Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet/Security/Windows Infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 tjdrake719

tjdrake719

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 29 June 2009 - 09:34 PM

I can't access the internet, and any time I try to run adaware, spybot, or mbam they give errors or freeze. My firewall is no longer working (kerio) and the only active protection I have on now is threatfire. Here is my Hijack this log from safe mode. This was in the period of 1 day, and I ran all scans successfully 3 days ago.

Not sure if it is relevent, but my media players all refuse to play audio as well.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:35 PM, on 6/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194164680765
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 5504 bytes




The help is very much appreciated.

Attached Files


Edited by tjdrake719, 29 June 2009 - 10:22 PM.


BC AdBot (Login to Remove)

 


m

#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,680 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:12 PM

Posted 03 July 2009 - 08:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards _temp_
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 tjdrake719

tjdrake719
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 03 July 2009 - 11:21 PM

As described above, I am having internet connection problems as well as my firewall showing errors and shutting down. My DDS log and hijack this log are both current, as I have not done anything with my computer at all since I posted, but if it is necessary I can run them both again out of safe mode. Let me know.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,680 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:12 PM

Posted 04 July 2009 - 04:38 AM

Hi tjdrake719, :thumbup2:

has your PC been running over the last coupled of days? If so, please provide new logs.

We ask for the logs because we need to see how the malware evolved.

regards _temp_
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 tjdrake719

tjdrake719
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 04 July 2009 - 01:04 PM

Current DDS:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Travis Drake at 12:00:41.95 on Sat 07/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2030.1589 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Travis Drake\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\travis~1\startm~1\programs\startup\rescue~1.lnk - c:\program files\rescuetime\RescueTime.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194164680765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\travis~1\applic~1\mozilla\firefox\profiles\7c0833sp.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava11.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava12.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava13.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava14.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava32.dll
FF - plugin: c:\program files\opera\program\plugins\NPJPI142_06.dll
FF - plugin: c:\program files\opera\program\plugins\NPOJI610.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera\program\plugins\NPSWF32_back.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-14 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-14 46864]
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [2008-3-17 102912]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-9-25 574808]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-12-14 33552]
S3 BFAIFILT;BFAIFILT;c:\windows\system32\drivers\BFAIFILT.SYS [2008-2-21 3264]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 U2KG54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\U2KG54.SYS [2008-2-21 245376]

=============== Created Last 30 ================

2009-07-01 14:46 <DIR> --d----- c:\program files\Comcast
2009-07-01 14:44 <DIR> --d----- c:\program files\common files\SupportSoft
2009-07-01 14:44 <DIR> --d----- c:\program files\ComcastUI
2009-06-29 20:18 31,928 a------- c:\windows\system32\rrMon.sys
2009-06-29 20:17 <DIR> --d----- c:\program files\Registrar Registry Manager
2009-06-29 17:11 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-06-29 17:11 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-06-29 17:11 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-06-29 17:11 <DIR> --d----- c:\program files\ffdshow

==================== Find3M ====================

2009-06-19 14:37 46,864 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-06-19 14:37 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-06-19 14:37 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 09:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 09:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll
2009-05-07 01:04 157,712 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-28 22:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 22:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 22:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 22:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 22:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 22:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 22:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-28 22:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-28 22:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 22:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 22:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 03:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 03:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 23:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 23:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 03:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 03:58 1,846,656 a------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 09:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 09:11 584,192 a------- c:\windows\system32\dllcache\rpcrt4.dll
2008-07-03 11:10 18,320 a------- c:\docume~1\travis~1\applic~1\GDIPFONTCACHEV1.DAT
2008-02-22 13:42 87,608 a------- c:\docume~1\travis~1\applic~1\inst.exe
2008-02-22 13:42 47,360 a------- c:\docume~1\travis~1\applic~1\pcouffin.sys

============= FINISH: 12:01:35.06 ===============


Attach:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Travis Drake at 12:00:41.95 on Sat 07/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2030.1589 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Travis Drake\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\travis~1\startm~1\programs\startup\rescue~1.lnk - c:\program files\rescuetime\RescueTime.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194164680765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\travis~1\applic~1\mozilla\firefox\profiles\7c0833sp.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava11.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava12.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava13.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava14.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava32.dll
FF - plugin: c:\program files\opera\program\plugins\NPJPI142_06.dll
FF - plugin: c:\program files\opera\program\plugins\NPOJI610.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera\program\plugins\NPSWF32_back.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-14 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-14 46864]
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [2008-3-17 102912]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-9-25 574808]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-12-14 33552]
S3 BFAIFILT;BFAIFILT;c:\windows\system32\drivers\BFAIFILT.SYS [2008-2-21 3264]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 U2KG54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\U2KG54.SYS [2008-2-21 245376]

