Jump to content

infinite loop of two dialog boxes

cakloss

By cakloss
in Resolved Malware Removal Logs

 Share

Recommended Posts

cakloss

cakloss

Posted
Posted

I got multiple infections with Malwarebytes Pro in place and recurring multiple infections after using Malwarebytes Pro to try to remove them.

All of the infections after full scans by Malwarebytes Pro and ClamWin

involved my boot drive C:, not my other two hard drives.

 

Not knowing any better, I place another post describing what I did  at

http://forums.malwarebytes.org/index.php?showtopic=133262&hl=%2Bmedfos#entry730009,

a small part of which was removing Java. 

 

I do not and have never used peer to peer software.

 

I got instructions from an administrators to update and do a quick scan with Malwarebytes and,

after disabling my antivirus (ClamWin), then run DDS.

 

All this I did, however,

DDS only generated one text file, attach.txt,

which is at the bottom of this post,

even though the box for dds.txt was checked.

 

Also, you will see from my earlier post and I see now in error,

I followed most of the directions from an earlier post to remove Medfos,

which seemed to be the main recurrent infection.

 

The only symptom that remains is the presence of

an infinite loop of two dialog boxes,

one popping up after the other is closed by the means I gave in my original post:

first, the "Data Execution Prevention" dialog box, then

the "Windows Explorer" dialog box which reports

"Windows Explorer has encountered a problem and needs to close.

We are sorry for the inconvenience......"

 

While this has not so far progressed to other processes,

or interfered with programs,

this was one of the initial events that I noticed prior to more severe effects earlier.

 

I did not find an Immediate Email Notification option under the Follow this topic button.

 

attach.txt is below:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/18/2013 12:55:07 PM
System Uptime: 9/16/2013 1:07:13 PM (0 hours ago)
.
Motherboard: ECS  |  | Iris8
Processor: AMD Athlon Dual Core Processor 4450e | Socket AM2  | 2310/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 111.53 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 858 GiB total, 506.791 GiB free.
F: is FIXED (NTFS) - 858 GiB total, 504.538 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_2A5C103C&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_2A5C103C&REV_A2\3&2411E6FE&0&09
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A5C103C&REV_A2\3&2411E6FE&0&38
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A5C103C&REV_A2\3&2411E6FE&0&38
Service:
.
==== System Restore Points ===================
.
RP120: 8/7/2013 4:24:14 PM - System Checkpoint
RP121: 8/9/2013 9:15:26 AM - System Checkpoint
RP122: 8/12/2013 2:06:24 PM - System Checkpoint
RP123: 8/13/2013 2:44:28 PM - System Checkpoint
RP124: 8/14/2013 3:21:14 PM - System Checkpoint
RP125: 8/15/2013 3:48:34 PM - System Checkpoint
RP126: 8/19/2013 7:55:09 AM - System Checkpoint
RP127: 8/20/2013 8:57:54 AM - System Checkpoint
RP128: 8/23/2013 9:41:45 AM - System Checkpoint
RP129: 8/26/2013 2:06:06 PM - System Checkpoint
RP130: 8/27/2013 2:52:37 PM - System Checkpoint
RP131: 8/28/2013 3:29:52 PM - System Checkpoint
RP132: 8/29/2013 3:32:59 PM - System Checkpoint
RP133: 9/3/2013 7:40:52 AM - System Checkpoint
RP134: 9/5/2013 11:46:17 AM - System Checkpoint
RP135: 9/9/2013 11:03:42 AM - System Checkpoint
RP136: 9/10/2013 11:04:44 AM - System Checkpoint
RP137: 9/11/2013 3:57:16 PM - System Checkpoint
RP138: 9/13/2013 2:27:21 PM - System Checkpoint
RP139: 9/14/2013 10:08:19 AM - Revo Uninstaller's restore point - Java 7 Update 15
RP140: 9/14/2013 10:08:37 AM - Removed Java 7 Update 15
.
==== Image File Execution Options =============
.
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 

 

 

Link to post
Share on other sites
  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

kevinf80

kevinf80

Posted
Posted

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites
cakloss

cakloss

Posted
  • Author
Posted

The Addition.txt file contents are in a second post

since the post would be long otherwise.

 

FRST.txt File is below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 02
Ran by Sam (administrator) on PRESARIO on 16-09-2013 14:39:58
Running from C:\Documents and Settings\Sam\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINXP\System32\smss.exe
(Microsoft Corporation) C:\WINXP\system32\csrss.exe
(Microsoft Corporation) C:\WINXP\system32\winlogon.exe
(Microsoft Corporation) C:\WINXP\system32\services.exe
(Microsoft Corporation) C:\WINXP\system32\lsass.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\WINXP\System32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\spoolsv.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
() C:\WINXP\system32\ANIWConnService.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(HP) C:\WINXP\system32\HPZipm12.exe
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\System32\alg.exe
(Microsoft Corporation) C:\WINXP\Explorer.EXE
(Realtek Semiconductor Corp.) C:\WINXP\RTHDCPL.EXE
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
(Microsoft Corporation) C:\WINXP\system32\ctfmon.exe
(Microsoft Corporation) C:\WINXP\system32\wuauclt.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINXP\system32\dwwin.exe
(Microsoft Corporation) C:\WINXP\system32\wbem\wmiprvse.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - RTHDCPL.EXE
HKLM\...\Run: [ClamWin] - C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2013-04-27] (alch)
HKLM\...\Run: [ANIWZCS2Service] - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service)
HKLM\...\Run: [D-Link D-Link RangeBooster N DWA-140] - C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1708032 2009-09-18] (D-Link Corp.)
HKLM\...\Winlogon: [userinit] C:\WINXP\system32\userinit.exe,
HKLM\...\Winlogon: [shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [uIHost] logonui.exe [x ] ()
Winlogon\Notify\crypt32chain: crypt32.dll [X]
Winlogon\Notify\cryptnet: cryptnet.dll [X]
Winlogon\Notify\cscdll: cscdll.dll [X]
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\Schedule: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: sclgntfy.dll [X]
Winlogon\Notify\SensLogn: WlNotify.dll [X]
Winlogon\Notify\termsrv: wlnotify.dll [X]
Winlogon\Notify\wlballoon: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [ctfmon.exe] - C:\WINXP\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Hal\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Hal\...\Run: [ctfmon.exe] - C:\WINXP\system32\ctfmon.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Hal\...\Run: [AdobeBridge] - [x]
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll No File
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll No File
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll No File
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2CED93D9081CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO: D-Link Toolbar Loader - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - TextAloud Toolbar - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll (NextUp.com)
Toolbar: HKLM - D-Link Toolbar - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL Inc.)
Toolbar: HKCU -D-Link Toolbar - {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL Inc.)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINXP\system32\urlmon.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll No File
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINXP\system32\wiascr.dll (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BFDC463C-399A-4B1B-9B19-629F1EA6DE50}: [NameServer]68.94.156.1,68.94.157.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\eqxrse39.default

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\eqxrse39.default\Extensions\{c9a50c86-fec2-11e2-8277-b8ac6f996f26}.xpi
FF Extension: TextAloud 3 Toolbar - C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Presentation Foundation) - C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\DOCUME~1\Sam\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\Sam\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\Sam\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Sam\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\DOCUME~1\Sam\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S3 AdobeFlashPlayerUpdateSvc; C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-09-11] (Adobe Systems Incorporated)
R2 ANIWConnService; C:\WINXP\system32\ANIWConnService.exe [151552 2009-07-07] ()
S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [102400 2009-08-21] (Wireless Service)
S3 bepldr7Service; C:\Program Files\Common Files\BCL Technologies\easyPDF 7\bepldr.exe [212992 2013-02-26] ()
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.)
S4 clr_optimization_v2.0.50727_32; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R3 EventSystem; C:\WINXP\system32\es.dll [253952 2010-09-16] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
S3 idsvc; C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 mnmsrvc; C:\WINXP\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINXP\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINXP\system32\HPZipm12.exe [69632 2004-09-29] (HP)
S3 RDSessMgr; C:\WINXP\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [129112 2013-07-08] (Sandboxie Holdings, LLC)
R2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [376832 2013-01-09] (SafeNet, Inc.)
R2 SentinelSecurityRuntime; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc.)
S3 SwPrv; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S3 TlntSvr; C:\WINXP\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINXP\system32\mspmsnsv.dll [27136 2010-09-16] (Microsoft Corporation)
S3 WmiApSrv; C:\WINXP\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-04-18] (Microsoft Corporation)
S4 Alerter; %SystemRoot%\system32\alrsvc.dll [x]
R3 ALG; %SystemRoot%\System32\alg.exe [x]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [x]
R2 AudioSrv; %SystemRoot%\System32\audiosrv.dll [x]
R2 BITS; %systemroot%\system32\qmgr.dll [x]
R2 Browser; %SystemRoot%\System32\browser.dll [x]
S3 CiSvc; %SystemRoot%\system32\cisvc.exe [x]
S3 ClipSrv; %SystemRoot%\system32\clipsrv.exe [x]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [x]
R2 CryptSvc; %SystemRoot%\System32\cryptsvc.dll [x]
R2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [x]
R2 Dhcp; %SystemRoot%\System32\dhcpcsvc.dll [x]
S3 dmadmin; %SystemRoot%\System32\dmadmin.exe /com [x]
R2 dmserver; %SystemRoot%\System32\dmserver.dll [x]
R2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [x]
S3 Dot3svc; %SystemRoot%\System32\dot3svc.dll [x]
S3 EapHost; %SystemRoot%\System32\eapsvc.dll [x]
R2 ERSvc; %SystemRoot%\System32\ersvc.dll [x]
R2 Eventlog; %SystemRoot%\system32\services.exe [x]
R3 FastUserSwitchingCompatibility; %SystemRoot%\System32\shsvcs.dll [x]
R2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [x]
R2 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S3 hkmsvc; %SystemRoot%\System32\kmsvc.dll [x]
S3 HTTPFilter; %SystemRoot%\System32\w3ssl.dll [x]
S3 ImapiService; %systemroot%\system32\imapi.exe [x]
R2 LanmanServer; %SystemRoot%\System32\srvsvc.dll [x]
R2 lanmanworkstation; %SystemRoot%\System32\wkssvc.dll [x]
R2 LmHosts; %SystemRoot%\System32\lmhsvc.dll [x]
S4 Messenger; %SystemRoot%\System32\msgsvc.dll [x]
S3 MSIServer; %systemroot%\system32\msiexec.exe /V [x]
S3 napagent; %SystemRoot%\System32\qagentrt.dll [x]
S4 NetDDE; %SystemRoot%\system32\netdde.exe [x]
S4 NetDDEdsdm; %SystemRoot%\system32\netdde.exe [x]
S3 Netlogon; %SystemRoot%\system32\lsass.exe [x]
R3 Netman; %SystemRoot%\System32\netman.dll [x]
R3 Nla; %SystemRoot%\System32\mswsock.dll [x]
S3 NtLmSsp; %SystemRoot%\system32\lsass.exe [x]
S3 NtmsSvc; %SystemRoot%\system32\ntmssvc.dll [x]
S2 NVSvc; %SystemRoot%\system32\nvsvc32.exe [x]
R2 PlugPlay; %SystemRoot%\system32\services.exe [x]
R2 PolicyAgent; %SystemRoot%\system32\lsass.exe [x]
R2 ProtectedStorage; %SystemRoot%\system32\lsass.exe [x]
S3 RasAuto; %SystemRoot%\System32\rasauto.dll [x]
R3 RasMan; %SystemRoot%\System32\rasmans.dll [x]
S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [x]
R2 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [x]
S3 RpcLocator; %SystemRoot%\system32\locator.exe [x]
R2 RpcSs; %SystemRoot%\System32\rpcss.dll [x]
S3 RSVP; %SystemRoot%\system32\rsvp.exe [x]
R2 SamSs; %SystemRoot%\system32\lsass.exe [x]
S3 SCardSvr; %SystemRoot%\System32\SCardSvr.exe [x]
R2 Schedule; %SystemRoot%\system32\schedsvc.dll [x]
R2 seclogon; %SystemRoot%\System32\seclogon.dll [x]
R2 SENS; %SystemRoot%\system32\sens.dll [x]
R2 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [x]
R2 ShellHWDetection; %SystemRoot%\System32\shsvcs.dll [x]
R2 Spooler; %SystemRoot%\system32\spoolsv.exe [x]
R2 srservice; %SystemRoot%\system32\srsvc.dll [x]
R3 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [x]
R2 stisvc; %SystemRoot%\system32\wiaservc.dll [x]
S3 SysmonLog; %SystemRoot%\system32\smlogsvc.exe [x]
R3 TapiSrv; %SystemRoot%\System32\tapisrv.dll [x]
R3 TermService; %SystemRoot%\System32\termsrv.dll [x]
R2 Themes; %SystemRoot%\System32\shsvcs.dll [x]
R2 TrkWks; %SystemRoot%\system32\trkwks.dll [x]
S3 upnphost; %SystemRoot%\System32\upnphost.dll [x]
S3 UPS; %SystemRoot%\System32\ups.exe [x]
S3 VSS; %SystemRoot%\System32\vssvc.exe [x]
R2 W32Time; %systemroot%\system32\w32time.dll [x]
R2 WebClient; %SystemRoot%\System32\webclnt.dll [x]
R2 winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [x]
S3 Wmi; %SystemRoot%\System32\advapi32.dll [x]
R2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [x]
R2 wuauserv; %systemroot%\system32\wuauserv.dll [x]
S3 WudfSvc; %SystemRoot%\System32\WUDFSvc.dll [x]
R2 WZCSVC; %SystemRoot%\System32\wzcsvc.dll [x]
S3 xmlprov; %SystemRoot%\System32\xmlprov.dll [x]

