Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC is being flooded with temporary internet files without ever going to the web


  • This topic is locked This topic is locked
14 replies to this topic

#1 NJguy

NJguy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 15 April 2012 - 09:12 PM

PC is being flooded with temporary internet files without ever going to the web! Removed some viruses, but this problem continues.

My DDS report:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by NHRFR at 21:12:25 on 2012-04-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1573 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\Defogger[1].exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081024
uSearch Bar =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRun: [Update] rundll32.exe "c:\documents and settings\nhrfr\application data\ibm\ibm\sgpeue.dll",DllRegisterServer
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1326984273250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1326988381687
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: Interfaces\{A73AE3BD-7603-449D-B3DA-B7291AA89AE8} : NameServer = 167.206.7.4
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - f:\anti spyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\anti spyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [2011-12-23 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 299472]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-10-24 2521880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [2008-10-30 247680]
R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [2008-10-30 253056]
S1 SASDIFSV;SASDIFSV;\??\f:\anti spyware\sasdifsv.sys --> f:\anti spyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\f:\anti spyware\saskutil.sys --> f:\anti spyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"f:\anti spyware\sascore.exe" --> f:\anti spyware\SASCORE.EXE [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-2-14 5104992]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-20 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-20 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
S3 xVGAUSB;USB2.0 VGA DEVICE(USB);c:\windows\system32\drivers\xvgausb.sys [2008-10-30 31616]
.
=============== Created Last 30 ================
.
2012-04-16 01:01:05 -------- d-----w- c:\windows\system32\wbem\Logs
2012-04-14 17:26:19 -------- d-----w- c:\program files\ESET
2012-04-11 18:57:57 558592 ----a-w- c:\documents and settings\nhrfr\application data\microsoft\microsoft\lfbegkzq.dll
2012-04-11 18:57:56 548864 ----a-w- c:\documents and settings\nhrfr\application data\microsoft\microsoft\sgpeue.dll
2012-04-11 18:03:53 -------- d-----w- c:\windows\pss
2012-04-11 17:28:42 -------- d-----w- c:\documents and settings\nhrfr\application data\Windows Search
2012-04-02 13:53:15 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 14:29:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-22 09:25:52 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-16 18:10:57 88 ----a-w- c:\windows\CwbRmDir.bat
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 08:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 21:12:32.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 15 April 2012 - 09:43 PM

This line shows up when I run CCleaner and once deleted it comes back again:

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log 128 KB (when viewing as detailed report)

and is also known as Windows - MS Search (when viewing as summary)

And in this folder there are subfolders that once deleted by the CCleaner also comeback:

C:\WINDOWS\system32\wbem\Logs\

This is the complete text from CCleaner and I just ran it an hour ago. In that time all of these files were back on my system:
ANALYSIS COMPLETE - (0.186 secs)
------------------------------------------------------------------------------------------
37.9 MB to be removed. (Approximate size)
Secure file deletion enabled - Complex Overwrite (7 passes)
------------------------------------------------------------------------------------------

Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
Internet Explorer - Temporary Internet Files 3,200 KB 198 files
Internet Explorer - Cookies 9 KB 20 files
Windows Explorer - Recent Documents 2 KB 5 files
System - Temporary Files 14 KB 2 files
System - Windows Log Files 13 KB 4 files
Advanced - Custom Files and Folders 35,148 KB 20 files
Utilities - AVG AntiVirus 2012 253 KB 10 files
Windows - MS Search 128 KB 1 files
------------------------------------------------------------------------------------------
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\1-sm[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\2-sm[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\9-sm[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\align_left[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\api[1].txt 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\api[3].txt 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\branding_bg[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\cb=gapi[1].loaded0 142 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\chrome-48[1].png 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\code[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\comment_add[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\connect_sprite[1].png 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\count[1].json 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\dalert[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\dds-attach[1].jpg 75 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\dds-log[1].jpg 97 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\delicious[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\digg[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\download-gmer[1].jpg 50 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\exclamation[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\favicon[1].ico 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\forum-logo[1].png 10 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\gmer-savedesktop[1].jpg 42 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\gradient_bg[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\icon2[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\icon3[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\icon8[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\icon[1].jpg 3 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\index[2].php 154 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\index[5].php 61 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\italic[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\JXq70wzu8pA[1].js 330 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\new-topic-tdss[1].jpg 28 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\page_white_add[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\post_button_left[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\quote[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\remove_formatting[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\resize_big[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\save-desktop[1].jpg 46 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\sprite_connect_v13[1].png 36 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\stats_compression[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\stats_database[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\tab_left[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\tile_back[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\transmit_blue[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\tweet_button.1334389481[2].html 51 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\twitter[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\undo[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\204P7EF8\user_green[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\4-sm[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\7-sm[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\8-sm[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\accept[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\align_right[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\api[1].txt 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\buzz[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\closelabel[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\close_popup[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\comment_edit[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\dds-savedesktop[1].jpg 52 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\downloads[1].css 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\email[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\firewall[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\font_color[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\g-button-chocobo-basic-1[1].gif 9 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\ga[1].js 36 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\google_com[1].txt 93 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\icon12[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\icon14[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\icon1[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\icon6[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\information[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\i_oIVTKMYsL[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\jquery.min[1].js 90 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\j_e6a6aca6[1].png 15 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\loading[1].gif 3 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\lock[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\logo3w[1].png 7 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\logo[1].gif 4 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\media[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\nav[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\nonSecureAnonymousFramework[1] 146 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\opts_arrow[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\post_button_right[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\rs=AItRSTNjNkZxvjkjn673kC6hY7jS5Ug09A[1].txt 16 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\rs=AItRSTObgYqekX6NqOxZG9YJeDxicSVzTg[1] 56 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\search_expand[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\spacer[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\spellcheck[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\sprite4-a67f741843ffc4220554c34bd01bb0bb[1].png 21 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\stats_time[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\stumble[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\subscript[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\superscript[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\tia[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\topic_button_left_closed[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\user_off[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\BR6UB59P\user_popup[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\10-sm[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\5-sm[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\api[1].txt 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\api[2].txt 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\api[3].txt 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\av-3[1].jpg 3 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\choose-file[1].jpg 43 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\default_thumb[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\defogger[1].htm 22 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\download[1].png 10 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\email_open[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\extract-all[1].jpg 13 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\facebook[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\FB[1].Share 7 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\gmer-icon[1].jpg 3 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\help[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\icon10[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\icon11[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\icon13[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\icon4[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\icon9[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\indent[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\index[1].php 176 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\index[2].php 60 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\index[4].php 77 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\index[6].php 149 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\in[1].js 4 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\ipb_print[1].css 