=============== Created Last 30 ================

2009-07-01 14:46 <DIR> --d----- c:\program files\Comcast
2009-07-01 14:44 <DIR> --d----- c:\program files\common files\SupportSoft
2009-07-01 14:44 <DIR> --d----- c:\program files\ComcastUI
2009-06-29 20:18 31,928 a------- c:\windows\system32\rrMon.sys
2009-06-29 20:17 <DIR> --d----- c:\program files\Registrar Registry Manager
2009-06-29 17:11 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-06-29 17:11 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-06-29 17:11 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-06-29 17:11 <DIR> --d----- c:\program files\ffdshow

==================== Find3M ====================

2009-06-19 14:37 46,864 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-06-19 14:37 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-06-19 14:37 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 09:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 09:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll
2009-05-07 01:04 157,712 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-28 22:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 22:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 22:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 22:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 22:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 22:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 22:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-28 22:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-28 22:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 22:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 22:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 03:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 03:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 23:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 23:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 03:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 03:58 1,846,656 a------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 09:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 09:11 584,192 a------- c:\windows\system32\dllcache\rpcrt4.dll
2008-07-03 11:10 18,320 a------- c:\docume~1\travis~1\applic~1\GDIPFONTCACHEV1.DAT
2008-02-22 13:42 87,608 a------- c:\docume~1\travis~1\applic~1\inst.exe
2008-02-22 13:42 47,360 a------- c:\docume~1\travis~1\applic~1\pcouffin.sys

============= FINISH: 12:01:35.06 ===============


Thanks again.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,702 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:12 AM

Posted 05 July 2009 - 07:18 PM

Sorry for the delay here. A team member should be with you shortly.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 06 July 2009 - 12:18 PM

Hello.

Let's get some more indepths scans. There may be a rootkit infection.

Download and Run OTListIt
Please download OTListIt by OldTimer to your desktop.
Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTL.exe and select Run As Administrator.
Click Run Scan without changing any settings. When the scan is complete, a logfile will open.
Copy the contents of the log into your next reply. It will be saved as OTL.txt where OTL.exe is located. The Extras.txt is not needed.

Download and Run Scan with RootRepeal
We will use RootRepeal to scan for rootkits.
  • Download RootRepeal from the following location and save it to your desktop:
  • Extract RootRepeal.exe from the zip archive.
  • Open RootRepeal.exe on your desktop. If you are using Windows Vista, right click RootRepeal.exe and select Run As Administrator.
  • Click the Report tab.
  • Click the Scan button.
  • Check all six boxes.
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

With Regards,
The Panda

#8 tjdrake719

tjdrake719
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 06 July 2009 - 06:37 PM