==================== Drivers (Whitelisted) ====================

R2 ANIO; C:\WINXP\system32\ANIO.SYS [29411 2009-02-09] ()
S3 cpuz135; C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [24880 2012-08-11] (CPUID)
R2 Hardlock; C:\WINXP\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R2 Haspnt; C:\WINXP\system32\drivers\Haspnt.sys [47616 2013-05-15] (Aladdin Knowledge Systems)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [67584 2006-11-25] (EZB Systems, Inc.)
S3 MBAMProtector; C:\WINXP\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159208 2013-07-08] (Sandboxie Holdings, LLC)
R0 ACPI; system32\DRIVERS\ACPI.sys [x]
S4 ACPIEC; No ImagePath
S3 AE1000; system32\DRIVERS\AE1000XP.sys [x]
S3 aec; system32\drivers\aec.sys [x]
R1 AFD; \SystemRoot\System32\drivers\afd.sys [x]
S3 AsyncMac; system32\DRIVERS\asyncmac.sys [x]
R0 atapi; system32\DRIVERS\atapi.sys [x]
S3 Atmarpc; system32\DRIVERS\atmarpc.sys [x]
R3 audstub; system32\DRIVERS\audstub.sys [x]
R1 Beep; No ImagePath
S3 catchme; \??\C:\DOCUME~1\Sam\LOCALS~1\Temp\catchme.sys [x]
S4 cbidf2k; No ImagePath
S1 Cdaudio; No ImagePath
R4 Cdfs; No ImagePath
R1 Cdrom; system32\DRIVERS\cdrom.sys [x]
R0 Disk; system32\DRIVERS\disk.sys [x]
S4 dmboot; System32\drivers\dmboot.sys [x]
R0 dmio; System32\drivers\dmio.sys [x]
R0 dmload; System32\drivers\dmload.sys [x]
S3 DMusic; system32\drivers\DMusic.sys [x]
S3 drmkaud; system32\drivers\drmkaud.sys [x]
R1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]
R4 Fastfat; No ImagePath
S1 Fdc; No ImagePath
R1 Fips; No ImagePath
S1 Flpydisk; No ImagePath
R0 FltMgr; system32\DRIVERS\fltMgr.sys [x]
U1 Fs_Rec; No ImagePath
R0 Ftdisk; system32\DRIVERS\ftdisk.sys [x]
R3 Gpc; system32\DRIVERS\msgpc.sys [x]
R3 HDAudBus; system32\DRIVERS\HDAudBus.sys [x]
R3 hidusb; system32\DRIVERS\hidusb.sys [x]
R3 HTTP; System32\Drivers\HTTP.sys [x]
S1 i8042prt; system32\DRIVERS\i8042prt.sys [x]
R1 Imapi; system32\DRIVERS\imapi.sys [x]
R3 IntcAzAudAddService; system32\drivers\RtkHDAud.sys [x]
S4 IntelIde; No ImagePath
S3 Ip6Fw; system32\DRIVERS\Ip6Fw.sys [x]
S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
R3 IpNat; system32\DRIVERS\ipnat.sys [x]
R1 IPSec; system32\DRIVERS\ipsec.sys [x]
S3 IRENUM; system32\DRIVERS\irenum.sys [x]
R0 isapnp; system32\DRIVERS\isapnp.sys [x]
R1 Kbdclass; system32\DRIVERS\kbdclass.sys [x]
R1 kbdhid; system32\DRIVERS\kbdhid.sys [x]
R3 kmixer; system32\drivers\kmixer.sys [x]
R0 KSecDD; No ImagePath
R1 mnmdd; No ImagePath
S3 Modem; No ImagePath
R1 Mouclass; system32\DRIVERS\mouclass.sys [x]
R3 mouhid; system32\DRIVERS\mouhid.sys [x]
R0 MountMgr; No ImagePath
R3 MRxDAV; system32\DRIVERS\mrxdav.sys [x]
R1 MRxSmb; system32\DRIVERS\mrxsmb.sys [x]
R1 Msfs; No ImagePath
S3 MSKSSRV; system32\drivers\MSKSSRV.sys [x]
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [x]
S3 MSPQM; system32\drivers\MSPQM.sys [x]
R3 mssmbios; system32\DRIVERS\mssmbios.sys [x]
R0 Mup; No ImagePath
R0 NDIS; No ImagePath
R3 NdisTapi; system32\DRIVERS\ndistapi.sys [x]
R3 Ndisuio; system32\DRIVERS\ndisuio.sys [x]
R3 NdisWan; system32\DRIVERS\ndiswan.sys [x]
R3 NDProxy; No ImagePath
R1 NetBIOS; system32\DRIVERS\netbios.sys [x]
R1 NetBT; system32\DRIVERS\netbt.sys [x]
R1 Npfs; No ImagePath
R4 Ntfs; No ImagePath
R1 Null; No ImagePath
R3 nv; system32\DRIVERS\nv4_mini.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
R3 ousb2hub; system32\DRIVERS\ousb2hub.sys [x]
R2 ousbehci; System32\Drivers\ousbehci.sys [x]
S3 Parport; No ImagePath
R0 PartMgr; No ImagePath
S2 ParVdm; No ImagePath
R0 PCI; system32\DRIVERS\pci.sys [x]
R0 PCIIde; system32\DRIVERS\pciide.sys [x]
S4 Pcmcia; No ImagePath
R3 PptpMiniport; system32\DRIVERS\raspptp.sys [x]
R1 Processor; system32\DRIVERS\processr.sys [x]
R3 PSched; system32\DRIVERS\psched.sys [x]
R3 Ptilink; system32\DRIVERS\ptilink.sys [x]
R1 RasAcd; system32\DRIVERS\rasacd.sys [x]
R3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [x]
R3 RasPppoe; system32\DRIVERS\raspppoe.sys [x]
R3 Raspti; system32\DRIVERS\raspti.sys [x]
R1 Rdbss; system32\DRIVERS\rdbss.sys [x]
R1 RDPCDD; System32\DRIVERS\RDPCDD.sys [x]
R3 rdpdr; system32\DRIVERS\rdpdr.sys [x]
S3 RDPWD; No ImagePath
R1 redbook; system32\DRIVERS\redbook.sys [x]
S3 rt2870; system32\DRIVERS\Drt2870.sys [x]
S3 Secdrv; system32\DRIVERS\secdrv.sys [x]
R2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [x]
S2 Serial; No ImagePath
S1 Sfloppy; No ImagePath
R3 SNTNLUSB; system32\DRIVERS\SNTNLUSB.SYS [x]
S3 splitter; system32\drivers\splitter.sys [x]
R0 sr; system32\DRIVERS\sr.sys [x]
R3 Srv; system32\DRIVERS\srv.sys [x]
R3 StillCam; system32\DRIVERS\serscan.sys [x]
R3 swenum; system32\DRIVERS\swenum.sys [x]
S3 swmidi; system32\drivers\swmidi.sys [x]
R3 sysaudio; system32\drivers\sysaudio.sys [x]
R1 Tcpip; system32\DRIVERS\tcpip.sys [x]
S3 TDPIPE; No ImagePath
S3 TDTCP; No ImagePath
R1 TermDD; system32\DRIVERS\termdd.sys [x]
S4 Udfs; No ImagePath
R3 Update; system32\DRIVERS\update.sys [x]
R3 USB-100; system32\DRIVERS\USB100M.SYS [x]
R3 usbccgp; system32\DRIVERS\usbccgp.sys [x]
R3 usbehci; system32\DRIVERS\usbehci.sys [x]
R3 usbhub; system32\DRIVERS\usbhub.sys [x]
R3 usbohci; system32\DRIVERS\usbohci.sys [x]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [x]
R3 usbuhci; system32\DRIVERS\usbuhci.sys [x]
R3 VClone; system32\DRIVERS\VClone.sys [x]
R1 VgaSave; \SystemRoot\System32\drivers\vga.sys [x]
R0 VolSnap; No ImagePath
R3 Wanarp; system32\DRIVERS\wanarp.sys [x]
R3 wdmaud; system32\drivers\wdmaud.sys [x]
R1 WS2IFSL; \SystemRoot\System32\drivers\ws2ifsl.sys [x]
S3 WudfPf; system32\DRIVERS\WudfPf.sys [x]
S3 WudfRd; system32\DRIVERS\wudfrd.sys [x]

========================== Drivers MD5 =======================

C:\WINXP\system32\ANIO.SYS 2953A157A783BFC06F42F99FEFA5EB07
C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys A89CA92145FC330ADCED0DD005421183
C:\WINXP\system32\drivers\hardlock.sys D95554949082FD29A04D351B58396718
C:\WINXP\system32\drivers\Haspnt.sys 2DD25F060DC9F79B5CDF33D90ED93669
C:\Program Files\UltraISO\drivers\ISODrive.sys D7AD3C72B9F956798A578A9E0D07B933
C:\WINXP\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:\Program Files\Sandboxie\SbieDrv.sys 37D623C460EA4FCCB853783EE81AA05B

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 14:39 - 2013-09-16 14:39 - 00000000 ____D C:\FRST
2013-09-16 14:37 - 2013-09-16 14:37 - 01951262 _____ (Farbar) C:\Documents and Settings\Sam\Desktop\FRST64.exe
2013-09-16 14:37 - 2013-09-16 14:37 - 01084173 _____ (Farbar) C:\Documents and Settings\Sam\Desktop\FRST.exe
2013-09-16 13:51 - 2013-09-16 13:52 - 00004404 _____ C:\Documents and Settings\Sam\Desktop\20130915 1352.txt
2013-09-16 13:16 - 2013-09-13 16:09 - 00688992 ____R (Swearware) C:\Documents and Settings\Sam\Desktop\DDS.com
2013-09-16 13:15 - 2013-09-16 13:31 - 00002650 _____ C:\Documents and Settings\Sam\Desktop\attach.txt
2013-09-14 11:40 - 2013-09-16 13:09 - 00057811 _____ C:\WINXP\WindowsUpdate.log
2013-09-14 10:13 - 2013-09-14 10:13 - 00000686 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-09-14 10:13 - 2013-09-14 10:13 - 00000000 ____D C:\Program Files\CCleaner
2013-09-14 10:04 - 2013-09-14 10:04 - 00000921 _____ C:\Documents and Settings\All Users\Desktop\Revo Uninstaller.lnk
2013-09-14 10:04 - 2013-09-14 10:04 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-14 10:00 - 2013-09-14 10:00 - 00012331 _____ C:\ComboFix.txt
2013-09-14 09:27 - 2011-06-26 01:45 - 00256000 _____ C:\WINXP\PEV.exe
2013-09-14 09:27 - 2010-11-07 12:20 - 00208896 _____ C:\WINXP\MBR.exe
2013-09-14 09:27 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINXP\NIRCMD.exe
2013-09-14 09:27 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINXP\SWREG.exe
2013-09-14 09:27 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINXP\SWSC.exe
2013-09-14 09:27 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINXP\SWXCACLS.exe
2013-09-14 09:27 - 2000-08-30 19:00 - 00098816 _____ C:\WINXP\sed.exe
2013-09-14 09:27 - 2000-08-30 19:00 - 00080412 _____ C:\WINXP\grep.exe
2013-09-14 09:27 - 2000-08-30 19:00 - 00068096 _____ C:\WINXP\zip.exe
2013-09-14 09:25 - 2013-09-14 10:00 - 00000000 ____D C:\Qoobox
2013-09-14 09:25 - 2013-09-14 09:39 - 00000000 ____D C:\WINXP\erdnt
2013-09-14 09:12 - 2013-09-14 09:19 - 00003076 _____ C:\Documents and Settings\All Users\Desktop\Win2kXP Recovery Console.txt
2013-09-14 09:05 - 2013-09-14 09:06 - 00044787 _____ C:\Documents and Settings\All Users\Desktop\How to disable your security applications.txt
2013-09-14 08:25 - 2013-09-14 08:28 - 00000000 ____D C:\AdwCleaner
2013-09-14 08:17 - 2013-09-16 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\AntiMalware Tools
2013-09-14 08:17 - 2013-09-14 08:32 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\Specific Infections
2013-09-13 09:40 - 2008-04-13 23:15 - 00032128 ____C (Microsoft Corporation) C:\WINXP\system32\dllcache\usbccgp.sys
2013-09-13 09:40 - 2008-04-13 23:15 - 00032128 _____ (Microsoft Corporation) C:\WINXP\system32\Drivers\usbccgp.sys
2013-09-12 10:49 - 2013-09-14 08:08 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\ERRORS
2013-09-11 14:29 - 2008-04-14 04:00 - 00356615 ____C C:\WINXP\system32\dllcache\EXPLORER.EX_
2013-09-11 14:29 - 2008-04-14 04:00 - 00356615 _____ C:\WINXP\system32\EXPLORER.EX_
2013-09-11 14:17 - 2013-09-11 14:17 - 00000000 ____D C:\VALUEADD
2013-09-11 14:17 - 2013-09-11 14:17 - 00000000 ____D C:\SUPPORT
2013-09-11 14:14 - 2013-09-11 14:14 - 00000639 _____ C:\Documents and Settings\All Users\Desktop\Temp.lnk
2013-09-11 14:11 - 2013-09-14 11:40 - 00000310 _____ C:\WINXP\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2013-09-11 14:11 - 2013-09-13 10:05 - 00000284 _____ C:\WINXP\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2013-09-11 14:09 - 2013-06-21 09:04 - 00450228 ____R C:\WINXP\system32\Drivers\etc\hosts.20130911-140953.backup
2013-09-11 14:05 - 2013-09-11 14:33 - 00000000 ____D C:\I386
2013-09-11 13:39 - 2013-09-11 13:39 - 00000264 _____ C:\WINXP\UPGRADE.TXT
2013-09-11 13:39 - 2013-09-11 13:39 - 00000000 _RSHD C:\cmdcons
2013-09-11 13:39 - 2013-09-11 13:39 - 00000000 ____D C:\WINXP\setup.pss
2013-09-11 13:39 - 2013-03-09 07:32 - 00000235 ___SH C:\BOOT.BAK
2013-09-11 13:39 - 2008-04-14 04:00 - 00260288 __RSH C:\cmldr
2013-09-11 13:21 - 2013-08-08 15:10 - 00000836 _____ C:\Documents and Settings\All Users\Desktop\Sandbox Program.lnk
2013-09-11 11:42 - 2013-09-12 14:34 - 00000664 _____ C:\Documents and Settings\Sam\Local Settings\Application Data\d3d9caps.dat
2013-09-11 10:39 - 2013-09-11 10:39 - 08784264 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerInstaller.exe
2013-09-10 08:33 - 2013-09-10 08:33 - 00000000 ____D C:\Documents and Settings\Sam\Local Settings\Application Data\Mozilla
2013-09-10 08:33 - 2013-09-10 08:33 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\Mozilla
2013-09-04 16:22 - 2013-09-11 11:15 - 00000000 ___RD C:\Sandbox
2013-08-26 12:29 - 2008-04-13 23:15 - 00020608 ____C (Microsoft Corporation) C:\WINXP\system32\dllcache\usbuhci.sys
2013-08-26 12:29 - 2008-04-13 23:15 - 00020608 _____ (Microsoft Corporation) C:\WINXP\system32\Drivers\usbuhci.sys

