SeanKuhlman
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by SeanKuhlman
-
-
Thank you very much for your help. The machine is running great now. Here's the log:
ComboFix 13-01-05.01 - Sean 01/06/2013 14:05:08.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2911.2116 [GMT -7:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sean\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
FILE ::
"c:\documents and settings\Sean\My Documents\Downloads\cnet_DOS-on-USB_download_zip.exe"
"c:\documents and settings\Sean\My Documents\Downloads\iLividSetupV1.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sean\My Documents\Downloads\cnet_DOS-on-USB_download_zip.exe
c:\documents and settings\Sean\My Documents\Downloads\iLividSetupV1.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 18:17 . 2013-01-06 18:17 -------- d-----w- c:\program files\ESET
2013-01-06 17:36 . 2013-01-06 17:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2013-01-06 17:36 . 2013-01-06 17:36 -------- d-----w- c:\windows\ERUNT
2013-01-06 17:35 . 2013-01-06 17:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-01-06 17:35 . 2013-01-06 17:35 -------- d-----w- C:\JRT
2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-05 00:13 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 22:24 . 2013-01-04 22:24 -------- d-----w- c:\program files\Common Files\Java
2013-01-04 22:24 . 2013-01-04 22:24 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-04 22:24 . 2013-01-04 22:24 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-10 00:02 . 2012-12-10 00:02 -------- d-----w- c:\documents and settings\Sean\Application Data\AC3Filter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 22:24 . 2012-03-06 00:19 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-04 22:20 . 2012-08-19 17:37 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-12 03:20 . 2012-04-15 18:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 03:20 . 2012-03-04 15:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-08 14:55 . 2012-02-27 21:53 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-14 1032192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-23 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-23 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-23 141848]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-15 534368]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2008-05-14 503808]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-6 576104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-03-25 19:53 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/29/2008 3:10 AM 22560]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2/27/2012 4:08 PM 353168]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [7/13/2009 12:07 AM 21096]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [7/13/2009 12:07 AM 25448]
R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [7/29/2008 3:30 AM 71296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/31/2012 5:25 PM 106656]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/29/2008 2:44 AM 41216]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 03:20]
.
2013-01-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2012-02-27 21:46]
.
2012-02-27 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42]
.
2012-02-27 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-06 14:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1496)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2013-01-06 14:10:18
ComboFix-quarantined-files.txt 2013-01-06 21:10
ComboFix2.txt 2013-01-06 16:38
.
Pre-Run: 30,828,396,544 bytes free
Post-Run: 30,818,394,112 bytes free
.
- - End Of File - - 779C1A51E365E9662C7FC1A27C6DCD9E
-
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.1 (01.06.2013:2)
OS: Microsoft Windows XP x86
Ran by Administrator on Sun 01/06/2013 at 10:36:07.37
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3072254
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"
~~~ Files
Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/06/2013 at 10:40:42.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ADW cleaner:
# AdwCleaner v2.104 - Logfile created 01/06/2013 at 10:44:30
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sean - PROBLEMBRO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sean\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\searchplugins\Askcom.xml
Folder Deleted : C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\extensions\toolbar@ask.com
Folder Deleted : C:\Documents and Settings\Sean\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Sean\Local Settings\Application Data\Conduit
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\prefs.js
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
*************************
AdwCleaner[s1].txt - [2936 octets] - [06/01/2013 10:44:30]
########## EOF - C:\AdwCleaner[s1].txt - [2996 octets] ##########
MBAM:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.06.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sean :: PROBLEMBRO [administrator]
1/6/2013 10:53:20 AM
mbam-log-2013-01-06 (10-53-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224677
Time elapsed: 11 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
ESET:
C:\Documents and Settings\Sean\My Documents\Downloads\cnet_DOS-on-USB_download_zip.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Sean\My Documents\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
Scan city.
-
Thank you CatByte. Here is ComboFix.txt:
ComboFix 13-01-05.01 - Sean 01/06/2013 9:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2911.2102 [GMT -7:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\setup.exe
c:\windows\system32\MUI\040C\tourstart.exe
c:\windows\system32\MUI\0416\tourstart.exe
c:\windows\system32\MUI\0C0A\tourstart.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 02:36 . 2013-01-06 02:36 -------- d-----w- c:\windows\LastGood
2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-05 00:13 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 22:26 . 2013-01-04 22:26 -------- d-----w- c:\program files\Ask.com
2013-01-04 22:26 . 2013-01-04 22:26 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\AskToolbar
2013-01-04 22:24 . 2013-01-04 22:24 -------- d-----w- c:\program files\Common Files\Java
2013-01-04 22:24 . 2013-01-04 22:24 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-04 22:24 . 2013-01-04 22:24 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-04 22:15 . 2013-01-04 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2012-12-10 00:02 . 2012-12-10 00:02 -------- d-----w- c:\documents and settings\Sean\Application Data\AC3Filter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 22:24 . 2012-03-06 00:19 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-04 22:20 . 2012-08-19 17:37 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-12 03:20 . 2012-04-15 18:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 03:20 . 2012-03-04 15:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 23:27 . 2012-02-27 22:52 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-12-08 14:55 . 2012-02-27 21:53 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-11 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-14 1032192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-23 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-23 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-23 141848]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-15 534368]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2008-05-14 503808]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-11 1573576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-6 576104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-03-25 19:53 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/29/2008 3:10 AM 22560]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2/27/2012 4:08 PM 353168]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [7/13/2009 12:07 AM 21096]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [7/13/2009 12:07 AM 25448]
R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [7/29/2008 3:30 AM 71296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/31/2012 5:25 PM 106656]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/29/2008 2:44 AM 41216]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 03:20]
.