OTL logfile created on: 7/6/2009 5:01:43 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Travis Drake\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 75.24% Memory free
3.83 Gb Paging File | 3.45 Gb Available in Paging File | 90.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 28.63 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.81 Gb Total Space | 1.97 Gb Free Space | 51.71% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: YOUR-5539331015
Current User Name: Travis Drake
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/09/25 10:00:46 | 00,574,808 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2008/12/14 23:26:56 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/04/20 04:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2006/11/06 13:48:40 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\STacSV.exe
PRC - [2009/06/19 14:37:19 | 00,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2007/06/13 04:23:08 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/11/06 13:47:58 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2005/01/27 05:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
PRC - [2009/06/19 14:37:21 | 00,259,344 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/09/18 18:40:42 | 01,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
PRC - [2008/09/03 09:20:22 | 00,311,296 | ---- | M] (RescueTime.com) -- C:\Program Files\RescueTime\RescueTime.exe
PRC - [2009/07/06 17:00:08 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Travis Drake\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/09/25 10:00:46 | 00,574,808 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/14 23:26:56 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/02/28 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/04/20 04:05:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/12/09 07:38:14 | 00,065,625 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2003/04/30 16:43:32 | 00,389,120 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall\persfw.exe -- (PersFw [Auto | Stopped])
SRV - [2007/11/06 14:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Auto | Running])
SRV - [2003/12/09 07:32:58 | 00,065,622 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2006/11/06 13:48:40 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2009/06/19 14:37:19 | 00,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire [Auto | Running])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/03 21:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2002/04/03 15:06:28 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\System32\DRIVERS\AN983.sys -- (AN983 [On_Demand | Stopped])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2004/08/03 20:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2008/02/27 13:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2004/07/13 14:49:02 | 00,003,264 | ---- | M] () -- C:\WINDOWS\System32\Drivers\bfaifilt.sys -- (BFAIFILT [On_Demand | Stopped])
DRV - [2005/07/06 14:52:00 | 00,009,600 | ---- | M] (BUFFALO INC.) -- C:\WINDOWS\System32\BUFADPT.SYS -- (BUFADPT [System | Running])
DRV - [2008/12/14 23:26:57 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2007/04/13 11:33:34 | 00,254,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2001/08/17 10:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2006/12/26 06:54:35 | 00,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
DRV - [2006/12/26 06:54:34 | 00,015,440 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
DRV - [2002/04/15 12:28:32 | 00,102,912 | ---- | M] () -- C:\WINDOWS\System32\Drivers\fwdrv.sys -- (fwdrv [System | Running])
DRV - [2008/07/07 23:10:08 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2005/01/07 15:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/05/11 17:00:14 | 00,045,056 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\HECI.sys -- (HECI [On_Demand | Running])
DRV - [2006/06/14 11:56:40 | 00,247,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2006/02/28 03:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2007/11/06 14:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2004/03/23 20:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\NSNDIS5.SYS -- (NSNDIS5 [On_Demand | Stopped])
DRV - [2007/04/20 04:05:00 | 06,739,168 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007/11/04 00:20:24 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2005/01/31 00:03:00 | 00,381,312 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\PRISMA02.sys -- (PRISM_A02 [On_Demand | Stopped])
DRV - [2006/02/28 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/10/19 18:56:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/04/04 04:43:22 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/02/23 09:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2007/03/16 12:59:40 | 00,054,272 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\System32\drivers\sfng32.sys -- (sfng32 [On_Demand | Running])
DRV - [2005/04/14 06:12:32 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2004/08/03 21:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2007/10/20 20:24:18 | 00,646,392 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/11/06 13:48:52 | 01,184,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2009/06/19 14:37:27 | 00,051,984 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon [Boot | Running])
DRV - [2009/06/19 14:37:28 | 00,033,552 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon [On_Demand | Running])
DRV - [2009/06/19 14:37:29 | 00,046,864 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon [Boot | Running])
DRV - [2005/10/17 20:50:06 | 00,245,376 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\U2KG54.sys -- (U2KG54 [On_Demand | Stopped])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2006/02/26 09:21:24 | 00,092,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid [Boot | Running])
DRV - [2008/07/07 12:57:17 | 00,239,488 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\rt2500usb.sys -- (WUSB54GPV4SRV [On_Demand | Stopped])
DRV - [2005/09/18 18:02:52 | 00,005,632 | ---- | M] () -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net?cid=NET_mmhpset"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/21 22:47:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/26 15:32:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/14 19:13:57 | 00,000,000 | ---D | M]

