Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp directory is 72gb.


  • This topic is locked This topic is locked
20 replies to this topic

#1 drobtoy

drobtoy

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:09:43 PM

Posted 24 October 2013 - 12:33 PM

This is my second post and the eerily similar to the first one, but on an older computer.

 

A temp file has 72gb of data in it:

 

c:\program files\symantec shared\virusdefs

 

This computer had Symantec on it in the past, but no longer.

 

I ran Malwarebytes, Security Essentials and TDSSkiller but found nothing.

 

I ran Combofix. but nothing was deleted.

 

Following instructions in the first post, I ran GMER, but am unable to read the log report.

 

I probably can just delete the temp folder, but would like to get to the root cause of the issue.

 

Can you help?

 

thanks

 

Daryl

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by drobtoy at 13:08:00 on 2013-10-24
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.367 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - <orphaned>
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe"  /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [SMRequiresRestart] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155596813870
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1382612170640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9347A765-8ED4-463A-9C6B-2580C78A2306} : DHCPNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2013-10-23 1164328]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2013-10-23 68464]
S2 gupdate1c99f7b9fa7d2d0;Google Update Service (gupdate1c99f7b9fa7d2d0);c:\program files\google\update\GoogleUpdate.exe [2009-3-7 133104]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
.
=============== Created Last 30 ================
.
2013-10-24 17:05:51 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb6f02ba-f5a5-4f5a-a193-e32654d33e1a}\mpengine.dll
2013-10-24 15:29:12 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2013-10-24 15:29:09 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-10-24 12:22:33 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-10-24 12:22:25 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-10-24 12:22:21 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-10-24 12:22:14 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-10-24 12:22:07 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-10-24 12:21:13 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2013-10-24 12:21:03 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-10-24 12:20:58 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-10-24 12:20:48 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-10-24 12:20:43 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-10-24 12:20:38 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2013-10-24 12:11:21 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-10-24 12:11:12 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-10-24 12:11:05 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-10-24 12:10:29 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2013-10-24 12:10:20 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2013-10-24 12:10:16 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2013-10-24 12:10:14 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2013-10-24 12:10:03 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2013-10-24 12:10:01 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2013-10-24 12:09:58 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2013-10-24 12:09:52 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2013-10-24 12:09:41 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2013-10-24 12:09:38 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys
2013-10-24 12:09:36 29311 ----a-w- c:\windows\system32\dllcache\watv01nt.sys
2013-10-24 12:09:32 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2013-10-24 12:09:27 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys
2013-10-24 12:09:25 12127 ----a-w- c:\windows\system32\dllcache\wadv02nt.sys
2013-10-24 12:09:23 12415 ----a-w- c:\windows\system32\dllcache\wadv01nt.sys
2013-10-24 12:09:14 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys
2013-10-24 12:09:08 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys
2013-10-24 12:09:02 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys
2013-10-24 12:08:58 5632 ----a-w- c:\windows\system32\dllcache\w3svapi.dll
2013-10-24 12:08:56 73728 ----a-w- c:\windows\system32\dllcache\w3ext.dll
2013-10-24 12:08:54 4608 ----a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2013-10-24 12:08:52 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2013-10-24 12:08:47 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2013-10-24 12:08:40 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2013-10-24 12:08:30 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2013-10-24 12:08:24 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2013-10-24 12:08:18 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2013-10-24 12:08:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2013-10-24 12:08:04 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2013-10-24 12:07:57 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2013-10-24 12:07:50 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2013-10-24 12:07:45 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2013-10-24 12:07:36 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2013-10-24 12:07:29 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2013-10-24 12:07:23 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2013-10-24 12:07:16 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2013-10-24 12:07:08 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2013-10-24 12:07:04 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2013-10-24 12:06:54 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2013-10-24 