2013-01-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2012-02-27 21:46]
.
2012-02-27 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42]
.
2012-02-27 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42]
.
2013-01-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-12-11 02:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=27D92EA7-30B7-45D9-A375-4844EB6ED8F5&apn_ptnrs=TV&apn_sauid=65EBD9D7-F1BC-49A7-A9CE-5FB65ED896A3&apn_dtid=OSJ000YYUS&&q=
FF - ExtSQL: 2013-01-04 15:26; toolbar@ask.com; c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
AddRemove-Memory Stick Icon1.0 - c:\windows\iun6002.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-06 09:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1516)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2013-01-06 09:38:04
ComboFix-quarantined-files.txt 2013-01-06 16:37
.
Pre-Run: 30,643,630,080 bytes free
Post-Run: 31,062,519,808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 73B2830C9BC44A602ED0A4693141E281
Here is log.txt:
ComboFix 13-01-05.01 - Sean 01/06/2013 9:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2911.2102 [GMT -7:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\setup.exe
c:\windows\system32\MUI\040C\tourstart.exe
c:\windows\system32\MUI\0416\tourstart.exe
c:\windows\system32\MUI\0C0A\tourstart.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 02:36 . 2013-01-06 02:36 -------- d-----w- c:\windows\LastGood
2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\Sean\Application Data\Malwarebytes
2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-05 00:13 . 2013-01-05 00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-05 00:13 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 22:26 . 2013-01-04 22:26 -------- d-----w- c:\program files\Ask.com
2013-01-04 22:26 . 2013-01-04 22:26 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\AskToolbar
2013-01-04 22:24 . 2013-01-04 22:24 -------- d-----w- c:\program files\Common Files\Java
2013-01-04 22:24 . 2013-01-04 22:24 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-04 22:24 . 2013-01-04 22:24 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-04 22:15 . 2013-01-04 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2012-12-10 00:02 . 2012-12-10 00:02 -------- d-----w- c:\documents and settings\Sean\Application Data\AC3Filter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 22:24 . 2012-03-06 00:19 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-04 22:20 . 2012-08-19 17:37 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-12 03:20 . 2012-04-15 18:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 03:20 . 2012-03-04 15:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 23:27 . 2012-02-27 22:52 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-12-08 14:55 . 2012-02-27 21:53 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-11 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-14 1032192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-23 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-23 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-23 141848]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-15 534368]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2008-05-14 503808]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-11 1573576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-6 576104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-03-25 19:53 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/29/2008 3:10 AM 22560]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2/27/2012 4:08 PM 353168]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [7/13/2009 12:07 AM 21096]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [7/13/2009 12:07 AM 25448]
R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [7/29/2008 3:30 AM 71296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/31/2012 5:25 PM 106656]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/29/2008 2:44 AM 41216]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 03:20]
.
2013-01-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2012-02-27 21:46]
.
2012-02-27 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42]
.
2012-02-27 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42]
.
2013-01-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-12-11 02:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=27D92EA7-30B7-45D9-A375-4844EB6ED8F5&apn_ptnrs=TV&apn_sauid=65EBD9D7-F1BC-49A7-A9CE-5FB65ED896A3&apn_dtid=OSJ000YYUS&&q=
FF - ExtSQL: 2013-01-04 15:26; toolbar@ask.com; c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\37abi1vi.default\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
AddRemove-Memory Stick Icon1.0 - c:\windows\iun6002.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-06 09:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1516)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2013-01-06 09:38:04
ComboFix-quarantined-files.txt 2013-01-06 16:37
.
Pre-Run: 30,643,630,080 bytes free
Post-Run: 31,062,519,808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 73B2830C9BC44A602ED0A4693141E281
-
Thanks again CatByte.
There were problems the first time I ran it so I have three logs. Here are all of them:
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.06.01
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Sean :: PROBLEMBRO [administrator]
1/5/2013 7:06:20 PM
mbar-log-2013-01-05 (19-06-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26463
Time elapsed: 11 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_57_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_312581556_user.mbam (Forged physical sector) -> Delete on reboot.