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\link[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\mgyhp_sm[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\nav_logo107[1].png 29 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\new-bc[1].css 22 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\page_topic_magnify[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\picture[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\plusone[1].js 8 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\print[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\reddit[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\redo[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\rs=AItRSTMlfm3bL-ILx7qCdIEu6V-RmTkDAQ[1] 110 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\rte_arrow[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\scan-complete[1].jpg 73 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\sem_bfa17e926b5ce66b816d05fa8b75c363[1].js 30 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\share[1] 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\strike[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\topic_button_left[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\topic_button_right_closed[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\txt[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\uncheck-gmer[1].jpg 46 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\underline[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\NY3JZ3UN\widgets[1].js 42 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\3-sm[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\3687X620620.skimlinks[1].js 27 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\6-sm[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\799dc676f220bf41[1].js 42 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\add[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\advanced_search[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\align_center[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\all[1].js 163 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\api[1].txt 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\api[2].txt 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\arrow_rotate_clockwise[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\attach-file[1].jpg 74 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\bold[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\bullet_black[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\close_sm[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\dds-information[1].jpg 53 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\dds-savebox[1].jpg 43 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\download[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\email[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\emoticons[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\favicon[1].ico 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\feed[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\g-button-chocobo-basic-2[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\icon13[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\icon5[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\icon7[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\input_text[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\lightbox[1].js 10 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\nav_m[1].gif 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\new-topic-system-tool[1].jpg 29 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\ordered_list[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\outdent[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\PIE[2].htc 40 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\post_top[1].png 4 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\primarynav_bg[1].png 3 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\report[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\resize_small[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\restserver[1].php 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\run-confirm[1].jpg 37 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\search_icon[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\share-button-css[1].txt 6 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\stats_server[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\swxa[1].gif 6 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\tab_right[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\th_bg[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\tile_sub[1].gif 2 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\topic-message-box[1].jpg 27 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\topic_button_right[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\twitter[1].png 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temporary Internet Files\Content.IE5\X9585PFZ\unordered_list[1].png 1 KB
C:\Documents and Settings\NHRFR\Cookies\07HP1C48.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\2EVMXEO5.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\3KNV3XNM.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\3T1AO3OQ.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\6CR6FKRU.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\83L916NT.txt 4 KB
C:\Documents and Settings\NHRFR\Cookies\AR9VY04Y.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\CJPCF2O2.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\DNHZYL6U.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\DW5VKU0S.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\FRZUHINK.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\H416O32V.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\HAZBOMAV.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\N7J9JZCS.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\P2W0XO6L.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\Q12RQ9AX.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\QEM6ESD2.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\V8MONCUH.txt 1 KB
C:\Documents and Settings\NHRFR\Cookies\YOFFO96X.txt 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\4ELR2K1H\www.google[1].xml 1 KB
C:\Documents and Settings\NHRFR\Recent\ark.txt..log.lnk 1 KB
C:\Documents and Settings\NHRFR\Recent\attach.txt.lnk 1 KB
C:\Documents and Settings\NHRFR\Recent\attach.zip.lnk 1 KB
C:\Documents and Settings\NHRFR\Recent\dds.txt.lnk 1 KB
C:\Documents and Settings\NHRFR\Recent\gmer.zip.lnk 1 KB
C:\Documents and Settings\NHRFR\Local Settings\Temp\Attach.txt 6 KB
C:\Documents and Settings\NHRFR\Local Settings\Temp\DDS.txt 9 KB
C:\WINDOWS\system32\wbem\Logs\wbemcore.log 2 KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 12 KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 1 KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 1 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl 1 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr 2 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk 8 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log 128 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 1 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 1 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 1 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 1 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001 64 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002 64 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr 4 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr 4 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl0.gthr 26 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl1.gthr 1 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy2.gthr 3 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb 34,832 KB
C:\WINDOWS\system32\wbem\Logs\wbemcore.log 2 KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 12 KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 1 KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 1 KB
C:\Documents and Settings\All Users\Application Data\AVG2012\Log\avgchjw.log 48 KB
C:\Documents and Settings\All Users\Application Data\AVG2012\Log\avgdecider.log 8 KB
C:\Documents and Settings\All Users\Application Data\AVG2012\Log\avgdiagex.log 1 KB
C:\Documents and Settings\All Users\Application Data\AVG2012\Log\avgemc.log 22 KB
C:\Documents and Settings\All Users\Application Data\AVG2012\Log\avgidpagent.log 12 KB
C:\Documents and Settings\All Users\Application Data\AVG2012\Log\avglng.log 2 KB
C:\Documents and Settings\All Users\Application Data\AVG2012\Log\avgns.log 15 KB
C:\Documents and Settings\All Users\Application Data\AVG2012\Log\avgrs.log 121 KB
C:\Documents and Settings\All Users\Application Data\AVG2012\Log\avgtray_idp_NHRFR.log 12 KB
C:\Documents and Settings\All Users\Application Data\AVG2012\IDS\profile\globalLoadable.bak 15 KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log 128 KB