[2009/03/19 22:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis Drake\Application Data\mozilla\Extensions
[2009/03/19 22:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis Drake\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/05 14:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis Drake\Application Data\mozilla\Firefox\Profiles\7c0833sp.default\extensions
[2009/06/24 14:02:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Travis Drake\Application Data\mozilla\Firefox\Profiles\7c0833sp.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/07/05 14:48:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/14 19:13:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/02 01:30:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/09/07 16:07:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/21 22:47:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/19 23:59:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/16 18:54:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/14 19:13:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/14 19:13:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/04 11:15:38 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/19 18:54:06 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/03/21 14:29:06 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/06/14 19:13:52 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/07 06:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2007/11/04 20:12:16 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/11/04 20:12:16 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/11/04 20:12:16 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/11/04 20:12:16 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/11/04 20:12:16 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/11/04 20:12:16 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/11/04 20:12:16 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/10/07 06:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/04/22 21:30:36 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/22 21:30:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/22 21:30:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/22 21:30:36 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/22 21:30:36 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/22 21:30:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/22 21:30:36 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - Startup: C:\Documents and Settings\Travis Drake\Start Menu\Programs\Startup\RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe (RescueTime.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1194164680765 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/27 12:46:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/04 15:02:54 | 00,000,279 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{62db462d-f9fd-11dd-bfaf-0019d1a82e42}\Shell - "" = AutoRun
O33 - MountPoints2\{62db462d-f9fd-11dd-bfaf-0019d1a82e42}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{62db462d-f9fd-11dd-bfaf-0019d1a82e42}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2006/09/19 19:00:26 | 01,114,112 | R--- | M] ()
O33 - MountPoints2\{6f2082c1-df33-11dc-bf71-0019d1a82e42}\Shell - "" = AutoRun
O33 - MountPoints2\{6f2082c1-df33-11dc-bf71-0019d1a82e42}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f2082c1-df33-11dc-bf71-0019d1a82e42}\Shell\AutoRun\command - "" = G:\lzext.exe -- File not found
O33 - MountPoints2\{8e44252c-7d49-11dc-bf27-0019d1a82e42}\Shell - "" = AutoRun
O33 - MountPoints2\{8e44252c-7d49-11dc-bf27-0019d1a82e42}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e44252c-7d49-11dc-bf27-0019d1a82e42}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2006/09/19 19:00:25 | 01,114,112 | R--- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2006/09/19 19:00:25 | 01,114,112 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/07/06 17:01:31 | 00,451,655 | ---- | C] () -- C:\Documents and Settings\Travis Drake\Desktop\RootRepeal.zip
[2009/07/06 17:01:30 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Travis Drake\Desktop\OTL.exe
[2009/07/04 11:53:38 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Travis Drake\Desktop\dds.scr
[2009/07/01 17:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Travis Drake\Desktop\Comcast
[2009/07/01 14:46:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/07/01 14:46:26 | 00,000,000 | ---D | C] -- C:\Program Files\Comcast
[2009/07/01 14:44:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Travis Drake\Local Settings\Application Data\SupportSoft
[2009/07/01 14:44:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2009/07/01 14:44:02 | 00,000,000 | ---D | C] -- C:\Program Files\ComcastUI
[2009/06/30 22:33:04 | 21,283,67616 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/29 20:18:51 | 00,031,928 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys
[2009/06/29 20:17:33 | 00,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2009/06/29 20:17:33 | 00,097,888 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
[2009/06/29 20:17:33 | 00,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2009/06/29 17:19:57 | 00,232,592 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Travis Drake\Desktop\l3codecx.exe
[2009/06/29 17:11:41 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/29 17:11:36 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/29 17:11:36 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009/06/29 17:11:35 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/06/29 17:08:46 | 04,284,794 | ---- | C] (ffdshow ) -- C:\Documents and Settings\Travis Drake\Desktop\ffdshow_rev3013_20090620_clsid.exe
[2009/06/29 12:34:22 | 01,009,524 | ---- | C] () -- C:\Documents and Settings\Travis Drake\Desktop\Werewolf - Transylvania 1.18.w3x
[2009/06/25 18:14:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Travis Drake\Desktop\Weeds Season 1-4
[2009/06/22 14:01:18 | 01,082,368 | ---- | C] () -- C:\Documents and Settings\Travis Drake\Desktop\DadPokerSheet.xls
[2009/06/22 12:26:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Travis Drake\Desktop\TruBlood
[2009/06/16 18:54:56 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/06/16 18:54:56 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/06/16 18:54:56 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/06/15 11:09:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Travis Drake\Desktop\bg
[2009/06/12 10:33:28 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Travis Drake\Local Settings\Application Data\housecall.guid.cache
[2009/06/12 10:14:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/06/09 19:44:55 | 00,514,685 | ---- | C] () -- C:\Documents and Settings\Travis Drake\Desktop\London Massacre 1.1.w3x
[2009/06/08 12:44:46 | 00,865,434 | ---- | C] () -- C:\Documents and Settings\Travis Drake\Desktop\gpedit-for-windows-xp-home.zip
[2009/02/08 18:03:10 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/13 23:15:59 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/01/13 23:15:59 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/10/13 18:25:39 | 00,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2008/07/05 22:52:42 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/07/05 22:46:37 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/07/05 22:46:37 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/07/05 22:46:37 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/04/28 21:19:41 | 00,003,109 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/28 20:58:32 | 00,000,339 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/04/20 18:20:16 | 00,000,312 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/04/17 21:53:36 | 00,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/04/17 21:53:36 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/04/15 00:08:43 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/03/31 15:25:46 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/21 14:30:08 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 14:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 14:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 14:28:20 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/17 17:28:41 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/17 17:28:41 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/17 17:16:09 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FWDRV.SYS
[2008/02/21 14:01:33 | 00,023,287 | ---- | C] () -- C:\WINDOWS\UN800114.INI
[2008/02/21 14:00:55 | 00,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\BFAIFILT.SYS
[2008/02/21 14:00:55 | 00,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\AIFILT.SYS
[2008/01/20 16:59:03 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/01/20 16:54:29 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/01/10 00:41:25 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2008/01/09 00:12:17 | 00,000,058 | ---- | C] () -- C:\WINDOWS\EPSONSC88+.ini
[2007/11/20 14:13:50 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/11/20 14:13:50 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/11/20 14:13:50 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/11/20 14:13:50 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/11/06 14:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/11/04 02:02:53 | 00,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/11/04 00:21:23 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2007/11/03 23:25:08 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/03 22:58:37 | 00,000,653 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/10/20 21:09:15 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/10/20 20:24:18 | 00,646,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/10/10 06:32:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/10 01:35:46 | 00,000,503 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/27 12:33:58 | 00,000,469 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/09/27 12:33:56 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/10 09:10:05 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[1996/04/03 13:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1979/12/31 22:00:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[1979/12/31 22:00:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[1979/12/31 22:00:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[1979/12/31 22:00:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[1979/12/31 22:00:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== Files - Modified Within 30 Days ==========

