Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC being flooded by temporary internet files


  • This topic is locked This topic is locked
10 replies to this topic

#1 NJguy

NJguy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 14 April 2012 - 10:39 AM

Having visited the forums the last few days I followed advice in other posts to fix my problem. I ran Rkill, TdsKiller, Malware bytes as well as my own virus software. Each found something and removed it so I thought the problem was solved. Then I ran CCleaner to get rid of any remaining garbage and when I looked I noticed there were thousands of temporary internet files. Once cleaned I rebooted the system ran virus checkers again and it only found tracking cookies, about 100 temporary internet files. They were removed upon closing and again I was satisfied the problem was resolved. About two hours later I stopped back to run ccleaner again and again it found over 1000 temporary internet files. What virus is causing this and how do I stop it? Thank you in advance. Note, that's my desktop PC and I am using a laptop alongside it.

BC AdBot (Login to Remove)

 


#2 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 14 April 2012 - 12:06 PM

Additional info from scans

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
NHRFR :: DI [administrator]

4/14/2012 11:57:37 AM
mbam-log-2012-04-14 (11-57-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199269
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
**********************************12:05:15.0234 3324 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
12:05:15.0531 3324 ============================================================
12:05:15.0531 3324 Current date / time: 2012/04/14 12:05:15.0531
12:05:15.0531 3324 SystemInfo:
12:05:15.0531 3324
12:05:15.0531 3324 OS Version: 5.1.2600 ServicePack: 3.0
12:05:15.0531 3324 Product type: Workstation
12:05:15.0531 3324 ComputerName: DI
12:05:15.0531 3324 UserName: NHRFR
12:05:15.0531 3324 Windows directory: C:\WINDOWS
12:05:15.0531 3324 System windows directory: C:\WINDOWS
12:05:15.0531 3324 Processor architecture: Intel x86
12:05:15.0531 3324 Number of processors: 2
12:05:15.0531 3324 Page size: 0x1000
12:05:15.0531 3324 Boot type: Normal boot
12:05:15.0531 3324 ============================================================
12:05:15.0796 3324 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:05:15.0796 3324 \Device\Harddisk0\DR0:
12:05:15.0796 3324 MBR used
12:05:15.0796 3324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3AD4F, BlocksNum 0x94BFDAD
12:05:15.0859 3324 Initialize success
12:05:15.0859 3324 ============================================================
12:05:17.0265 3068 ============================================================
12:05:17.0265 3068 Scan started
12:05:17.0265 3068 Mode: Manual;
12:05:17.0265 3068 ============================================================
12:05:17.0515 3068 !SASCORE - ok
12:05:17.0593 3068 Abiosdsk - ok
12:05:17.0656 3068 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:05:17.0656 3068 abp480n5 - ok
12:05:17.0734 3068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:05:17.0734 3068 ACPI - ok
12:05:17.0781 3068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:05:17.0781 3068 ACPIEC - ok
12:05:17.0828 3068 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:05:17.0828 3068 ADIHdAudAddService - ok
12:05:17.0906 3068 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:05:17.0906 3068 AdobeFlashPlayerUpdateSvc - ok
12:05:17.0953 3068 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:05:17.0953 3068 adpu160m - ok
12:05:18.0000 3068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:05:18.0000 3068 aec - ok
12:05:18.0046 3068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:05:18.0046 3068 AFD - ok
12:05:18.0093 3068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:05:18.0093 3068 agp440 - ok
12:05:18.0125 3068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:05:18.0125 3068 agpCPQ - ok
12:05:18.0187 3068 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:05:18.0187 3068 Aha154x - ok
12:05:18.0203 3068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:05:18.0203 3068 aic78u2 - ok
12:05:18.0218 3068 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:05:18.0218 3068 aic78xx - ok
12:05:18.0296 3068 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:05:18.0296 3068 Alerter - ok
12:05:18.0328 3068 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:05:18.0328 3068 ALG - ok
12:05:18.0359 3068 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:05:18.0359 3068 AliIde - ok
12:05:18.0375 3068 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:05:18.0375 3068 alim1541 - ok