==================== One Month Modified Files and Folders =======

2013-09-16 14:40 - 2013-09-14 08:17 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\AntiMalware Tools
2013-09-16 14:39 - 2013-09-16 14:39 - 00000000 ____D C:\FRST
2013-09-16 14:37 - 2013-09-16 14:37 - 01951262 _____ (Farbar) C:\Documents and Settings\Sam\Desktop\FRST64.exe
2013-09-16 14:37 - 2013-09-16 14:37 - 01084173 _____ (Farbar) C:\Documents and Settings\Sam\Desktop\FRST.exe
2013-09-16 13:52 - 2013-09-16 13:51 - 00004404 _____ C:\Documents and Settings\Sam\Desktop\20130915 1352.txt
2013-09-16 13:31 - 2013-09-16 13:15 - 00002650 _____ C:\Documents and Settings\Sam\Desktop\attach.txt
2013-09-16 13:09 - 2013-09-14 11:40 - 00057811 _____ C:\WINXP\WindowsUpdate.log
2013-09-16 13:09 - 2013-05-15 08:17 - 00000007 _____ C:\WINXP\system32\ANIWZCSUSERNAME
2013-09-16 13:08 - 2013-02-18 13:56 - 00000006 ____H C:\WINXP\Tasks\SA.DAT
2013-09-16 13:08 - 2013-02-18 07:45 - 00000159 _____ C:\WINXP\wiadebug.log
2013-09-16 13:08 - 2013-02-18 07:45 - 00000049 _____ C:\WINXP\wiaservc.log
2013-09-16 12:59 - 2013-06-19 14:19 - 00000178 ___SH C:\Documents and Settings\Sam\ntuser.ini
2013-09-16 12:59 - 2013-02-18 13:56 - 00032356 _____ C:\WINXP\SchedLgU.Txt
2013-09-16 12:44 - 2013-02-18 16:04 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-09-16 12:38 - 2013-02-18 07:40 - 00000321 __RSH C:\boot.ini
2013-09-16 12:34 - 2013-02-21 05:27 - 00000000 ____D C:\WINXP\pss
2013-09-16 12:34 - 2013-02-18 13:57 - 00000178 ___SH C:\Documents and Settings\Hal\ntuser.ini
2013-09-16 12:34 - 2008-04-14 04:00 - 00000818 _____ C:\WINXP\win.ini
2013-09-16 12:34 - 2008-04-14 04:00 - 00000227 _____ C:\WINXP\system.ini
2013-09-16 12:22 - 2008-04-14 04:00 - 00002206 _____ C:\WINXP\system32\wpa.dbl
2013-09-14 11:44 - 2013-02-18 07:38 - 00000000 ____D C:\WINXP
2013-09-14 11:40 - 2013-09-11 14:11 - 00000310 _____ C:\WINXP\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2013-09-14 11:30 - 2013-02-18 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-09-14 10:15 - 2013-06-19 14:19 - 00000000 ____D C:\Documents and Settings\Sam
2013-09-14 10:13 - 2013-09-14 10:13 - 00000686 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-09-14 10:13 - 2013-09-14 10:13 - 00000000 ____D C:\Program Files\CCleaner
2013-09-14 10:12 - 2013-02-26 06:21 - 00000000 ____D C:\Program Files\Java
2013-09-14 10:04 - 2013-09-14 10:04 - 00000921 _____ C:\Documents and Settings\All Users\Desktop\Revo Uninstaller.lnk
2013-09-14 10:04 - 2013-09-14 10:04 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-14 10:00 - 2013-09-14 10:00 - 00012331 _____ C:\ComboFix.txt
2013-09-14 10:00 - 2013-09-14 09:25 - 00000000 ____D C:\Qoobox
2013-09-14 09:40 - 2013-02-18 13:56 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-09-14 09:39 - 2013-09-14 09:25 - 00000000 ____D C:\WINXP\erdnt
2013-09-14 09:19 - 2013-09-14 09:12 - 00003076 _____ C:\Documents and Settings\All Users\Desktop\Win2kXP Recovery Console.txt
2013-09-14 09:06 - 2013-09-14 09:05 - 00044787 _____ C:\Documents and Settings\All Users\Desktop\How to disable your security applications.txt
2013-09-14 08:32 - 2013-09-14 08:17 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\Specific Infections
2013-09-14 08:28 - 2013-09-14 08:25 - 00000000 ____D C:\AdwCleaner
2013-09-14 08:28 - 2013-02-18 13:57 - 00000000 ____D C:\Documents and Settings\Hal
2013-09-14 08:09 - 2013-02-19 21:21 - 00000000 __HDC C:\WINXP\$NtUninstallKB2584146$
2013-09-14 08:08 - 2013-09-12 10:49 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\ERRORS
2013-09-13 16:33 - 2013-06-13 14:08 - 00000000 __HDC C:\WINXP\$NtUninstallKB2839229$
2013-09-13 16:09 - 2013-09-16 13:16 - 00688992 ____R (Swearware) C:\Documents and Settings\Sam\Desktop\DDS.com
2013-09-13 11:11 - 2013-05-18 09:17 - 00000000 __HDC C:\WINXP\$NtUninstallKB2829361$
2013-09-13 10:05 - 2013-09-11 14:11 - 00000284 _____ C:\WINXP\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2013-09-12 15:59 - 2013-02-25 09:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallMate
2013-09-12 14:55 - 2013-02-19 11:07 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-09-12 14:34 - 2013-09-11 11:42 - 00000664 _____ C:\Documents and Settings\Sam\Local Settings\Application Data\d3d9caps.dat
2013-09-12 12:48 - 2013-08-08 15:10 - 00001764 _____ C:\WINXP\Sandboxie.ini
2013-09-12 11:29 - 2013-05-15 09:03 - 00000000 ____D C:\Program Files\EnRoute
2013-09-12 10:51 - 2013-02-19 21:32 - 00000000 __HDC C:\WINXP\$NtUninstallKB2535512$
2013-09-12 10:48 - 2013-02-20 10:40 - 00000000 ____D C:\Program Files\PhotoEditor
2013-09-11 14:33 - 2013-09-11 14:05 - 00000000 ____D C:\I386
2013-09-11 14:17 - 2013-09-11 14:17 - 00000000 ____D C:\VALUEADD
2013-09-11 14:17 - 2013-09-11 14:17 - 00000000 ____D C:\SUPPORT
2013-09-11 14:14 - 2013-09-11 14:14 - 00000639 _____ C:\Documents and Settings\All Users\Desktop\Temp.lnk
2013-09-11 13:39 - 2013-09-11 13:39 - 00000264 _____ C:\WINXP\UPGRADE.TXT
2013-09-11 13:39 - 2013-09-11 13:39 - 00000000 _RSHD C:\cmdcons
2013-09-11 13:39 - 2013-09-11 13:39 - 00000000 ____D C:\WINXP\setup.pss
2013-09-11 13:20 - 2013-08-08 15:07 - 00001710 _____ C:\Documents and Settings\All Users\Desktop\Firefox.lnk
2013-09-11 11:33 - 2013-08-16 11:39 - 00000441 _____ C:\Documents and Settings\All Users\Desktop\Shared Docs.lnk
2013-09-11 11:15 - 2013-09-04 16:22 - 00000000 ___RD C:\Sandbox
2013-09-11 11:15 - 2013-03-15 14:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-11 10:39 - 2013-09-11 10:39 - 08784264 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerInstaller.exe
2013-09-11 10:39 - 2013-05-13 12:50 - 00692616 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerApp.exe
2013-09-11 10:39 - 2013-05-13 12:50 - 00071048 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerCPLApp.cpl
2013-09-10 08:33 - 2013-09-10 08:33 - 00000000 ____D C:\Documents and Settings\Sam\Local Settings\Application Data\Mozilla
2013-09-10 08:33 - 2013-09-10 08:33 - 00000000 ____D C:\Documents and Settings\Sam\Application Data\Mozilla
2013-09-03 11:42 - 2013-05-21 09:01 - 00000336 _____ C:\WINXP\BRCALIB.INI
2013-08-20 16:29 - 2013-06-18 14:34 - 00000000 ____D C:\CAD
2013-08-20 12:45 - 2013-08-16 11:39 - 00000048 _____ C:\Documents and Settings\All Users\Desktop\cadbckup.bat

Some content of TEMP:
====================
C:\Documents and Settings\Hal\Local Settings\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== End Of Log ============================

Link to post
Share on other sites
cakloss

cakloss

Posted
  • Author
Posted

Addition.txt File is below:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 02
Ran by Sam at 2013-09-16 14:40:35
Running from C:\Documents and Settings\Sam\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 3.3.0.29126)
7-Zip 9.20
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.168)
Adobe Photoshop CS6 (Version: 13.0)
AiO_Scan (Version: 50.0.227.000)
ANIO Service
ANIWZCS2 Service
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
AT&T Natural Voices Reiner v. 1.4 (Version: 1.4)
AutoCAD 2006 - English (Version: 16.2.54.10)
Autodesk DWF Viewer (Version: 5.1)
AutoHotkey 1.1.09.03 (Version: 1.1.09.03)
AVS Audio Converter 7 (Version: 7.0.5.510)
AVS Audio Editor 7.1 (Version: 7.1.5.479)
AVS Audio Recorder version 4.0 (Version: 4.0.1.21)
AVS Cover Editor 2.0.1.3 (Version: 2.0.1.3)
AVS Disc Creator 5 (Version: 5.0.6.520)
AVS Document Converter 2.2.5 (Version: 2.2.5.218)
AVS DVD Copy 4.1.2.283 (Version: 4.1.2.283)
AVS Image Converter 2.3.2.248 (Version: 2.3.2.248)
AVS Media Player 4.1.10.99 (Version: 4.1.10.99)
AVS Photo Editor (Version: 2.0.8.128)
AVS Registry Cleaner version 2.2 (Version: 2.2.3.236)
AVS Ringtone Maker version 1.6 (Version: 1.6.1.140)
AVS Video Converter 8 (Version: 8.3.2.533)
AVS Video Editor 6 (Version: 6.3.2.234)
AVS Video Recorder 2.5 (Version: 2.5.3.83)
AVS Video ReMaker 4.1.3.149 (Version: 4.1.3.149)
BCL easyPDF SDK 7.0 (Version: 7.0.55)
Brother MFL-Pro Suite MFC-9460CDN (Version: 1.1.5.0)
CCleaner (Version: 4.05)
Cisco Connect (Version: 1.3.11076.2)
ClamWin Free Antivirus 0.97.8
D-Link RangeBooster N DWA-140
D-Link Toolbar
EnRoute (Version: 3.3.0.0)
Enterprise (Version: 50.0.227.000)
Google Chrome (Version: 29.0.1547.66)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
HP PSC & Officejet 5.3.B Corporate Edition
Machine Tools
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Expression Web 4 (Version: 4.0.1460.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers (Version: 1.3)
Opera 12.14 (Version: 12.14.1738)
OSFMount v1.5 (Version: 1.5.1012)
OSForensics
PC Wizard 2012.2.11
PDF Settings CS6 (Version: 11.0)
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 5.10.0.5821)
Revo Uninstaller 1.95 (Version: 1.95)
Safari (Version: 5.34.57.2)
Sandboxie 4.04 (32-bit) (Version: 4.04)
Scan (Version: 5.2.0.0)
Sentinel Protection Installer 7.6.6 (Version: 7.6.6)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 5.0 (Version: 5.0.0)
TextAloud 3.0 (Version: 3.0)
UltraISO Premium V8.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
VirtualCloneDrive
VLC media player 2.0.5 (Version: 2.0.5)
WebFldrs XP (Version: 9.50.7523)
Zoom Search Engine 6.0 (Version: 6.0)

==================== Restore Points  =========================

07-08-2013 21:24:14 System Checkpoint
09-08-2013 14:15:26 System Checkpoint
12-08-2013 19:06:24 System Checkpoint
13-08-2013 19:44:28 System Checkpoint
14-08-2013 20:21:14 System Checkpoint
15-08-2013 20:48:34 System Checkpoint
19-08-2013 12:55:09 System Checkpoint
20-08-2013 13:57:54 System Checkpoint
23-08-2013 14:41:45 System Checkpoint
26-08-2013 19:06:06 System Checkpoint
27-08-2013 19:52:37 System Checkpoint
28-08-2013 20:29:52 System Checkpoint
29-08-2013 20:32:59 System Checkpoint
03-09-2013 12:40:52 System Checkpoint
05-09-2013 16:46:17 System Checkpoint
09-09-2013 16:03:42 System Checkpoint
10-09-2013 16:04:44 System Checkpoint
11-09-2013 20:57:16 System Checkpoint
13-09-2013 19:27:21 System Checkpoint
14-09-2013 15:08:19 Revo Uninstaller's restore point - Java 7 Update 15
14-09-2013 15:08:37 Removed Java 7 Update 15
16-09-2013 19:14:48 System Checkpoint

