Author Topic: got something (Read 376 times)

default · « **on:** October 12, 2011, 07:35:30 AM »

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Carmen Gonzalez at 3:30:08 on 2011-10-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.555 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\htpatch.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
D:\Program Files\tinySpell\tinyspell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Password Agent\PwAgent.exe
D:\Program Files\Pale Moon\palemoon.exe
D:\PROGRA~1\FREEDO~1\fdm.exe
.
============== Pseudo HJT Report ===============
.
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - d:\program files\iepro\iepro.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - d:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\program files\iepro\IEProRecorder.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - d:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
uRun: [tinySpell] d:\program files\tinyspell\tinyspell.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [HTpatch] "c:\windows\htpatch.exe"
mRun: [avast] "d:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SpyShelter] c:\program files\spyshelter personal free\SpyShelter.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wordweb.lnk - d:\program files\wordweb\wweb32.exe
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - d:\program files\iepro\iepro.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1318299234671
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: Interfaces\{0DC1BF4B-380F-4A9F-9B13-39E0CFE487CD} : NameServer = 66.19.192.200 216.126.128.40
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - d:\program files\pain\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\pain\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carmen gonzalez\application data\mozilla\firefox\profiles\y4nfcncd.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z133&install_date=20111011
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20111011&q=
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.60401.0\npctrlui.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-30 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-16 320856]
R1 SASDIFSV;SASDIFSV;d:\program files\pain\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\pain\SASKUTIL.SYS [2011-7-12 67664]
R1 Spyshelter;Spyshelter;c:\program files\spyshelter personal free\SpyShelter.sys [2011-10-9 166384]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2010-2-8 95592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-16 20568]
R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-8-16 44768]
S2 !SASCORE;SAS Core Service;

S3 AVFSFilter;AVFSFilter;

S3 DarkSpy;DarkSpy;

S3 KProcWatch;KProcWatch;

S3 MEMSWEEP2;MEMSWEEP2;

S3 PENTCWP;PENTCWP;

S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2011-8-24 27192]
S3 WOHIIN;WOHIIN;

S3 ZLFKHDSW;ZLFKHDSW;