12:05:18.0390 3068 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:05:18.0390 3068 amdagp - ok
12:05:18.0406 3068 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:05:18.0406 3068 amsint - ok
12:05:18.0437 3068 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:05:18.0437 3068 AppMgmt - ok
12:05:18.0453 3068 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:05:18.0453 3068 asc - ok
12:05:18.0468 3068 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:05:18.0468 3068 asc3350p - ok
12:05:18.0484 3068 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:05:18.0484 3068 asc3550 - ok
12:05:18.0640 3068 ASFAgent (a60bdb22cdcea7818465d58be76640fa) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
12:05:18.0640 3068 ASFAgent - ok
12:05:18.0765 3068 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:05:18.0765 3068 aspnet_state - ok
12:05:18.0828 3068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:05:18.0828 3068 AsyncMac - ok
12:05:18.0859 3068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:05:18.0859 3068 atapi - ok
12:05:18.0890 3068 atchksrv (eecc1d40aa10f85126708796aba1e7d5) C:\Program Files\Intel\AMT\atchksrv.exe
12:05:18.0906 3068 atchksrv - ok
12:05:18.0906 3068 Atdisk - ok
12:05:18.0921 3068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:05:18.0921 3068 Atmarpc - ok
12:05:18.0968 3068 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:05:18.0968 3068 AudioSrv - ok
12:05:19.0015 3068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:05:19.0015 3068 audstub - ok
12:05:19.0218 3068 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
12:05:19.0250 3068 AVGIDSAgent - ok
12:05:19.0296 3068 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
12:05:19.0296 3068 AVGIDSDriver - ok
12:05:19.0343 3068 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys
12:05:19.0343 3068 AVGIDSEH - ok
12:05:19.0343 3068 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
12:05:19.0343 3068 AVGIDSFilter - ok
12:05:19.0375 3068 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
12:05:19.0375 3068 AVGIDSShim - ok
12:05:19.0421 3068 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:05:19.0421 3068 Avgldx86 - ok
12:05:19.0468 3068 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:05:19.0468 3068 Avgmfx86 - ok
12:05:19.0515 3068 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:05:19.0515 3068 Avgrkx86 - ok
12:05:19.0578 3068 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:05:19.0578 3068 Avgtdix - ok
12:05:19.0687 3068 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
12:05:19.0687 3068 avgwd - ok
12:05:19.0781 3068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:05:19.0781 3068 Beep - ok
12:05:19.0843 3068 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:05:19.0859 3068 BITS - ok
12:05:19.0906 3068 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:05:19.0906 3068 Browser - ok
12:05:19.0937 3068 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:05:19.0937 3068 cbidf - ok
12:05:19.0953 3068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:05:19.0953 3068 cbidf2k - ok
12:05:19.0968 3068 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:05:19.0968 3068 cd20xrnt - ok
12:05:20.0015 3068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:05:20.0015 3068 Cdaudio - ok
12:05:20.0078 3068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:05:20.0078 3068 Cdfs - ok
12:05:20.0093 3068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:05:20.0093 3068 Cdrom - ok
12:05:20.0093 3068 Changer - ok
12:05:20.0171 3068 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:05:20.0171 3068 CiSvc - ok
12:05:20.0218 3068 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:05:20.0218 3068 ClipSrv - ok
12:05:20.0312 3068 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:05:20.0312 3068 clr_optimization_v2.0.50727_32 - ok
12:05:20.0328 3068 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:05:20.0328 3068 CmdIde - ok
12:05:20.0328 3068 COMSysApp - ok
12:05:20.0359 3068 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:05:20.0359 3068 Cpqarray - ok
12:05:20.0390 3068 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:05:20.0390 3068 CryptSvc - ok
12:05:20.0421 3068 CrystalSysInfo - ok
12:05:20.0437 3068 Cwbrxd (b22149a6def5c65483b1130232ce063d) C:\WINDOWS\CWBRXD.EXE
12:05:20.0437 3068 Cwbrxd - ok
12:05:20.0453 3068 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:05:20.0453 3068 dac2w2k - ok
12:05:20.0484 3068 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:05:20.0484 3068 dac960nt - ok
12:05:20.0546 3068 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:05:20.0546 3068 DcomLaunch - ok
12:05:20.0609 3068 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:05:20.0609 3068 Dhcp - ok
