Jump to content

SeanKuhlman

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Everything posted by SeanKuhlman

  1. SeanKuhlman
    Thanks again for all of your help, I really appreciate it. -Sean
  2. SeanKuhlman
    Thank you very much for your help. The machine is running great now. Here's the log: ComboFix 13-01-05.01 - Sean 01/06/2013 14:05:08.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2911.2116 [GMT -7:00] Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sean\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . FILE :: "c:\documents and settings\Sean\My Documents\Downloads\cnet_DOS-on-USB_download_zip.exe" "c:\documents and settings\Sean\My Documents\Downloads\iLividSetupV1.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Sean\My Documents\Downloads\cnet_DOS-on-USB_download_zip.exe c:\documents and settings\Sean\My Documents\Downloads\iLividSetupV1.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))) . . 2013-01-06 18:17 . 2013-01-06 18:17 -------- d-----w- c:\program files\ESET 2013-01-06 17:36 . 2013-01-06 17:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2013-01-06 17:36 . 2013-01-06 17:36 -------- d-----w- c:\windows\ERUNT 2013-01-06 17:35 . 2013-01-06 17:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2013-01-06 17:35 . 2013-01-06 17:35 -------- d-----w- C:\JRT 2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes 2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 00:13 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-04 22:24 . 2013-01-04 22:24 -------- d-----w- c:\program files\Common Files\Java 2013-01-04 22:24 . 2013-01-04 22:24 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-01-04 22:24 . 2013-01-04 22:24 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-10 00:02 . 2012-12-10 00:02 -------- d-----w- c:\documents and settings\Sean\Application Data\AC3Filter . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-04 22:24 . 2012-03-06 00:19 779704 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-04 22:20 . 2012-08-19 17:37 859072 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-12 03:20 . 2012-04-15 18:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 03:20 . 2012-03-04 15:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-08 14:55 . 2012-02-27 21:53 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-14 1032192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-23 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-23 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-23 141848] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088] "VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-15 534368] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2008-05-14 503808] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-6 576104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-03-25 19:53 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/29/2008 3:10 AM 22560] R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2/27/2012 4:08 PM 353168] R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [7/13/2009 12:07 AM 21096] R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [7/13/2009 12:07 AM 25448] R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [7/29/2008 3:30 AM 71296] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/31/2012 5:25 PM 106656] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/29/2008 2:44 AM 41216] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 03:20] . 2013-01-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job - c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2012-02-27 21:46] . 2012-02-27 c:\windows\Tasks\Registration reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42] . 2012-02-27 c:\windows\Tasks\Registration reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\ FF - prefs.js: browser.search.selectedEngine - Google . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-06 14:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1496) c:\windows\system32\Ati2evxx.dll c:\windows\system32\VESWinlogon.dll c:\windows\system32\netprovcredman.dll . Completion time: 2013-01-06 14:10:18 ComboFix-quarantined-files.txt 2013-01-06 21:10 ComboFix2.txt 2013-01-06 16:38 . Pre-Run: 30,828,396,544 bytes free Post-Run: 30,818,394,112 bytes free . - - End Of File - - 779C1A51E365E9662C7FC1A27C6DCD9E
  3. SeanKuhlman
    JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.1 (01.06.2013:2) OS: Microsoft Windows XP x86 Ran by Administrator on Sun 01/06/2013 at 10:36:07.37 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3072254 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc} Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef" ~~~ Files Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask" Successfully deleted: [Folder] "C:\Program Files\ask.com" Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 01/06/2013 at 10:40:42.02 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ADW cleaner: # AdwCleaner v2.104 - Logfile created 01/06/2013 at 10:44:30 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Sean - PROBLEMBRO # Boot Mode : Normal # Running from : C:\Documents and Settings\Sean\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\searchplugins\Askcom.xml Folder Deleted : C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\extensions\toolbar@ask.com Folder Deleted : C:\Documents and Settings\Sean\Local Settings\Application Data\AskToolbar Folder Deleted : C:\Documents and Settings\Sean\Local Settings\Application Data\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\prefs.js Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...] ************************* AdwCleaner[s1].txt - [2936 octets] - [06/01/2013 10:44:30] ########## EOF - C:\AdwCleaner[s1].txt - [2996 octets] ########## MBAM: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.06.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Sean :: PROBLEMBRO [administrator] 1/6/2013 10:53:20 AM mbam-log-2013-01-06 (10-53-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 224677 Time elapsed: 11 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET: C:\Documents and Settings\Sean\My Documents\Downloads\cnet_DOS-on-USB_download_zip.exe a variant of Win32/InstallCore.D application C:\Documents and Settings\Sean\My Documents\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application Scan city.