12:06:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2013-10-24 12:06:31 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2013-10-24 12:06:25 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2013-10-24 12:06:19 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2013-10-24 12:06:14 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2013-10-24 12:06:08 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2013-10-24 12:06:02 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2013-10-24 12:05:56 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2013-10-24 12:05:49 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2013-10-24 12:05:44 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2013-10-24 12:05:35 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2013-10-24 12:05:32 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2013-10-24 12:05:15 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2013-10-24 12:05:10 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2013-10-24 12:05:05 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2013-10-24 12:04:59 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2013-10-24 12:04:53 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2013-10-24 12:04:47 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2013-10-24 12:04:42 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2013-10-24 12:04:37 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2013-10-24 12:04:35 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2013-10-24 12:04:31 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2013-10-24 12:04:20 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2013-10-24 12:04:16 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2013-10-24 12:04:11 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2013-10-24 12:04:04 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2013-10-24 12:02:57 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2013-10-24 12:01:58 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2013-10-24 12:00:59 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2013-10-24 11:59:57 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2013-10-24 11:58:58 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2013-10-24 11:57:56 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2013-10-24 11:56:57 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2013-10-24 11:55:58 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2013-10-24 11:54:59 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2013-10-24 11:53:58 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys
2013-10-24 11:52:59 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2013-10-24 11:51:55 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2013-10-24 11:50:58 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys
2013-10-24 11:50:54 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2013-10-24 11:50:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
2013-10-24 11:50:47 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2013-10-24 11:50:43 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2013-10-24 11:50:40 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2013-10-24 11:50:36 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2013-10-24 11:50:35 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2013-10-24 11:50:31 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2013-10-24 11:50:17 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2013-10-24 11:50:16 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2013-10-24 11:50:10 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-10-24 11:49:58 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-10-24 11:49:55 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2013-10-24 11:49:53 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2013-10-24 11:49:43 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2013-10-24 11:49:39 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2013-10-24 11:49:37 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2013-10-24 11:47:17 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2013-10-24 11:46:57 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2013-10-24 11:46:49 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2013-10-24 11:46:43 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2013-10-24 11:46:38 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2013-10-24 11:46:36 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2013-10-24 11:46:34 92032 ----a-w- c:\windows\system32\dllcache\mga.dll
2013-10-24 11:46:28 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2013-10-24 11:46:24 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2013-10-24 11:46:19 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2013-10-24 11:46:16 26624 ----a-w- c:\windows\system32\dllcache\mdsync.dll
2013-10-24 11:46:10 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2013-10-24 11:44:51 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2013-10-24 11:44:46 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2013-10-24 11:44:41 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys
2013-10-24 11:44:35 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2013-10-24 11:44:31 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2013-10-24 11:44:26 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys
2013-10-24 11:44:21 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2013-10-24 11:44:11 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2013-10-24 11:44:09 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2013-10-24 11:44:06 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll
2013-10-24 11:44:04 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2013-10-24 11:44:01 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll
2013-10-24 11:42:56 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2013-10-24 11:41:53 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2013-10-24 11:40:56 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2013-10-24 11:39:58 324608 ----a-w- c:\windows\system32\dllcache\hpojwia.dll
2013-10-24 11:38:59 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys
2013-10-24 11:37:53 22090 ----a-w- c:\windows\system32\dllcache\fem556n5.sys
2013-10-24 11:36:59 72192 ----a-w- c:\windows\system32\dllcache\es1969.sys
2013-10-24 11:35:59 69194 ----a-w- c:\windows\system32\dllcache\el656cd5.sys
2013-10-24 11:34:59 31305 ----a-w- c:\windows\system32\dllcache\disrvpp.dll
2013-10-24 11:33:53 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2013-10-24 11:32:58 39936 ----a-w- c:\windows\system32\dllcache\cnxt1803.sys
2013-10-24 11:31:58 74240 ----a-w- c:\windows\system32\dllcache\camexo20.dll
2013-10-24 11:30:59 45568 ----a-w- c:\windows\system32\dllcache\browscap.dll
2013-10-24 11:29:59 137216 ----a-w- c:\windows\system32\dllcache\atidrae.dll
2013-10-24 11:28:54 10240 ----a-w- c:\windows\system32\dllcache\npwmsdrm.dll
2013-10-24 11:28:53 364544 ----a-w- c:\windows\system32\dllcache\npdsplay.dll
2013-10-24 11:28:42 4639 ----a-w- c:\windows\system32\dllcache\mplayer2.exe
2013-10-24 11:25:01 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2013-10-24 11:24:48 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-10-24 11:24:28 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2013-10-24 11:24:25 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2013-10-24 11:24:23 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2013-10-24 11:24:22 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2013-10-24 11:24:21 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2013-10-24 11:24:20 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2013-10-24 03:05:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-10-24 02:53:07 -------- d-----w- c:\program files\Microsoft Security Client
2013-10-24 02:44:23 -------- d-----w- c:\documents and settings\allen demar\application data\Malwarebytes
2013-10-24 02:44:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-10-24 02:44:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-24 02:44:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-24 02:27:16 -------- d-sha-r- C:\cmdcons
2013-10-24 02:23:59 98816 ----a-w- c:\windows\sed.exe
2013-10-24 02:23:59 256000 ----a-w- c:\windows\PEV.exe
2013-10-24 02:23:59 208896 ----a-w- c:\windows\MBR.exe
2013-10-24 02:11:28 -------- d-----w- c:\windows\ERUNT
2013-10-24 02:09:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-24 02:09:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-24 02:05:20 -------- d-----w- C:\AdwCleaner
2013-10-24 00:43:16 -------- d-----w- c:\program files\Windows Media Connect 2
2013-10-24 00:41:30 -------- d-----w- C:\4130a27fe36cb4d46413
2013-10-24 00:41:27 -------- d-----w- c:\windows\system32\LogFiles
2013-10-24 00:41:02 -------- d-----w- C:\6c5d239f9757759641a8f0b86f
2013-10-24 00:34:40 -------- d-----w- c:\documents and settings\allen demar\application data\Windows Desktop Search
2013-10-24 00:34:19 -------- d-----w- c:\program files\Windows Desktop Search
2013-10-24 00:28:58 -------- d-----w- c:\windows\system32\winrm
2013-10-24 00:28:58 -------- d-----w- c:\windows\system32\GroupPolicy
2013-10-24 00:28:54 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-10-23 23:20:27 -------- d-----w- c:\windows\system32\XPSViewer
2013-10-23 23:19:56 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-10-23 23:19:43 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-10-23 23:19:43 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-10-23 23:19:43 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-10-23 23:19:43 117760 ------w- c:\windows\system32\prntvpt.dll
2013-10-23 23:19:42 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-10-23 23:19:42 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-10-23 23:19:42 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-10-23 23:19:42 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2013-10-23 23:19:42 -------- d-----w- C:\92c8681dda434c8bdee417
2013-10-23 23:01:17 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2013-10-23 22:00:26 60160 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-23 21:59:30 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-10-23 21:58:18 3072 ------w- c:\windows\system32\iacenc.dll
2013-10-23 21:58:18 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2013-10-23 21:37:12 2097984 ----a-w- c:\windows\system32\Incinerator32.dll
2013-10-23 21:37:10 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2013-10-23 21:37:10 56200 ----a-w- c:\windows\system32\offreg.dll
2013-10-23 21:37:10 41616 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-10-23 21:37:10 23568 ----a-w- c:\windows\system32\smrgdf.exe
2013-10-23 21:37:09 -------- d-----w- c:\program files\iolo
2013-10-23 21:33:49 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-10-23 21:33:24 74703 ----a-w- c:\windows\system32\mfc45.dll
2013-10-23 21:33:24 -------- d-----w- c:\documents and settings\allen demar\application data\iolo
2013-10-23 21:33:24 -------- d-----w- c:\documents and settings\all users\application data\iolo
2013-10-23 20:55:27 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-10-23 20:14:05 -------- d-----w- c:\windows\system32\scripting
2013-10-23 20:14:04 -------- d-----w- c:\windows\system32\en
2013-10-23 20:14:04 -------- d-----w- c:\windows\system32\bits
2013-10-23 20:14:04 -------- d-----w- c:\windows\l2schemas
2013-10-23 20:10:39 -------- d-----w- c:\windows\network diagnostic
2013-10-23 19:05:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-10-23 19:05:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
.
==================== Find3M  ====================
.
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 18:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
============= FINISH: 13:11:12.59 ===============
 