(end)
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.06.01
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Sean :: PROBLEMBRO [administrator]
1/5/2013 7:21:51 PM
mbar-log-2013-01-05 (19-21-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26453
Time elapsed: 10 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.259000 GHz
Memory total: 3052277760, free: 2653655040
------------ Kernel report ------------
01/05/2013 18:54:38
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
shpf.sys
Mup.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\risdptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\IFXTPM.SYS
\SystemRoot\System32\Drivers\SonyNC.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\teefer2.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR3
Upper Device Object: 0xffffffff8694bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xffffffff89e6f028
Lower Device Driver Name: \Driver\rimsptsk\
Driver name found: rimsptsk
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff86957ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xffffffff86b05c20
Lower Device Driver Name: \Driver\risdptsk\
Driver name found: risdptsk
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8aaea568
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: Unknown
Lower Device Object: 0xffffffff8aa9b030
Lower Device Driver Name: Unknown
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2013.01.06.01
Downloaded database version: v2013.01.04.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8aaea568, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8aaea288, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8aaea568, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8aaeab30, DeviceName: Unknown, DriverName: \Driver\shpf\
DevicePointer: 0xffffffff8a543f18, DeviceName: \Device\0000007f\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8aa9b030, DeviceName: Unknown, DriverName: Unknown
------------ End ----------
Upper DeviceData: 0xffffffffe13c3290, 0xffffffff8aaea568, 0xffffffff8658a040
Lower DeviceData: 0xffffffffe115ad88, 0xffffffff8aa9b030, 0xffffffff866a84e8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
MBR buffers are not equal
MBR is forged! [177b10df776cbf12774e7e6927767e44]
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4D128E91
Partition information:
Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 57 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]
Changing partition to empty and not active. New active partition is 0 on drive 0 ...
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 312576642
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
MBR infection found on drive 0
Disk Size: 160041885696 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-56-312561808-312581808)...
Sector 312581556 --> [Forged physical sector]
Sector 312581557 --> [Forged physical sector]
Sector 312581558 --> [Forged physical sector]
Sector 312581559 --> [Forged physical sector]
Sector 312581560 --> [Forged physical sector]
Sector 312581561 --> [Forged physical sector]
Sector 312581562 --> [Forged physical sector]
Sector 312581563 --> [Forged physical sector]
Sector 312581564 --> [Forged physical sector]
Sector 312581565 --> [Forged physical sector]
Sector 312581566 --> [Forged physical sector]
Sector 312581567 --> [Forged physical sector]
Sector 312581568 --> [Forged physical sector]
Sector 312581569 --> [Forged physical sector]
Sector 312581570 --> [Forged physical sector]
Sector 312581571 --> [Forged physical sector]
Sector 312581572 --> [Forged physical sector]
Sector 312581573 --> [Forged physical sector]
Sector 312581574 --> [Forged physical sector]
Sector 312581575 --> [Forged physical sector]
Sector 312581576 --> [Forged physical sector]
Sector 312581577 --> [Forged physical sector]
Sector 312581578 --> [Forged physical sector]
Sector 312581579 --> [Forged physical sector]
Sector 312581580 --> [Forged physical sector]
Sector 312581581 --> [Forged physical sector]
Sector 312581582 --> [Forged physical sector]
Sector 312581583 --> [Forged physical sector]
Sector 312581584 --> [Forged physical sector]
Sector 312581585 --> [Forged physical sector]
Sector 312581586 --> [Forged physical sector]
Sector 312581587 --> [Forged physical sector]
Sector 312581588 --> [Forged physical sector]
Sector 312581589 --> [Forged physical sector]
Sector 312581590 --> [Forged physical sector]
Sector 312581591 --> [Forged physical sector]
Sector 312581592 --> [Forged physical sector]
Sector 312581593 --> [Forged physical sector]
Sector 312581594 --> [Forged physical sector]
Sector 312581595 --> [Forged physical sector]
Sector 312581596 --> [Forged physical sector]
Sector 312581597 --> [Forged physical sector]
Sector 312581598 --> [Forged physical sector]
Sector 312581599 --> [Forged physical sector]
Sector 312581600 --> [Forged physical sector]
Sector 312581601 --> [Forged physical sector]
Sector 312581602 --> [Forged physical sector]
Sector 312581603 --> [Forged physical sector]
Sector 312581604 --> [Forged physical sector]
Sector 312581605 --> [Forged physical sector]
Sector 312581606 --> [Forged physical sector]
Sector 312581607 --> [Forged physical sector]
Sector 312581608 --> [Forged physical sector]
Sector 312581609 --> [Forged physical sector]
Sector 312581610 --> [Forged physical sector]
Sector 312581611 --> [Forged physical sector]
Sector 312581612 --> [Forged physical sector]
Sector 312581613 --> [Forged physical sector]