12:05:20.0625 3068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:05:20.0625 3068 Disk - ok
12:05:20.0625 3068 dmadmin - ok
12:05:20.0687 3068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:05:20.0687 3068 dmboot - ok
12:05:20.0718 3068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:05:20.0718 3068 dmio - ok
12:05:20.0734 3068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:05:20.0734 3068 dmload - ok
12:05:20.0750 3068 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:05:20.0750 3068 dmserver - ok
12:05:20.0765 3068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:05:20.0765 3068 DMusic - ok
12:05:20.0781 3068 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:05:20.0781 3068 Dnscache - ok
12:05:20.0812 3068 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:05:20.0812 3068 Dot3svc - ok
12:05:20.0859 3068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:05:20.0859 3068 dpti2o - ok
12:05:20.0890 3068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:05:20.0890 3068 drmkaud - ok
12:05:20.0921 3068 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:05:20.0921 3068 E100B - ok
12:05:20.0968 3068 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:05:20.0968 3068 e1express - ok
12:05:21.0031 3068 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:05:21.0031 3068 EapHost - ok
12:05:21.0078 3068 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
12:05:21.0078 3068 ElbyCDIO - ok
12:05:21.0109 3068 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:05:21.0109 3068 ERSvc - ok
12:05:21.0140 3068 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:05:21.0140 3068 Eventlog - ok
12:05:21.0218 3068 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:05:21.0218 3068 EventSystem - ok
12:05:21.0250 3068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:05:21.0250 3068 Fastfat - ok
12:05:21.0312 3068 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:05:21.0312 3068 FastUserSwitchingCompatibility - ok
12:05:21.0390 3068 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
12:05:21.0390 3068 Fax - ok
12:05:21.0453 3068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:05:21.0453 3068 Fdc - ok
12:05:21.0484 3068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:05:21.0484 3068 Fips - ok
12:05:21.0531 3068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:05:21.0531 3068 Flpydisk - ok
12:05:21.0546 3068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:05:21.0546 3068 FltMgr - ok
12:05:21.0640 3068 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:05:21.0640 3068 FontCache3.0.0.0 - ok
12:05:21.0703 3068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:05:21.0703 3068 Fs_Rec - ok
12:05:21.0734 3068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:05:21.0734 3068 Ftdisk - ok
12:05:21.0781 3068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:05:21.0781 3068 Gpc - ok
12:05:21.0937 3068 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:05:21.0937 3068 gupdate - ok
12:05:21.0937 3068 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:05:21.0937 3068 gupdatem - ok
12:05:21.0968 3068 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:05:21.0968 3068 HDAudBus - ok
12:05:21.0984 3068 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
12:05:21.0984 3068 HECI - ok
12:05:22.0046 3068 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:05:22.0046 3068 helpsvc - ok
12:05:22.0078 3068 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:05:22.0078 3068 HidServ - ok
12:05:22.0078 3068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:05:22.0078 3068 HidUsb - ok
12:05:22.0109 3068 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:05:22.0109 3068 hkmsvc - ok
12:05:22.0140 3068 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:05:22.0140 3068 hpn - ok
12:05:22.0187 3068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:05:22.0187 3068 HTTP - ok
12:05:22.0218 3068 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:05:22.0218 3068 HTTPFilter - ok
12:05:22.0234 3068 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:05:22.0234 3068 i2omgmt - ok
12:05:22.0281 3068 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:05:22.0281 3068 i2omp - ok
12:05:22.0312 3068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:05:22.0312 3068 i8042prt - ok
12:05:22.0484 3068 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
12:05:22.0484 3068 IAANTMON - ok
12:05:22.0703 3068 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:05:22.0718 3068 ialm - ok
12:05:22.0781 3068 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
12:05:22.0796 3068 iaStor - ok
12:05:22.0890 3068 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:05:22.0890 3068 idsvc - ok
12:05:23.0000 3068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:05:23.0000 3068 Imapi - ok