  4. SeanKuhlman
    Thank you CatByte. Here is ComboFix.txt: ComboFix 13-01-05.01 - Sean 01/06/2013 9:33.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2911.2102 [GMT -7:00] Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\iun6002.exe c:\windows\setup.exe c:\windows\system32\MUI\040C\tourstart.exe c:\windows\system32\MUI\0416\tourstart.exe c:\windows\system32\MUI\0C0A\tourstart.exe c:\windows\system32\Thumbs.db c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))) . . 2013-01-06 02:36 . 2013-01-06 02:36 -------- d-----w- c:\windows\LastGood 2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes 2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 00:13 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-04 22:26 . 2013-01-04 22:26 -------- d-----w- c:\program files\Ask.com 2013-01-04 22:26 . 2013-01-04 22:26 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\AskToolbar 2013-01-04 22:24 . 2013-01-04 22:24 -------- d-----w- c:\program files\Common Files\Java 2013-01-04 22:24 . 2013-01-04 22:24 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-01-04 22:24 . 2013-01-04 22:24 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-04 22:15 . 2013-01-04 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask 2012-12-10 00:02 . 2012-12-10 00:02 -------- d-----w- c:\documents and settings\Sean\Application Data\AC3Filter . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-04 22:24 . 2012-03-06 00:19 779704 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-04 22:20 . 2012-08-19 17:37 859072 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-12 03:20 . 2012-04-15 18:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 03:20 . 2012-03-04 15:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-08 23:27 . 2012-02-27 22:52 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2012-12-08 14:55 . 2012-02-27 21:53 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-11 1520840] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-14 1032192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-23 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-23 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-23 141848] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088] "VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-15 534368] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2008-05-14 503808] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-11 1573576] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-6 576104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-03-25 19:53 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/29/2008 3:10 AM 22560] R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2/27/2012 4:08 PM 353168] R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [7/13/2009 12:07 AM 21096] R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [7/13/2009 12:07 AM 25448] R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [7/29/2008 3:30 AM 71296] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/31/2012 5:25 PM 106656] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/29/2008 2:44 AM 41216] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888] . Contents of the 'Scheduled Tasks' folder . 2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 03:20] . 2013-01-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job - c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2012-02-27 21:46] . 2012-02-27 c:\windows\Tasks\Registration reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42] . 2012-02-27 c:\windows\Tasks\Registration reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42] . 2013-01-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-12-11 02:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=27D92EA7-30B7-45D9-A375-4844EB6ED8F5&apn_ptnrs=TV&apn_sauid=65EBD9D7-F1BC-49A7-A9CE-5FB65ED896A3&apn_dtid=OSJ000YYUS&&q= FF - ExtSQL: 2013-01-04 15:26; toolbar@ask.com; c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\extensions\toolbar@ask.com . - - - - ORPHANS REMOVED - - - - . SafeBoot-Symantec Antvirus AddRemove-Memory Stick Icon1.0 - c:\windows\iun6002.exe AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-06 09:36 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1516) c:\windows\system32\Ati2evxx.dll c:\windows\system32\VESWinlogon.dll c:\windows\system32\netprovcredman.dll . Completion time: 2013-01-06 09:38:04 ComboFix-quarantined-files.txt 2013-01-06 16:37 . Pre-Run: 30,643,630,080 bytes free Post-Run: 31,062,519,808 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 73B2830C9BC44A602ED0A4693141E281 Here is log.txt: ComboFix 13-01-05.01 - Sean 01/06/2013 9:33.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2911.2102 [GMT -7:00] Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\iun6002.exe c:\windows\setup.exe c:\windows\system32\MUI\040C\tourstart.exe c:\windows\system32\MUI\0416\tourstart.exe c:\windows\system32\MUI\0C0A\tourstart.exe c:\windows\system32\Thumbs.db c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))) . . 2013-01-06 02:36 . 2013-01-06 02:36 -------- d-----w- c:\windows\LastGood 2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes 2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 00:13 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-04 22:26 . 2013-01-04 22:26 -------- d-----w- c:\program files\Ask.com 2013-01-04 22:26 . 2013-01-04 22:26 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\AskToolbar 2013-01-04 22:24 . 2013-01-04 22:24 -------- d-----w- c:\program files\Common Files\Java 2013-01-04 22:24 . 2013-01-04 22:24 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-01-04 22:24 . 2013-01-04 22:24 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-04 22:15 . 2013-01-04 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask 2012-12-10 00:02 . 2012-12-10 00:02 -------- d-----w- c:\documents and settings\Sean\Application Data\AC3Filter . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-04 22:24 . 2012-03-06 00:19 779704 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-04 22:20 . 2012-08-19 17:37 859072 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-12 03:20 . 2012-04-15 18:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 03:20 . 2012-03-04 15:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-08 23:27 . 2012-02-27 22:52 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2012-12-08 14:55 . 2012-02-27 21:53 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-11 1520840] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-14 1032192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-23 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-23 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-23 141848] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088] "VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-15 534368] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2008-05-14 503808] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-11 1573576] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-6 576104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-03-25 19:53 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/29/2008 3:10 AM 22560] R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2/27/2012 4:08 PM 353168] R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [7/13/2009 12:07 AM 21096] R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [7/13/2009 12:07 AM 25448] R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [7/29/2008 3:30 AM 71296] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/31/2012 5:25 PM 106656] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/29/2008 2:44 AM 41216] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888] . Contents of the 'Scheduled Tasks' folder . 2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 03:20] . 2013-01-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job - c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2012-02-27 21:46] . 2012-02-27 c:\windows\Tasks\Registration reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42] . 2012-02-27 c:\windows\Tasks\Registration reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42] . 2013-01-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-12-11 02:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=27D92EA7-30B7-45D9-A375-4844EB6ED8F5&apn_ptnrs=TV&apn_sauid=65EBD9D7-F1BC-49A7-A9CE-5FB65ED896A3&apn_dtid=OSJ000YYUS&&q= FF - ExtSQL: 2013-01-04 15:26; toolbar@ask.com; c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\extensions\toolbar@ask.com . - - - - ORPHANS REMOVED - - - - . SafeBoot-Symantec Antvirus AddRemove-Memory Stick Icon1.0 - c:\windows\iun6002.exe AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-06 09:36 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1516) c:\windows\system32\Ati2evxx.dll c:\windows\system32\VESWinlogon.dll c:\windows\system32\netprovcredman.dll . Completion time: 2013-01-06 09:38:04 ComboFix-quarantined-files.txt 2013-01-06 16:37 . Pre-Run: 30,643,630,080 bytes free Post-Run: 31,062,519,808 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 73B2830C9BC44A602ED0A4693141E281
  5. SeanKuhlman
    Thanks again CatByte. There were problems the first time I ran it so I have three logs. Here are all of them: Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.06.01 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 Sean :: PROBLEMBRO [administrator] 1/5/2013 7:06:20 PM mbar-log-2013-01-05 (19-06-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26463 Time elapsed: 11 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_57_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot. C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot. C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_312581556_user.mbam (Forged physical sector) -> Delete on reboot. (end) Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.06.01 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 Sean :: PROBLEMBRO [administrator] 1/5/2013 7:21:51 PM mbar-log-2013-01-05 (19-21-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26453 Time elapsed: 10 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.259000 GHz Memory total: 3052277760, free: 2653655040 ------------ Kernel report ------------ 01/05/2013 18:54:38 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys ACPIEC.sys \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS VolSnap.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys shpf.sys Mup.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\yk51x86.sys \SystemRoot\system32\DRIVERS\NETw5x32.sys \SystemRoot\system32\DRIVERS\risdptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\IFXTPM.SYS \SystemRoot\System32\Drivers\SonyNC.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\teefer2.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\ipnat.sys \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk2\DR3 Upper Device Object: 0xffffffff8694bab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000086\ Lower Device Object: 0xffffffff89e6f028 Lower Device Driver Name: \Driver\rimsptsk\ Driver name found: rimsptsk DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk1\DR2 Upper Device Object: 0xffffffff86957ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008a\ Lower Device Object: 0xffffffff86b05c20 Lower Device Driver Name: \Driver\risdptsk\ Driver name found: risdptsk DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8aaea568 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: Unknown Lower Device Object: 0xffffffff8aa9b030 Lower Device Driver Name: Unknown Driver name found: iaStor DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2013.01.06.01 Downloaded database version: v2013.01.04.01 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8aaea568, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8aaea288, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8aaea568, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8aaeab30, DeviceName: Unknown, DriverName: \Driver\shpf\ DevicePointer: 0xffffffff8a543f18, DeviceName: \Device\0000007f\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8aa9b030, DeviceName: Unknown, DriverName: Unknown ------------ End ---------- Upper DeviceData: 0xffffffffe13c3290, 0xffffffff8aaea568, 0xffffffff8658a040 Lower DeviceData: 0xffffffffe115ad88, 0xffffffff8aa9b030, 0xffffffff866a84e8 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... MBR buffers are not equal MBR is forged! [177b10df776cbf12774e7e6927767e44] Inspecting partition table: MBR Signature: 55AA Disk Signature: 4D128E91 Partition information: Partition 0 type is Empty (0x0) Partition is ACTIVE. Partition starts at LBA: 57 Numsec = 0 Partition is not bootable Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR] Changing partition to empty and not active. New active partition is 0 on drive 0 ... Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 312576642 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 MBR infection found on drive 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-56-312561808-312581808)... Sector 312581556 --> [Forged physical sector] Sector 312581557 --> [Forged physical sector] Sector 312581558 --> [Forged physical sector] Sector 312581559 --> [Forged physical sector] Sector 312581560 --> [Forged physical sector] Sector 312581561 --> [Forged physical sector] Sector 312581562 --> [Forged physical sector] Sector 312581563 --> [Forged physical sector] Sector 312581564 --> [Forged physical sector] Sector 312581565 --> [Forged physical sector] Sector 312581566 --> [Forged physical sector] Sector 312581567 --> [Forged physical sector] Sector 312581568 --> [Forged physical sector] Sector 312581569 --> [Forged physical sector] Sector 312581570 --> [Forged physical sector] Sector 312581571 --> [Forged physical sector] Sector 312581572 --> [Forged physical sector] Sector 312581573 --> [Forged physical sector] Sector 312581574 --> [Forged physical sector] Sector 312581575 --> [Forged physical sector] Sector 312581576 --> [Forged physical sector] Sector 312581577 --> [Forged physical sector] Sector 312581578 --> [Forged physical sector] Sector 312581579 --> [Forged physical sector] Sector 312581580 --> [Forged physical sector] Sector 312581581 --> [Forged physical sector] Sector 312581582 --> [Forged physical sector] Sector 312581583 --> [Forged physical sector] Sector 312581584 --> [Forged physical sector] Sector 312581585 --> [Forged physical sector] Sector 312581586 --> [Forged physical sector] Sector 312581587 --> [Forged physical sector] Sector 312581588 --> [Forged physical sector] Sector 312581589 --> [Forged physical sector] Sector 312581590 --> [Forged physical sector] Sector 312581591 --> [Forged physical sector] Sector 312581592 --> [Forged physical sector] Sector 312581593 --> [Forged physical sector] Sector 312581594 --> [Forged physical sector] Sector 312581595 --> [Forged physical sector] Sector 312581596 --> [Forged physical sector] Sector 312581597 --> [Forged physical sector] Sector 312581598 --> [Forged physical sector] Sector 312581599 --> [Forged physical sector] Sector 312581600 --> [Forged physical sector] Sector 312581601 --> [Forged physical sector] Sector 312581602 --> [Forged physical sector] Sector 312581603 --> [Forged physical sector] Sector 312581604 --> [Forged physical sector] Sector 312581605 --> [Forged physical sector] Sector 312581606 --> [Forged physical sector] Sector 312581607 --> [Forged physical sector] Sector 312581608 --> [Forged physical sector] Sector 312581609 --> [Forged physical sector] Sector 312581610 --> [Forged physical sector] Sector 312581611 --> [Forged physical sector] Sector 312581612 --> [Forged physical sector] Sector 312581613 --> [Forged physical sector] Sector 312581614 --> [Forged physical sector] Sector 312581615 --> [Forged physical sector] Sector 312581616 --> [Forged physical sector] Sector 312581617 --> [Forged physical sector] Sector 312581618 --> [Forged physical sector] Sector 312581619 --> [Forged physical sector] Sector 312581620 --> [Forged physical sector] Sector 312581621 --> [Forged physical sector] Sector 312581622 --> [Forged physical sector] Sector 312581623 --> [Forged physical sector] Sector 312581624 --> [Forged physical sector] Sector 312581625 --> [Forged physical sector] Sector 312581626 --> [Forged physical sector] Sector 312581627 --> [Forged physical sector] Sector 312581628 --> [Forged physical sector] Sector 312581629 --> [Forged physical sector] Sector 312581630 --> [Forged physical sector] Sector 312581631 --> [Forged physical sector] Sector 312581632 --> [Forged physical sector] Sector 312581633 --> [Forged physical sector] Sector 312581634 --> [Forged physical sector] Sector 312581635 --> [Forged physical sector] Sector 312581636 --> [Forged physical sector] Sector 312581637 --> [Forged physical sector] Sector 312581638 --> [Forged physical sector] Sector 312581639 --> [Forged physical sector] Sector 312581640 --> [Forged physical sector] Sector 312581641 --> [Forged physical sector] Sector 312581642 --> [Forged physical sector] Sector 312581643 --> [Forged physical sector] Sector 312581644 --> [Forged physical sector] Sector 312581645 --> [Forged physical sector] Sector 312581646 --> [Forged physical sector] Sector 312581647 --> [Forged physical sector] Sector 312581648 --> [Forged physical sector] Sector 312581649 --> [Forged physical sector] Sector 312581650 --> [Forged physical sector] Sector 312581651 --> [Forged physical sector] Sector 312581652 --> [Forged physical sector] Sector 312581653 --> [Forged physical sector] Sector 312581654 --> [Forged physical sector] Sector 312581655 --> [Forged physical sector] Sector 312581656 --> [Forged physical sector] Sector 312581657 --> [Forged physical sector] Sector 312581658 --> [Forged physical