Sector 312581614 --> [Forged physical sector]
Sector 312581615 --> [Forged physical sector]
Sector 312581616 --> [Forged physical sector]
Sector 312581617 --> [Forged physical sector]
Sector 312581618 --> [Forged physical sector]
Sector 312581619 --> [Forged physical sector]
Sector 312581620 --> [Forged physical sector]
Sector 312581621 --> [Forged physical sector]
Sector 312581622 --> [Forged physical sector]
Sector 312581623 --> [Forged physical sector]
Sector 312581624 --> [Forged physical sector]
Sector 312581625 --> [Forged physical sector]
Sector 312581626 --> [Forged physical sector]
Sector 312581627 --> [Forged physical sector]
Sector 312581628 --> [Forged physical sector]
Sector 312581629 --> [Forged physical sector]
Sector 312581630 --> [Forged physical sector]
Sector 312581631 --> [Forged physical sector]
Sector 312581632 --> [Forged physical sector]
Sector 312581633 --> [Forged physical sector]
Sector 312581634 --> [Forged physical sector]
Sector 312581635 --> [Forged physical sector]
Sector 312581636 --> [Forged physical sector]
Sector 312581637 --> [Forged physical sector]
Sector 312581638 --> [Forged physical sector]
Sector 312581639 --> [Forged physical sector]
Sector 312581640 --> [Forged physical sector]
Sector 312581641 --> [Forged physical sector]
Sector 312581642 --> [Forged physical sector]
Sector 312581643 --> [Forged physical sector]
Sector 312581644 --> [Forged physical sector]
Sector 312581645 --> [Forged physical sector]
Sector 312581646 --> [Forged physical sector]
Sector 312581647 --> [Forged physical sector]
Sector 312581648 --> [Forged physical sector]
Sector 312581649 --> [Forged physical sector]
Sector 312581650 --> [Forged physical sector]
Sector 312581651 --> [Forged physical sector]
Sector 312581652 --> [Forged physical sector]
Sector 312581653 --> [Forged physical sector]
Sector 312581654 --> [Forged physical sector]
Sector 312581655 --> [Forged physical sector]
Sector 312581656 --> [Forged physical sector]
Sector 312581657 --> [Forged physical sector]
Sector 312581658 --> [Forged physical sector]
Sector 312581659 --> [Forged physical sector]
Sector 312581660 --> [Forged physical sector]
Sector 312581661 --> [Forged physical sector]
Sector 312581662 --> [Forged physical sector]
Sector 312581663 --> [Forged physical sector]
Sector 312581664 --> [Forged physical sector]
Sector 312581665 --> [Forged physical sector]
Sector 312581666 --> [Forged physical sector]
Sector 312581667 --> [Forged physical sector]
Sector 312581668 --> [Forged physical sector]
Sector 312581669 --> [Forged physical sector]
Sector 312581670 --> [Forged physical sector]
Sector 312581671 --> [Forged physical sector]
Sector 312581672 --> [Forged physical sector]
Sector 312581673 --> [Forged physical sector]
Sector 312581674 --> [Forged physical sector]
Sector 312581675 --> [Forged physical sector]
Sector 312581676 --> [Forged physical sector]
Sector 312581677 --> [Forged physical sector]
Sector 312581678 --> [Forged physical sector]
Sector 312581679 --> [Forged physical sector]
Sector 312581680 --> [Forged physical sector]
Sector 312581681 --> [Forged physical sector]
Sector 312581682 --> [Forged physical sector]
Sector 312581683 --> [Forged physical sector]
Sector 312581684 --> [Forged physical sector]
Sector 312581685 --> [Forged physical sector]
Sector 312581686 --> [Forged physical sector]
Sector 312581687 --> [Forged physical sector]
Sector 312581688 --> [Forged physical sector]
Sector 312581689 --> [Forged physical sector]
Sector 312581690 --> [Forged physical sector]
Sector 312581691 --> [Forged physical sector]
Sector 312581692 --> [Forged physical sector]
Sector 312581693 --> [Forged physical sector]
Sector 312581694 --> [Forged physical sector]
Sector 312581695 --> [Forged physical sector]
Sector 312581696 --> [Forged physical sector]
Sector 312581697 --> [Forged physical sector]
Sector 312581698 --> [Forged physical sector]
Sector 312581699 --> [Forged physical sector]
Sector 312581700 --> [Forged physical sector]
Sector 312581701 --> [Forged physical sector]
Sector 312581702 --> [Forged physical sector]
Sector 312581703 --> [Forged physical sector]
Sector 312581704 --> [Forged physical sector]
Sector 312581705 --> [Forged physical sector]
Sector 312581706 --> [Forged physical sector]
Sector 312581707 --> [Forged physical sector]
Sector 312581708 --> [Forged physical sector]
Sector 312581709 --> [Forged physical sector]
Sector 312581710 --> [Forged physical sector]
Sector 312581711 --> [Forged physical sector]
Sector 312581712 --> [Forged physical sector]
Sector 312581713 --> [Forged physical sector]
Sector 312581714 --> [Forged physical sector]
Sector 312581715 --> [Forged physical sector]
Sector 312581716 --> [Forged physical sector]
Sector 312581717 --> [Forged physical sector]
Sector 312581718 --> [Forged physical sector]
Sector 312581719 --> [Forged physical sector]
Sector 312581720 --> [Forged physical sector]
Sector 312581721 --> [Forged physical sector]
Sector 312581722 --> [Forged physical sector]
Sector 312581723 --> [Forged physical sector]
Sector 312581724 --> [Forged physical sector]
Sector 312581725 --> [Forged physical sector]
Sector 312581726 --> [Forged physical sector]
Sector 312581727 --> [Forged physical sector]
Sector 312581728 --> [Forged physical sector]
Sector 312581729 --> [Forged physical sector]
Sector 312581730 --> [Forged physical sector]
Sector 312581731 --> [Forged physical sector]
Sector 312581732 --> [Forged physical sector]
Sector 312581733 --> [Forged physical sector]