12:05:23.0046 3068 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:05:23.0046 3068 ImapiService - ok
12:05:23.0078 3068 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:05:23.0078 3068 ini910u - ok
12:05:23.0109 3068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:05:23.0109 3068 IntelIde - ok
12:05:23.0140 3068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:05:23.0140 3068 intelppm - ok
12:05:23.0171 3068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:05:23.0171 3068 Ip6Fw - ok
12:05:23.0187 3068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:05:23.0187 3068 IpFilterDriver - ok
12:05:23.0203 3068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:05:23.0203 3068 IpInIp - ok
12:05:23.0234 3068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:05:23.0234 3068 IpNat - ok
12:05:23.0265 3068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:05:23.0265 3068 IPSec - ok
12:05:23.0312 3068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:05:23.0312 3068 IRENUM - ok
12:05:23.0312 3068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:05:23.0312 3068 isapnp - ok
12:05:23.0359 3068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:05:23.0359 3068 Kbdclass - ok
12:05:23.0375 3068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:05:23.0375 3068 kbdhid - ok
12:05:23.0437 3068 kbfiltr (6cd229c6f9e5f5f589fe1fe8fceb6559) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
12:05:23.0437 3068 kbfiltr - ok
12:05:23.0468 3068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:05:23.0468 3068 kmixer - ok
12:05:23.0531 3068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:05:23.0546 3068 KSecDD - ok
12:05:23.0593 3068 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:05:23.0609 3068 lanmanserver - ok
12:05:23.0656 3068 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:05:23.0656 3068 lanmanworkstation - ok
12:05:23.0687 3068 lbrtfdc - ok
12:05:23.0734 3068 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:05:23.0734 3068 LmHosts - ok
12:05:23.0875 3068 LMS (c518d248041c259fcfa7175c866915c3) C:\Program Files\Intel\AMT\LMS.exe
12:05:23.0875 3068 LMS - ok
12:05:23.0968 3068 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:05:23.0968 3068 MDM - ok
12:05:24.0000 3068 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:05:24.0000 3068 Messenger - ok
12:05:24.0015 3068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:05:24.0015 3068 mnmdd - ok
12:05:24.0046 3068 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:05:24.0046 3068 mnmsrvc - ok
12:05:24.0093 3068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:05:24.0093 3068 Modem - ok
12:05:24.0093 3068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:05:24.0109 3068 Mouclass - ok
12:05:24.0140 3068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:05:24.0140 3068 mouhid - ok
12:05:24.0140 3068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:05:24.0140 3068 MountMgr - ok
12:05:24.0203 3068 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:05:24.0203 3068 mraid35x - ok
12:05:24.0218 3068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:05:24.0234 3068 MRxDAV - ok
12:05:24.0296 3068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:05:24.0296 3068 MRxSmb - ok
12:05:24.0312 3068 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:05:24.0328 3068 MSDTC - ok
12:05:24.0328 3068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:05:24.0328 3068 Msfs - ok
12:05:24.0343 3068 MSIServer - ok
12:05:24.0375 3068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:05:24.0375 3068 MSKSSRV - ok
12:05:24.0390 3068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:05:24.0390 3068 MSPCLOCK - ok
12:05:24.0390 3068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:05:24.0390 3068 MSPQM - ok
12:05:24.0437 3068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:05:24.0437 3068 mssmbios - ok
12:05:24.0515 3068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:05:24.0515 3068 Mup - ok
12:05:24.0546 3068 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:05:24.0546 3068 napagent - ok
12:05:24.0578 3068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:05:24.0578 3068 NDIS - ok
12:05:24.0593 3068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:05:24.0593 3068 NdisTapi - ok
12:05:24.0609 3068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:05:24.0609 3068 Ndisuio - ok
12:05:24.0609 3068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:05:24.0609 3068 NdisWan - ok
12:05:24.0671 3068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:05:24.0671 3068 NDProxy - ok
12:05:24.0734 3068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:05:24.0734 3068 NetBIOS - ok