[48 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/07/06 17:00:20 | 00,451,655 | ---- | M] () -- C:\Documents and Settings\Travis Drake\Desktop\RootRepeal.zip
[2009/07/06 17:00:08 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Travis Drake\Desktop\OTL.exe
[2009/07/06 13:52:50 | 00,134,144 | ---- | M] () -- C:\Documents and Settings\Travis Drake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/04 12:32:13 | 02,434,560 | ---- | M] () -- C:\Documents and Settings\Travis Drake\Desktop\Budget2007-2008.xls
[2009/07/04 12:00:07 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/04 11:59:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/04 11:59:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/04 11:58:56 | 21,283,67616 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/04 11:56:47 | 04,288,118 | -H-- | M] () -- C:\Documents and Settings\Travis Drake\Local Settings\Application Data\IconCache.db
[2009/07/01 17:21:41 | 00,000,469 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/01 17:21:41 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/01 17:21:41 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/06/29 21:16:42 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Travis Drake\Desktop\dds.scr
[2009/06/29 17:20:05 | 00,232,592 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Travis Drake\Desktop\l3codecx.exe
[2009/06/29 17:10:46 | 04,284,794 | ---- | M] (ffdshow ) -- C:\Documents and Settings\Travis Drake\Desktop\ffdshow_rev3013_20090620_clsid.exe
[2009/06/29 12:34:23 | 01,009,524 | ---- | M] () -- C:\Documents and Settings\Travis Drake\Desktop\Werewolf - Transylvania 1.18.w3x
[2009/06/29 03:38:00 | 00,000,578 | ---- | M] () -- C:\Documents and Settings\Travis Drake\My Documents\My Sharing Folders.lnk
[2009/06/22 14:01:36 | 01,326,592 | ---- | M] () -- C:\Documents and Settings\Travis Drake\Desktop\Cwik_PokerSpread.xls
[2009/06/22 14:01:22 | 01,082,368 | ---- | M] () -- C:\Documents and Settings\Travis Drake\Desktop\DadPokerSheet.xls
[2009/06/20 19:09:27 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/06/19 14:37:29 | 00,046,864 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009/06/19 14:37:28 | 00,033,552 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009/06/19 14:37:27 | 00,051,984 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/12 10:33:28 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Travis Drake\Local Settings\Application Data\housecall.guid.cache
[2009/06/11 21:56:50 | 00,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/11 17:48:11 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/09 19:45:13 | 00,514,685 | ---- | M] () -- C:\Documents and Settings\Travis Drake\Desktop\London Massacre 1.1.w3x
[2009/06/08 12:44:53 | 00,865,434 | ---- | M] () -- C:\Documents and Settings\Travis Drake\Desktop\gpedit-for-windows-xp-home.zip

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

Attached Files



#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 06 July 2009 - 08:02 PM

Hello.

Those logs look clean.

Have the symptoms changed at all?

Let's try installing Service Pack 3.

Create New System Restore Point
We'll create a backup before continuing.
  • Click on your Start Menu -> Run. Type into the Run box:
    %systemroot%\system32\restore\rstrui.exe
  • In the System Restore, select Create a restore point.
  • Give the Restore Point a name and click Create.
  • You should see a success message. Exit the System Restore.
Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Do not use the NTREGOPT that comes with the installation package.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. If you are using Windows Vista, right click the icon and select "Run As Administrator." Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes only if you are using Windows XP. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you may, remove ERUNT using Add/Remove Programs.
--
Download the installation package for SP3 here. (I know it says not for single computers, but we don't have access to Windows Updates.)

Run the installer.

Take a new DDS.txt log after. Tell me how it goes.

With Regards,
The Panda

#10 tjdrake719

tjdrake719
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 06 July 2009 - 09:28 PM

I was able to run a few scans and they picked up a few minor things, but not much. I reinstalled my firewall and rebooted and it seems to be working fine now. I will plug the internet connection in and see if I can download the sp3 and see how it goes. DDS coming soon.

#11 tjdrake719

tjdrake719
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 08 July 2009 - 05:34 PM

Here is the DDS:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Travis Drake at 16:28:30.40 on Wed 07/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2030.1565 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Travis Drake\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\travis~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\travis~1\startm~1\programs\startup\rescue~1.lnk - c:\program files\rescuetime\RescueTime.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194164680765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\travis~1\applic~1\mozilla\firefox\profiles\7c0833sp.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava11.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava12.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava13.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava14.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava32.dll
FF - plugin: c:\program files\opera\program\plugins\NPJPI142_06.dll
FF - plugin: c:\program files\opera\program\plugins\NPOJI610.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera\program\plugins\NPSWF32_back.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-14 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-14 46864]
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [2008-3-17 102912]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-9-25 574808]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-12-14 33552]
S3 BFAIFILT;BFAIFILT;c:\windows\system32\drivers\BFAIFILT.SYS [2008-2-21 3264]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 U2KG54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\U2KG54.SYS [2008-2-21 245376]