Sector 312581734 --> [Forged physical sector]
Sector 312581735 --> [Forged physical sector]
Sector 312581736 --> [Forged physical sector]
Sector 312581737 --> [Forged physical sector]
Sector 312581738 --> [Forged physical sector]
Sector 312581739 --> [Forged physical sector]
Sector 312581740 --> [Forged physical sector]
Sector 312581741 --> [Forged physical sector]
Sector 312581742 --> [Forged physical sector]
Sector 312581743 --> [Forged physical sector]
Sector 312581744 --> [Forged physical sector]
Sector 312581745 --> [Forged physical sector]
Sector 312581746 --> [Forged physical sector]
Sector 312581747 --> [Forged physical sector]
Sector 312581748 --> [Forged physical sector]
Sector 312581749 --> [Forged physical sector]
Sector 312581750 --> [Forged physical sector]
Sector 312581751 --> [Forged physical sector]
Sector 312581752 --> [Forged physical sector]
Sector 312581753 --> [Forged physical sector]
Sector 312581754 --> [Forged physical sector]
Sector 312581755 --> [Forged physical sector]
Sector 312581756 --> [Forged physical sector]
Sector 312581757 --> [Forged physical sector]
Sector 312581758 --> [Forged physical sector]
Sector 312581759 --> [Forged physical sector]
Sector 312581760 --> [Forged physical sector]
Sector 312581761 --> [Forged physical sector]
Sector 312581762 --> [Forged physical sector]
Sector 312581763 --> [Forged physical sector]
Sector 312581764 --> [Forged physical sector]
Sector 312581765 --> [Forged physical sector]
Sector 312581766 --> [Forged physical sector]
Sector 312581767 --> [Forged physical sector]
Sector 312581768 --> [Forged physical sector]
Sector 312581769 --> [Forged physical sector]
Sector 312581770 --> [Forged physical sector]
Sector 312581771 --> [Forged physical sector]
Sector 312581772 --> [Forged physical sector]
Sector 312581773 --> [Forged physical sector]
Sector 312581774 --> [Forged physical sector]
Sector 312581775 --> [Forged physical sector]
Sector 312581776 --> [Forged physical sector]
Sector 312581777 --> [Forged physical sector]
Sector 312581778 --> [Forged physical sector]
Sector 312581779 --> [Forged physical sector]
Sector 312581780 --> [Forged physical sector]
Sector 312581781 --> [Forged physical sector]
Sector 312581782 --> [Forged physical sector]
Sector 312581783 --> [Forged physical sector]
Sector 312581784 --> [Forged physical sector]
Sector 312581785 --> [Forged physical sector]
Sector 312581786 --> [Forged physical sector]
Sector 312581787 --> [Forged physical sector]
Sector 312581788 --> [Forged physical sector]
Sector 312581789 --> [Forged physical sector]
Sector 312581790 --> [Forged physical sector]
Sector 312581791 --> [Forged physical sector]
Sector 312581792 --> [Forged physical sector]
Sector 312581793 --> [Forged physical sector]
Sector 312581794 --> [Forged physical sector]
Sector 312581795 --> [Forged physical sector]
Sector 312581796 --> [Forged physical sector]
Sector 312581797 --> [Forged physical sector]
Sector 312581798 --> [Forged physical sector]
Sector 312581799 --> [Forged physical sector]
Sector 312581800 --> [Forged physical sector]
Sector 312581801 --> [Forged physical sector]
Sector 312581802 --> [Forged physical sector]
Sector 312581803 --> [Forged physical sector]
Sector 312581804 --> [Forged physical sector]
Sector 312581805 --> [Forged physical sector]
Sector 312581806 --> [Forged physical sector]
Sector 312581807 --> [Forged physical sector]
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86957ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86a74e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86957ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86a6f9f8, DeviceName: Unknown, DriverName: \Driver\shpf\
DevicePointer: 0xffffffff86b05c20, DeviceName: \Device\0000008a\, DriverName: \Driver\risdptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8694bab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8694b890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8694bab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86a74bf0, DeviceName: Unknown, DriverName: \Driver\shpf\
DevicePointer: 0xffffffff89e6f028, DeviceName: \Device\00000086\, DriverName: \Driver\rimsptsk\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.259000 GHz
Memory total: 3052277760, free: 2755686400
------------ Kernel report ------------
01/05/2013 19:11:10
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
shpf.sys
Mup.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\risdptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\IFXTPM.SYS
\SystemRoot\System32\Drivers\SonyNC.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\teefer2.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff86b87438
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xffffffff86b87c20
Lower Device Driver Name: \Driver\risdptsk\
Driver name found: risdptsk
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff89f0d488
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xffffffff89ef7028
Lower Device Driver Name: \Driver\rimsptsk\
Driver name found: rimsptsk
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8aab14a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8aab2030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8aab14a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8aab11c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8aab14a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8aab1a68, DeviceName: Unknown, DriverName: \Driver\shpf\