S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2010-5-15 229376]
.
=============== Created Last 30 ================
.
2011-10-12 04:08:13   256000   ----a-w-   c:\windows\PEV.exe
2011-10-12 04:08:13   208896   ----a-w-   c:\windows\MBR.exe
2011-10-11 05:01:57   --------   d-----w-   c:\documents and settings\carmen gonzalez\application data\vmntemplate
2011-10-11 04:56:46   --------   d-----w-   c:\program files\DriverIdentifier FileBulldog Toolbar
2011-10-11 04:54:45   --------   d-----w-   c:\documents and settings\carmen gonzalez\application data\driveridentifier
2011-10-11 04:53:31   --------   d-----w-   c:\program files\Driver Identifier
2011-10-11 04:42:33   --------   d-----w-   c:\documents and settings\carmen gonzalez\application data\WinBatch
2011-10-11 00:58:25   --------   d-----w-   c:\documents and settings\carmen gonzalez\local settings\application data\eSupport.com
2011-10-09 15:41:44   28672   ----a-w-   c:\windows\system32\SpyShelterShellExt.dll
2011-10-09 15:41:43   54784   ----a-w-   c:\windows\system32\inject_logon_dll.dll
2011-10-09 15:41:43   1740800   ----a-w-   c:\windows\system32\Osklauncher.exe
2011-10-09 15:41:41   --------   d-----w-   c:\program files\SpyShelter Personal Free
2011-10-09 15:41:41   --------   d-----w-   c:\documents and settings\carmen gonzalez\application data\SpyShelter
2011-10-08 20:00:59   --------   d-----w-   c:\documents and settings\carmen gonzalez\application data\Immunet
2011-10-08 20:00:59   --------   d-----w-   c:\documents and settings\all users\Immunet
2011-10-07 23:47:38   --------   d-----w-   c:\windows\system32\CatRoot2
2011-10-07 04:25:58   771581   -c--a-w-   c:\windows\system32\dllcache\winacisa.sys
2011-10-07 04:24:59   50176   -c--a-w-   c:\windows\system32\dllcache\umaxp60.dll
2011-10-07 04:23:58   61824   -c--a-w-   c:\windows\system32\dllcache\speed.sys
2011-10-07 04:22:58   6912   -c--a-w-   c:\windows\system32\dllcache\seaddsmc.sys
2011-10-07 04:21:59   6016   -c--a-w-   c:\windows\system32\dllcache\qic157.sys
2011-10-07 04:20:57   198144   -c--a-w-   c:\windows\system32\dllcache\nv3.sys
2011-10-07 04:19:59   22016   -c--a-w-   c:\windows\system32\dllcache\msircomm.sys
2011-10-07 04:18:59   26442   -c--a-w-   c:\windows\system32\dllcache\lanepic5.sys
2011-10-07 04:17:46   372824   -c--a-w-   c:\windows\system32\dllcache\iconf32.dll
2011-10-07 04:16:59   89088   -c--a-w-   c:\windows\system32\dllcache\hpgt33.dll
2011-10-07 04:15:59   34816   -c--a-w-   c:\windows\system32\dllcache\esuimg.dll
2011-10-07 04:14:59   41046   -c--a-w-   c:\windows\system32\dllcache\digiisdn.dll
2011-10-07 04:13:59   22044   -c--a-w-   c:\windows\system32\dllcache\cem33n5.sys
2011-10-07 04:12:56   102400   -c--a-w-   c:\windows\system32\dllcache\binlsvc.dll
2011-10-07 04:11:59   747392   -c--a-w-   c:\windows\system32\dllcache\adm8830.sys
2011-10-07 02:43:17   49152   ----a-w-   c:\windows\system32\ChCfg.exe
2011-10-07 02:26:02   --------   d-----w-   c:\program files\Debugging Tools for Windows (x86)
2011-10-06 04:23:33   839680   ----a-w-   c:\windows\system32\lameACM.acm
2011-10-06 04:23:32   650752   ----a-w-   c:\windows\system32\xvidcore.dll
2011-10-06 04:23:32   630784   ----a-w-   c:\windows\system32\vp7vfw.dll
2011-10-06 04:23:32   243200   ----a-w-   c:\windows\system32\xvidvfw.dll
2011-10-06 04:23:32   216064   ----a-w-   c:\windows\system32\lagarith.dll
2011-10-06 04:23:32   151552   ----a-w-   c:\windows\system32\ac3acm.acm
2011-10-06 04:23:31   74752   ----a-w-   c:\windows\system32\ff_vfw.dll
2011-10-05 04:05:30   --------   d-----w-   c:\documents and settings\carmen gonzalez\local settings\application data\SlimWare Utilities Inc