12:05:24.0765 3068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:05:24.0765 3068 NetBT - ok
12:05:24.0812 3068 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:05:24.0812 3068 NetDDE - ok
12:05:24.0812 3068 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:05:24.0812 3068 NetDDEdsdm - ok
12:05:24.0890 3068 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:05:24.0890 3068 Netlogon - ok
12:05:24.0953 3068 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:05:24.0953 3068 Netman - ok
12:05:25.0031 3068 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:05:25.0031 3068 NetTcpPortSharing - ok
12:05:25.0093 3068 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:05:25.0093 3068 Nla - ok
12:05:25.0109 3068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:05:25.0109 3068 Npfs - ok
12:05:25.0187 3068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:05:25.0187 3068 Ntfs - ok
12:05:25.0187 3068 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:05:25.0187 3068 NtLmSsp - ok
12:05:25.0265 3068 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:05:25.0265 3068 NtmsSvc - ok
12:05:25.0296 3068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:05:25.0296 3068 Null - ok
12:05:25.0375 3068 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:05:25.0390 3068 nv - ok
12:05:25.0421 3068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:05:25.0421 3068 NwlnkFlt - ok
12:05:25.0437 3068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:05:25.0437 3068 NwlnkFwd - ok
12:05:25.0437 3068 o2flash - ok
12:05:25.0437 3068 odysseyIM4 - ok
12:05:25.0453 3068 oracle%oracle_home_service%clientcache80 - ok
12:05:25.0562 3068 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:05:25.0562 3068 ose - ok
12:05:25.0625 3068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:05:25.0625 3068 Parport - ok
12:05:25.0625 3068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:05:25.0625 3068 PartMgr - ok
12:05:25.0656 3068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:05:25.0656 3068 ParVdm - ok
12:05:25.0671 3068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:05:25.0671 3068 PCI - ok
12:05:25.0671 3068 PCIDump - ok
12:05:25.0687 3068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:05:25.0687 3068 PCIIde - ok
12:05:25.0718 3068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:05:25.0718 3068 Pcmcia - ok
12:05:25.0750 3068 PDCOMP - ok
12:05:25.0765 3068 PDFRAME - ok
12:05:25.0765 3068 PDRELI - ok
12:05:25.0765 3068 PDRFRAME - ok
12:05:25.0796 3068 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:05:25.0796 3068 perc2 - ok
12:05:25.0828 3068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:05:25.0828 3068 perc2hib - ok
12:05:25.0875 3068 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:05:25.0875 3068 PlugPlay - ok
12:05:25.0906 3068 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:05:25.0906 3068 PolicyAgent - ok
12:05:25.0937 3068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:05:25.0937 3068 PptpMiniport - ok
12:05:25.0953 3068 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:05:25.0953 3068 ProtectedStorage - ok
12:05:25.0953 3068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:05:25.0953 3068 PSched - ok
12:05:25.0968 3068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:05:25.0968 3068 Ptilink - ok
12:05:25.0968 3068 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:05:25.0968 3068 ql1080 - ok
12:05:25.0984 3068 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:05:25.0984 3068 Ql10wnt - ok
12:05:26.0000 3068 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:05:26.0000 3068 ql12160 - ok
12:05:26.0015 3068 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:05:26.0015 3068 ql1240 - ok
12:05:26.0078 3068 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:05:26.0078 3068 ql1280 - ok
12:05:26.0078 3068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:05:26.0078 3068 RasAcd - ok
12:05:26.0109 3068 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:05:26.0109 3068 RasAuto - ok
12:05:26.0156 3068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:05:26.0156 3068 Rasl2tp - ok
12:05:26.0203 3068 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:05:26.0203 3068 RasMan - ok
12:05:26.0218 3068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:05:26.0218 3068 RasPppoe - ok
12:05:26.0234 3068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:05:26.0234 3068 Raspti - ok
12:05:26.0296 3068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:05:26.0296 3068 Rdbss - ok
12:05:26.0296 3068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:05:26.0296 3068 RDPCDD - ok
12:05:26.0312 3068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:05:26.0312 3068 rdpdr - ok