DevicePointer: 0xffffffff8a536f18, DeviceName: \Device\0000007f\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8aab2030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffe1c2dca0, 0xffffffff8aab14a0, 0xffffffff86778040
Lower DeviceData: 0xffffffffe1092b38, 0xffffffff8aab2030, 0xffffffff867cac98
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4D128E91
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 312576642
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 160041885696 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff89f0d488, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89ef6020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89f0d488, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89f0d9f0, DeviceName: Unknown, DriverName: \Driver\shpf\
DevicePointer: 0xffffffff89ef7028, DeviceName: \Device\00000086\, DriverName: \Driver\rimsptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff86b87438, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86b86020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86b87438, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86b879f8, DeviceName: Unknown, DriverName: \Driver\shpf\
DevicePointer: 0xffffffff86b87c20, DeviceName: \Device\0000008a\, DriverName: \Driver\risdptsk\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.259000 GHz
Memory total: 3052277760, free: 2555260928
------------------------------------------------------------------------------------------
I ran everything in safe mode with networking since I was having problems otherwise. Hopefully you've gotten it all taken care of. Please let me know if I should do anything else.
Thanks,
Sean
-
Thank you for the fast reply. I had to run this in safe mode with networking, I couldn't get it to run otherwise. Requested info follows:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-05 16:28:50
-----------------------------
16:28:50.296 OS Version: Windows 5.1.2600 Service Pack 3
16:28:50.296 Number of processors: 2 586 0x1706
16:28:50.296 ComputerName: PROBLEMBRO UserName: Sean
16:28:55.937 Initialize success
16:33:02.734 AVAST engine defs: 13010501
16:33:13.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:33:13.328 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
16:33:13.328 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000088
16:33:13.343 Disk 1 Vendor: RICOH 01 Size: 152627MB BusType: 0
16:33:13.359 Disk 2 \Device\Harddisk2\DR3 -> \Device\00000084
16:33:13.359 Disk 2 Vendor: RICOH 02 Size: 152627MB BusType: 0
16:33:13.390 Disk 0 MBR read successfully
16:33:13.390 Disk 0 MBR scan
16:33:13.406 Disk 0 Windows XP default MBR code
16:33:13.421 Disk 0 MBR hidden
16:33:13.437 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 152625 MB offset 63
16:33:13.453 Disk 0 scanning sectors +312576705
16:33:13.531 Disk 0 scanning C:\WINDOWS\system32\drivers
16:33:25.343 Service scanning
16:33:49.515 Modules scanning
16:33:55.390 Disk 0 trace - called modules:
16:33:55.421 ntoskrnl.exe CLASSPNP.SYS disk.sys shpf.sys ACPI.sys hal.dll >>UNKNOWN [0x869164b1]<<
16:33:55.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aaec748]
16:33:55.484 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8aaecd10]
16:33:55.515 5 shpf.sys[f78abcdd] -> nt!IofCallDriver -> \Device\0000007d[0x8a560448]
16:33:55.546 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a55f030]
16:33:55.593 \Driver\iaStor[0x8695d860] -> IRP_MJ_CREATE -> 0x869164b1
16:33:56.375 AVAST engine scan C:\WINDOWS
16:34:05.296 AVAST engine scan C:\WINDOWS\system32
16:36:14.781 AVAST engine scan C:\WINDOWS\system32\drivers
16:36:27.125 AVAST engine scan C:\Documents and Settings\Sean
16:43:18.578 AVAST engine scan C:\Documents and Settings\All Users
16:43:39.187 Scan finished successfully
17:00:58.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean\Desktop\MBR.dat"
17:00:58.875 The log file has been saved successfully to "C:\Documents and Settings\Sean\Desktop\aswMBR.txt"
-
Hello,
My machine has been running slowly. I ran MBAM and it came back with one file for Trojan.Agent.Nix and deleted it. I continue to have issues. All help is greatly appreciated. Here are my logs:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
Run by Sean at 9:18:51 on 2013-01-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2911.1850 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\UnsignedThemesSvc.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sony.com/vaiopeople
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [VMSwitch] "c:\program files\sony\vaio mode switch\VMSwitch.exe"
mRun: [switcher.exe] "c:\program files\sony\wireless switch setting utility\Switcher.exe"
mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:8
mPolicies-Explorer: NoDriveTypeAutoRun = dword:8
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1330379357604
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1330450271265
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3A2311CE-9425-4304-A2A7-3E2C8375C02A} : DHCPNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sean\application data\mozilla\firefox\profiles\37abi1vi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=27D92EA7-30B7-45D9-A375-4844EB6ED8F5&apn_ptnrs=TV&apn_sauid=65EBD9D7-F1BC-49A7-A9CE-5FB65ED896A3&apn_dtid=OSJ000YYUS&&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2013-01-04 15:26; toolbar@ask.com; c:\documents and settings\sean\application data\mozilla\firefox\profiles\37abi1vi.default\extensions\toolbar@ask.com
.