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:43 PM

Posted 24 October 2013 - 03:53 PM

Hi Daryl,

Let me look over your log, and I'll get back to you soon. :)
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:43 PM

Posted 24 October 2013 - 10:26 PM

Since Combofix has been run, please post the log it created. This should be located at C:\Combofix.txt


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 drobtoy

drobtoy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:09:43 PM

Posted 25 October 2013 - 04:36 AM

Combofix log:

 

ComboFix 13-10-23.02 - drobtoy 10/24/2013   8:52.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.605 [GMT -4:00]
Running from: c:\documents and settings\drobtoy\Desktop\trenton.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-24 to 2013-10-24  )))))))))))))))))))))))))))))))
.
.
2013-10-24 12:36 . 2013-10-24 12:36 -------- d-----w- c:\windows\LastGood
2013-10-24 12:22 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-10-24 12:22 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-10-24 12:22 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-10-24 12:22 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-10-24 12:22 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-10-24 12:21 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2013-10-24 12:21 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-10-24 12:20 . 2004-08-04 02:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-10-24 12:20 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-10-24 12:20 . 2004-08-04 02:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-10-24 12:20 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2013-10-24 12:11 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-10-24 12:11 . 2004-08-04 02:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-10-24 12:11 . 2001-08-17 16:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-10-24 12:10 . 2001-08-17 17:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2013-10-24 12:10 . 2001-08-18 02:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2013-10-24 12:10 . 2004-08-10 09:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2013-10-24 12:10 . 2004-08-10 09:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2013-10-24 12:10 . 2001-08-17 17:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2013-10-24 12:10 . 2004-08-04 02:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2013-10-24 12:09 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2013-10-24 12:09 . 2001-08-17 16:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2013-10-24 12:09 . 2004-08-04 02:29 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2013-10-24 12:09 . 2004-08-04 02:29 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys
2013-10-24 12:09 . 2004-08-04 02:29 29311 ----a-w- c:\windows\system32\dllcache\watv01nt.sys
2013-10-24 12:09 . 2004-08-10 09:00 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2013-10-24 12:09 . 2004-08-04 02:29 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys
2013-10-24 12:09 . 2004-08-04 02:29 12127 ----a-w- c:\windows\system32\dllcache\wadv02nt.sys
2013-10-24 12:09 . 2004-08-04 02:29 12415 ----a-w- c:\windows\system32\dllcache\wadv01nt.sys
2013-10-24 12:09 . 2001-08-17 16:13 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys
2013-10-24 12:09 . 2001-08-17 16:13 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys
2013-10-24 12:09 . 2001-08-17 16:13 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys
2013-10-24 12:08 . 2004-08-10 09:00 5632 ----a-w- c:\windows\system32\dllcache\w3svapi.dll
2013-10-24 12:08 . 2004-08-10 09:00 73728 ----a-w- c:\windows\system32\dllcache\w3ext.dll
2013-10-24 12:08 . 2004-08-10 09:00 4608 ----a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2013-10-24 12:08 . 2004-08-10 09:00 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2013-10-24 12:08 . 2001-08-17 17:28 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2013-10-24 12:08 . 2001-08-17 17:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2013-10-24 12:08 . 2001-08-17 17:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2013-10-24 12:08 . 2001-08-17 16:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2013-10-24 12:08 . 2001-08-17 17:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2013-10-24 12:08 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2013-10-24 12:08 . 2001-08-17 17:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2013-10-24 12:07 . 2001-08-17 17:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2013-10-24 12:07 . 2001-08-17 17:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2013-10-24 12:07 . 2001-08-17 17:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2013-10-24 12:07 . 2001-08-17 17:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2013-10-24 12:07 . 2001-08-17 17:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2013-10-24 12:07 . 2001-08-17 17:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2013-10-24 12:07 . 2001-08-17 17:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2013-10-24 12:07 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2013-10-24 12:07 . 2008-04-13 18:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2013-10-24 12:06 . 2004-08-04 02:31 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2013-10-24 12:06 . 2001-08-18 02:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2013-10-24 12:06 . 2001-08-18 02:36 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2013-10-24 12:06 . 2001-08-18 02:36 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2013-10-24 12:06 . 2001-08-18 02:36 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2013-10-24 12:06 . 2001-08-18 02:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2013-10-24 12:06 . 2001-08-17 17:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2013-10-24 12:06 . 2001-08-18 02:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2013-10-24 12:05 . 2001-08-18 02:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2013-10-24 12:05 . 2001-08-18 02:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2013-10-24 12:05 . 2001-08-18 02:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2013-10-24 12:05 . 2001-08-17 17:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2013-10-24 12:05 . 2004-08-10 09:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2013-10-24 12:05 . 2001-08-17 16:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2013-10-24 12:05 . 2001-08-18 02:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2013-10-24 12:05 . 2001-08-17 16:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2013-10-24 12:04 . 2001-08-17 18:56 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2013-10-24 12:04 . 2001-08-17 16:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2013-10-24 12:04 . 2001-08-17 18:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2013-10-24 12:04 . 