12:05:26.0359 3068 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:05:26.0359 3068 RDPWD - ok
12:05:26.0390 3068 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:05:26.0390 3068 RDSessMgr - ok
12:05:26.0421 3068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:05:26.0421 3068 redbook - ok
12:05:26.0453 3068 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:05:26.0453 3068 RemoteAccess - ok
12:05:26.0531 3068 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:05:26.0531 3068 RemoteRegistry - ok
12:05:26.0546 3068 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:05:26.0546 3068 RpcLocator - ok
12:05:26.0609 3068 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:05:26.0625 3068 RpcSs - ok
12:05:26.0656 3068 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:05:26.0656 3068 RSVP - ok
12:05:26.0718 3068 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:05:26.0718 3068 SamSs - ok
12:05:26.0718 3068 SASDIFSV - ok
12:05:26.0718 3068 SASKUTIL - ok
12:05:26.0718 3068 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:05:26.0718 3068 SCardSvr - ok
12:05:26.0765 3068 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:05:26.0765 3068 Schedule - ok
12:05:26.0812 3068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:05:26.0812 3068 Secdrv - ok
12:05:26.0843 3068 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:05:26.0843 3068 seclogon - ok
12:05:26.0921 3068 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
12:05:26.0921 3068 SenFiltService - ok
12:05:26.0937 3068 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:05:26.0937 3068 SENS - ok
12:05:27.0000 3068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:05:27.0000 3068 serenum - ok
12:05:27.0015 3068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:05:27.0015 3068 Serial - ok
12:05:27.0046 3068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:05:27.0046 3068 Sfloppy - ok
12:05:27.0093 3068 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:05:27.0093 3068 SharedAccess - ok
12:05:27.0140 3068 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:05:27.0156 3068 ShellHWDetection - ok
12:05:27.0171 3068 Simbad - ok
12:05:27.0218 3068 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:05:27.0218 3068 sisagp - ok
12:05:27.0250 3068 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:05:27.0250 3068 Sparrow - ok
12:05:27.0281 3068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:05:27.0281 3068 splitter - ok
12:05:27.0312 3068 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:05:27.0312 3068 Spooler - ok
12:05:27.0343 3068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:05:27.0343 3068 sr - ok
12:05:27.0343 3068 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:05:27.0359 3068 srservice - ok
12:05:27.0421 3068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:05:27.0421 3068 Srv - ok
12:05:27.0437 3068 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:05:27.0453 3068 SSDPSRV - ok
12:05:27.0500 3068 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:05:27.0500 3068 stisvc - ok
12:05:27.0562 3068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:05:27.0562 3068 swenum - ok
12:05:27.0578 3068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:05:27.0578 3068 swmidi - ok
12:05:27.0578 3068 SwPrv - ok
12:05:27.0609 3068 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:05:27.0609 3068 symc810 - ok
12:05:27.0625 3068 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:05:27.0625 3068 symc8xx - ok
12:05:27.0640 3068 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:05:27.0640 3068 sym_hi - ok
12:05:27.0671 3068 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:05:27.0671 3068 sym_u3 - ok
12:05:27.0734 3068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:05:27.0734 3068 sysaudio - ok
12:05:27.0796 3068 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:05:27.0796 3068 SysmonLog - ok
12:05:27.0859 3068 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:05:27.0859 3068 TapiSrv - ok
12:05:27.0937 3068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:05:27.0937 3068 Tcpip - ok
12:05:27.0984 3068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:05:27.0984 3068 TDPIPE - ok
12:05:28.0015 3068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:05:28.0015 3068 TDTCP - ok
12:05:28.0046 3068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:05:28.0046 3068 TermDD - ok
12:05:28.0078 3068 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:05:28.0078 3068 TermService - ok
12:05:28.0125 3068 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:05:28.0125 3068 Themes - ok
12:05:28.0187 3068 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:05:28.0187 3068 TlntSvr - ok
12:05:28.0187 3068 tng-doba - ok