Edited by NJguy, 15 April 2012 - 10:18 PM.


#3 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 15 April 2012 - 10:11 PM

Now my AVG just found but did not clean a potentially dangerous object it's calling a rootkit virus:

IDT entry #01 hook -> mbr.sys +0x1c42

It's listed as a hidden object, yet I have the view set to display hidden objects and this isn't one of them.

The folder it was found in is:
C:\Documents and Settings\NHRFR\Local Settings\Temp

Should I remove it? Or will doing so toss out my own MBR?

Edited by NJguy, 15 April 2012 - 10:12 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 PM

Posted 16 April 2012 - 12:53 AM

Hello and Welcome to Bleeping Computer!!

leave it we will deal with it in time

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 16 April 2012 - 02:03 AM

Thank you for taking a shot at this Gringo,

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 2012
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
Spybot - Search & Destroy 2
SUPERAntiSpyware
CCleaner
Java™ 7 Update 3
Adobe Flash Player 11.2.202.228
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


ComboFix 12-04-16.01 - NHRFR 04/16/2012 2:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1507 [GMT -4:00]
Running from: c:\documents and settings\NHRFR\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 06:10 . 2012-04-16 06:16 -------- d-----w- c:\windows\system32\wbem\Logs
2012-04-16 04:42 . 2012-04-16 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-16 04:42 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-04-16 04:42 . 2012-04-16 04:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-04-16 04:36 . 2012-04-16 04:36 -------- d-----w- c:\program files\SpywareBlaster
2012-04-14 17:26 . 2012-04-14 17:26 -------- d-----w- c:\program files\ESET
2012-04-11 17:28 . 2012-04-11 17:28 -------- d-----w- c:\documents and settings\NHRFR\Application Data\Windows Search
2012-04-02 13:53 . 2012-04-02 14:29 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2012-01-19 14:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 14:29 . 2012-01-19 14:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-22 09:25 . 2012-02-22 09:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-16 18:10 . 2012-02-16 18:10 88 ----a-w- c:\windows\CwbRmDir.bat
2012-02-03 09:22 . 2004-08-11 22:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-01-19 14:55 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 08:46 . 2012-01-31 08:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-25 1036288]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-02-07 2972056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingE2725"="c:\program files\Spybot - Search & Destroy 2\SDDelFile.exe" [2012-02-07 2346408]
"SpybotDeletingE176"="c:\program files\Spybot - Search & Destroy 2\SDDelFile.exe" [2012-02-07 2346408]
"SpybotDeletingE8569"="c:\program files\Spybot - Search & Destroy 2\SDDelFile.exe" [2012-02-07 2346408]
"SpybotDeletingE7231"="c:\program files\Spybot - Search & Destroy 2\SDDelFile.exe" [2012-02-07 2346408]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2007-06-12 22:09 408344 ----a-w- c:\program files\Intel\AMT\atchk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-26 20:16 17920 ------w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mxvgautil]
2007-04-10 22:26 176128 ----a-w- c:\windows\system32\mxvgautil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-06-28 20:21 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"Acceler8DB Server"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Program Files\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [12/23/2011 1:32 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/22/2012 5:25 AM 299472]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 4:58 AM 133968]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [4/16/2012 12:42 AM 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4/16/2012 12:42 AM 1185704]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/24/2008 12:57 PM 2521880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [10/30/2008 12:48 PM 247680]
R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [10/30/2008 12:48 PM 253056]
S1 SASDIFSV;SASDIFSV;\??\f:\anti spyware\SASDIFSV.SYS --> f:\anti spyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\f:\anti spyware\SASKUTIL.SYS --> f:\anti spyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"f:\anti spyware\SASCORE.EXE" --> f:\anti spyware\SASCORE.EXE [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2/14/2012 4:52 AM 5104992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 4:14 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 9:53 AM 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/20/2012 4:14 PM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336]
S3 xVGAUSB;USB2.0 VGA DEVICE(USB);c:\windows\system32\drivers\xvgausb.sys [10/30/2008 12:48 PM 31616]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 85633354
*NewlyCreated* - SDSCANNERSERVICE
*NewlyCreated* - SDUPDATESERVICE
*Deregistered* - 85633354
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
XAudio
vcommmgr
tng-doba
CrystalSysInfo
w39n51
odysseyIM4
oracle%oracle_home_service%clientcache80
o2flash
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:29]
.
2012-04-16 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-04-16 21:19]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 20:14]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 20:14]
.
2012-04-16 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-04-16 21:19]
.
2012-04-16 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-04-16 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{A73AE3BD-7603-449D-B3DA-B7291AA89AE8}: NameServer = 167.206.7.4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-16 02:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\ASNA\Shared\Security Provider*Wrong guess again!]
"<No Name>"="{9EF7F70B-19CB-4F25-B7B7-6BB501F27AF4}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-16 02:43:23
ComboFix-quarantined-files.txt 2012-04-16 06:43
ComboFix2.txt 2012-04-16 06:25
.
Pre-Run: 67,214,508,032 bytes free
Post-Run: 67,197,046,784 bytes free
.
- - End Of File - - 398E29E6A23EE0FFE8671F6F25DDA18C