sector] Sector 312581659 --> [Forged physical sector] Sector 312581660 --> [Forged physical sector] Sector 312581661 --> [Forged physical sector] Sector 312581662 --> [Forged physical sector] Sector 312581663 --> [Forged physical sector] Sector 312581664 --> [Forged physical sector] Sector 312581665 --> [Forged physical sector] Sector 312581666 --> [Forged physical sector] Sector 312581667 --> [Forged physical sector] Sector 312581668 --> [Forged physical sector] Sector 312581669 --> [Forged physical sector] Sector 312581670 --> [Forged physical sector] Sector 312581671 --> [Forged physical sector] Sector 312581672 --> [Forged physical sector] Sector 312581673 --> [Forged physical sector] Sector 312581674 --> [Forged physical sector] Sector 312581675 --> [Forged physical sector] Sector 312581676 --> [Forged physical sector] Sector 312581677 --> [Forged physical sector] Sector 312581678 --> [Forged physical sector] Sector 312581679 --> [Forged physical sector] Sector 312581680 --> [Forged physical sector] Sector 312581681 --> [Forged physical sector] Sector 312581682 --> [Forged physical sector] Sector 312581683 --> [Forged physical sector] Sector 312581684 --> [Forged physical sector] Sector 312581685 --> [Forged physical sector] Sector 312581686 --> [Forged physical sector] Sector 312581687 --> [Forged physical sector] Sector 312581688 --> [Forged physical sector] Sector 312581689 --> [Forged physical sector] Sector 312581690 --> [Forged physical sector] Sector 312581691 --> [Forged physical sector] Sector 312581692 --> [Forged physical sector] Sector 312581693 --> [Forged physical sector] Sector 312581694 --> [Forged physical sector] Sector 312581695 --> [Forged physical sector] Sector 312581696 --> [Forged physical sector] Sector 312581697 --> [Forged physical sector] Sector 312581698 --> [Forged physical sector] Sector 312581699 --> [Forged physical sector] Sector 312581700 --> [Forged physical sector] Sector 312581701 --> [Forged physical sector] Sector 312581702 --> [Forged physical sector] Sector 312581703 --> [Forged physical sector] Sector 312581704 --> [Forged physical sector] Sector 312581705 --> [Forged physical sector] Sector 312581706 --> [Forged physical sector] Sector 312581707 --> [Forged physical sector] Sector 312581708 --> [Forged physical sector] Sector 312581709 --> [Forged physical sector] Sector 312581710 --> [Forged physical sector] Sector 312581711 --> [Forged physical sector] Sector 312581712 --> [Forged physical sector] Sector 312581713 --> [Forged physical sector] Sector 312581714 --> [Forged physical sector] Sector 312581715 --> [Forged physical sector] Sector 312581716 --> [Forged physical sector] Sector 312581717 --> [Forged physical sector] Sector 312581718 --> [Forged physical sector] Sector 312581719 --> [Forged physical sector] Sector 312581720 --> [Forged physical sector] Sector 312581721 --> [Forged physical sector] Sector 312581722 --> [Forged physical sector] Sector 312581723 --> [Forged physical sector] Sector 312581724 --> [Forged physical sector] Sector 312581725 --> [Forged physical sector] Sector 312581726 --> [Forged physical sector] Sector 312581727 --> [Forged physical sector] Sector 312581728 --> [Forged physical sector] Sector 312581729 --> [Forged physical sector] Sector 312581730 --> [Forged physical sector] Sector 312581731 --> [Forged physical sector] Sector 312581732 --> [Forged physical sector] Sector 312581733 --> [Forged physical sector] Sector 312581734 --> [Forged physical sector] Sector 312581735 --> [Forged physical sector] Sector 312581736 --> [Forged physical sector] Sector 312581737 --> [Forged physical sector] Sector 312581738 --> [Forged physical sector] Sector 312581739 --> [Forged physical sector] Sector 312581740 --> [Forged physical sector] Sector 312581741 --> [Forged physical sector] Sector 312581742 --> [Forged physical sector] Sector 312581743 --> [Forged physical sector] Sector 312581744 --> [Forged physical sector] Sector 312581745 --> [Forged physical sector] Sector 312581746 --> [Forged physical sector] Sector 312581747 --> [Forged physical sector] Sector 312581748 --> [Forged physical sector] Sector 312581749 --> [Forged physical sector] Sector 312581750 --> [Forged physical sector] Sector 312581751 --> [Forged physical sector] Sector 312581752 --> [Forged physical sector] Sector 312581753 --> [Forged physical sector] Sector 312581754 --> [Forged physical sector] Sector 312581755 --> [Forged physical sector] Sector 312581756 --> [Forged physical sector] Sector 312581757 --> [Forged physical sector] Sector 312581758 --> [Forged physical sector] Sector 312581759 --> [Forged physical sector] Sector 312581760 --> [Forged physical sector] Sector 312581761 --> [Forged physical sector] Sector 312581762 --> [Forged physical sector] Sector 312581763 --> [Forged physical sector] Sector 312581764 --> [Forged physical sector] Sector 312581765 --> [Forged physical sector] Sector 312581766 --> [Forged physical sector] Sector 312581767 --> [Forged physical sector] Sector 312581768 --> [Forged physical sector] Sector 312581769 --> [Forged physical sector] Sector 312581770 --> [Forged physical sector] Sector 312581771 --> [Forged physical sector] Sector 312581772 --> [Forged physical sector] Sector 312581773 --> [Forged physical sector] Sector 312581774 --> [Forged physical sector] Sector 312581775 --> [Forged physical sector] Sector 312581776 --> [Forged physical sector] Sector 312581777 --> [Forged physical sector] Sector 312581778 --> [Forged physical sector] Sector 312581779 --> [Forged physical sector] Sector 312581780 --> [Forged physical sector] Sector 312581781 --> [Forged physical sector] Sector 312581782 --> [Forged physical sector] Sector 312581783 --> [Forged physical sector] Sector 312581784 --> [Forged physical sector] Sector 312581785 --> [Forged physical sector] Sector 312581786 --> [Forged physical sector] Sector 312581787 --> [Forged physical