============= SERVICES / DRIVERS ===============
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2008-7-29 22560]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2012-2-27 353168]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-7-13 21096]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-7-13 25448]
R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [2008-7-29 71296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-31 106656]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-29 41216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-5 40776]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130103.003\NAVENG.SYS [2013-1-3 92704]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130103.003\NAVEX15.SYS [2013-1-3 1601184]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-7-29 14336]
.
=============== Created Last 30 ================
.
2013-01-05 00:13:15 -------- d-----w- c:\documents and settings\sean\application data\Malwarebytes
2013-01-05 00:13:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-01-05 00:13:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-05 00:13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-04 22:26:09 -------- d-----w- c:\program files\Ask.com
2013-01-04 22:26:06 -------- d-----w- c:\documents and settings\sean\local settings\application data\AskToolbar
2013-01-04 22:24:38 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-04 22:24:31 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-04 22:15:57 -------- d-----w- c:\documents and settings\all users\application data\Ask
2012-12-10 00:02:21 -------- d-----w- c:\documents and settings\sean\application data\AC3Filter
.
==================== Find3M ====================
.
2013-01-04 22:24:12 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-04 22:20:43 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-12 03:20:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 03:20:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-08 23:27:14 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
.
============= FINISH: 9:19:24.32 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/27/2012 2:41:23 PM
System Uptime: 1/5/2013 9:04:28 AM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel Pentium III Xeon processor | N/A | 2259/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 25.134 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP100: 10/7/2012 10:07:05 AM - System Checkpoint
RP101: 10/9/2012 4:01:27 PM - System Checkpoint
RP102: 10/10/2012 8:31:02 PM - System Checkpoint
RP103: 10/12/2012 5:29:18 PM - System Checkpoint
RP104: 10/13/2012 8:55:34 PM - System Checkpoint
RP105: 10/14/2012 9:31:19 PM - System Checkpoint
RP106: 10/16/2012 3:59:17 PM - System Checkpoint
RP107: 10/17/2012 4:14:47 PM - System Checkpoint
RP108: 10/18/2012 6:44:41 PM - System Checkpoint
RP109: 10/20/2012 1:49:40 PM - System Checkpoint
RP110: 10/21/2012 2:30:11 PM - System Checkpoint
RP111: 10/22/2012 7:53:22 PM - System Checkpoint
RP112: 10/25/2012 6:19:35 PM - System Checkpoint
RP113: 10/26/2012 7:52:49 PM - System Checkpoint
RP114: 10/28/2012 8:48:46 AM - System Checkpoint
RP115: 10/29/2012 9:28:26 AM - System Checkpoint
RP116: 10/30/2012 4:54:26 PM - System Checkpoint
RP117: 10/31/2012 6:27:32 PM - System Checkpoint
RP118: 11/1/2012 6:57:25 PM - System Checkpoint
RP119: 11/2/2012 7:24:22 PM - System Checkpoint
RP120: 11/3/2012 7:11:32 PM - System Checkpoint
RP121: 11/6/2012 5:49:27 PM - System Checkpoint
RP122: 11/7/2012 5:59:05 PM - System Checkpoint
RP123: 11/8/2012 6:17:23 PM - System Checkpoint
RP124: 11/11/2012 8:13:48 AM - System Checkpoint
RP125: 11/13/2012 3:51:49 PM - System Checkpoint
RP126: 11/14/2012 4:11:49 PM - System Checkpoint
RP127: 11/15/2012 4:33:24 PM - System Checkpoint
RP128: 11/17/2012 11:35:07 AM - System Checkpoint
RP129: 11/22/2012 12:43:58 PM - System Checkpoint