How the PC is doing:

Items are still showing up in the C:\documents and settings\nhrfr\local settings\temporary internet files\content.ie5 and also note that when you go to the last two folders in explorer neither of the last two are there even though in view the settings are set to show all hidden files/folders and also I dont have IE5.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 PM

Posted 16 April 2012 - 02:20 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 16 April 2012 - 03:14 AM

03:55:21.0671 0664 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
03:55:21.0906 0664 ============================================================
03:55:21.0906 0664 Current date / time: 2012/04/16 03:55:21.0906
03:55:21.0906 0664 SystemInfo:
03:55:21.0906 0664
03:55:21.0906 0664 OS Version: 5.1.2600 ServicePack: 3.0
03:55:21.0906 0664 Product type: Workstation
03:55:21.0906 0664 ComputerName: DI
03:55:21.0906 0664 UserName: NHRFR
03:55:21.0906 0664 Windows directory: C:\WINDOWS
03:55:21.0906 0664 System windows directory: C:\WINDOWS
03:55:21.0906 0664 Processor architecture: Intel x86
03:55:21.0906 0664 Number of processors: 2
03:55:21.0906 0664 Page size: 0x1000
03:55:21.0906 0664 Boot type: Normal boot
03:55:21.0906 0664 ============================================================
03:55:22.0140 0664 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:55:22.0140 0664 \Device\Harddisk0\DR0:
03:55:22.0140 0664 MBR used
03:55:22.0140 0664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3AD4F, BlocksNum 0x94BFDAD
03:55:22.0203 0664 Initialize success
03:55:22.0203 0664 ============================================================
03:55:23.0609 3820 ============================================================
03:55:23.0609 3820 Scan started
03:55:23.0609 3820 Mode: Manual;
03:55:23.0609 3820 ============================================================
03:55:23.0906 3820 !SASCORE - ok
03:55:24.0171 3820 Abiosdsk - ok
03:55:24.0218 3820 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
03:55:24.0218 3820 abp480n5 - ok
03:55:24.0281 3820 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:55:24.0281 3820 ACPI - ok
03:55:24.0312 3820 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:55:24.0312 3820 ACPIEC - ok
03:55:24.0375 3820 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
03:55:24.0375 3820 ADIHdAudAddService - ok
03:55:24.0453 3820 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:55:24.0453 3820 AdobeFlashPlayerUpdateSvc - ok
03:55:24.0500 3820 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
03:55:24.0500 3820 adpu160m - ok
03:55:24.0546 3820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:55:24.0546 3820 aec - ok
03:55:24.0625 3820 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
03:55:24.0625 3820 AFD - ok
03:55:24.0703 3820 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
03:55:24.0703 3820 agp440 - ok
03:55:24.0750 3820 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
03:55:24.0750 3820 agpCPQ - ok
03:55:24.0765 3820 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
03:55:24.0765 3820 Aha154x - ok
03:55:24.0781 3820 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
03:55:24.0781 3820 aic78u2 - ok
03:55:24.0812 3820 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
03:55:24.0812 3820 aic78xx - ok
03:55:24.0843 3820 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
03:55:24.0843 3820 Alerter - ok
03:55:24.0875 3820 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
03:55:24.0875 3820 ALG - ok
03:55:24.0906 3820 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
03:55:24.0906 3820 AliIde - ok
03:55:24.0921 3820 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
03:55:24.0921 3820 alim1541 - ok
03:55:24.0937 3820 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
03:55:24.0937 3820 amdagp - ok
03:55:25.0000 3820 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
03:55:25.0000 3820 amsint - ok
03:55:25.0031 3820 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
03:55:25.0031 3820 AppMgmt - ok
03:55:25.0109 3820 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
03:55:25.0109 3820 asc - ok
03:55:25.0109 3820 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
03:55:25.0109 3820 asc3350p - ok
03:55:25.0125 3820 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
03:55:25.0125 3820 asc3550 - ok
03:55:25.0312 3820 ASFAgent (a60bdb22cdcea7818465d58be76640fa) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
03:55:25.0312 3820 ASFAgent - ok
03:55:25.0484 3820 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
03:55:25.0484 3820 aspnet_state - ok
03:55:25.0515 3820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:55:25.0515 3820 AsyncMac - ok
03:55:25.0562 3820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:55:25.0562 3820 atapi - ok
03:55:25.0609 3820 atchksrv (eecc1d40aa10f85126708796aba1e7d5) C:\Program Files\Intel\AMT\atchksrv.exe
03:55:25.0609 3820 atchksrv - ok
03:55:25.0609 3820 Atdisk - ok
03:55:25.0625 3820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:55:25.0625 3820 Atmarpc - ok
03:55:25.0671 3820 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
03:55:25.0671 3820 AudioSrv - ok
03:55:25.0750 3820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:55:25.0750 3820 audstub - ok
03:55:26.0031 3820 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
03:55:26.0046 3820 AVGIDSAgent - ok
03:55:26.0140 3820 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
03:55:26.0140 3820 AVGIDSDriver - ok
03:55:26.0171 3820 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys
03:55:26.0171 3820 AVGIDSEH - ok
03:55:26.0187 3820 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
03:55:26.0187 3820 AVGIDSFilter - ok
03:55:26.0218 3820 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
03:55:26.0218 3820 AVGIDSShim - ok
03:55:26.0265 3820 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
03:55:26.0265 3820 Avgldx86 - ok
03:55:26.0296 3820 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
03:55:26.0296 3820 Avgmfx86 - ok
03:55:26.0359 3820 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
03:55:26.0359 3820 Avgrkx86 - ok
03:55:26.0390 3820 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
03:55:26.0390 3820 Avgtdix - ok
03:55:26.0453 3820 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
03:55:26.0453 3820 avgwd - ok
03:55:26.0468 3820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:55:26.0468 3820 Beep - ok
03:55:26.0531 3820 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
03:55:26.0531 3820 BITS - ok
03:55:26.0609 3820 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