==================== Hosts content: ==========================

2008-04-14 04:00 - 2013-09-14 09:38 - 00000027 ____A C:\WINXP\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINXP\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\WINXP\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-09 09:15 - 2010-12-09 09:15 - 00718336 _____ (Microsoft Corporation) C:\WINXP\system32\ntdll.dll
2010-09-16 08:11 - 2012-10-02 23:57 - 00991744 _____ (Microsoft Corporation) C:\WINXP\system32\kernel32.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00617472 _____ (Microsoft Corporation) C:\WINXP\system32\ADVAPI32.dll
2010-10-12 09:33 - 2010-10-12 09:33 - 00590848 _____ (Microsoft Corporation) C:\WINXP\system32\RPCRT4.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00056832 _____ (Microsoft Corporation) C:\WINXP\system32\Secur32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00062464 _____ (Microsoft Corporation) C:\WINXP\system32\AUTHZ.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00343040 _____ (Microsoft Corporation) C:\WINXP\system32\msvcrt.dll
2008-04-14 04:00 - 2012-06-01 11:50 - 00601088 _____ (Microsoft Corporation) C:\WINXP\system32\CRYPT32.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00058880 _____ (Microsoft Corporation) C:\WINXP\system32\MSASN1.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00578560 _____ (Microsoft Corporation) C:\WINXP\system32\USER32.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00286720 _____ (Microsoft Corporation) C:\WINXP\system32\GDI32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00017920 _____ (Microsoft Corporation) C:\WINXP\system32\NDdeApi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00027648 _____ (Microsoft Corporation) C:\WINXP\system32\PROFMAP.dll
2010-09-16 08:11 - 2012-07-06 08:58 - 00339968 _____ (Microsoft Corporation) C:\WINXP\system32\NETAPI32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00727040 _____ (Microsoft Corporation) C:\WINXP\system32\USERENV.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00023040 _____ (Microsoft Corporation) C:\WINXP\system32\PSAPI.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00049664 _____ (Microsoft Corporation) C:\WINXP\system32\REGAPI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00985088 _____ (Microsoft Corporation) C:\WINXP\system32\SETUPAPI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00018944 _____ (Microsoft Corporation) C:\WINXP\system32\VERSION.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00053760 _____ (Microsoft Corporation) C:\WINXP\system32\WINSTA.dll
2010-09-16 08:12 - 2012-08-24 08:52 - 00178176 _____ (Microsoft Corporation) C:\WINXP\system32\WINTRUST.dll
2008-04-14 04:00 - 2012-02-29 09:10 - 00148480 _____ (Microsoft Corporation) C:\WINXP\system32\IMAGEHLP.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00082432 _____ (Microsoft Corporation) C:\WINXP\system32\WS2_32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00019968 _____ (Microsoft Corporation) C:\WINXP\system32\WS2HELP.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00110080 _____ (Microsoft Corporation) C:\WINXP\system32\IMM32.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00997376 _____ (Microsoft Corporation) C:\WINXP\system32\MSGINA.dll
2010-10-12 09:33 - 2010-10-12 09:33 - 00617472 _____ (Microsoft Corporation) C:\WINXP\system32\COMCTL32.dll
2011-01-11 16:05 - 2011-01-11 16:05 - 00253952 _____ (Microsoft Corporation) C:\WINXP\system32\ODBC32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00276992 _____ (Microsoft Corporation) C:\WINXP\system32\comdlg32.dll
2011-03-08 14:40 - 2012-06-08 09:24 - 08463872 _____ (Microsoft Corporation) C:\WINXP\system32\SHELL32.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00474112 _____ (Microsoft Corporation) C:\WINXP\system32\SHLWAPI.dll
2013-02-18 07:41 - 2010-10-12 09:33 - 01054208 _____ (Microsoft Corporation) C:\WINXP\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00094208 _____ (Microsoft Corporation) C:\WINXP\system32\odbcint.dll
2011-03-08 14:39 - 2011-03-08 14:39 - 00135168 _____ (Microsoft Corporation) C:\WINXP\system32\SHSVCS.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00005120 _____ (Microsoft Corporation) C:\WINXP\system32\sfc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00140288 _____ (Microsoft Corporation) C:\WINXP\system32\sfc_os.dll
2010-10-12 09:34 - 2011-11-01 11:05 - 01289216 _____ (Microsoft Corporation) C:\WINXP\system32\ole32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00125952 _____ (Microsoft Corporation) C:\WINXP\system32\Apphelp.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00177152 _____ (Microsoft Corporation) C:\WINXP\system32\msctfime.ime
2008-04-14 04:00 - 2008-04-14 04:00 - 00099328 _____ (Microsoft Corporation) C:\WINXP\system32\WINSCARD.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00018432 _____ (Microsoft Corporation) C:\WINXP\system32\WTSAPI32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00713216 _____ (Microsoft Corporation) C:\WINXP\system32\sxs.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00218624 _____ (Microsoft Corporation) C:\WINXP\system32\uxtheme.dll
2008-04-14 04:00 - 2011-10-14 09:47 - 00176128 _____ (Microsoft Corporation) C:\WINXP\system32\WINMM.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00101888 _____ (Microsoft Corporation) C:\WINXP\system32\cscdll.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00019456 _____ (Microsoft Corporation) C:\WINXP\System32\dimsntfy.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00092672 _____ (Microsoft Corporation) C:\WINXP\system32\WlNotify.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00059904 _____ (Microsoft Corporation) C:\WINXP\system32\MPR.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00146432 _____ (Microsoft Corporation) C:\WINXP\system32\WINSPOOL.DRV
2008-04-14 04:00 - 2008-04-14 04:00 - 00208384 _____ (Microsoft Corporation) C:\WINXP\system32\rsaenh.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00136704 _____ (Microsoft Corporation) C:\WINXP\system32\msv1_0.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00033280 _____ (Microsoft Corporation) C:\WINXP\system32\cryptdll.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00094720 _____ (Microsoft Corporation) C:\WINXP\system32\iphlpapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00064000 _____ (Microsoft Corporation) C:\WINXP\system32\SAMLIB.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00172032 _____ (Microsoft Corporation) C:\WINXP\system32\wldap32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00326656 _____ (Microsoft Corporation) C:\WINXP\system32\cscui.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 02897920 _____ (Microsoft Corporation) C:\WINXP\system32\xpsp2res.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00792064 _____ (Microsoft Corporation) C:\WINXP\system32\COMRes.dll
2008-04-14 04:00 - 2013-01-25 22:55 - 00552448 _____ (Microsoft Corporation) C:\WINXP\system32\OLEAUT32.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00498688 _____ (Microsoft Corporation) C:\WINXP\system32\CLBCATQ.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00118784 _____ (Microsoft Corporation) C:\WINXP\system32\NTMARTA.DLL
2008-04-13 22:42 - 2008-04-14 04:42 - 00023552 _____ (Microsoft Corporation) C:\WINXP\system32\wdmaud.drv
2008-04-14 04:00 - 2008-04-14 04:00 - 00020480 _____ (Microsoft Corporation) C:\WINXP\system32\msacm32.drv
2008-04-14 04:00 - 2008-04-14 04:00 - 00071680 _____ (Microsoft Corporation) C:\WINXP\system32\MSACM32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00018944 _____ (Microsoft Corporation) C:\WINXP\system32\midimap.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00036352 _____ (Microsoft Corporation) C:\WINXP\system32\NCObjAPI.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00413696 _____ (Microsoft Corporation) C:\WINXP\system32\MSVCP60.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00314880 _____ (Microsoft Corporation) C:\WINXP\system32\SCESRV.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00123392 _____ (Microsoft Corporation) C:\WINXP\system32\umpnpmgr.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00065024 _____ (Microsoft Corporation) C:\WINXP\system32\ShimEng.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00039424 _____ (Microsoft Corporation) C:\WINXP\AppPatch\AcAdProc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00056320 _____ (Microsoft Corporation) C:\WINXP\system32\eventlog.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00018432 _____ (Microsoft Corporation) C:\WINXP\system32\wtsapi32.dll
2011-03-08 14:39 - 2011-03-08 14:39 - 00730112 _____ (Microsoft Corporation) C:\WINXP\system32\LSASRV.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00067072 _____ (Microsoft Corporation) C:\WINXP\system32\NTDSAPI.dll
2010-09-16 08:10 - 2011-03-03 01:53 - 00149504 _____ (Microsoft Corporation) C:\WINXP\system32\DNSAPI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00172032 _____ (Microsoft Corporation) C:\WINXP\system32\WLDAP32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00415744 _____ (Microsoft Corporation) C:\WINXP\system32\SAMSRV.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 01852928 _____ (Microsoft Corporation) C:\WINXP\AppPatch\AcGenral.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00218624 _____ (Microsoft Corporation) C:\WINXP\system32\UxTheme.dll
2010-10-12 09:33 - 2010-10-12 09:33 - 00617472 _____ (Microsoft Corporation) C:\WINXP\system32\comctl32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00048128 _____ (Microsoft Corporation) C:\WINXP\system32\msprivs.dll
2011-03-08 14:40 - 2011-03-08 14:40 - 00301568 _____ (Microsoft Corporation) C:\WINXP\system32\kerberos.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00407040 _____ (Microsoft Corporation) C:\WINXP\system32\netlogon.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00175104 _____ (Microsoft Corporation) C:\WINXP\system32\w32time.dll
2010-09-16 08:12 - 2012-06-03 23:31 - 00153088 _____ (Microsoft Corporation) C:\WINXP\system32\schannel.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00054272 _____ (Microsoft Corporation) C:\WINXP\system32\wdigest.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00985088 _____ (Microsoft Corporation) C:\WINXP\system32\setupapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00181248 _____ (Microsoft Corporation) C:\WINXP\system32\scecli.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00183808 _____ (Microsoft Corporation) C:\WINXP\system32\ipsecsvc.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00270336 _____ (Microsoft Corporation) C:\WINXP\system32\oakley.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00032256 _____ (Microsoft Corporation) C:\WINXP\system32\WINIPSEC.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00034304 _____ (Microsoft Corporation) C:\WINXP\system32\pstorsvc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00096768 _____ (Microsoft Corporation) C:\WINXP\system32\psbase.dll
2010-09-16 08:10 - 2010-09-16 08:10 - 00245248 _____ (Microsoft Corporation) C:\WINXP\system32\mswsock.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00344064 _____ (Microsoft Corporation) C:\WINXP\system32\hnetcfg.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00019456 _____ (Microsoft Corporation) C:\WINXP\System32\wshtcpip.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00138752 _____ (Microsoft Corporation) C:\WINXP\system32\dssenh.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00401408 _____ (Microsoft Corporation) c:\winxp\system32\rpcss.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00082432 _____ (Microsoft Corporation) c:\winxp\system32\WS2_32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00019968 _____ (Microsoft Corporation) c:\winxp\system32\WS2HELP.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00295424 _____ (Microsoft Corporation) c:\winxp\system32\termsrv.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00011264 _____ (Microsoft Corporation) c:\winxp\system32\ICAAPI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00985088 _____ (Microsoft Corporation) c:\winxp\system32\SETUPAPI.dll
2010-09-16 08:12 - 2012-08-24 08:52 - 00178176 _____ (Microsoft Corporation) c:\winxp\system32\WINTRUST.dll
2008-04-14 04:00 - 2012-06-01 11:50 - 00601088 _____ (Microsoft Corporation) c:\winxp\system32\CRYPT32.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00058880 _____ (Microsoft Corporation) c:\winxp\system32\MSASN1.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00062464 _____ (Microsoft Corporation) c:\winxp\system32\AUTHZ.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00116224 _____ (Microsoft Corporation) c:\winxp\system32\mstlsapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00193536 _____ (Microsoft Corporation) c:\winxp\system32\ACTIVEDS.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00143360 _____ (Microsoft Corporation) c:\winxp\system32\adsldpc.dll
2010-09-16 08:11 - 2012-07-06 08:58 - 00339968 _____ (Microsoft Corporation) c:\winxp\system32\NETAPI32.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00058880 _____ (Microsoft Corporation) c:\winxp\system32\ATL.DLL
2013-07-08 06:28 - 2013-07-08 06:28 - 00327768 _____ (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieDll.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00043520 _____ (Microsoft Corporation) C:\WINXP\system32\pstorec.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00058880 _____ (Microsoft Corporation) C:\WINXP\system32\ATL.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00065024 _____ (Microsoft Corporation) C:\WINXP\System32\ShimEng.dll
2008-04-14 04:00 - 2011-10-14 09:47 - 00176128 _____ (Microsoft Corporation) C:\WINXP\System32\WINMM.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00071680 _____ (Microsoft Corporation) C:\WINXP\System32\MSACM32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00218624 _____ (Microsoft Corporation) C:\WINXP\System32\UxTheme.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00118784 _____ (Microsoft Corporation) C:\WINXP\System32\NTMARTA.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00064000 _____ (Microsoft Corporation) C:\WINXP\System32\SAMLIB.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 02897920 _____ (Microsoft Corporation) C:\WINXP\System32\xpsp2res.dll
2011-03-08 14:39 - 2011-03-08 14:39 - 00135168 _____ (Microsoft Corporation) c:\winxp\system32\shsvcs.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00053760 _____ (Microsoft Corporation) C:\WINXP\System32\WINSTA.dll
2010-09-16 08:11 - 2012-07-06 08:58 - 00339968 _____ (Microsoft Corporation) C:\WINXP\System32\NETAPI32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00126976 _____ (Microsoft Corporation) c:\winxp\system32\dhcpcsvc.dll
2010-09-16 08:10 - 2011-03-03 01:53 - 00149504 _____ (Microsoft Corporation) c:\winxp\system32\DNSAPI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00094720 _____ (Microsoft Corporation) c:\winxp\system32\iphlpapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00344064 _____ (Microsoft Corporation) C:\WINXP\System32\hnetcfg.dll