12:05:28.0234 3068 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:05:28.0234 3068 TosIde - ok
12:05:28.0265 3068 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:05:28.0265 3068 TrkWks - ok
12:05:28.0343 3068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:05:28.0343 3068 Udfs - ok
12:05:28.0375 3068 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:05:28.0390 3068 ultra - ok
12:05:28.0593 3068 UNS (0558985bd646203df5f36bf0fbd241a3) C:\Program Files\Intel\AMT\UNS.exe
12:05:28.0609 3068 UNS - ok
12:05:28.0687 3068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:05:28.0687 3068 Update - ok
12:05:28.0734 3068 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:05:28.0734 3068 upnphost - ok
12:05:28.0734 3068 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:05:28.0750 3068 UPS - ok
12:05:28.0796 3068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:05:28.0796 3068 usbccgp - ok
12:05:28.0859 3068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:05:28.0859 3068 usbehci - ok
12:05:28.0890 3068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:05:28.0890 3068 usbhub - ok
12:05:28.0921 3068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:05:28.0921 3068 usbscan - ok
12:05:28.0984 3068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:05:28.0984 3068 USBSTOR - ok
12:05:29.0031 3068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:05:29.0031 3068 usbuhci - ok
12:05:29.0062 3068 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
12:05:29.0062 3068 VClone - ok
12:05:29.0078 3068 vcommmgr - ok
12:05:29.0109 3068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:05:29.0109 3068 VgaSave - ok
12:05:29.0140 3068 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:05:29.0140 3068 viaagp - ok
12:05:29.0156 3068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:05:29.0156 3068 ViaIde - ok
12:05:29.0203 3068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:05:29.0203 3068 VolSnap - ok
12:05:29.0250 3068 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:05:29.0250 3068 VSS - ok
12:05:29.0312 3068 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:05:29.0312 3068 w32time - ok
12:05:29.0312 3068 w39n51 - ok
12:05:29.0328 3068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:05:29.0328 3068 Wanarp - ok
12:05:29.0343 3068 WDICA - ok
12:05:29.0390 3068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:05:29.0390 3068 wdmaud - ok
12:05:29.0453 3068 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:05:29.0453 3068 WebClient - ok
12:05:29.0546 3068 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:05:29.0546 3068 winmgmt - ok
12:05:29.0625 3068 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
12:05:29.0640 3068 WinRM - ok
12:05:29.0687 3068 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:05:29.0703 3068 WmdmPmSN - ok
12:05:29.0765 3068 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:05:29.0765 3068 Wmi - ok
12:05:29.0781 3068 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:05:29.0781 3068 WmiApSrv - ok
12:05:29.0953 3068 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:05:29.0953 3068 WMPNetworkSvc - ok
12:05:29.0968 3068 WSearch - ok
12:05:30.0015 3068 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:05:30.0031 3068 wuauserv - ok
12:05:30.0078 3068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:05:30.0078 3068 WudfPf - ok
12:05:30.0109 3068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:05:30.0109 3068 WudfRd - ok
12:05:30.0125 3068 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:05:30.0125 3068 WudfSvc - ok
12:05:30.0171 3068 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:05:30.0187 3068 WZCSVC - ok
12:05:30.0187 3068 XAudio - ok
12:05:30.0218 3068 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:05:30.0218 3068 xmlprov - ok
12:05:30.0250 3068 xMrMINI (cbf2cf50e28d968ad811cd512754d151) C:\WINDOWS\system32\DRIVERS\xMrMini.sys
12:05:30.0265 3068 xMrMINI - ok
12:05:30.0312 3068 xVGAMINI (07e55eabc0d9d21a013b0b8075fe0a5c) C:\WINDOWS\system32\DRIVERS\xVgaMini.sys
12:05:30.0312 3068 xVGAMINI - ok
12:05:30.0359 3068 xVGAUSB (fd854e6b6c7585e0b39870d5d9233c03) C:\WINDOWS\system32\drivers\xvgausb.sys
12:05:30.0359 3068 xVGAUSB - ok
12:05:30.0390 3068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:05:30.0578 3068 \Device\Harddisk0\DR0 - ok
12:05:30.0578 3068 Boot (0x1200) (febf7ee79f7f36fccbcc0ed1a04ca984) \Device\Harddisk0\DR0\Partition0
12:05:30.0578 3068 \Device\Harddisk0\DR0\Partition0 - ok
12:05:30.0578 3068 ============================================================
12:05:30.0578 3068 Scan finished
12:05:30.0578 3068 ============================================================
12:05:30.0578 2116 Detected object count: 0
12:05:30.0578 2116 Actual detected object count: 0

