Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

XP machine, refuses to use Windows Update - infected?

  • 21-10-2012 10:10am
    #1
    edanto
    Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭


    I'm working in a remote province of Zambia at the moment, and one of the computers in the office is behaving strangely.

    I suspect an infection has disabled Windows Updates - when you try to go the Updates site, it just fails to load properly. When the computer is on, we see extra traffic on the network (we have an expensive low bandwidth connection here, extra traffic is obvious).

    In this particular case, re-installing Windows is not an option, although it would be what I'd normally do.

    I wonder if you might be able to help me to diagnose it with logs and see if it is infected?

    So far, I have

    -backed up registry with ERUNT
    -scanned with MWB which removed some infections
    -run the TFC
    -run DDS - attached logs here

    Currently, the Windows Update site won't load - that's making me suspicious.

    Currently running a second scan with SuperAntiSpyware.

    What's next, do you think?


Comments

  • #2
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    post the MBW log too


  • #3
    edanto
    Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    Here's the MWB log, thanks.

    And the Windows Update error message.

    SuperAntiSpyware scan is finished - and it only found tracking cookies, nothing serious.


  • #4
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    could be a rootkit, download and run combofix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


    you can post this log, not attach it


  • #5
    edanto
    Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    ComboFix 12-10-21.01 - Eoin temp 21/10/2012 14:20:09.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.1015.443 [GMT 2:00]
    Running from: c:\documents and settings\Eoin temp\Desktop\ComboFix.exe
    AV: Microsoft Forefront Client Security *Disabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
    AV: System Center 2012 Endpoint Protection *Disabled/Updated* {1F383481-F70E-4E7A-8B69-C4B4A23928E4}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\Skype
    c:\documents and settings\Administrator\Application Data\Skype\shared.lck
    c:\documents and settings\Administrator\Application Data\Skype\shared.xml
    c:\documents and settings\Christine Ndopu\WINDOWS
    c:\windows\system32\msssc.dll
    c:\windows\system32\spool\prtprocs\w32x86\hpcpp104.dll
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-21 12:04 . 2012-10-21 12:04 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82366D77-9A28-4949-9281-FE1AF844CD6A}\MpKsl9b19d4ae.sys
    2012-10-21 11:05 . 2012-10-21 11:05 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-10-21 10:00 . 2012-10-21 10:01
    d
    w- c:\program files\SUPERAntiSpyware
    2012-10-21 10:00 . 2012-10-21 10:00
    d
    w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-10-21 09:43 . 2012-10-21 09:43
    d
    w- c:\program files\ERUNT
    2012-10-21 09:41 . 2012-10-21 11:13
    d
    w- c:\documents and settings\Eoin temp
    2012-10-20 23:37 . 2012-10-21 10:46 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82366D77-9A28-4949-9281-FE1AF844CD6A}\offreg.dll
    2012-10-20 22:00 . 2012-10-17 00:32 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82366D77-9A28-4949-9281-FE1AF844CD6A}\mpengine.dll
    2012-10-20 19:45 . 2012-10-20 19:46
    d
    w- c:\program files\Microsoft Security Client
    2012-10-20 15:53 . 2012-10-20 15:53
    d
    w- C:\temp
    2012-10-20 11:47 . 2012-10-20 11:47
    d
    w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2012-10-20 11:47 . 2012-10-20 11:47
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-10-20 11:47 . 2012-10-20 11:47
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-20 11:47 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-20 11:33 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2012-10-20 11:33 . 2001-08-17 11:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2012-10-12 13:48 . 2012-10-18 06:03
    d
    w- c:\documents and settings\All Users\Application Data\85EA93747BCEB7DF005485EA3F426FBE
    2012-10-11 08:44 . 2012-10-11 08:44
    d-sh--w- c:\documents and settings\Default User\IETldCache
    2012-10-09 16:11 . 2012-10-09 16:11
    d
    w- c:\documents and settings\Christine Ndopu\My Vaults
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-28 15:14 . 2008-12-20 18:53 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2008-12-20 18:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2008-12-20 18:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2008-12-20 18:52 385024 ----a-w- c:\windows\system32\html.iec
    2012-08-24 13:53 . 2008-12-20 18:53 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:33 . 2008-12-20 18:53 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-01 11:11 . 2011-08-01 09:58 18184 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
    2012-09-06 01:27 . 2012-09-17 08:38 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-22 151552]
    "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-27 298536]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-10-07 349488]
    "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-03-02 24848]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-02 1310720]
    "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-07-02 10244096]
    "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2009-03-02 1090840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-03-02 1044480]
    "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-04-11 77672]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-10-29 998760]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