2008-04-13 22:42 - 2011-03-08 14:43 - 00483840 _____ (Microsoft Corporation) c:\winxp\system32\wzcsvc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00044032 _____ (Microsoft Corporation) c:\winxp\system32\rtutils.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00005632 _____ (Microsoft Corporation) c:\winxp\system32\WMI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00030720 _____ (Microsoft Corporation) c:\winxp\system32\EapolQec.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00076800 _____ (Microsoft Corporation) c:\winxp\system32\QUtil.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00413696 _____ (Microsoft Corporation) c:\winxp\system32\MSVCP60.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00026112 _____ (Microsoft Corporation) c:\winxp\system32\dot3api.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00018432 _____ (Microsoft Corporation) c:\winxp\system32\WTSAPI32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 01082368 _____ (Microsoft Corporation) c:\winxp\system32\ESENT.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00208384 _____ (Microsoft Corporation) C:\WINXP\System32\rsaenh.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00498688 _____ (Microsoft Corporation) C:\WINXP\System32\CLBCATQ.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00792064 _____ (Microsoft Corporation) C:\WINXP\System32\COMRes.dll
2013-02-18 13:50 - 2008-04-14 04:00 - 00192512 _____ (Microsoft Corporation) c:\winxp\system32\schedsvc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00067072 _____ (Microsoft Corporation) c:\winxp\system32\NTDSAPI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00985088 _____ (Microsoft Corporation) C:\WINXP\System32\SETUPAPI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00033280 _____ (Microsoft Corporation) C:\WINXP\System32\cryptdll.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00150016 _____ (Microsoft Corporation) C:\WINXP\System32\rastls.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00512512 _____ (Microsoft Corporation) C:\WINXP\System32\CRYPTUI.dll
2010-12-14 10:19 - 2013-06-07 16:56 - 00920064 _____ (Microsoft Corporation) C:\WINXP\system32\WININET.dll
2010-09-16 05:27 - 2010-09-16 05:27 - 00023552 _____ (Microsoft Corporation) C:\WINXP\system32\Normaliz.dll
2010-12-14 10:19 - 2013-06-07 16:56 - 01215488 _____ (Microsoft Corporation) C:\WINXP\system32\urlmon.dll
2010-12-14 10:19 - 2013-06-07 16:56 - 02005504 _____ (Microsoft Corporation) C:\WINXP\system32\iertutil.dll
2010-09-16 08:12 - 2012-08-24 08:52 - 00178176 _____ (Microsoft Corporation) C:\WINXP\System32\WINTRUST.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00087040 _____ (Microsoft Corporation) C:\WINXP\System32\MPRAPI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00193536 _____ (Microsoft Corporation) C:\WINXP\System32\ACTIVEDS.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00143360 _____ (Microsoft Corporation) C:\WINXP\System32\adsldpc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00237056 _____ (Microsoft Corporation) C:\WINXP\System32\RASAPI32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00061440 _____ (Microsoft Corporation) C:\WINXP\System32\rasman.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00181760 _____ (Microsoft Corporation) C:\WINXP\System32\TAPI32.dll
2010-09-16 08:12 - 2012-06-03 23:31 - 00153088 _____ (Microsoft Corporation) C:\WINXP\System32\SCHANNEL.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00099328 _____ (Microsoft Corporation) C:\WINXP\System32\WinSCard.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00023040 _____ (Microsoft Corporation) C:\WINXP\System32\PSAPI.DLL
2010-09-16 08:11 - 2010-09-16 08:11 - 00079872 _____ (Microsoft Corporation) C:\WINXP\System32\raschap.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00042496 _____ (Microsoft Corporation) c:\winxp\system32\audiosrv.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00006656 _____ (Microsoft Corporation) C:\WINXP\System32\MSIDLE.DLL
2010-09-16 08:11 - 2010-09-16 08:11 - 00134144 _____ (Microsoft Corporation) c:\winxp\system32\wkssvc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00062464 _____ (Microsoft Corporation) c:\winxp\system32\cryptsvc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00194560 _____ (Microsoft Corporation) c:\winxp\system32\certcli.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00023552 _____ (Microsoft Corp.) c:\winxp\system32\dmserver.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00023040 _____ (Microsoft Corporation) c:\winxp\system32\ersvc.dll
2010-09-16 08:10 - 2010-09-16 08:10 - 00253952 _____ (Microsoft Corporation) c:\winxp\system32\es.dll
2013-02-18 13:50 - 2008-04-14 04:00 - 00038400 _____ (Microsoft Corporation) c:\winxp\pchealth\helpctr\binaries\pchsvc.dll
2013-02-18 07:45 - 2008-04-13 22:41 - 00021504 _____ (Microsoft Corporation) c:\winxp\system32\hidserv.dll
2008-04-13 22:41 - 2011-03-08 14:43 - 00020992 _____ (Microsoft Corporation) c:\winxp\system32\HID.DLL
2010-10-12 09:33 - 2010-10-12 09:33 - 00099840 _____ (Microsoft Corporation) c:\winxp\system32\srvsvc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00146432 _____ (Microsoft Corporation) C:\WINXP\System32\winspool.drv
2008-04-14 04:00 - 2008-04-14 04:00 - 00018944 _____ (Microsoft Corporation) c:\winxp\system32\seclogon.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00039424 _____ (Microsoft Corporation) c:\winxp\system32\sens.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00331264 _____ (Microsoft Corporation) c:\winxp\system32\ipnathlp.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 01703936 _____ (Microsoft Corporation) c:\winxp\system32\netshell.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00163840 _____ (Microsoft Corporation) c:\winxp\system32\credui.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00009216 _____ (Microsoft Corporation) c:\winxp\system32\dot3dlg.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00144384 _____ (Microsoft Corporation) c:\winxp\system32\OneX.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00126976 _____ (Microsoft Corporation) c:\winxp\system32\eappcfg.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00040960 _____ (Microsoft Corporation) c:\winxp\system32\eappprxy.dll
2013-02-18 13:50 - 2008-04-14 04:00 - 00171008 _____ (Microsoft Corporation) c:\winxp\system32\srsvc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00017408 _____ (Microsoft Corporation) c:\winxp\system32\POWRPROF.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00090112 _____ (Microsoft Corporation) c:\winxp\system32\trkwks.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00144896 _____ (Microsoft Corporation) c:\winxp\system32\wbem\wmisvc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00430592 _____ (Microsoft Corporation) C:\WINXP\system32\VSSAPI.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00175104 _____ (Microsoft Corporation) c:\winxp\system32\w32time.dll
2013-02-18 13:51 - 2008-04-14 04:00 - 00006656 _____ (Microsoft Corporation) c:\winxp\system32\wuauserv.dll
2013-02-18 13:51 - 2012-06-02 16:19 - 01933848 _____ (Microsoft Corporation) C:\WINXP\system32\wuaueng.dll
2010-09-16 08:11 - 2011-11-16 09:20 - 00354816 _____ (Microsoft Corporation) C:\WINXP\System32\WINHTTP.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00060416 _____ (Microsoft Corporation) C:\WINXP\System32\Cabinet.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00029696 _____ (Microsoft Corporation) C:\WINXP\System32\mspatcha.dll
2008-04-14 04:00 - 2012-07-06 08:58 - 00078336 _____ (Microsoft Corporation) c:\winxp\system32\browser.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00080896 _____ (Microsoft Corporation) c:\winxp\system32\wscsvc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 02843136 _____ (Microsoft Corporation) c:\winxp\system32\msi.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00214528 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\wbemcomn.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00531456 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\wbemcore.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00247808 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\esscli.dll
2013-02-18 13:48 - 2010-09-16 08:11 - 00473600 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\FastProx.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00095232 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\wmiutils.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00713216 _____ (Microsoft Corporation) C:\WINXP\System32\SXS.DLL
2013-02-18 13:48 - 2008-04-14 04:00 - 00178176 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\repdrvfs.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 01267200 _____ (Microsoft Corporation) C:\WINXP\system32\comsvcs.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00060416 _____ (Microsoft Corporation) C:\WINXP\system32\colbact.DLL
2010-09-16 08:10 - 2010-09-16 08:10 - 00066560 _____ (Microsoft Corporation) C:\WINXP\system32\MTXCLU.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00022528 _____ (Microsoft Corporation) C:\WINXP\system32\WSOCK32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00058368 _____ (Microsoft Corporation) C:\WINXP\System32\CLUSAPI.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00058880 _____ (Microsoft Corporation) C:\WINXP\System32\RESUTILS.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00005120 _____ (Microsoft Corporation) C:\WINXP\System32\sfc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00140288 _____ (Microsoft Corporation) C:\WINXP\System32\sfc_os.dll
2013-02-18 13:48 - 2010-09-16 08:11 - 00453120 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\wmiprvsd.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00273920 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\wbemess.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00047104 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\ncprov.dll
2012-06-02 16:19 - 2012-06-02 16:19 - 00045080 _____ (Microsoft Corporation) C:\WINXP\system32\wups2.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00198144 _____ (Microsoft Corporation) c:\winxp\system32\netman.dll
2008-04-13 22:42 - 2011-03-08 14:43 - 00052736 _____ (Microsoft Corporation) c:\winxp\system32\WZCSAPI.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00007680 _____ (Microsoft Corporation) C:\WINXP\System32\rasadhlp.dll
2013-02-18 13:51 - 2008-04-14 04:00 - 00018944 _____ (Microsoft Corporation) C:\WINXP\system32\qmgrprxy.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00138752 _____ (Microsoft Corporation) C:\WINXP\System32\dssenh.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00133632 _____ (Microsoft Corporation) C:\WINXP\system32\upnp.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00034816 _____ (Microsoft Corporation) C:\WINXP\system32\SSDPAPI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00622592 _____ (Microsoft Corporation) C:\WINXP\system32\netcfgx.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00658432 _____ (Microsoft Corporation) C:\WINXP\System32\RASDLG.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00249856 _____ (Microsoft Corporation) c:\winxp\system32\tapisrv.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00186368 _____ (Microsoft Corporation) c:\winxp\system32\rasmans.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00032256 _____ (Microsoft Corporation) c:\winxp\system32\WINIPSEC.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00058368 _____ (Microsoft Corporation) C:\WINXP\System32\rastapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00206848 _____ (Microsoft Corporation) C:\WINXP\System32\unimdm.tsp
2008-04-14 04:00 - 2008-04-14 04:00 - 00013824 _____ (Microsoft Corporation) C:\WINXP\System32\uniplat.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00033280 _____ (Microsoft Corporation) C:\WINXP\System32\kmddsp.tsp
2008-04-14 04:00 - 2008-04-14 04:00 - 00056832 _____ (Microsoft Corporation) C:\WINXP\System32\ndptsp.tsp
2008-04-14 04:00 - 2008-04-14 04:00 - 00017408 _____ (Microsoft Corporation) C:\WINXP\System32\ipconf.tsp
2008-04-14 04:00 - 2008-04-14 04:00 - 00265728 _____ (Microsoft Corporation) C:\WINXP\System32\h323.tsp
2008-04-14 04:00 - 2008-04-14 04:00 - 00029696 _____ (Microsoft Corporation) C:\WINXP\System32\hidphone.tsp
2008-04-14 04:00 - 2008-04-14 04:00 - 00210944 _____ (Microsoft Corporation) C:\WINXP\System32\rasppp.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00008192 _____ (Microsoft Corporation) C:\WINXP\System32\ntlsapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00061952 _____ (Microsoft Corporation) C:\WINXP\System32\RASQEC.DLL
2013-02-18 13:48 - 2008-04-14 04:00 - 00043520 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\wbemsvc.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00625664 _____ (Microsoft Corporation) C:\WINXP\System32\catsrvut.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00226304 _____ (Microsoft Corporation) C:\WINXP\System32\catsrv.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00022528 _____ (Microsoft Corporation) C:\WINXP\System32\MfcSubs.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00075264 _____ (Microsoft Corporation) C:\WINXP\system32\SPOOLSS.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00007680 _____ (Microsoft Corporation) C:\WINXP\system32\rasadhlp.dll
2010-09-16 08:11 - 2012-05-14 04:21 - 00346112 _____ (Microsoft Corporation) C:\WINXP\system32\localspl.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00146432 _____ (Microsoft Corporation) C:\WINXP\system32\winspool.drv
2010-09-16 08:11 - 2012-07-06 08:58 - 00339968 _____ (Microsoft Corporation) C:\WINXP\system32\netapi32.dll
2013-02-19 11:16 - 2008-04-07 06:38 - 00045392 ____R (Adobe Systems Inc) C:\WINXP\system32\AdobePDF.dll
2008-04-13 22:41 - 2011-03-08 14:43 - 00047104 _____ (Microsoft Corporation) C:\WINXP\system32\cnbjmon.dll
2013-02-19 00:07 - 2006-10-26 20:58 - 00030512 _____ (Microsoft Corporation) C:\WINXP\system32\mdimon.dll
2011-05-14 02:17 - 2011-05-14 02:17 - 00632656 _____ (Microsoft Corporation) C:\WINXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 02843136 _____ (Microsoft Corporation) C:\WINXP\system32\msi.dll
2008-04-13 22:42 - 2011-03-08 14:43 - 00015360 _____ (Microsoft Corporation) C:\WINXP\system32\pjlmon.dll
2013-02-19 00:07 - 2006-10-26 20:56 - 00032592 _____ (Microsoft Corporation) C:\WINXP\system32\msonpmon.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00045568 _____ (Microsoft Corporation) C:\WINXP\system32\tcpmon.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00014848 _____ (Microsoft Corporation) C:\WINXP\system32\tcpmib.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00014848 _____ (Microsoft Corporation) C:\WINXP\system32\mgmtapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00018944 _____ (Microsoft Corporation) C:\WINXP\system32\snmpapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00041984 _____ (Microsoft Corporation) C:\WINXP\system32\wsnmp32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00016896 _____ (Microsoft Corporation) C:\WINXP\system32\usbmon.dll
2013-02-19 00:07 - 2006-10-26 20:58 - 00030512 _____ (Microsoft Corporation) C:\WINXP\System32\spool\PRTPROCS\W32X86\mdippr.dll
2013-03-08 16:29 - 2008-07-06 07:06 - 00089088 _____ (Microsoft Corporation) C:\WINXP\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2013-02-19 00:07 - 2006-10-26 20:56 - 00033104 _____ (Microsoft Corporation) C:\WINXP\System32\spool\PRTPROCS\W32X86\msonpppr.dll
2010-09-16 08:10 - 2010-09-16 08:10 - 00245248 _____ (Microsoft Corporation) C:\WINXP\System32\mswsock.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00016896 _____ (Microsoft Corporation) C:\WINXP\System32\winrnr.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00102400 _____ (Microsoft Corporation) C:\WINXP\system32\win32spl.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINXP\system32\NETRAP.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00075264 _____ (Microsoft Corporation) C:\WINXP\system32\inetpp.dll
2013-02-18 13:51 - 2008-04-14 04:00 - 00409088 _____ (Microsoft Corporation) c:\winxp\system32\qmgr.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00025088 _____ (Microsoft Corporation) c:\winxp\system32\SHFOLDER.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00053760 _____ (Microsoft Corporation) c:\winxp\system32\WINSTA.dll