2001-08-17 16:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2013-10-24 12:04 . 2001-08-18 02:35 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2013-10-24 12:04 . 2008-04-14 00:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2013-10-24 12:04 . 2001-08-18 02:36 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2013-10-24 12:04 . 2001-08-17 18:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2013-10-24 12:04 . 2001-08-17 18:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2013-10-24 12:04 . 2001-08-17 16:10 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2013-10-24 12:04 . 2001-08-17 16:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2013-10-24 12:02 . 2001-08-17 18:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2013-10-24 12:01 . 2001-08-18 02:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2013-10-24 12:00 . 2004-08-10 09:00 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2013-10-24 11:59 . 2001-08-17 16:12 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2013-10-24 11:58 . 2001-08-17 16:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2013-10-24 11:57 . 2001-08-17 16:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2013-10-24 11:56 . 2001-08-17 16:19 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2013-10-24 11:55 . 2004-08-10 09:00 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2013-10-24 11:54 . 2001-08-18 02:36 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2013-10-24 11:53 . 2004-08-04 02:31 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys
2013-10-24 11:52 . 2001-08-17 16:12 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2013-10-24 11:51 . 2001-08-17 16:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2013-10-24 11:50 . 2001-08-17 16:11 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys
2013-10-24 11:50 . 2001-08-17 16:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2013-10-24 11:50 . 2001-08-17 17:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
2013-10-24 11:50 . 2001-08-18 02:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2013-10-24 11:50 . 2001-08-17 17:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2013-10-24 11:50 . 2001-08-18 02:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2013-10-24 11:50 . 2001-08-17 17:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2013-10-24 11:50 . 2004-08-10 09:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2013-10-24 11:50 . 2001-08-17 16:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2013-10-24 11:50 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2013-10-24 11:50 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2013-10-24 11:50 . 2001-08-17 17:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-10-24 11:49 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-10-24 11:49 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2013-10-24 11:49 . 2004-08-10 09:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2013-10-24 11:49 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2013-10-24 11:49 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2013-10-24 11:49 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2013-10-24 11:47 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2013-10-24 11:46 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2013-10-24 11:46 . 2004-08-10 09:00 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2013-10-24 11:46 . 2001-08-17 16:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2013-10-24 11:46 . 2001-08-17 18:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2013-10-24 11:46 . 2004-08-10 09:00 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2013-10-24 11:46 . 2004-08-10 09:00 92032 ----a-w- c:\windows\system32\dllcache\mga.dll
2013-10-24 11:46 . 2008-04-13 18:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2013-10-24 11:46 . 2001-08-18 02:36 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2013-10-24 11:46 . 2001-08-17 17:58 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2013-10-24 11:46 . 2004-08-10 09:00 26624 ----a-w- c:\windows\system32\dllcache\mdsync.dll
2013-10-24 11:46 . 2001-08-17 16:12 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2013-10-24 11:44 . 2001-08-17 16:12 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2013-10-24 11:44 . 2001-08-17 16:12 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2013-10-24 11:44 . 2001-08-17 16:11 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-23 18:33 . 2005-08-16 08:18 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2005-08-16 08:18 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31 . 2005-08-16 08:18 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2005-08-16 08:18 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-04 03:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2006-08-15 21:00 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2001-08-17 18:03 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2005-08-16 08:18 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 18:18 . 2006-10-19 01:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Allen Demar^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=c:\documents and settings\Allen Demar\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=c:\windows\pss\TrueAssistant.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 01:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 09:20 122940 -c--a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-10-21 06:40 430080 -c--a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 07:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 13:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 14:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 14:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 03:20 339968 -c--a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/23/2013 5:37 PM 1164328]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [10/23/2013 5:37 PM 68464]
S2 gupdate1c99f7b9fa7d2d0;Google Update Service (gupdate1c99f7b9fa7d2d0);c:\program files\Google\Update\GoogleUpdate.exe [3/7/2009 7:22 PM 133104]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-23 19:31 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-24 02:09]
.
2013-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 23:22]
.
2013-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 23:22]
.
2013-10-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-08-12 14:12]
.
2013-10-24 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-08-12 14:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-24 08:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-10-24  09:01:24
ComboFix-quarantined-files.txt  2013-10-24 13:01
ComboFix2.txt  2013-10-24 02:36
.
Pre-Run: 85,538,623,488 bytes free
Post-Run: 85,591,506,944 bytes free
.
- - End Of File - - F6BB131631AE2D2D45F68414E02ED1AF
5CB90281D1A59B251F6603134774EEC3