RP130: 11/23/2012 1:24:36 PM - System Checkpoint
RP131: 11/24/2012 2:24:37 PM - System Checkpoint
RP132: 11/25/2012 3:25:41 PM - System Checkpoint
RP133: 11/26/2012 4:25:42 PM - System Checkpoint
RP134: 11/27/2012 5:44:01 PM - System Checkpoint
RP135: 11/29/2012 4:35:13 PM - System Checkpoint
RP136: 11/30/2012 4:47:00 PM - System Checkpoint
RP137: 12/2/2012 9:25:06 AM - System Checkpoint
RP138: 12/3/2012 7:27:47 PM - System Checkpoint
RP139: 12/4/2012 7:43:08 PM - System Checkpoint
RP140: 12/6/2012 3:38:05 PM - System Checkpoint
RP141: 12/7/2012 4:17:34 PM - System Checkpoint
RP142: 12/8/2012 4:58:33 PM - System Checkpoint
RP143: 12/9/2012 5:01:39 PM - System Checkpoint
RP144: 12/10/2012 5:12:40 PM - System Checkpoint
RP145: 12/11/2012 6:23:09 PM - System Checkpoint
RP146: 12/15/2012 10:16:16 AM - System Checkpoint
RP147: 12/16/2012 10:47:26 AM - System Checkpoint
RP148: 12/17/2012 10:54:03 AM - System Checkpoint
RP149: 12/18/2012 6:43:06 PM - System Checkpoint
RP150: 12/19/2012 7:09:21 PM - System Checkpoint
RP151: 12/20/2012 7:47:58 PM - System Checkpoint
RP152: 12/21/2012 8:09:21 PM - System Checkpoint
RP153: 12/22/2012 9:09:21 PM - System Checkpoint
RP154: 12/23/2012 9:10:20 PM - System Checkpoint
RP155: 12/24/2012 10:09:08 PM - System Checkpoint
RP156: 12/25/2012 11:09:08 PM - System Checkpoint
RP157: 12/27/2012 12:09:08 AM - System Checkpoint
RP158: 12/28/2012 1:09:08 AM - System Checkpoint
RP159: 12/29/2012 2:15:48 AM - System Checkpoint
RP160: 12/30/2012 2:23:38 AM - System Checkpoint
RP161: 12/31/2012 3:09:08 AM - System Checkpoint
RP162: 1/1/2013 4:09:08 AM - System Checkpoint
RP163: 1/2/2013 5:09:08 AM - System Checkpoint
RP164: 1/3/2013 6:09:09 AM - System Checkpoint
RP165: 1/4/2013 7:09:08 AM - System Checkpoint
RP166: 1/4/2013 3:14:54 PM - Installed Java 7 Update 10
RP167: 1/4/2013 3:17:09 PM - Removed Java 7 Update 7
RP168: 1/4/2013 3:17:30 PM - Installed Java 7 Update 10
RP169: 1/4/2013 3:20:16 PM - Removed Java 7 Update 10
RP170: 1/4/2013 3:20:37 PM - Installed Java 7 Update 10
RP171: 1/4/2013 3:22:43 PM - Removed Java 7 Update 10
RP172: 1/4/2013 3:23:15 PM - Removed JavaFX 2.1.1
RP173: 1/4/2013 3:24:06 PM - Installed Java 7 Update 10
.
==== Installed Programs ======================
.
µTorrent
AC3Filter 2.1a
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader X (10.1.4)
Advanced SystemCare 4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
ATI - Software Uninstall Utility
ATI Display Driver
Battery Care Function
Bonjour
Combined Community Codec Pack 2011-11-11
Compatibility Pack for the 2007 Office system
DivX Setup
Freenet
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Officejet 6500 E710a-f Basic Device Software
HP Officejet 6500 E710a-f Help
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
InterVideo WinDVD for VAIO
ISScript
iTunes
Java 7 Update 10
Java Auto Updater
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Juniper Terminal Services Client
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.70.0.1100
Memory Stick Icon
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Setting Utility Series
Sony Certificate PCH
Sony Utilities DLL
Sony Visual Communication Camera Ver.6.103.215.0
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UxStyle Core Beta
VAIO Control Center
VAIO Event Service
VAIO Long Battery Life Wallpaper
VAIO Mode Switch
VAIO Power Management
VAIO Registration
VAIOSurveySA
VC80CRTRedist - 8.0.50727.6195
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 7 Multilingual User Interface (MUI)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
Wireless Switch Setting Utility
.
==== Event Viewer Messages From Past Week ========
.
1/4/2013 3:12:06 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
Thank you,
Sean Kuhlman
Problems with Trojan.Agent.Nix
in Resolved Malware Removal Logs
Posted
Thanks again for all of your help, I really appreciate it.
-Sean