2010-09-16 08:11 - 2011-11-16 09:20 - 00354816 _____ (Microsoft Corporation) c:\winxp\system32\WINHTTP.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00198144 _____ (Microsoft Corporation) C:\WINXP\system32\netman.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00087040 _____ (Microsoft Corporation) C:\WINXP\system32\MPRAPI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00193536 _____ (Microsoft Corporation) C:\WINXP\system32\ACTIVEDS.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00143360 _____ (Microsoft Corporation) C:\WINXP\system32\adsldpc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00044032 _____ (Microsoft Corporation) C:\WINXP\system32\rtutils.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 01703936 _____ (Microsoft Corporation) C:\WINXP\system32\netshell.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00163840 _____ (Microsoft Corporation) C:\WINXP\system32\credui.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00026112 _____ (Microsoft Corporation) C:\WINXP\system32\dot3api.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00009216 _____ (Microsoft Corporation) C:\WINXP\system32\dot3dlg.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00144384 _____ (Microsoft Corporation) C:\WINXP\system32\OneX.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00126976 _____ (Microsoft Corporation) C:\WINXP\system32\eappcfg.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00040960 _____ (Microsoft Corporation) C:\WINXP\system32\eappprxy.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00237056 _____ (Microsoft Corporation) C:\WINXP\system32\RASAPI32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00061440 _____ (Microsoft Corporation) C:\WINXP\system32\rasman.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00181760 _____ (Microsoft Corporation) C:\WINXP\system32\TAPI32.dll
2008-04-13 22:42 - 2011-03-08 14:43 - 00052736 _____ (Microsoft Corporation) C:\WINXP\system32\WZCSAPI.DLL
2008-04-13 22:42 - 2011-03-08 14:43 - 00483840 _____ (Microsoft Corporation) C:\WINXP\system32\WZCSvc.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00005632 _____ (Microsoft Corporation) C:\WINXP\system32\WMI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00126976 _____ (Microsoft Corporation) C:\WINXP\system32\DHCPCSVC.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00030720 _____ (Microsoft Corporation) C:\WINXP\system32\EapolQec.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINXP\system32\QUtil.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 01082368 _____ (Microsoft Corporation) C:\WINXP\system32\ESENT.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00094720 _____ (Microsoft Corporation) C:\WINXP\system32\IPHLPAPI.DLL
2008-04-14 04:00 - 2012-02-29 09:10 - 00148480 _____ (Microsoft Corporation) C:\WINXP\system32\imagehlp.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00640000 _____ (Microsoft Corporation) C:\WINXP\system32\dbghelp.dll
2013-02-18 13:50 - 2008-04-14 04:00 - 00274944 _____ (Microsoft Corporation) C:\WINXP\system32\mstask.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00023040 _____ (Microsoft Corporation) C:\WINXP\system32\psapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00094720 _____ (Microsoft Corporation) C:\WINXP\system32\Iphlpapi.dll
2013-01-09 01:03 - 2013-01-09 01:03 - 00221184 _____ (SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\MD5CHAP.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00333824 _____ (Microsoft Corporation) c:\winxp\system32\wiaservc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00016896 _____ (Microsoft Corporation) c:\winxp\system32\CFGMGR32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00985088 _____ (Microsoft Corporation) c:\winxp\system32\setupapi.DLL
2010-09-16 08:10 - 2010-09-16 08:10 - 00074240 _____ (Microsoft Corporation) c:\winxp\system32\mscms.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00146432 _____ (Microsoft Corporation) c:\winxp\system32\WINSPOOL.DRV
2013-05-21 09:25 - 2012-07-31 02:36 - 01481216 _____ (Brother Industries, Ltd.) C:\WINXP\system32\BrWia09d.dll
2013-05-21 09:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-05-21 09:25 - 2012-07-05 06:32 - 00075264 _____ (Brother Industries, Ltd.) C:\WINXP\system32\BrNetSti.dll
2013-05-21 09:25 - 2010-03-15 18:18 - 00180224 _____ (Brother Industries, Ltd.) C:\WINXP\system32\BrMuSNMP.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00098304 _____ (Microsoft Corporation) C:\WINXP\system32\ACTXPRXY.DLL
2008-06-12 00:43 - 2008-06-12 00:43 - 00111992 _____ (Adobe Systems, Inc.) C:\WINXP\system32\acaptuser32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 01025024 _____ (Microsoft Corporation) C:\WINXP\system32\BROWSEUI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 01499136 _____ (Microsoft Corporation) C:\WINXP\system32\SHDOCVW.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00512512 _____ (Microsoft Corporation) C:\WINXP\system32\CRYPTUI.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00125952 _____ (Microsoft Corporation) C:\WINXP\system32\apphelp.dll
2005-03-05 07:18 - 2005-03-05 07:18 - 00136312 _____ (Autodesk) C:\WINXP\system32\AcSignIcon.dll
2009-10-08 04:57 - 2011-09-26 12:41 - 00220160 _____ (Microsoft Corporation) C:\WINXP\system32\OLEACC.dll
2011-05-13 19:37 - 2011-05-13 19:37 - 00097280 _____ (Microsoft Corporation) C:\WINXP\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00004608 _____ (Microsoft Corporation) C:\WINXP\system32\MSImg32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00326656 _____ (Microsoft Corporation) C:\WINXP\System32\cscui.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00101888 _____ (Microsoft Corporation) C:\WINXP\System32\CSCDLL.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00385536 _____ (Microsoft Corporation) C:\WINXP\system32\themeui.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00195072 _____ (Microsoft Corporation) C:\WINXP\system32\msutb.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00297984 _____ (Microsoft Corporation) C:\WINXP\system32\MSCTF.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00143360 _____ (Microsoft Corporation) C:\WINXP\system32\ntshrui.dll
2010-09-16 08:12 - 2012-06-05 10:48 - 01172480 _____ (Microsoft Corporation) C:\WINXP\system32\msxml3.dll
2005-03-05 08:18 - 2005-03-05 08:18 - 00222840 _____ (Autodesk) C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00019968 _____ (Microsoft Corporation) C:\WINXP\system32\LINKINFO.dll
2010-12-14 10:19 - 2013-06-07 16:56 - 11112960 _____ (Microsoft Corporation) C:\WINXP\system32\ieframe.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00586240 _____ (Microsoft Corporation) C:\WINXP\system32\MLANG.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 01703936 _____ (Microsoft Corporation) C:\WINXP\system32\NETSHELL.dll
2010-09-16 05:27 - 2010-09-16 05:27 - 00236544 _____ (Microsoft Corporation) C:\WINXP\system32\webcheck.dll
2008-04-14 04:00 - 2010-09-16 05:27 - 00133632 _____ (Microsoft Corporation) C:\WINXP\system32\wpdshserviceobj.dll
2010-09-16 08:11 - 2011-11-16 09:20 - 00354816 _____ (Microsoft Corporation) C:\WINXP\system32\WINHTTP.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00121856 _____ (Microsoft Corporation) C:\WINXP\system32\stobject.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00029184 _____ (Microsoft Corporation) C:\WINXP\system32\BatMeter.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00017408 _____ (Microsoft Corporation) C:\WINXP\system32\POWRPROF.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00090624 _____ (Microsoft Corporation) C:\WINXP\system32\mydocs.dll
2008-04-14 04:00 - 2010-09-16 05:27 - 00166912 _____ (Microsoft Corporation) C:\WINXP\system32\portabledevicetypes.dll
2008-04-14 04:00 - 2010-09-16 05:27 - 00254976 _____ (Microsoft Corporation) C:\WINXP\system32\portabledeviceapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00080384 _____ (Microsoft Corporation) C:\WINXP\system32\faultrep.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00713216 _____ (Microsoft Corporation) C:\WINXP\system32\SXS.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00014336 _____ (Microsoft Corporation) C:\WINXP\System32\drprov.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00044032 _____ (Microsoft Corporation) C:\WINXP\System32\ntlanman.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00080896 _____ (Microsoft Corporation) C:\WINXP\System32\NETUI0.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00245760 _____ (Microsoft Corporation) C:\WINXP\System32\NETUI1.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINXP\System32\NETRAP.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00025088 _____ (Microsoft Corporation) C:\WINXP\System32\davclnt.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00063488 _____ (Microsoft Corporation) C:\WINXP\system32\browselc.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00022528 _____ (Microsoft Corporation) C:\WINXP\system32\wsock32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00084992 _____ (Microsoft Corporation) C:\WINXP\system32\olepro32.dll
2010-12-14 10:19 - 2013-06-07 16:56 - 00025600 _____ (Microsoft Corporation) C:\WINXP\system32\jsproxy.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00539136 _____ (Microsoft Corporation) C:\WINXP\system32\MSFTEDIT.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00338432 _____ (Microsoft Corporation) C:\WINXP\system32\zipfldr.dll
2009-03-27 11:03 - 2009-03-27 11:03 - 13684736 _____ (NVIDIA Corporation) C:\WINXP\system32\nvcpl.dll
2009-03-27 11:03 - 2013-02-08 05:02 - 02389504 _____ (NVIDIA Corporation) C:\WINXP\system32\nvapi.dll
2009-03-27 11:03 - 2009-03-27 11:03 - 00466944 _____ () C:\WINXP\system32\nvshell.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00367616 _____ (Microsoft Corporation) C:\WINXP\system32\DSOUND.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00545280 _____ (Microsoft Corporation) C:\WINXP\system32\HHCTRL.OCX
2008-04-14 04:00 - 2008-04-14 04:00 - 00985088 _____ (Microsoft Corporation) C:\WINXP\system32\SETUPAPI.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00059904 _____ (Microsoft Corporation) C:\WINXP\system32\MPR.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00276992 _____ (Microsoft Corporation) C:\WINXP\system32\COMDLG32.DLL
2013-05-13 12:56 - 2009-08-21 09:27 - 00720896 _____ (Wireless Service) C:\WINXP\system32\ANIWZCS2.DLL
2013-05-13 12:55 - 2009-06-01 14:23 - 00315392 _____ () C:\WINXP\system32\ANIOApi.dll
2013-05-13 12:56 - 2009-07-07 18:50 - 00258048 _____ () C:\WINXP\system32\WlanApp.dll
2010-10-12 09:34 - 2011-02-08 08:32 - 00978944 _____ (Microsoft Corporation) C:\WINXP\system32\MFC42.DLL
2013-05-13 12:56 - 2009-09-07 14:58 - 00270336 _____ (Wireless Service) C:\WINXP\system32\wnicapi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00057344 _____ (Microsoft Corporation) C:\WINXP\system32\MSVCIRT.dll
2013-05-13 12:55 - 2009-06-01 14:23 - 00315392 _____ () C:\Program Files\D-Link\DWA-140 revB\ANIOApi.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00122880 _____ (Microsoft Corporation) C:\WINXP\system32\oledlg.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00084992 _____ (Microsoft Corporation) C:\WINXP\system32\OLEPRO32.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00195072 _____ (Microsoft Corporation) C:\WINXP\system32\MSUTB.dll
2013-02-18 13:51 - 2012-06-02 16:19 - 00329240 _____ (Microsoft Corporation) C:\WINXP\system32\wucltui.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00004608 _____ (Microsoft Corporation) C:\WINXP\system32\MSIMG32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00060416 _____ (Microsoft Corporation) C:\WINXP\system32\Cabinet.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00401408 _____ (Microsoft Corporation) C:\WINXP\system32\rpcss.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00727040 _____ (Microsoft Corporation) C:\WINXP\system32\userenv.dll
2010-10-12 09:34 - 2011-02-08 08:32 - 00974848 _____ (Microsoft Corporation) C:\WINXP\system32\MFC42u.dll
2013-02-18 07:41 - 2010-10-12 09:33 - 01054208 _____ (Microsoft Corporation) C:\WINXP\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll
2013-07-12 08:46 - 2013-04-10 05:45 - 01748992 _____ (Microsoft Corporation) C:\WINXP\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\gdiplus.dll
2013-03-15 14:54 - 2013-03-15 14:54 - 03069848 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-03-15 14:54 - 2013-03-15 14:54 - 00812440 _____ (sqlite.org) C:\Program Files\Mozilla Firefox\mozsqlite3.dll
2010-09-16 08:12 - 2010-09-16 08:12 - 00406016 _____ (Microsoft Corporation) C:\WINXP\system32\USP10.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00014336 _____ () C:\WINXP\system32\msdmo.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00021504 _____ (Microsoft Corporation) C:\WINXP\system32\feclient.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00007168 _____ (Microsoft Corporation) C:\WINXP\system32\sensapi.dll
2010-10-12 09:34 - 2010-10-12 09:34 - 00119808 _____ (Microsoft Corporation) C:\WINXP\system32\t2embed.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00002560 _____ (Microsoft Corporation) C:\WINXP\system32\LZ32.dll
2010-09-16 08:10 - 2010-09-16 08:10 - 00074240 _____ (Microsoft Corporation) C:\WINXP\system32\mscms.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 01499136 _____ (Microsoft Corporation) C:\WINXP\system32\shdocvw.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00276992 _____ (Microsoft Corporation) C:\WINXP\system32\COMDLG32.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 01025024 _____ (Microsoft Corporation) C:\WINXP\system32\browseui.dll
2010-09-16 08:11 - 2010-09-16 08:11 - 00617472 _____ (Microsoft Corporation) C:\WINXP\system32\ADVAPI32.DLL
2010-10-12 09:33 - 2010-10-12 09:33 - 00617472 _____ (Microsoft Corporation) C:\WINXP\system32\COMCTL32.DLL
2008-04-14 04:00 - 2013-01-25 22:55 - 00552448 _____ (Microsoft Corporation) C:\WINXP\system32\OLEAUT32.DLL
2011-03-08 14:40 - 2012-06-08 09:24 - 08463872 _____ (Microsoft Corporation) C:\WINXP\system32\SHELL32.DLL
2010-12-14 10:19 - 2013-06-07 16:56 - 01215488 _____ (Microsoft Corporation) C:\WINXP\system32\URLMON.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00018944 _____ (Microsoft Corporation) C:\WINXP\system32\VERSION.DLL
2010-12-14 10:19 - 2013-06-07 16:56 - 00920064 _____ (Microsoft Corporation) C:\WINXP\system32\WININET.DLL
2008-04-14 04:00 - 2008-04-14 04:00 - 00433664 _____ (Microsoft Corporation) C:\WINXP\system32\riched20.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00055632 _____ (Microsoft Corporation) C:\WINXP\system32\1033\dwintl.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00082432 _____ (Microsoft Corporation) C:\WINXP\system32\ws2_32.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00178176 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\wbemdisp.dll
2013-02-18 13:48 - 2008-04-14 04:00 - 00018944 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\wbemprox.dll
2013-02-18 13:48 - 2010-09-16 08:11 - 00473600 _____ (Microsoft Corporation) C:\WINXP\system32\wbem\fastprox.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Other PCI Bridge Device
Description: Other PCI Bridge Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2013 01:09:47 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0039002d.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/16/2013 01:09:38 PM) (Source: Application Error) (User: )
Description: Faulting application ANIWZCSdS.exe, version 1.0.4.9194, faulting module user32.dll, version 5.1.2600.5512, fault address 0x00014ad9.
Processing media-specific event for [ANIWZCSdS.exe!ws!]