#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:43 PM

Posted 25 October 2013 - 08:08 AM

I don't see anything suspicious in the Combofix log.

 

Please copy and paste the contents of C:\Qoobox\ComboFix-quarantined-files.txt into your next reply.

 

Do you notice anything else odd, other than a lot of files in the temp directory?


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 drobtoy

drobtoy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:09:43 PM

Posted 25 October 2013 - 07:04 PM

Yes, disk errors found and fixed by chkdsk.

 

I ran sfc /scannow and found errors also. When asked to put the XP SP3 cd in to help fix, all I could find was a Dell reinstallation cd. That seemed to work until I was asked to put in CD2, which I didn't have.

 

Computer still seems to have issues. It does run but beligerantly.

 

2013-10-24 02:35:25 . 2013-10-24 02:35:25              658 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-TkBellExe.reg.dat
2013-10-24 02:35:25 . 2013-10-24 02:35:25              676 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-swg.reg.dat
2013-10-24 02:35:25 . 2013-10-24 02:35:25              622 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-QuickTime Task.reg.dat
2013-10-24 02:35:25 . 2013-10-24 02:35:25              690 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Google Updater.reg.dat
2013-10-24 02:35:24 . 2013-10-24 02:35:24              668 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat
2013-10-24 02:35:24 . 2013-10-24 02:35:24              636 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe ARM.reg.dat
2013-10-24 02:35:17 . 2013-10-24 02:35:17              208 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKU-Default-RunOnce-RealUpgradeHelper.reg.dat
2013-10-24 02:35:16 . 2013-10-24 02:35:16              184 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-ComcastAntispyClient.reg.dat
2013-10-24 02:35:15 . 2013-10-24 02:35:15              173 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2013-10-24 02:32:26 . 2013-10-24 12:57:07            6,429 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-10-24 02:29:44 . 2013-10-24 12:52:15              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-10-24 02:23:54 . 2013-10-24 12:50:23              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2010-05-29 00:52:43 . 2010-05-29 00:53:00          189,952 -c--a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Deborah Demar\Favorites\ehthumbs.db.vir
2008-01-06 22:53:26 . 2008-01-06 22:53:30          565,248 -c--a-w-  C:\Qoobox\Quarantine\C\Program Files\Common Files\ehthumbs.db.vir
2006-12-14 15:47:54 . 2006-12-14 15:47:58            1,536 -c--a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Cookies\ehthumbs.db.vir
2006-10-19 01:47:22 . 2006-10-19 01:47:22        2,450,944 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET44.tmp.vir
2006-10-19 01:47:18 . 2006-10-19 01:47:18          222,208 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET38.tmp.vir
2006-10-09 20:15:52 . 2006-10-09 20:15:52        1,669,632 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4.tmp.vir
2005-08-16 08:18:22 . 2009-02-09 10:01:53          728,576 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\_000014_.tmp.dll.vir
 