=============== Created Last 30 ================

2009-07-08 16:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-08 16:22 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-08 16:22 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-07-08 15:56 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-08 15:54 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-07-08 15:53 19,569 a------- c:\windows\002776_.tmp
2009-07-08 15:51 <DIR> --d----- c:\windows\EHome
2009-07-01 14:46 <DIR> --d----- c:\program files\Comcast
2009-07-01 14:44 <DIR> --d----- c:\program files\common files\SupportSoft
2009-07-01 14:44 <DIR> --d----- c:\program files\ComcastUI
2009-06-29 20:18 31,928 a------- c:\windows\system32\rrMon.sys
2009-06-29 20:17 <DIR> --d----- c:\program files\Registrar Registry Manager
2009-06-29 17:11 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-06-29 17:11 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-06-29 17:11 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-06-29 17:11 <DIR> --d----- c:\program files\ffdshow

==================== Find3M ====================

2009-07-08 15:59 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-19 14:37 46,864 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-06-19 14:37 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-06-19 14:37 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 09:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 22:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 22:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 22:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 22:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 22:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 22:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 22:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-28 22:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-28 22:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 22:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 22:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 03:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 03:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 23:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 23:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 06:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 08:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-07-03 11:10 18,320 a------- c:\docume~1\travis~1\applic~1\GDIPFONTCACHEV1.DAT
2008-02-22 13:42 87,608 a------- c:\docume~1\travis~1\applic~1\inst.exe
2008-02-22 13:42 47,360 a------- c:\docume~1\travis~1\applic~1\pcouffin.sys

============= FINISH: 16:29:38.04 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/16/2007 3:03:55 PM
System Uptime: 7/8/2009 4:26:38 PM (0 hours ago)