Error: (09/16/2013 00:36:13 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0039002d.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/16/2013 00:32:42 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0039002d.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/16/2013 00:31:13 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0039002d.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/16/2013 00:23:06 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0039002d.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/13/2013 11:13:23 AM) (Source: Application Error) (User: )
Description: Faulting application ANIWZCSdS.exe, version 1.0.4.9194, faulting module user32.dll, version 5.1.2600.5512, fault address 0x00014acd.
Processing media-specific event for [ANIWZCSdS.exe!ws!]

Error: (09/12/2013 03:21:34 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0036002d.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/12/2013 03:20:56 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0036002d.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/12/2013 03:10:46 PM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]


System errors:
=============
Error: (09/16/2013 01:10:04 PM) (Source: Service Control Manager) (User: )
Description: The ANIWZCSd Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/16/2013 00:35:56 PM) (Source: Print) (User: NT AUTHORITY)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.

Error: (09/16/2013 00:30:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (09/16/2013 00:23:39 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (09/16/2013 00:23:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (09/15/2013 09:44:55 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (09/14/2013 09:25:18 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/14/2013 08:55:28 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/14/2013 08:32:38 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/14/2013 08:27:59 AM) (Source: Service Control Manager) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (03/16/2013 02:45:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 135 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/16/2013 02:42:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5332 seconds with 480 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3454.3 MB
Available physical RAM: 2765.37 MB
Total Pagefile: 5337.65 MB
Available Pagefile: 4878.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.77 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:146.48 GB) (Free:111.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (DATA) (Fixed) (Total:858.26 GB) (Free:506.79 GB) NTFS
Drive f: (DL_BACKUPS) (Fixed) (Total:858.26 GB) (Free:504.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: AC78AC78)
Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-355918963712) - (Type=OF Extended)

==================== End Of Log ============================

Link to post
Share on other sites
cakloss

cakloss

Posted
  • Author
Posted

ComboFix 13-09-13.03 - Sam 09/14/2013   9:56.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2942.2213 [GMT -5:00]
Running from: c:\documents and settings\Sam\Desktop\AntiMalware Tools\ComboFix.exe
Command switches used :: c:\documents and settings\Sam\Desktop\AntiMalware Tools\CFScript.txt
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-14 to 2013-09-14  )))))))))))))))))))))))))))))))
.
.
2013-09-14 13:25 . 2013-09-14 13:28    --------    d-----w-    C:\AdwCleaner
2013-09-13 14:40 . 2008-04-14 04:15    32128    -c--a-w-    c:\winxp\system32\dllcache\usbccgp.sys
2013-09-13 14:40 . 2008-04-14 04:15    32128    ----a-w-    c:\winxp\system32\drivers\usbccgp.sys
2013-09-11 19:17 . 2013-09-11 19:17    --------    d-----w-    C:\SUPPORT
2013-09-11 19:17 . 2013-09-11 19:17    --------    d-----w-    C:\VALUEADD
2013-09-11 19:05 . 2013-09-11 19:33    --------    d-----w-    C:\I386
2013-09-11 15:39 . 2013-09-11 15:39    8784264    ----a-w-    c:\winxp\system32\FlashPlayerInstaller.exe
2013-09-10 13:33 . 2013-09-10 13:33    --------    d-----w-    c:\documents and settings\Sam\Local Settings\Application Data\Mozilla
2013-09-04 21:22 . 2013-09-11 16:15    --------    d-----r-    C:\Sandbox
2013-08-29 21:04 . 2013-08-29 21:04    --------    d-----w-    c:\documents and settings\Staff\Local Settings\Application Data\Adobe
2013-08-26 17:29 . 2008-04-14 04:15    20608    -c--a-w-    c:\winxp\system32\dllcache\usbuhci.sys
2013-08-26 17:29 . 2008-04-14 04:15    20608    ----a-w-    c:\winxp\system32\drivers\usbuhci.sys
2013-08-15 22:02 . 2013-08-15 22:02    --------    d-----w-    c:\documents and settings\Staff\Local Settings\Application Data\Microsoft Help
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 15:39 . 2013-05-13 17:50    692616    ----a-w-    c:\winxp\system32\FlashPlayerApp.exe
2013-09-11 15:39 . 2013-05-13 17:50    71048    ----a-w-    c:\winxp\system32\FlashPlayerCPLApp.cpl
2013-03-15 19:54 . 2013-03-15 19:54    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-08 543320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2013-04-27 86016]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files\D-Link\DWA-140 revB\AirNCFG.exe" [2009-09-18 1708032]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-07 143360]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
.
c:\documents and settings\Staff\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\winxp\system32\acaptuser32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Hal^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Hal\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\winxp\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 04:43    640376    ----a-w-    c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 08:25    37232    ----a-w-    c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 12:09    446392    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 22:26    1073312    ----a-w-    c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 06:47    31016    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 15:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37    517096    ----a-w-    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAForOE Loader]
2010-12-23 17:12    502096    ----a-w-    c:\program files\TextAloud\TAForOELoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 ANIWConnService;ANIWConn Service;c:\winxp\system32\ANIWConnService.exe [5/13/2013 12:56 PM 151552]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/18/2013 4:14 PM 418376]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\winxp\system32\drivers\ousbehci.sys [5/12/2013 4:34 PM 45696]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [1/9/2013 1:03 AM 376832]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [1/9/2013 1:00 AM 293216]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [5/21/2013 9:25 AM 266240]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winxp\system32\drivers\ousb2hub.sys [5/12/2013 4:34 PM 56960]
R3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\winxp\system32\drivers\USB100M.SYS [5/12/2013 1:24 PM 27519]
S3 AE1000;Linksys AE1000 Driver;c:\winxp\system32\drivers\AE1000XP.sys [2/18/2013 4:17 PM 816672]
S3 bepldr7Service;BCL easyPDF SDK 7 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 7\bepldr.exe [2/26/2013 5:13 PM 212992]
S3 cpuz135;cpuz135;c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [3/5/2013 11:20 PM 24880]
S3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2/18/2013 4:14 PM 22856]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/18/2013 4:14 PM 701512]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-03 18:00    1177552    ----a-w-    c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-13 c:\winxp\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2013-02-18 21:31]
.
2013-09-13 c:\winxp\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2013-02-18 21:31]
.
.
------- Supplementary Scan -------
.

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BFDC463C-399A-4B1B-9B19-629F1EA6DE50}: NameServer = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\eqxrse39.default\

FF - ExtSQL: 2013-09-13 10:17; {c9a50c86-fec2-11e2-8277-b8ac6f996f26}; c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\eqxrse39.default\extensions\{c9a50c86-fec2-11e2-8277-b8ac6f996f26}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-14 09:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINXP\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINXP\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1916)
c:\winxp\system32\WININET.dll
c:\winxp\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\winxp\system32\ieframe.dll
c:\winxp\system32\webcheck.dll
c:\winxp\system32\wpdshserviceobj.dll
c:\winxp\system32\portabledevicetypes.dll
c:\winxp\system32\portabledeviceapi.dll
.
Completion time: 2013-09-14  10:00:51
ComboFix-quarantined-files.txt  2013-09-14 15:00
ComboFix2.txt  2013-09-14 14:40
.
Pre-Run: 119,671,754,752 bytes free
Post-Run: 119,669,075,968 bytes free
.
- - End Of File - - A51C1C06CCCF1DD34EE2FB45CB4872DE
8F558EB6672622401DA993E1E865C861

 

Link to post
Share on other sites
cakloss

cakloss

Posted
  • Author
Posted

First run of Combofix, can I see the log from the first run, will be here C:\QooBox\ComboFix2.txt

 

ComboFix 13-09-13.03 - Sam 09/14/2013   9:30.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2942.2205 [GMT -5:00]
Running from: c:\documents and settings\Sam\Desktop\AntiMalware Tools\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\LocalService\Local Settings\Application Data\92bb376b-3371-45b3-bd4f-5e0839749da7ad
c:\documents and settings\LocalService\Local Settings\Application Data\92bb376b-3371-45b3-bd4f-5e0839749da7ad\bbbbbdfedaad.exe
c:\winxp\system32\explorer.exe
c:\winxp\system32\UNWISE.EXE
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-14 to 2013-09-14  )))))))))))))))))))))))))))))))
.
.
2013-09-14 13:25 . 2013-09-14 13:28    --------    d-----w-    C:\AdwCleaner
2013-09-13 14:40 . 2008-04-14 04:15    32128    -c--a-w-    c:\winxp\system32\dllcache\usbccgp.sys
2013-09-13 14:40 . 2008-04-14 04:15    32128    ----a-w-    c:\winxp\system32\drivers\usbccgp.sys
2013-09-11 19:17 . 2013-09-11 19:17    --------    d-----w-    C:\SUPPORT
2013-09-11 19:17 . 2013-09-11 19:17    --------    d-----w-    C:\VALUEADD
2013-09-11 19:05 . 2013-09-11 19:33    --------    d-----w-    C:\I386
2013-09-11 15:39 . 2013-09-11 15:39    8784264    ----a-w-    c:\winxp\system32\FlashPlayerInstaller.exe
2013-09-10 13:33 . 2013-09-10 13:33    --------    d-----w-    c:\documents and settings\Sam\Local Settings\Application Data\Mozilla
2013-09-04 21:22 . 2013-09-11 16:15    --------    d-----r-    C:\Sandbox
2013-08-29 21:04 . 2013-08-29 21:04    --------    d-----w-    c:\documents and settings\Staff\Local Settings\Application Data\Adobe
2013-08-26 17:29 . 2008-04-14 04:15    20608    -c--a-w-    c:\winxp\system32\dllcache\usbuhci.sys
2013-08-26 17:29 . 2008-04-14 04:15    20608    ----a-w-    c:\winxp\system32\drivers\usbuhci.sys
2013-08-15 22:02 . 2013-08-15 22:02    --------    d-----w-    c:\documents and settings\Staff\Local Settings\Application Data\Microsoft Help
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 15:39 . 2013-05-13 17:50    692616    ----a-w-    c:\winxp\system32\FlashPlayerApp.exe
2013-09-11 15:39 . 2013-05-13 17:50    71048    ----a-w-    c:\winxp\system32\FlashPlayerCPLApp.cpl
2013-03-15 19:54 . 2013-03-15 19:54    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-08 543320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2013-04-27 86016]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files\D-Link\DWA-140 revB\AirNCFG.exe" [2009-09-18 1708032]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-07 143360]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
.
c:\documents and settings\Staff\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\winxp\system32\acaptuser32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Hal^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Hal\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\winxp\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 04:43    640376    ----a-w-    c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 08:25    37232    ----a-w-    c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 12:09    446392    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 22:26    1073312    ----a-w-    c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 06:47    31016    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 15:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37    517096    ----a-w-    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAForOE Loader]
2010-12-23 17:12    502096    ----a-w-    c:\program files\TextAloud\TAForOELoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 ANIWConnService;ANIWConn Service;c:\winxp\system32\ANIWConnService.exe [5/13/2013 12:56 PM 151552]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/18/2013 4:14 PM 418376]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\winxp\system32\drivers\ousbehci.sys [5/12/2013 4:34 PM 45696]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [1/9/2013 1:03 AM 376832]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [1/9/2013 1:00 AM 293216]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [5/21/2013 9:25 AM 266240]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winxp\system32\drivers\ousb2hub.sys [5/12/2013 4:34 PM 56960]
R3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\winxp\system32\drivers\USB100M.SYS [5/12/2013 1:24 PM 27519]
S3 AE1000;Linksys AE1000 Driver;c:\winxp\system32\drivers\AE1000XP.sys [2/18/2013 4:17 PM 816672]
S3 bepldr7Service;BCL easyPDF SDK 7 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 7\bepldr.exe [2/26/2013 5:13 PM 212992]
S3 cpuz135;cpuz135;c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [3/5/2013 11:20 PM 24880]
S3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2/18/2013 4:14 PM 22856]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/18/2013 4:14 PM 701512]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-03 18:00    1177552    ----a-w-    c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-13 c:\winxp\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2013-02-18 21:31]
.
2013-09-13 c:\winxp\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2013-02-18 21:31]
.
.
------- Supplementary Scan -------
.