2011-10-01 02:51:45   94208   ----a-r-   c:\windows\system32\HPZipt12.dll
2011-10-01 02:51:45   61699   ----a-r-   c:\windows\system32\HPZinw12.exe
2011-10-01 02:51:45   57344   ----a-r-   c:\windows\system32\HPZisn12.dll
2011-10-01 02:51:44   65795   ----a-r-   c:\windows\system32\HPZipm12.exe
2011-10-01 02:51:44   233528   ----a-r-   c:\windows\system32\HPZidr12.dll
2011-10-01 02:51:44   167936   ----a-r-   c:\windows\system32\HPZipr12.dll
2011-10-01 02:51:44   16080   ----a-r-   c:\windows\system32\drivers\HPZipr12.sys
2011-10-01 02:51:37   51024   ----a-r-   c:\windows\system32\drivers\hpzid412.sys
2011-10-01 02:49:33   21456   ----a-r-   c:\windows\system32\drivers\HPZius12.sys
2011-09-29 15:59:19   36864   ----a-r-   c:\documents and settings\carmen gonzalez\application data\microsoft\installer\{4fcbd822-5dab-4403-9064-569d7aa7dad6}\_FA81DAE.exe
2011-09-29 08:00:14   266240   ----a-w-   c:\windows\system32\hpzcon05.dll
2011-09-28 02:40:13   --------   d-----w-   c:\documents and settings\carmen gonzalez\application data\ElevatedDiagnostics
2011-09-27 03:01:02   32768   ----a-w-   c:\windows\system32\drivers\sp_rsdrv2.sys
2011-09-24 18:55:39   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-09-24 18:55:39   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-09-23 05:32:07   --------   d-----w-   c:\windows\system32\FxsTmp
2011-09-23 05:31:50   31744   -c--a-w-   c:\windows\system32\dllcache\fxsroute.dll
2011-09-23 05:31:50   31744   ----a-w-   c:\windows\system32\fxsroute.dll
2011-09-23 05:31:50   132608   -c--a-w-   c:\windows\system32\dllcache\fxsclntr.dll
2011-09-23 05:31:50   132608   ----a-w-   c:\windows\system32\fxsclntR.dll
2011-09-23 05:31:50   11264   -c--a-w-   c:\windows\system32\dllcache\fxssend.exe
2011-09-23 05:31:50   11264   ----a-w-   c:\windows\system32\fxssend.exe
2011-09-23 05:31:49   111104   -c--a-w-   c:\windows\system32\dllcache\fxscfgwz.dll
2011-09-23 05:31:49   111104   ----a-w-   c:\windows\system32\fxscfgwz.dll
2011-09-21 04:04:30   --------   d-----w-   c:\windows\Internet Logs
2011-09-21 02:56:33   --------   d-----w-   c:\program files\Internet Cell Boost
2011-09-20 03:42:59   26000   ----a-w-   c:\windows\system32\E3TL.DLL
2011-09-16 05:22:12   --------   d-----w-   c:\program files\QMixer
2011-09-16 04:21:26   --------   d-----w-   c:\documents and settings\carmen gonzalez\local settings\application data\Privatefirewall
2011-09-14 03:24:25   138752   -c--a-w-   c:\windows\system32\dllcache\sndvol32.exe
2011-09-14 03:24:25   138752   ----a-w-   c:\windows\system32\sndvol32.exe
.
==================== Find3M ====================
.
2011-10-11 18:09:21   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 05:15:06   86016   ----a-w-   c:\windows\system32\mdmxsdk.dll
2011-10-11 05:15:06   717952   ----a-w-   c:\windows\system32\drivers\HSF_CNXT.sys
2011-10-11 05:15:06   12544   ----a-w-   c:\windows\system32\drivers\mdmxsdk.sys
2011-10-11 05:15:06   1035008   ----a-w-   c:\windows\system32\drivers\HSF_DPV.sys
2011-10-11 05:15:05   231168   ----a-w-   c:\windows\system32\drivers\HSFHWBS2.sys
2011-09-09 09:12:13   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-08 17:59:14   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-09-06 20:45:29   41184   ----a-w-   c:\windows\avastSS.scr
2011-09-06 20:38:05   442200   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-08-31 21:00:50   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-10 02:02:05   128000   ----a-w-   c:\windows\system32\javacpl.cpl
2011-08-10 02:02:04   544656   ----a-w-   c:\windows\system32\deployJava1.dll
2011-07-15 13:29:31   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 3:32:11.07 ===============