03:55:26.0609 3820 Browser - ok
03:55:26.0687 3820 catchme - ok
03:55:26.0765 3820 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
03:55:26.0765 3820 cbidf - ok
03:55:26.0781 3820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:55:26.0781 3820 cbidf2k - ok
03:55:26.0796 3820 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
03:55:26.0796 3820 cd20xrnt - ok
03:55:26.0828 3820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:55:26.0828 3820 Cdaudio - ok
03:55:26.0875 3820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:55:26.0875 3820 Cdfs - ok
03:55:26.0890 3820 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:55:26.0890 3820 Cdrom - ok
03:55:26.0890 3820 Changer - ok
03:55:26.0953 3820 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
03:55:26.0953 3820 CiSvc - ok
03:55:27.0015 3820 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
03:55:27.0015 3820 ClipSrv - ok
03:55:27.0093 3820 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:55:27.0093 3820 clr_optimization_v2.0.50727_32 - ok
03:55:27.0109 3820 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
03:55:27.0109 3820 CmdIde - ok
03:55:27.0109 3820 COMSysApp - ok
03:55:27.0140 3820 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
03:55:27.0140 3820 Cpqarray - ok
03:55:27.0171 3820 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
03:55:27.0171 3820 CryptSvc - ok
03:55:27.0171 3820 CrystalSysInfo - ok
03:55:27.0234 3820 Cwbrxd (b22149a6def5c65483b1130232ce063d) C:\WINDOWS\CWBRXD.EXE
03:55:27.0234 3820 Cwbrxd - ok
03:55:27.0265 3820 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
03:55:27.0265 3820 dac2w2k - ok
03:55:27.0265 3820 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
03:55:27.0265 3820 dac960nt - ok
03:55:27.0328 3820 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
03:55:27.0328 3820 DcomLaunch - ok
03:55:27.0406 3820 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
03:55:27.0406 3820 Dhcp - ok
03:55:27.0437 3820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
03:55:27.0437 3820 Disk - ok
03:55:27.0484 3820 dmadmin - ok
03:55:27.0531 3820 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:55:27.0546 3820 dmboot - ok
03:55:27.0625 3820 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:55:27.0625 3820 dmio - ok
03:55:27.0640 3820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:55:27.0640 3820 dmload - ok
03:55:27.0640 3820 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
03:55:27.0656 3820 dmserver - ok
03:55:27.0656 3820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:55:27.0656 3820 DMusic - ok
03:55:27.0687 3820 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
03:55:27.0687 3820 Dnscache - ok
03:55:27.0734 3820 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
03:55:27.0734 3820 Dot3svc - ok
03:55:27.0765 3820 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
03:55:27.0765 3820 dpti2o - ok
03:55:27.0796 3820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:55:27.0796 3820 drmkaud - ok
03:55:27.0828 3820 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
03:55:27.0828 3820 E100B - ok
03:55:27.0875 3820 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
03:55:27.0875 3820 e1express - ok
03:55:27.0921 3820 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
03:55:27.0921 3820 EapHost - ok
03:55:28.0000 3820 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
03:55:28.0000 3820 ElbyCDIO - ok
03:55:28.0062 3820 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
03:55:28.0062 3820 ERSvc - ok
03:55:28.0109 3820 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
03:55:28.0109 3820 Eventlog - ok
03:55:28.0171 3820 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
03:55:28.0187 3820 EventSystem - ok
03:55:28.0296 3820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:55:28.0296 3820 Fastfat - ok
03:55:28.0359 3820 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:55:28.0359 3820 FastUserSwitchingCompatibility - ok
03:55:28.0437 3820 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
03:55:28.0437 3820 Fax - ok
03:55:28.0468 3820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
03:55:28.0468 3820 Fdc - ok
03:55:28.0515 3820 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:55:28.0515 3820 Fips - ok
03:55:28.0546 3820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
03:55:28.0546 3820 Flpydisk - ok
03:55:28.0640 3820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:55:28.0640 3820 FltMgr - ok
03:55:28.0796 3820 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:55:28.0796 3820 FontCache3.0.0.0 - ok
03:55:28.0828 3820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:55:28.0828 3820 Fs_Rec - ok
03:55:28.0875 3820 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:55:28.0875 3820 Ftdisk - ok
03:55:28.0906 3820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:55:28.0906 3820 Gpc - ok
03:55:29.0078 3820 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
03:55:29.0078 3820 gupdate - ok
03:55:29.0078 3820 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
03:55:29.0078 3820 gupdatem - ok
03:55:29.0140 3820 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:55:29.0140 3820 HDAudBus - ok
03:55:29.0203 3820 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
03:55:29.0203 3820 HECI - ok
03:55:29.0312 3820 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:55:29.0312 3820 helpsvc - ok
03:55:29.0343 3820 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
03:55:29.0343 3820 HidServ - ok
03:55:29.0421 3820 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:55:29.0421 3820 HidUsb - ok
03:55:29.0468 3820 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
03:55:29.0468 3820 hkmsvc - ok
03:55:29.0500 3820 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
03:55:29.0500 3820 hpn - ok
03:55:29.0546 3820 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:55:29.0546 3820 HTTP - ok
03:55:29.0593 3820 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
03:55:29.0593 3820 HTTPFilter - ok
03:55:29.0687 3820 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
03:55:29.0687 3820 i2omgmt - ok
03:55:29.0734 3820 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
03:55:29.0734 3820 i2omp - ok
03:55:29.0812 3820 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:55:29.0812 3820 i8042prt - ok
03:55:29.0968 3820 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
03:55:29.0968 3820 IAANTMON - ok
03:55:30.0234 3820 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
03:55:30.0265 3820 ialm - ok
03:55:30.0328 3820 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