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BFDC463C-399A-4B1B-9B19-629F1EA6DE50}: NameServer = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\eqxrse39.default\

FF - ExtSQL: 2013-09-13 10:17; {c9a50c86-fec2-11e2-8277-b8ac6f996f26}; c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\eqxrse39.default\extensions\{c9a50c86-fec2-11e2-8277-b8ac6f996f26}.xpi
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-WZCSLDR2 - c:\program files\D-Link\DWA-140 revB\WZCSLDR2.exe
MSConfigStartUp-WINZIPDUDriverUpdater - c:\program files\WinZip Driver Updater\winzipdu.exe
AddRemove-HASP Device Drivers - c:\winxp\system32\UNWISE.EXE
AddRemove-{CF644679-7614-AB83-074F-D53C7231570D} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{3A9D3~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-14 09:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINXP\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINXP\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2013-09-14  09:40:48
ComboFix-quarantined-files.txt  2013-09-14 14:40
.
Pre-Run: 119,133,741,056 bytes free
Post-Run: 119,688,871,936 bytes free
.
- - End Of File - - 0446FAB1136432EEAB466543E16103CA
8F558EB6672622401DA993E1E865C861

 

 

The following file: C:\QooBox\ComboFix-quarantined-files.txt

 

 

2013-09-14 14:56:11 . 2013-09-14 14:56:11                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
2013-09-14 14:40:01 . 2013-09-14 14:40:01            1,588 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-{CF644679-7614-AB83-074F-D53C7231570D}.reg.dat
2013-09-14 14:40:01 . 2013-09-14 14:40:01              516 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-HASP Device Drivers.reg.dat
2013-09-14 14:39:43 . 2013-09-14 14:39:43              664 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-WINZIPDUDriverUpdater.reg.dat
2013-09-14 14:39:36 . 2013-09-14 14:39:36              148 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-WZCSLDR2.reg.dat
2013-09-14 14:34:17 . 2013-09-14 14:58:03           10,784 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-09-14 14:30:34 . 2013-09-14 14:56:10              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-09-14 14:27:40 . 2013-09-14 14:55:13              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-09-10 13:57:42 . 2008-04-14 10:42:20        1,033,728 ----a-w-  C:\Qoobox\Quarantine\C\WINXP\system32\explorer.exe.vir
2013-08-06 18:54:15 . 2013-08-06 18:54:15                0 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Local Settings\Application Data\92bb376b-3371-45b3-bd4f-5e0839749da7ad\bbbbbdfedaad.exe.vir
2013-05-15 15:03:12 . 2002-07-26 22:02:06          153,088 ----a-w-  C:\Qoobox\Quarantine\C\WINXP\system32\UNWISE.EXE.vir

 

 

Link to post
Share on other sites
cakloss

cakloss

Posted
  • Author
Posted

I have no idea why the normally C:\WINDOWS folder was named C:\WINXP, 

but that is what is was named during installation.

 

The infected computer is at work and I have left work for today. 

I will send you a screen shot of the "Data Execution Prevention" dialog box

when I get to work tomorrow 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thats is ok, I `ve never seen an XP system with the root folder named WinXP and not Windows, if you note the FRST log that very fact is going to cause some confusion:

 

 

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I note you mention the PC is at work, is this a Business computer, if so we cannot offer help. This forum is not for business systems, only personal.....

 

XP is not normally threatened by Windows Explorer. When the DEP error is coming from Windows Explorer, the error or threat is usually coming from some third party Explorer extension or add-on that has been added to Explorer either with your consent or without your consent.

Lets try a clean boot and see if we have an improvement:

Click Start, click Run, type msconfig, and then click OK.

The System Configuration Utility dialog box is displayed.

We now need to configure selective startup options:

  • In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
  • Click to clear the Process SYSTEM.INI File check box.
  • Click to clear the Process WIN.INI File check box.
  • Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
  • Click the Services tab.
  • Click to select the Hide All Microsoft Services check box.
  • Click Disable All, and then click OK. this will disable none MS services.
  • When you are prompted, click Restart to restart the computer.



When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

Does the clean boot fixes the issue?
 

post-3601-0-92773200-1379434646_thumb.jp

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

That is unfortunate, to return your computer to a Normal startup mode when complete, follow these steps:

 

  • Open msconfig...

  • On the General tab, click Normal Startup - load all device drivers and services, and then click OK.
  • When you are prompted, click Restart.

 

Can you confirm if this is a business computer?

 

Run the following:

 

Because of the root folder issue (WinXp instead of Windows) I`m unsure how the tools we normally use will react, you`ve seen the example from the FRST log I quoted.

 

1. Download Malwarebytes Anti-Rootkit from this link
http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown

Image10.png

Post those two logs in your reply.
 

Link to post
Share on other sites
cakloss

cakloss

Posted
  • Author
Posted

Normal startup is back and I can sign into this forum again with Firefox.

 

Re: Is this a business computer?

When my son went to university 

I took this computer for me to use at a business operated by my wife. 

I am retired and help her intermittently. 

The computer has the same Windows XP SP3 OS 

and the same Malwarebytes Pro 

that my son used for years. 

In anticipation of ending up in another forum 

my wife has purchased one corporate license of Malwarebytes 

that I plan to install after this process is over or, 

if need be, before the next forum. 

If you need confirmation of the purchase, 

I uploaded it to http://www.turningpointtechnology.com/BKD-7364801812.pdf

And, yes, I very much appreciate all that you have done for me 

and plan to pay you for it,

regardless of your success and 

whether or not you find it necessary to pass me on to another.

 

Mbar did not find malware.

 

System-log below:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.310000 GHz
Memory total: 3622096896, free: 2678669312
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.310000 GHz
Memory total: 3622096896, free: 2900267008
 
Downloaded database version: v2013.09.17.09
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
     09/17/2013 14:28:14
------------ Loaded modules -----------
\WINXP\system32\ntkrnlpa.exe
\WINXP\system32\hal.dll
\WINXP\system32\KDCOM.DLL
\WINXP\system32\BOOTVID.dll
ACPI.sys
\WINXP\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINXP\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINXP\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\WINXP\system32\ntkrnlpa.exe
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\Drivers\ousbehci.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\ousb2hub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\Program Files\UltraISO\drivers\ISODrive.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\DRIVERS\USB100M.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\SNTNLUSB.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\WINXP\system32\drivers\Haspnt.sys
\SystemRoot\System32\Drivers\SENTINEL.SYS
\??\C:\WINXP\system32\ANIO.SYS
\??\C:\WINXP\system32\drivers\hardlock.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINXP\system32\drivers\mbamchameleon.sys
\??\C:\WINXP\system32\drivers\MBAMSwissArmy.sys
\WINXP\system32\ntdll.dll
----------- End -----------
Done!
Module: \??\\WINXP\system32\ntkrnlpa.exe could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINXP\system32\DRIVERS\CLASSPNP.SYS could not be loaded<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8aefdab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
Lower Device Object: 0xffffffff8af52940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8aefdab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8aee35a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8aefdab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8afd95d8, DeviceName: \Device\0000006d\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8af52940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINXP\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AC78AC78
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 307194867
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 307194930  Numsec = 3599813070
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-3907009168-3907029168)...
Done!
<<<2>>>
<<<3>>>
Volume: F:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.310000 GHz
Memory total: 3622096896, free: 3209986048
 
=======================================
 

 

Mbar-log below:  mbar-log-2013-09-17 (14-28-23).txt

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
 
Database version: v2013.09.17.09
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sam :: PRESARIO [administrator]
 
9/17/2013 2:28:23 PM
mbar-log-2013-09-17 (14-28-23).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 244269
Time elapsed: 13 minute(s), 37 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Not seeing any malware is reassuring, can you confirm what issues/concerns remain...

 

Next,

 

Please download SystemLook from the following link below and save it to your Desktop.

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfindexplorer.exe:filefindexplorer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Kevin

Link to post
Share on other sites
cakloss

cakloss

Posted
  • Author
Posted

SystemLook.txt is below

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:11 on 17/09/2013 by Sam
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "explorer.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7024"="Internet"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7025"="E-mail"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7021"="&Help and Support"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7020"="&Search"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7023"="&Run..."
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINXP\explorer.exe"="Windows Explorer"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7001"="Opens a central location for Help topics, tutorials, troubleshooting, and other support services."
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7003"="Opens a program, folder, document, or Web site."
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7000"="Opens a window where you can pick search options and work with search results."
[HKEY_CURRENT_USER\Software\Classes\Folder\shell\sandbox\command]
@=""C:\Program Files\Sandboxie\Start.exe" /box:__ask__ "C:\WINXP\explorer.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\explorer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\explorer.exe]
"TaskbarGroupIcon"="%SystemRoot%\Explorer.exe,13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Briefcase\shell\open\command]
@="explorer.exe %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\explore\command]
@="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\open\command]
@="%SystemRoot%\Explorer.exe /idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon]
@="%SystemRoot%\Explorer.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7020"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7021"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7001"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7022"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7023"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7024"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-253"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7025"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7005"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-254"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48e7caab-b918-4e58-a94d-505519c795dc}\shell\open\command]
@="%SystemRoot%\Explorer.exe /idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7be9d83c-a729-4d97-b5a7-1b7313c39e0a}\shell\open\command]
@="%SystemRoot%\Explorer.exe /idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}\DefaultIcon]
@="C:\WINXP\explorer.exe,-103"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\AllDevices\shell\explore\command]
@="Explorer.exe /e,/idlist,%I,/L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\AllDevices\shell\open\command]
@="Explorer.Exe /idlist,%I,/L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Camera\shell\explore\command]
@="Explorer.exe /e,/idlist,%I,/L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Camera\shell\open\command]
@="Explorer.Exe /idlist,%I,/L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\CameraContainerItems\shell\explore\command]
@="Explorer.exe /e,/idlist,%I,/L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\CameraContainerItems\shell\open\command]
@="Explorer.Exe /idlist,%I,/L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Scanner\shell\explore\command]
@="Explorer.exe /e,/idlist,%I,/L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Scanner\shell\open\command]
@="Explorer.Exe /idlist,%I,/L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E773F1AF-3A65-4866-857D-846FC9C4598A}\shell\explore\command]
@="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E773F1AF-3A65-4866-857D-846FC9C4598A}\shell\open\command]
@="%SystemRoot%\Explorer.exe /idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder\Shell\find\command]
@="C:\WINXP\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\fndfile\shell\open\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\command]
@="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\command]
@="%SystemRoot%\Explorer.exe /idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Publishing Folder\shell\explore\command]
@="explorer.exe /e,/idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Publishing Folder\shell\open\command]
@="explorer.exe /idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SHCmdFile\shell\open\command]
@="explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shell\shell\explore\command]
@="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shell\shell\open\command]
@="%SystemRoot%\Explorer.exe /idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\International]
"explorer.exe"="6.0.2600.0-6.0.9999.9999"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
"KillList"="%1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp]
"Bitmap"="%SystemRoot%\explorer.exe,100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_zones\0]
"Icon"="explorer.exe#0100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\WINXP\explorer.exe"="EnableNXShowUI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\explorer.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\explorer.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\explorer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7024"="Internet"
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7025"="E-mail"
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7021"="&Help and Support"
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7020"="&Search"
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7023"="&Run..."
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINXP\explorer.exe"="Windows Explorer"
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7001"="Opens a central location for Help topics, tutorials, troubleshooting, and other support services."
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7003"="Opens a program, folder, document, or Web site."
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7000"="Opens a window where you can pick search options and work with search results."
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007\Software\Classes\Folder\shell\sandbox\command]
@=""C:\Program Files\Sandboxie\Start.exe" /box:__ask__ "C:\WINXP\explorer.exe" "%1""
[HKEY_USERS\S-1-5-21-789336058-1500820517-1801674531-1007_Classes\Folder\shell\sandbox\command]
@=""C:\Program Files\Sandboxie\Start.exe" /box:__ask__ "C:\WINXP\explorer.exe" "%1""
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon"="explorer.exe#0100"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"
 
========== filefind ==========
 
Searching for "explorer.exe"
C:\I386\explorer.exe --a---- 1033728 bytes [19:33 11/09/2013] [10:42 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINXP\explorer.exe --a---- 1033728 bytes [09:00 14/04/2008] [10:42 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINXP\erdnt\cache\explorer.exe --a---- 1033728 bytes [14:39 14/09/2013] [10:42 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINXP\system32\dllcache\explorer.exe --a--c- 1033728 bytes [09:00 14/04/2008] [10:42 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
 
-= EOF =-
Link to post
Share on other sites
cakloss

cakloss

Posted
  • Author
Posted

Sorry, forget to mention the remaining issue 

 

At this point it is mainly an annoyance, 

the computer functions well and does not seem to have any recurrent malware. 

However, the Data Execution Prevention dialog box still pops up and 

will alternate indefinitely with the other box I described initially, 

if you close it. 

 

If you think there is no point in pursuing a solution, so be it. 

 

It will be easy enough to drag it out of the way and proceed. 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I have no intention of giving up or telling you to just accept the issue. I can see a couple of points in the system look log that need further investigation:

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-08 543320]

 

[HKEY_CURRENT_USER\Software\Classes\Folder\shell\sandbox\command]
@=""C:\Program Files\Sandboxie\Start.exe" /box:__ask__ "C:\WINXP\explorer.exe" "%1""

 

As I mentioned before Windows Explorer (explorer.exe) does not normally cause a DEP, it is usually coming from some third party Explorer extension or add-on that has been added to Explorer either with your consent or without your consent.

 

In the highlighted entries above we can see a direct link to Sandboxie. Do you know if your version of Sandboxie is updated to the current version? Possibly an outdated program will be an issue....

 

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Ok thanks for that explanation, at least we can discount sandboxie.

 

Please create an mbam-check log:

 

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Ok, thanks for that log. Continue please:

 

Download Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"


Tweak1_zps10f67b3e.jpg


From the main GUI do the following:


Select Tab 4 and Create System Restore Point


Tweak4_zps98ef6707.jpg


Select Repairs tab => Click the Start


Tweak5_zps71b85f1c.jpg


The repairs window will open, Check the boxes as indicated below (Do not check any other options[/color), also the "Restart" options,

Reset Registry Permissions
Reset File Permissions
Register System Files
Remove Policies set by Infections
Repair Windows Updates
Repair MSI (Windows Installer)
Repair File Associations

Tweak6_zpsd6411a53.jpg


DON'T use the computer while each scan is in progress.

Post the log that will be saved in this folder C:\Tweaking.com_windows_Repair_Logs named _Windows_Repair_Log

Reboot, is DEP still happening?

Kevin..

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.