4.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"IconForge version 4.92_is1" = IconForge version 4.92
"jahPlayer" = jahPlayer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"OpenLibraries" = OpenLibraries
"Opera 11.01.1190" = Opera 11.01
"PC Magazine ButtonBoogie 2_is1" = PC Magazine ButtonBoogie 2.1
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Sandboxie" = Sandboxie 3.48
"Tablet Driver" = Tablet
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WallMaster" = WallMaster
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WM Converter 2.0" = WM Converter 2.0
"xp-AntiSpy" = xp-AntiSpy 3.96-4
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoneAlarm Anti-virus" = ZoneAlarm Anti-virus
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/3/2010 12:44:17 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.
Error - 10/4/2010 9:18:00 PM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
doomsday.exe, version 0.0.0.0, fault address 0x00064123.
Error - 11/6/2010 1:02:22 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
doomsday.exe, version 0.0.0.0, fault address 0x0003ee95.
Error - 11/6/2010 1:06:33 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
doomsday.exe, version 0.0.0.0, fault address 0x0003ee95.
Error - 11/6/2010 1:08:51 AM | Computer Name = JEFFDESK | Source = Application Error | ID = 1000
Description = Faulting application doomsday.exe, version 0.0.0.0, faulting module
doomsday.exe, version 0.0.0.0, fault address 0x000609f2.
[ System Events ]
Error - 4/5/2011 8:57:58 PM | Computer Name = JEFFDESK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.
Error - 4/5/2011 8:59:51 PM | Computer Name = JEFFDESK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.
Error - 4/5/2011 9:05:01 PM | Computer Name = JEFFDESK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.
Error - 4/5/2011 9:10:11 PM | Computer Name = JEFFDESK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.
Error - 4/5/2011 9:12:05 PM | Computer Name = JEFFDESK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.
Error - 4/5/2011 9:17:15 PM | Computer Name = JEFFDESK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.
Error - 4/5/2011 9:22:25 PM | Computer Name = JEFFDESK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.
Error - 4/5/2011 9:24:16 PM | Computer Name = JEFFDESK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.
Error - 4/5/2011 9:29:26 PM | Computer Name = JEFFDESK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.
Error - 4/5/2011 10:39:01 PM | Computer Name = JEFFDESK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.
< End of report >
The only things that stand out so far are the three Mozilla Extensions with "No Name found", and VC80CRTRedist - 8.0.50727.4053.
Thanks in Advance!
Jeff Ferreri