sector] Sector 312581788 --> [Forged physical sector] Sector 312581789 --> [Forged physical sector] Sector 312581790 --> [Forged physical sector] Sector 312581791 --> [Forged physical sector] Sector 312581792 --> [Forged physical sector] Sector 312581793 --> [Forged physical sector] Sector 312581794 --> [Forged physical sector] Sector 312581795 --> [Forged physical sector] Sector 312581796 --> [Forged physical sector] Sector 312581797 --> [Forged physical sector] Sector 312581798 --> [Forged physical sector] Sector 312581799 --> [Forged physical sector] Sector 312581800 --> [Forged physical sector] Sector 312581801 --> [Forged physical sector] Sector 312581802 --> [Forged physical sector] Sector 312581803 --> [Forged physical sector] Sector 312581804 --> [Forged physical sector] Sector 312581805 --> [Forged physical sector] Sector 312581806 --> [Forged physical sector] Sector 312581807 --> [Forged physical sector] Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff86957ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86a74e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff86957ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86a6f9f8, DeviceName: Unknown, DriverName: \Driver\shpf\ DevicePointer: 0xffffffff86b05c20, DeviceName: \Device\0000008a\, DriverName: \Driver\risdptsk\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff8694bab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8694b890, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8694bab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86a74bf0, DeviceName: Unknown, DriverName: \Driver\shpf\ DevicePointer: 0xffffffff89e6f028, DeviceName: \Device\00000086\, DriverName: \Driver\rimsptsk\ ------------ End ---------- Done! Performing system, memory and registry scan... Done! Scan finished Creating System Restore point... Could not create restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.259000 GHz Memory total: 3052277760, free: 2755686400 ------------ Kernel report ------------ 01/05/2013 19:11:10 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys ACPIEC.sys \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS VolSnap.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys shpf.sys Mup.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\yk51x86.sys \SystemRoot\system32\DRIVERS\NETw5x32.sys \SystemRoot\system32\DRIVERS\risdptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\IFXTPM.SYS \SystemRoot\System32\Drivers\SonyNC.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\teefer2.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\ipnat.sys \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk2\DR4 Upper Device Object: 0xffffffff86b87438 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008a\ Lower Device Object: 0xffffffff86b87c20 Lower Device Driver Name: \Driver\risdptsk\ Driver name found: risdptsk DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk1\DR2 Upper Device Object: 0xffffffff89f0d488 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000086\ Lower Device Object: 0xffffffff89ef7028 Lower Device Driver Name: \Driver\rimsptsk\ Driver name found: rimsptsk DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8aab14a0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xffffffff8aab2030 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor DriverEntry returned 0x0 Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8aab14a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8aab11c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8aab14a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8aab1a68, DeviceName: Unknown, DriverName: \Driver\shpf\ DevicePointer: 0xffffffff8a536f18, DeviceName: \Device\0000007f\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8aab2030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Upper DeviceData: 0xffffffffe1c2dca0, 0xffffffff8aab14a0, 0xffffffff86778040 Lower DeviceData: 0xffffffffe1092b38, 0xffffffff8aab2030, 0xffffffff867cac98 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 4D128E91 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 312576642 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff89f0d488, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff89ef6020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff89f0d488, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff89f0d9f0, DeviceName: Unknown, DriverName: \Driver\shpf\ DevicePointer: 0xffffffff89ef7028, DeviceName: \Device\00000086\, DriverName: \Driver\rimsptsk\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff86b87438, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86b86020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff86b87438, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86b879f8, DeviceName: Unknown, DriverName: \Driver\shpf\ DevicePointer: 0xffffffff86b87c20, DeviceName: \Device\0000008a\, DriverName: \Driver\risdptsk\ ------------ End ---------- Done! Performing system, memory and registry scan... Done! Scan finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.259000 GHz Memory total: 3052277760, free: 2555260928 ------------------------------------------------------------------------------------------ I ran everything in safe mode with networking since I was having problems otherwise. Hopefully you've gotten it all taken care of. Please let me know if I should do anything else. Thanks, Sean
  6. SeanKuhlman