#3 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 14 April 2012 - 12:17 PM

More Info:
Earlier ESET scan caught the following:

C:\Documents and Settings\NHRFR\Local Settings\Temp\nzigxdpsbkqotz.exe a variant of Win32/Kryptik.ADWY trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\iAimTV6.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\SQLAgent$ABBEYIIOFFLINE.dll Win32/Sirefef.ER trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\system32\drivers\mrxsmb.sys a variant of Win32/Rootkit.Kryptik.KR trojan unable to clean
Operating memory multiple threats

The file (Windows - MS Search 128 KB1 files) that shows up in the cleaner log that follows shows up each and every time:

CLEANING COMPLETE - (0.965 secs)
------------------------------------------------------------------------------------------
0.13 MB removed.
Secure file deletion enabled - Complex Overwrite (7 passes)
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
Windows - MS Search 128 KB 1 files
------------------------------------------------------------------------------------------
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS00505.log 128 KB

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:13 AM

Posted 14 April 2012 - 02:31 PM

Hello
I moved this from XP to Am I Infected.


Lets look at something else.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 14 April 2012 - 02:46 PM

First, thank you for the assist; second, educate me a little;
what are we looking for?

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-14 15:34:52
-----------------------------
15:34:52.187 OS Version: Windows 5.1.2600 Service Pack 3
15:34:52.187 Number of processors: 2 586 0x1706
15:34:52.187 ComputerName: DI UserName:
15:34:52.562 Initialize success
15:35:55.984 AVAST engine defs: 12041401
15:35:58.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:35:58.921 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
15:35:58.953 Disk 0 MBR read successfully
15:35:58.953 Disk 0 MBR scan
15:35:58.968 Disk 0 Windows XP default MBR code
15:35:58.968 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 117 MB offset 63
15:35:58.984 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76159 MB offset 240975
15:35:58.984 Disk 0 scanning sectors +156216060
15:35:59.062 Disk 0 scanning C:\WINDOWS\system32\drivers
15:36:10.406 Service scanning
15:36:28.312 Modules scanning
15:36:31.906 Disk 0 trace - called modules:
15:36:31.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:36:31.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5e56c8]
15:36:31.937 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a5cc030]
15:36:32.250 AVAST engine scan C:\WINDOWS
15:36:35.406 AVAST engine scan C:\WINDOWS\system32
15:38:55.718 AVAST engine scan C:\WINDOWS\system32\drivers
15:39:09.859 AVAST engine scan C:\Documents and Settings\NHRFR
15:39:40.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\NHRFR\Desktop\MBR.dat"
15:39:40.500 The log file has been saved successfully to "C:\Documents and Settings\NHRFR\Desktop\aswMBR.txt"

Edited by NJguy, 14 April 2012 - 02:48 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:13 AM

Posted 14 April 2012 - 08:17 PM

Hello, I was looking for virus, TDSS rootkits and Master Boot Record rootkits and then major malware. Fortunately (if thats possible) we only forund and removed the last. Did that stop the Temp file issue.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 15 April 2012 - 10:46 AM

Thanks...unfortunately the Temp files are filling in at a rate of about 1000 per hour. I tracked down some of the files by backtracking through CCleaner and deleted the folders ie5content\temporary internet files and ie5 history and some files & folders that reappeared afterwards like ms windows search and gp3895t12.bak. I also deleted firefox because I couldn't open a window without it going to isearch. In internet explorer I reduced the amount of space allotted for cookies and set the cleaner to clear cookies on browser close, but since these cookies are showing up in an ie5 folder while I have ie8 I'm not sure doing so had any affect. At 8pm eastern time I'm going to work on it again. If you have the time, please post any ideas you think I should pursue when I get started. I'll head here first. Thanks again.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:13 AM

Posted 15 April 2012 - 07:11 PM

Ok we need yo move this and get a deeper look.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 15 April 2012 - 08:13 PM

running it now stand by

#10 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 15 April 2012 - 09:15 PM

ok posted new topic in: Virus, Trojan, Spyware, and Malware Removal Logs

#11 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:13 AM

Posted 15 April 2012 - 09:28 PM

Now that your log is properly posted, here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users