default · « **Reply #1 on:** October 12, 2011, 07:37:37 AM »

Edit note: Duplicate log removed to avoid confusion.
Corrine

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Carmen Gonzalez at 3:30:08 on 2011-10-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.555 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

Corrine · « **Reply #2 on:** October 12, 2011, 03:02:53 PM »

Hi, default.

Please copy/paste the "Attach.txt" log in your next reply.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware
Click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, be sure Quick scan is selected, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

default · « **Reply #3 on:** October 12, 2011, 03:19:18 PM »

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/1/2004 9:34:11 PM
System Uptime: 10/12/2011 10:46:09 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P4S533VL
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | PGA 478 | 2394/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 14 GiB total, 1.02 GiB free.
D: is FIXED (NTFS) - 61 GiB total, 45.122 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80EA104D&REV_10\3&61AAA01&0&90
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80EA104D&REV_10\3&61AAA01&0&90
Service: RTL8023xp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\154113B8004603
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\154113B8004603
Service: NIC1394
.
==== System Restore Points ===================
.
RP502: 10/6/2011 12:23:54 PM - Revo Uninstaller's restore point - R-Firewall 1.05.53
RP503: 10/6/2011 10:26:00 PM - Installed Debugging Tools for Windows (x86)
RP504: 10/6/2011 10:42:08 PM - Installed Realtek AC'97 Audio
RP505: 10/7/2011 12:28:42 AM - Tweaking.com - Windows Repair
RP506: 10/7/2011 3:10:38 PM - Tweaking.com - Windows Repair
RP507: 10/7/2011 7:41:20 PM - Tweaking.com - Windows Repair
RP508: 10/7/2011 11:24:21 PM - Rollback to an unsigned driver
RP509: 10/8/2011 6:19:32 PM - Revo Uninstaller's restore point - Immunet 3.0
RP510: 10/8/2011 6:23:32 PM - Revo Uninstaller's restore point - Immunet 3.0
RP511: 10/8/2011 9:36:50 PM - QuickRestoreMaker Generated
RP512: 10/9/2011 12:33:43 PM - 10911
RP513: 10/10/2011 10:30:29 PM - Revo Uninstaller's restore point - DriverMax 5
RP514: 10/11/2011 1:22:00 AM - Revo Uninstaller's restore point - DriverAgent by eSupport.com
RP515: 10/12/2011 1:17:38 AM - Revo Uninstaller's restore point - QMixer
.
==== Installed Programs ======================
.
.
1access.net Internet Services
7-Zip 9.22beta
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Software Update
Arena 1.1 / SOS 5.1 for Arena
Auslogics Registry Cleaner
avast! Free Antivirus
Belarc Advisor 8.1
CCleaner
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Creative MuVo NX-TX
Creative System Information
CryptaGram
Debugging Tools for Windows (x86)
DriverIdentifier 3.5
DVgate
EasyCleaner
ESET Online Scanner v3
Experience VAIO
FastStone Photo Resizer 2.0
FileHippo.com Update Checker
Firmware upgrade utility 2.0C For Sony DW-U12A DVD-RW Drive
Foxit Reader 5.0
Free Download Manager 3.0
Free PDF to Word Converter 5.1.0.383
GIMP 2.6.11
Greenfish Icon Editor Pro 2.1
GTK2-Runtime
Help and Support
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB951830)
hp instant support
HP Photo and Imaging 2.0 - All-in-One Series
HP Photo and Imaging 2.0 - All-in-One Series Drivers
HP Product Detection
hp psc 2200 series
HP System Diagnostics
IcoFX 1.6.4
IE7Pro
ImageStation Tour
Internet Cell Boost
Internet Explorer (Enable DEP)
IrfanView (remove only)
ISScript
Java Auto Updater
Java(TM) 7
jv16 PowerTools 1.3
K-Lite Codec Pack 7.8.0 (Full)
Malwarebytes' Anti-Malware version 1.51.2.1300
Mayura Chess Board
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Data Access Components KB870669
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
miniTrezor
Moffsoft FreeCalc
MoodLogic
MovieShaker 3.3
Mozilla Firefox 6.0.2 (x86 en-US)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser
Music Visualizer Library 1.4.00
MuVo Driver
Network Smart Capture
NVIDIA Windows 2000/XP Display Drivers
OpenMG Limited Patch 3.1-02-10-22-01
OpenMG Limited Patch 3.1-02-10-23-01
OpenMG Secure Module 3.1
Opera 11.51
Pale Moon (3.6.25)
Password Agent 2.3.3
Password Corral v4.0
PictureGear Studio 1.0
POP Peeper
Puran Defrag Free Edition 7.1
Readiris 7.5
Realtek AC'97 Audio
Registry Life version 1.31
Revo Uninstaller 1.93
SDS (Shutdown Scheduler)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB953155)
Soft Data Fax Modem with SmartCP
SonicStage 1.5.05
Sony Certificate PCH
Sony DV Shared Library
SpamBayes 1.0.4
SpyShelter Personal Free 5.42
SpywareBlaster 4.4
SUPERAntiSpyware
Support Actions WinXP
SupportComPatch
tinySpell 1.9.11
Unlocker 1.8.9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB955704)
Update for Windows XP (KB971029)
VAIO Action Setup
VAIO Media 2.0
VAIO Media Installer 2.0
VAIO Media Music Server 2.0
VAIO Media Platform 2.0
VAIO Registration
VAIO Serenus Wallpaper
VAIO Survey Standalone
VAIO System Information
VC 9.0 Runtime
VS10RuntimeWin32
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
WinPatrol
WinSnap
WordWeb
WOT for Internet Explorer
XMedia Recode 2.1.8.4
xp-AntiSpy 3.97-9
Yahtzee
.
==== Event Viewer Messages From Past Week ========
.
10/9/2011 6:32:54 PM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/7/2011 3:19:23 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'temp3a.bat' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/6/2011 1:52:41 PM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
10/5/2011 12:52:11 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
10/5/2011 11:52:33 PM, error: Service Control Manager [7024] - The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).
10/5/2011 11:52:33 PM, error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The system cannot find the path specified.
10/5/2011 11:13:37 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
10/12/2011 12:27:32 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
10/11/2011 11:11:19 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================