    Thank you for the fast reply. I had to run this in safe mode with networking, I couldn't get it to run otherwise. Requested info follows: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-01-05 16:28:50 ----------------------------- 16:28:50.296 OS Version: Windows 5.1.2600 Service Pack 3 16:28:50.296 Number of processors: 2 586 0x1706 16:28:50.296 ComputerName: PROBLEMBRO UserName: Sean 16:28:55.937 Initialize success 16:33:02.734 AVAST engine defs: 13010501 16:33:13.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:33:13.328 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3 16:33:13.328 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000088 16:33:13.343 Disk 1 Vendor: RICOH 01 Size: 152627MB BusType: 0 16:33:13.359 Disk 2 \Device\Harddisk2\DR3 -> \Device\00000084 16:33:13.359 Disk 2 Vendor: RICOH 02 Size: 152627MB BusType: 0 16:33:13.390 Disk 0 MBR read successfully 16:33:13.390 Disk 0 MBR scan 16:33:13.406 Disk 0 Windows XP default MBR code 16:33:13.421 Disk 0 MBR hidden 16:33:13.437 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 152625 MB offset 63 16:33:13.453 Disk 0 scanning sectors +312576705 16:33:13.531 Disk 0 scanning C:\WINDOWS\system32\drivers 16:33:25.343 Service scanning 16:33:49.515 Modules scanning 16:33:55.390 Disk 0 trace - called modules: 16:33:55.421 ntoskrnl.exe CLASSPNP.SYS disk.sys shpf.sys ACPI.sys hal.dll >>UNKNOWN [0x869164b1]<< 16:33:55.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aaec748] 16:33:55.484 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8aaecd10] 16:33:55.515 5 shpf.sys[f78abcdd] -> nt!IofCallDriver -> \Device\0000007d[0x8a560448] 16:33:55.546 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a55f030] 16:33:55.593 \Driver\iaStor[0x8695d860] -> IRP_MJ_CREATE -> 0x869164b1 16:33:56.375 AVAST engine scan C:\WINDOWS 16:34:05.296 AVAST engine scan C:\WINDOWS\system32 16:36:14.781 AVAST engine scan C:\WINDOWS\system32\drivers 16:36:27.125 AVAST engine scan C:\Documents and Settings\Sean 16:43:18.578 AVAST engine scan C:\Documents and Settings\All Users 16:43:39.187 Scan finished successfully 17:00:58.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean\Desktop\MBR.dat" 17:00:58.875 The log file has been saved successfully to "C:\Documents and Settings\Sean\Desktop\aswMBR.txt" MBR.zip
  7. SeanKuhlman
    Hello, My machine has been running slowly. I ran MBAM and it came back with one file for Trojan.Agent.Nix and deleted it. I continue to have issues. All help is greatly appreciated. Here are my logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2 Run by Sean at 9:18:51 on 2013-01-05 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2911.1850 [GMT -7:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\UnsignedThemesSvc.exe C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sony.com/vaiopeople uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Alcmtr] ALCMTR.EXE mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe" mRun: [VMSwitch] "c:\program files\sony\vaio mode switch\VMSwitch.exe" mRun: [switcher.exe] "c:\program files\sony\wireless switch setting utility\Switcher.exe" mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:8 mPolicies-Explorer: NoDriveTypeAutoRun = dword:8 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1330379357604 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1330450271265 DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{3A2311CE-9425-4304-A2A7-3E2C8375C02A} : DHCPNameServer = 192.168.0.1 Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\sean\application data\mozilla\firefox\profiles\37abi1vi.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=27D92EA7-30B7-45D9-A375-4844EB6ED8F5&apn_ptnrs=TV&apn_sauid=65EBD9D7-F1BC-49A7-A9CE-5FB65ED896A3&apn_dtid=OSJ000YYUS&&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - ExtSQL: 2013-01-04 15:26; toolbar@ask.com; c:\documents and settings\sean\application data\mozilla\firefox\profiles\37abi1vi.default\extensions\toolbar@ask.com . ============= SERVICES / DRIVERS =============== . R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2008-7-29 22560] R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2012-2-27 353168] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304] R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-7-13 21096] R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-7-13 25448] R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [2008-7-29 71296] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-31 106656] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-29 41216] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-5 40776] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130103.003\NAVENG.SYS [2013-1-3 92704] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130103.003\NAVEX15.SYS [2013-1-3 1601184] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-7-29 14336] . =============== Created Last 30 ================ . 2013-01-05 00:13:15 -------- d-----w- c:\documents and settings\sean\application data\Malwarebytes 2013-01-05 00:13:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-01-05 00:13:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-05 00:13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-04 22:26:09 -------- d-----w- c:\program files\Ask.com 2013-01-04 22:26:06 -------- d-----w- c:\documents and settings\sean\local settings\application data\AskToolbar 2013-01-04 22:24:38 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-01-04 22:24:31 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-04 22:15:57 -------- d-----w- c:\documents and settings\all users\application data\Ask 2012-12-10 00:02:21 -------- d-----w- c:\documents and settings\sean\application data\AC3Filter . ==================== Find3M ==================== . 