Motherboard: Intel Corporation | | DP35DP
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz | J1PR | 2666/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 31.465 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP517: 4/10/2009 4:07:47 AM - System Checkpoint
RP518: 4/10/2009 2:57:54 PM - Removed Opera 9.52
RP519: 4/10/2009 2:58:07 PM - Installed Opera 9.64
RP520: 4/11/2009 3:07:47 PM - System Checkpoint
RP521: 4/12/2009 8:42:00 PM - System Checkpoint
RP522: 4/13/2009 11:06:10 PM - System Checkpoint
RP523: 4/14/2009 11:07:46 PM - System Checkpoint
RP524: 4/16/2009 12:07:46 AM - System Checkpoint
RP525: 4/17/2009 1:07:46 AM - System Checkpoint
RP526: 4/18/2009 1:08:13 AM - System Checkpoint
RP527: 4/19/2009 2:08:14 AM - System Checkpoint
RP528: 4/19/2009 11:18:24 PM - Software Distribution Service 3.0
RP529: 4/19/2009 11:59:33 PM - Installed Java™ 6 Update 13
RP530: 4/21/2009 12:54:11 AM - System Checkpoint
RP531: 4/22/2009 12:46:38 AM - Software Distribution Service 3.0
RP532: 4/23/2009 12:56:23 AM - System Checkpoint
RP533: 4/24/2009 1:56:49 AM - System Checkpoint
RP534: 4/25/2009 2:53:19 AM - System Checkpoint
RP535: 4/26/2009 2:55:14 AM - System Checkpoint
RP536: 4/27/2009 4:30:19 AM - System Checkpoint
RP537: 4/28/2009 4:53:19 AM - System Checkpoint
RP538: 4/29/2009 5:53:19 AM - System Checkpoint
RP539: 4/30/2009 6:53:19 AM - System Checkpoint
RP540: 5/1/2009 7:53:19 AM - System Checkpoint
RP541: 5/2/2009 8:53:18 AM - System Checkpoint
RP542: 5/3/2009 9:53:18 AM - System Checkpoint
RP543: 5/4/2009 1:36:46 PM - System Checkpoint
RP544: 5/5/2009 4:01:27 PM - System Checkpoint
RP545: 5/7/2009 2:04:27 AM - System Checkpoint
RP546: 5/8/2009 2:54:09 AM - System Checkpoint
RP547: 5/9/2009 3:54:10 AM - System Checkpoint
RP548: 5/10/2009 4:54:09 AM - System Checkpoint
RP549: 5/11/2009 5:54:11 AM - System Checkpoint
RP550: 5/12/2009 6:54:10 AM - System Checkpoint
RP551: 5/13/2009 6:54:44 AM - System Checkpoint
RP552: 5/14/2009 7:54:44 AM - System Checkpoint
RP553: 5/15/2009 8:54:44 AM - System Checkpoint
RP554: 5/16/2009 9:54:45 AM - System Checkpoint
RP555: 5/17/2009 10:19:47 AM - System Checkpoint
RP556: 5/18/2009 11:19:47 AM - System Checkpoint
RP557: 5/19/2009 12:19:47 PM - System Checkpoint
RP558: 5/20/2009 1:07:47 PM - System Checkpoint
RP559: 5/21/2009 1:59:31 PM - System Checkpoint
RP560: 5/22/2009 2:39:00 PM - System Checkpoint
RP561: 5/23/2009 4:01:55 PM - System Checkpoint
RP562: 5/24/2009 4:38:34 PM - System Checkpoint
RP563: 5/25/2009 6:10:51 PM - System Checkpoint
RP564: 5/26/2009 7:44:05 PM - System Checkpoint
RP565: 5/27/2009 4:59:12 PM - Software Distribution Service 3.0
RP566: 5/29/2009 12:00:01 AM - System Checkpoint
RP567: 5/30/2009 2:21:36 AM - System Checkpoint
RP568: 5/31/2009 3:26:30 AM - System Checkpoint
RP569: 6/1/2009 3:39:14 AM - System Checkpoint
RP570: 6/2/2009 4:39:15 AM - System Checkpoint
RP571: 6/3/2009 5:39:15 AM - System Checkpoint
RP572: 6/4/2009 6:39:15 AM - System Checkpoint
RP573: 6/5/2009 8:06:23 AM - System Checkpoint
RP574: 6/6/2009 8:57:17 AM - System Checkpoint
RP575: 6/7/2009 9:39:43 AM - System Checkpoint
RP576: 6/8/2009 10:39:44 AM - System Checkpoint
RP577: 6/9/2009 10:40:48 AM - System Checkpoint
RP578: 6/10/2009 1:26:10 PM - System Checkpoint
RP579: 6/11/2009 4:01:17 PM - System Checkpoint
RP580: 6/11/2009 5:45:24 PM - Software Distribution Service 3.0
RP581: 6/12/2009 6:00:55 PM - System Checkpoint
RP582: 6/13/2009 7:00:54 PM - System Checkpoint
RP583: 6/14/2009 7:01:20 PM - System Checkpoint
RP584: 6/15/2009 8:06:34 PM - System Checkpoint
RP585: 6/16/2009 6:54:24 PM - Installed Java™ 6 Update 14
RP586: 6/17/2009 7:01:09 PM - System Checkpoint
RP587: 6/18/2009 7:48:24 PM - System Checkpoint
RP588: 6/19/2009 8:52:02 PM - System Checkpoint
RP589: 6/20/2009 9:29:07 PM - System Checkpoint
RP590: 6/21/2009 9:29:37 PM - System Checkpoint
RP591: 6/22/2009 11:02:38 PM - System Checkpoint
RP592: 6/23/2009 11:44:14 PM - System Checkpoint
RP593: 6/25/2009 12:19:24 AM - System Checkpoint
RP594: 6/26/2009 12:36:41 AM - System Checkpoint
RP595: 6/27/2009 1:36:41 AM - System Checkpoint
RP596: 6/28/2009 2:36:41 AM - System Checkpoint
RP597: 6/29/2009 3:53:33 AM - System Checkpoint
RP598: 6/29/2009 5:51:38 PM - Installed Kerio Personal Firewall
RP599: 7/1/2009 2:32:02 AM - System Checkpoint
RP600: 7/1/2009 2:44:01 PM - Installed Comcast Desktop Software (v1.2.0.9)
RP601: 7/2/2009 3:14:29 PM - System Checkpoint
RP602: 7/3/2009 8:19:27 PM - System Checkpoint
RP603: 7/4/2009 8:46:15 PM - System Checkpoint
RP604: 7/5/2009 9:03:56 PM - System Checkpoint
RP605: 7/6/2009 9:09:06 PM - System Checkpoint
RP606: 7/7/2009 10:08:01 PM - System Checkpoint
RP607: 7/8/2009 3:46:32 PM - SP3 Restore Point
RP608: 7/8/2009 3:53:50 PM - Installed Windows XP Service Pack 3.
RP609: 7/8/2009 4:01:31 PM - Installed Windows XP KB938464.
RP610: 7/8/2009 4:02:00 PM - Installed Windows XP KB946648.
RP611: 7/8/2009 4:02:31 PM - Installed Windows XP KB950762.
RP612: 7/8/2009 4:03:01 PM - Installed Windows XP KB950974.
RP613: 7/8/2009 4:03:30 PM - Installed Windows XP KB951066.
RP614: 7/8/2009 4:04:01 PM - Installed Windows XP KB951376-v2.
RP615: 7/8/2009 4:04:32 PM - Installed Windows XP KB951698.
RP616: 7/8/2009 4:05:02 PM - Installed Windows XP KB951748.
RP617: 7/8/2009 4:05:34 PM - Installed Windows XP KB952004.
RP618: 7/8/2009 4:06:07 PM - Installed Windows XP KB952287.
RP619: 7/8/2009 4:06:36 PM - Installed Windows XP KB952954.
RP620: 7/8/2009 4:07:08 PM - Installed Windows XP KB954211.
RP621: 7/8/2009 4:07:55 PM - Installed Windows XP KB954600.
RP622: 7/8/2009 4:08:29 PM - Installed Windows XP KB956572.
RP623: 7/8/2009 4:09:03 PM - Installed Windows XP KB956802.
RP624: 7/8/2009 4:09:33 PM - Installed Windows XP KB956803.
RP625: 7/8/2009 4:10:04 PM - Installed Windows XP KB956841.
RP626: 7/8/2009 4:10:36 PM - Installed Windows XP KB957095.
RP627: 7/8/2009 4:11:04 PM - Installed Windows XP KB958644.
RP628: 7/8/2009 4:21:07 PM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
Apple Software Update
AutoUpdate
AviSynth 2.5
Belarc Advisor 7.2
BLM 2.7.7
Caesar 3
CloneCD
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
CorelDRAW Graphics Suite 12
Desktop Doctor
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Rebuilder
DVD Shrink 3.2
EPSON C88+ User's Guide
EPSON Printer Software
ERUNT 1.1j
GRE POWERPREP
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ICQ 5.1
ImgBurn (Remove Only)
Intel® PRO Network Connections Drivers
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 1
Java™ 6 Update 14
Java™ 6 Update 3
Java™ 6 Update 7
Kerio Personal Firewall 2.1.5
LucasArts' Grim Fandango
Magic Online III
Magic Workstation 0.94f
Malwarebytes' Anti-Malware
MediaInfo 0.7.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Moyea FLV Player version 1.6.2.2
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MTG GamePack for Magic Workstation
Network Stumbler 0.4.0 (remove only)
NVIDIA Drivers
Oblivion
OpenMG Limited Patch 3.4-03-12-16-01
OpenMG Secure Module 3.4.00
Opera 9.64
PC Inspector smart recovery
PeerGuardian 2.0
PokerStars
Power2Go 4.0
QuickTime
Real Alternative 1.60
Registrar Registry Manager 6.02
Registrar Registry Manager 6.02 (Lite Edition)
RescueTime 1.0.7
Router Screenshot Grabber 1.0.113
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sid Meier's Civilization 4
Sierra Utilities
SigmaTel Audio
SolveigMM AVI Trimmer
SonicStage 2.0.02
SPORE™
SPORE™ Creepy & Cute Parts Pack
SPSS 16.0
Spybot - Search & Destroy
SpywareBlaster 4.2
SpywareGuard v2.2
The Sims 2
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims™ 2 Seasons
The Tournament Director
ThreatFire
TMPGEnc 4.0 XPress
TMPGEnc DVD Author 3 with DivX Authoring
Torrent Harvester
Total Commander (Remove or Repair)
UBCD4Win 3.22
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Video DVD Maker v3.6.0.12
ViewSonic Monitor Drivers
Warcraft III
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0.2
WinRAR archiver
WinZip
Wireshark 1.0.1
XviD MPEG-4 Codec