Corrine · « **Reply #4 on:** October 12, 2011, 03:25:49 PM »

Hi, default.

Thank you for the attach.txt log.

It seems as I was updating my post to request an MBAM scan, you were posting the log.

Please see my edited instructions. Thank you!

default · « **Reply #5 on:** October 17, 2011, 01:46:43 AM »

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7962

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/16/2011 9:25:07 PM
mbam-log-2011-10-16 (21-25-07).txt

Scan type: Quick scan
Objects scanned: 186914
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I guess the computer is clean. Thank you. I just thought it was doing strange stuff.

Corrine · « **Reply #6 on:** October 17, 2011, 03:46:46 PM »

Hi, default.

Seeing Java version 1.7.0 in your downloaded programs file, I suggest that you run the Disk Cleanup tool, or at least remove old files in the downloaded programs file. You can choose to delete some or all of the files. It can also be used to clear all but the most recent System Restore point, as illustrated below:

First, create a fresh restore point:

1. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.
2. Click Create a Restore Point, and then click Next.
3. Name your restore point. (i.e., clean)
4. Click the Create button.
5. When the new restore point has been created, click Close.

Now select the files to be removed as well as all but the new restore points:

Click start-->Run and type cleanmgr into the run box and then click "OK".
Select the drive where Windows is installed (if you have more than one drive) and click "OK".
When the scan completes, check/uncheck desired boxes.
Next, please click the More Options tab at the top.
Click the "Clean up..." button under the System Restore section at the bottom.
Answer Yes to the question "Are you sure you want to delete all but the most recent restore point?".
Click OK and answer Yes again.

The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.

I also noted several instances of DCOM - Event 10005 in the Event log. This is caused by the Help and Support service set to disabled. More information is available in The security update that is documented in Microsoft Security Bulletin MS04-015 does not install correctly if the Help and Support service is disabled.

Another error related to System Restore being unable to continue due to "temp3a.bat" (KB Article for 0xC000009A error: Windows Reports Out of Resources Error When Memory Is Available). I suggest Temp File Cleaner:

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please let me know if you have any questions.

LandzDown Forum

News:

Author Topic: got something (Read 376 times)

default

got something

default

Re: got something

Corrine

Re: got something

default

Re: got something

Corrine

Re: got something

default

Re: got something

Corrine

Re: got something