2013-01-04 22:24:12 779704 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-04 22:20:43 859072 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-12 03:20:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 03:20:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-08 23:27:14 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys . ============= FINISH: 9:19:24.32 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/27/2012 2:41:23 PM System Uptime: 1/5/2013 9:04:28 AM (0 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel Pentium III Xeon processor | N/A | 2259/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 25.134 GiB free. D: is Removable E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP100: 10/7/2012 10:07:05 AM - System Checkpoint RP101: 10/9/2012 4:01:27 PM - System Checkpoint RP102: 10/10/2012 8:31:02 PM - System Checkpoint RP103: 10/12/2012 5:29:18 PM - System Checkpoint RP104: 10/13/2012 8:55:34 PM - System Checkpoint RP105: 10/14/2012 9:31:19 PM - System Checkpoint RP106: 10/16/2012 3:59:17 PM - System Checkpoint RP107: 10/17/2012 4:14:47 PM - System Checkpoint RP108: 10/18/2012 6:44:41 PM - System Checkpoint RP109: 10/20/2012 1:49:40 PM - System Checkpoint RP110: 10/21/2012 2:30:11 PM - System Checkpoint RP111: 10/22/2012 7:53:22 PM - System Checkpoint RP112: 10/25/2012 6:19:35 PM - System Checkpoint RP113: 10/26/2012 7:52:49 PM - System Checkpoint RP114: 10/28/2012 8:48:46 AM - System Checkpoint RP115: 10/29/2012 9:28:26 AM - System Checkpoint RP116: 10/30/2012 4:54:26 PM - System Checkpoint RP117: 10/31/2012 6:27:32 PM - System Checkpoint RP118: 11/1/2012 6:57:25 PM - System Checkpoint RP119: 11/2/2012 7:24:22 PM - System Checkpoint RP120: 11/3/2012 7:11:32 PM - System Checkpoint RP121: 11/6/2012 5:49:27 PM - System Checkpoint RP122: 11/7/2012 5:59:05 PM - System Checkpoint RP123: 11/8/2012 6:17:23 PM - System Checkpoint RP124: 11/11/2012 8:13:48 AM - System Checkpoint RP125: 11/13/2012 3:51:49 PM - System Checkpoint RP126: 11/14/2012 4:11:49 PM - System Checkpoint RP127: 11/15/2012 4:33:24 PM - System Checkpoint RP128: 11/17/2012 11:35:07 AM - System Checkpoint RP129: 11/22/2012 12:43:58 PM - System Checkpoint RP130: 11/23/2012 1:24:36 PM - System Checkpoint RP131: 11/24/2012 2:24:37 PM - System Checkpoint RP132: 11/25/2012 3:25:41 PM - System Checkpoint RP133: 11/26/2012 4:25:42 PM - System Checkpoint RP134: 11/27/2012 5:44:01 PM - System Checkpoint RP135: 11/29/2012 4:35:13 PM - System Checkpoint RP136: 11/30/2012 4:47:00 PM - System Checkpoint RP137: 12/2/2012 9:25:06 AM - System Checkpoint RP138: 12/3/2012 7:27:47 PM - System Checkpoint RP139: 12/4/2012 7:43:08 PM - System Checkpoint RP140: 12/6/2012 3:38:05 PM - System Checkpoint RP141: 12/7/2012 4:17:34 PM - System Checkpoint RP142: 12/8/2012 4:58:33 PM - System Checkpoint RP143: 12/9/2012 5:01:39 PM - System Checkpoint RP144: 12/10/2012 5:12:40 PM - System Checkpoint RP145: 12/11/2012 6:23:09 PM - System Checkpoint RP146: 12/15/2012 10:16:16 AM - System Checkpoint RP147: 12/16/2012 10:47:26 AM - System Checkpoint RP148: 12/17/2012 10:54:03 AM - System Checkpoint RP149: 12/18/2012 6:43:06 PM - System Checkpoint RP150: 12/19/2012 7:09:21 PM - System Checkpoint RP151: 12/20/2012 7:47:58 PM - System Checkpoint RP152: 12/21/2012 8:09:21 PM - System Checkpoint RP153: 12/22/2012 9:09:21 PM - System Checkpoint RP154: 12/23/2012 9:10:20 PM - System Checkpoint RP155: 12/24/2012 10:09:08 PM - System Checkpoint RP156: 12/25/2012 11:09:08 PM - System Checkpoint RP157: 12/27/2012 12:09:08 AM - System Checkpoint RP158: 12/28/2012 1:09:08 AM - System Checkpoint RP159: 12/29/2012 2:15:48 AM - System Checkpoint RP160: 12/30/2012 2:23:38 AM - System Checkpoint RP161: 12/31/2012 3:09:08 AM - System Checkpoint RP162: 1/1/2013 4:09:08 AM - System Checkpoint RP163: 1/2/2013 5:09:08 AM - System Checkpoint RP164: 1/3/2013 6:09:09 AM - System Checkpoint RP165: 1/4/2013 7:09:08 AM - System Checkpoint RP166: 1/4/2013 3:14:54 PM - Installed Java 7 Update 10 RP167: 1/4/2013 3:17:09 PM - Removed Java 7 Update 7 RP168: 1/4/2013 3:17:30 PM - Installed Java 7 Update 10 RP169: 1/4/2013 3:20:16 PM - Removed Java 7 Update 10 RP170: 1/4/2013 3:20:37 PM - Installed Java 7 Update 10 RP171: 1/4/2013 3:22:43 PM - Removed Java 7 Update 10 RP172: 1/4/2013 3:23:15 PM - Removed JavaFX 2.1.1 RP173: 1/4/2013 3:24:06 PM - Installed Java 7 Update 10 . ==== Installed Programs ====================== . µTorrent AC3Filter 2.1a Adobe Flash Player 11 Plugin Adobe Flash Player 9 ActiveX Adobe Reader X (10.1.4) Advanced SystemCare 4 Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar Ask Toolbar Updater ATI - Software Uninstall Utility ATI Display Driver Battery Care Function Bonjour Combined Community Codec Pack 2011-11-11 Compatibility Pack for the 2007 Office system DivX Setup Freenet HDAUDIO SoftV92 Data Fax Modem with SmartCP High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) HP Officejet 6500 E710a-f Basic Device Software HP Officejet 6500 E710a-f Help Intel PROSet Wireless Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless WiFi Software InterVideo WinDVD for VAIO ISScript iTunes Java 7 Update 10 Java Auto Updater Juniper Networks Setup Client Juniper Networks Setup Client Activex Control Juniper Terminal Services Client LiveUpdate 3.3 (Symantec Corporation) Malwarebytes Anti-Malware version 1.70.0.1100 Memory Stick Icon Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser Realtek High Definition Audio Driver Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Setting Utility Series Sony Certificate PCH Sony Utilities DLL Sony Visual Communication Camera Ver.6.103.215.0 Symantec Endpoint Protection Synaptics Pointing Device Driver Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2641690) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973687) Update for Windows XP (KB973815) UxStyle Core Beta VAIO Control Center VAIO Event Service VAIO Long Battery Life Wallpaper VAIO Mode Switch VAIO Power Management VAIO Registration VAIOSurveySA VC80CRTRedist - 8.0.50727.6195 WebFldrs XP WIDCOMM Bluetooth Software Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 7 Multilingual User Interface (MUI) Windows Internet Explorer 8 Windows Management Framework Core Windows Media Connect Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR 4.11 (32-bit) Wireless Switch Setting Utility . ==== Event Viewer Messages From Past Week ======== . 1/4/2013 3:12:06 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. . ==== End Of File =========================== Thank you, Sean Kuhlman
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.