03:55:30.0328 3820 iaStor - ok
03:55:30.0421 3820 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:55:30.0421 3820 idsvc - ok
03:55:30.0500 3820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:55:30.0500 3820 Imapi - ok
03:55:30.0609 3820 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
03:55:30.0609 3820 ImapiService - ok
03:55:30.0703 3820 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
03:55:30.0703 3820 ini910u - ok
03:55:30.0781 3820 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
03:55:30.0781 3820 IntelIde - ok
03:55:30.0812 3820 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:55:30.0812 3820 intelppm - ok
03:55:30.0843 3820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:55:30.0843 3820 Ip6Fw - ok
03:55:30.0875 3820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:55:30.0875 3820 IpFilterDriver - ok
03:55:30.0937 3820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:55:30.0937 3820 IpInIp - ok
03:55:31.0000 3820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:55:31.0000 3820 IpNat - ok
03:55:31.0078 3820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:55:31.0078 3820 IPSec - ok
03:55:31.0125 3820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:55:31.0140 3820 IRENUM - ok
03:55:31.0171 3820 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:55:31.0171 3820 isapnp - ok
03:55:31.0265 3820 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:55:31.0265 3820 Kbdclass - ok
03:55:31.0281 3820 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:55:31.0281 3820 kbdhid - ok
03:55:31.0343 3820 kbfiltr (6cd229c6f9e5f5f589fe1fe8fceb6559) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
03:55:31.0343 3820 kbfiltr - ok
03:55:31.0390 3820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:55:31.0390 3820 kmixer - ok
03:55:31.0500 3820 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:55:31.0515 3820 KSecDD - ok
03:55:31.0562 3820 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
03:55:31.0562 3820 lanmanserver - ok
03:55:31.0687 3820 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
03:55:31.0687 3820 lanmanworkstation - ok
03:55:31.0718 3820 lbrtfdc - ok
03:55:31.0781 3820 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
03:55:31.0781 3820 LmHosts - ok
03:55:31.0906 3820 LMS (c518d248041c259fcfa7175c866915c3) C:\Program Files\Intel\AMT\LMS.exe
03:55:31.0906 3820 LMS - ok
03:55:32.0000 3820 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
03:55:32.0000 3820 MDM - ok
03:55:32.0046 3820 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
03:55:32.0046 3820 Messenger - ok
03:55:32.0140 3820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:55:32.0140 3820 mnmdd - ok
03:55:32.0218 3820 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
03:55:32.0218 3820 mnmsrvc - ok
03:55:32.0265 3820 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:55:32.0265 3820 Modem - ok
03:55:32.0312 3820 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:55:32.0312 3820 Mouclass - ok
03:55:32.0359 3820 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:55:32.0359 3820 mouhid - ok
03:55:32.0468 3820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:55:32.0468 3820 MountMgr - ok
03:55:32.0500 3820 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
03:55:32.0500 3820 mraid35x - ok
03:55:32.0593 3820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:55:32.0593 3820 MRxDAV - ok
03:55:32.0656 3820 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:55:32.0656 3820 MRxSmb - ok
03:55:32.0765 3820 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
03:55:32.0765 3820 MSDTC - ok
03:55:32.0859 3820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:55:32.0859 3820 Msfs - ok
03:55:32.0890 3820 MSIServer - ok
03:55:32.0921 3820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:55:32.0921 3820 MSKSSRV - ok
03:55:32.0984 3820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:55:32.0984 3820 MSPCLOCK - ok
03:55:33.0218 3820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:55:33.0218 3820 MSPQM - ok
03:55:33.0296 3820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:55:33.0296 3820 mssmbios - ok
03:55:33.0343 3820 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
03:55:33.0343 3820 Mup - ok
03:55:33.0406 3820 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
03:55:33.0406 3820 napagent - ok
03:55:33.0437 3820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:55:33.0437 3820 NDIS - ok
03:55:33.0484 3820 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:55:33.0484 3820 NdisTapi - ok
03:55:33.0671 3820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:55:33.0671 3820 Ndisuio - ok
03:55:33.0734 3820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:55:33.0734 3820 NdisWan - ok
03:55:33.0796 3820 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:55:33.0796 3820 NDProxy - ok
03:55:33.0843 3820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:55:33.0843 3820 NetBIOS - ok
03:55:33.0859 3820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:55:33.0859 3820 NetBT - ok
03:55:33.0906 3820 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
03:55:33.0906 3820 NetDDE - ok
03:55:33.0921 3820 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
03:55:33.0921 3820 NetDDEdsdm - ok
03:55:34.0000 3820 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:55:34.0000 3820 Netlogon - ok
03:55:34.0078 3820 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
03:55:34.0078 3820 Netman - ok
03:55:34.0203 3820 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:55:34.0203 3820 NetTcpPortSharing - ok
03:55:34.0265 3820 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
03:55:34.0265 3820 Nla - ok
03:55:34.0390 3820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:55:34.0390 3820 Npfs - ok
03:55:34.0468 3820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:55:34.0468 3820 Ntfs - ok
03:55:34.0531 3820 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:55:34.0531 3820 NtLmSsp - ok
03:55:34.0578 3820 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
03:55:34.0578 3820 NtmsSvc - ok
03:55:34.0609 3820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:55:34.0609 3820 Null - ok
03:55:34.0687 3820 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:55:34.0703 3820 nv - ok
03:55:34.0734 3820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:55:34.0734 3820 NwlnkFlt - ok
03:55:34.0828 3820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:55:34.0843 3820 NwlnkFwd - ok
03:55:34.0859 3820 o2flash - ok
03:55:34.0875 3820 odysseyIM4 - ok