#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:43 PM

Posted 26 October 2013 - 05:59 PM

Ok, Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 drobtoy

drobtoy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:09:43 PM

Posted 26 October 2013 - 07:20 PM

Jason

 

Getting 'post_too_long error' when trying to post either log.  Both files zipped and are attached as one file. 

 

 

Attached Files



#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:43 PM

Posted 26 October 2013 - 07:38 PM

I don't think we're dealing with malware here, as I'm not seeing any in the logs.

Temp File Cleaner
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process
    note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
How's the computer running now?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 drobtoy

drobtoy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:09:43 PM

Posted 26 October 2013 - 08:25 PM

38MB of temporary files were deleted.

 

System still seems extremely slow, but this may be in comparison to my main computer with windows 8.1, 24MB of RAM and an SSD.

 

The folder I originally reported, C:\program files\common files\symantec shared\virusdefs still has 72GB of files.

 

I assume I should just delete that folder and call it a day?



#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:43 PM

Posted 26 October 2013 - 08:55 PM

Do you know what version of Norton/Symantec was installed? There appears to be remnants behind that may be causing the computer to be slow.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 drobtoy

drobtoy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:09:43 PM

Posted 27 October 2013 - 12:49 PM

I downloaded and ran Norton Removal Tool. It did remove the 72gb folder along with other remnants of the Norton installation. The computer is still slow, so I ran SFC /SCANNOW once again. I received the same error as before, 

 

"Files that are required for Windows to run properly must be copied to the DLL Cache" and prompting for XP SP3 CD when performing SFC scan.

So I downloaded WInXP SP3 and burned it to a cd. When I dropped the cd in, an error states, "The cd you provided is the wrong CD.

 

Do I need a full installation CD? I'm getting kind of frustrated. If I get my hands on a full install cd I may just reload the operating system.

 

Your thoughts?



#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:43 PM

Posted 27 October 2013 - 03:06 PM

You did what I was going to suggest with the Norton removal tool. :)

I share your frustration with SFC /scannow with Windows XP SP3 (I've run into the same problem you're running into).

 

Try following these steps: http://www.bleepingcomputer.com/forums/t/43051/how-to-use-sfcexe-to-repair-system-files/?p=928738


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 drobtoy

drobtoy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:09:43 PM

Posted 27 October 2013 - 07:56 PM

I followed the directions but SFC still points to the CD drive.

 

"This will place the service pack 3 updates to the i386 folder into your C drive under the folder "xpsp3".

You should then be able to point SFC at this folder for the files it can't find from your windows disk or i386 folder."

 

How do you point to this folder?

 

​I googled this and the instructions said to go to regedit,  "navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup


You will see various entries here on the right hand side. The one we want is called:

SourcePath

It probably has an entry pointing to your CD-ROM drive, and that is why it is asking for the XP CD. All we need to do is change it to:

C:\

Simply double click the SourcePath setting and a new box will pop up allowing you to make the change."

 

 

I went into the registry and found the SourcePath option was already set to C:\

 

The SFC command still goes to the cd drive for the files.



#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:43 PM

Posted 27 October 2013 - 08:12 PM

You'll probably need to slipstream SP3 onto a new CD.

 

Do you have a Windows XP installation CD?

If you do, you can follow the steps here: http://www.technipages.com/slipstream-windows-xp3-cd.html


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users