    .
    c:\documents and settings\Eoin temp\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2007-11-27 17:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2007-11-27 17:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
    2008-04-21 11:48 69632 ----a-w- c:\windows\system32\DeviceNP.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    2009-03-02 17:01 158992 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\APSHook.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017
    .
    R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [01/10/2008 17:01 109216]
    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [01/10/2008 17:02 51408]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [01/10/2008 17:02 12960]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [02/03/2009 19:13 24064]
    R1 MpKsl9b19d4ae;MpKsl9b19d4ae;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82366D77-9A28-4949-9281-FE1AF844CD6A}\MpKsl9b19d4ae.sys [21/10/2012 14:04 29904]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [02/03/2009 19:07 39712]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [01/10/2008 17:02 12528]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 18:27 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 23:55 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 20:54 116608]
    R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [27/11/2007 19:42 185896]
    R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [20/12/2008 20:53 14336]
    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [20/12/2008 20:53 14336]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [03/10/2008 15:33 1185016]
    R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [01/10/2008 17:01 256544]
    R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [02/03/2009 19:05 77824]
    R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [28/09/2011 12:32 1589152]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [02/03/2009 19:16 193840]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/07/2012 14:24 116648]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 13:28 160944]
    S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [02/03/2009 19:03 479488]
    S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [02/03/2009 19:11 32256]
    S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [21/04/2008 15:27 349432]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05/07/2012 14:24 116648]
    S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [07/10/2008 16:17 45056]
    S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [20/12/2008 20:55 44800]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21/10/2012 13:05 40776]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [17/09/2012 10:39 114144]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [16/01/2012 15:29 11520]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - BITS
    *NewlyCreated* - WS2IFSL
    *NewlyCreated* - WUAUSERV
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-05 12:24]
    .
    2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-05 12:24]
    .
    2012-10-21 c:\windows\Tasks\User_Feed_Synchronization-{13D5DBA3-15FE-4662-91E7-7D00953B1B3C}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
    .
    2012-10-21 c:\windows\Tasks\User_Feed_Synchronization-{44CEC6DF-49E1-46CB-88F0-FA0A9C023225}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
    .
    2012-10-21 c:\windows\Tasks\User_Feed_Synchronization-{76156550-1909-4029-9697-29801A0C29BC}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
    .
    .
    Supplementary Scan
    .
    uStart Page = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.1.39.2 10.1.0.9
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-NavLogon - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-21 14:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    DLLs Loaded Under Running Processes
    .
    - - - - - - - > 'winlogon.exe'(724)
    c:\windows\system32\ackpbsc.dll
    c:\windows\system32\aclog.dll
    c:\windows\system32\accrypto.dll
    c:\windows\system32\ACLIBEAY.dll
    c:\windows\system32\acevtsub.dll
    c:\windows\system32\asphat32.dll
    c:\windows\system32\acerrmes.dll
    c:\windows\system32\aspcom.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
    c:\windows\system32\msi.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
    c:\program files\ActivIdentity\ActivClient\acunlock.dll
    c:\windows\system32\aipingui.dll
    c:\windows\system32\aicext.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
    c:\windows\system32\DeviceNP.dll
    c:\windows\system32\SSREGLIB.dll
    .
    - - - - - - - > 'explorer.exe'(2172)
    c:\windows\system32\WININET.dll
    c:\windows\system32\APSHook.dll
    c:\program files\Google\Drive\googledrivesync32.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\ActivIdentity\ActivClient\acevents.exe
    c:\windows\system32\agrsmsvc.exe
    c:\windows\system32\ifxtcs.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\IfxPsdSv.exe
    c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\program files\ActivIdentity\ActivClient\acevents.exe
    c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-21 14:41:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-21 12:41
    .
    Pre-Run: 38,239,854,592 bytes free
    Post-Run: 38,134,317,056 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - E9D28D6F40A6A929D7DC1D9BCB1ABB3B


  • #6
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    windows updates working now ?


  • Advertisement
  • #7
    edanto
    Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    Yip, they're working grand now, all seems good.

    Thanks very much.


Advertisement