==== Event Viewer Messages From Past Week ========

7/6/2009 5:05:54 PM, error: System Error [1003] - Error code 10000050, parameter1 f9a65520, parameter2 00000000, parameter3 ad14e39b, parameter4 00000000.
7/1/2009 2:36:53 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
7/1/2009 2:36:53 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 001CC0612F7A has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
7/1/2009 2:36:34 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/1/2009 2:36:31 PM, error: Dhcp [1002] - The IP address lease 24.9.194.169 for the Network Card with network address 001CC0612F7A has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

That seems to have cleared up a lot. The only abnormality now is that the ports on my computer are all stealthed, which may be from the errors listed above, but I am not sure. Anyway, the internet is working again, so thank you.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 08 July 2009 - 08:37 PM

Hello.

You can remove these older versions of Java
J2SE Runtime Environment 5.0 Update 1
Java™ 6 Update 3
Java™ 6 Update 7

Did you have any antivirus/firewall programs installed before? Which ports are stealthed?

Install Antivirus
An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a (one only) free anti-virus program from one of the trusted venders below (in no particular order):After installing, update the database, run a full system scan and remove any items found.

Please take a new DDS.txt log after.

With Regards,
The Panda

#13 tjdrake719

tjdrake719
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 09 July 2009 - 11:09 AM

My active antivirus is threatfire, but I also have spybot and mbam to scan for threats. I ran all three separately and nothing came up. All ports are stealthed, even with the firewall (kerio) and threatfire disabled.

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 09 July 2009 - 05:45 PM

Hello.

Ah I see.

Some programs may actually be active when their protection is "disabled". The drivers are often not stopped.

Would you consider trying to uninstalling ThreatFire to see if it is causing this?

With Regards,
The Panda

#15 tjdrake719

tjdrake719
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 09 July 2009 - 08:54 PM

I uninstalled both kerio and threatfire, but all ports are still stealthed (tried it with just the modem too, no router.)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users