03:55:34.0875 3820 oracle%oracle_home_service%clientcache80 - ok
03:55:34.0953 3820 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:55:34.0953 3820 ose - ok
03:55:35.0015 3820 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
03:55:35.0015 3820 Parport - ok
03:55:35.0015 3820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:55:35.0015 3820 PartMgr - ok
03:55:35.0062 3820 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:55:35.0062 3820 ParVdm - ok
03:55:35.0078 3820 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:55:35.0078 3820 PCI - ok
03:55:35.0078 3820 PCIDump - ok
03:55:35.0093 3820 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:55:35.0093 3820 PCIIde - ok
03:55:35.0109 3820 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:55:35.0109 3820 Pcmcia - ok
03:55:35.0125 3820 PDCOMP - ok
03:55:35.0125 3820 PDFRAME - ok
03:55:35.0140 3820 PDRELI - ok
03:55:35.0140 3820 PDRFRAME - ok
03:55:35.0171 3820 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
03:55:35.0171 3820 perc2 - ok
03:55:35.0187 3820 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
03:55:35.0187 3820 perc2hib - ok
03:55:35.0234 3820 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
03:55:35.0234 3820 PlugPlay - ok
03:55:35.0296 3820 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:55:35.0296 3820 PolicyAgent - ok
03:55:35.0328 3820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:55:35.0328 3820 PptpMiniport - ok
03:55:35.0359 3820 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:55:35.0359 3820 ProtectedStorage - ok
03:55:35.0375 3820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:55:35.0375 3820 PSched - ok
03:55:35.0406 3820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:55:35.0406 3820 Ptilink - ok
03:55:35.0421 3820 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
03:55:35.0421 3820 ql1080 - ok
03:55:35.0421 3820 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
03:55:35.0421 3820 Ql10wnt - ok
03:55:35.0468 3820 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
03:55:35.0468 3820 ql12160 - ok
03:55:35.0468 3820 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
03:55:35.0468 3820 ql1240 - ok
03:55:35.0484 3820 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
03:55:35.0500 3820 ql1280 - ok
03:55:35.0531 3820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:55:35.0531 3820 RasAcd - ok
03:55:35.0578 3820 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
03:55:35.0578 3820 RasAuto - ok
03:55:35.0609 3820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:55:35.0609 3820 Rasl2tp - ok
03:55:35.0671 3820 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
03:55:35.0671 3820 RasMan - ok
03:55:35.0687 3820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:55:35.0687 3820 RasPppoe - ok
03:55:35.0687 3820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:55:35.0687 3820 Raspti - ok
03:55:35.0718 3820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:55:35.0718 3820 Rdbss - ok
03:55:35.0734 3820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:55:35.0734 3820 RDPCDD - ok
03:55:35.0765 3820 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:55:35.0765 3820 rdpdr - ok
03:55:35.0843 3820 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
03:55:35.0843 3820 RDPWD - ok
03:55:35.0875 3820 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
03:55:35.0875 3820 RDSessMgr - ok
03:55:35.0953 3820 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:55:35.0953 3820 redbook - ok
03:55:35.0984 3820 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
03:55:35.0984 3820 RemoteAccess - ok
03:55:36.0031 3820 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
03:55:36.0031 3820 RemoteRegistry - ok
03:55:36.0062 3820 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
03:55:36.0062 3820 RpcLocator - ok
03:55:36.0109 3820 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
03:55:36.0125 3820 RpcSs - ok
03:55:36.0187 3820 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
03:55:36.0187 3820 RSVP - ok
03:55:36.0250 3820 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:55:36.0250 3820 SamSs - ok
03:55:36.0250 3820 SASDIFSV - ok
03:55:36.0250 3820 SASKUTIL - ok
03:55:36.0265 3820 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
03:55:36.0265 3820 SCardSvr - ok
03:55:36.0328 3820 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
03:55:36.0328 3820 Schedule - ok
03:55:36.0468 3820 SDScannerService (8dcd2c2aa1debe7edaac90e398765976) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
03:55:36.0468 3820 SDScannerService - ok
03:55:36.0531 3820 SDUpdateService (5de1be0423c8cc00e8c47dbf4f987dd4) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
03:55:36.0531 3820 SDUpdateService - ok
03:55:36.0625 3820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:55:36.0625 3820 Secdrv - ok
03:55:36.0671 3820 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
03:55:36.0687 3820 seclogon - ok
03:55:36.0734 3820 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
03:55:36.0750 3820 SenFiltService - ok
03:55:36.0750 3820 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
03:55:36.0750 3820 SENS - ok
03:55:36.0812 3820 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:55:36.0812 3820 serenum - ok
03:55:36.0828 3820 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:55:36.0828 3820 Serial - ok
03:55:36.0875 3820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:55:36.0875 3820 Sfloppy - ok
03:55:36.0921 3820 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
03:55:36.0921 3820 SharedAccess - ok
03:55:36.0984 3820 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:55:36.0984 3820 ShellHWDetection - ok
03:55:37.0031 3820 Simbad - ok
03:55:37.0062 3820 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
03:55:37.0062 3820 sisagp - ok
03:55:37.0078 3820 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
03:55:37.0078 3820 Sparrow - ok
03:55:37.0109 3820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:55:37.0109 3820 splitter - ok
03:55:37.0156 3820 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
03:55:37.0156 3820 Spooler - ok
03:55:37.0234 3820 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:55:37.0234 3820 sr - ok
03:55:37.0281 3820 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
03:55:37.0281 3820 srservice - ok
03:55:37.0359 3820 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:55:37.0359 3820 Srv - ok
03:55:37.0421 3820 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
03:55:37.0421 3820 SSDPSRV - ok
03:55:37.0484 3820 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
03:55:37.0484 3820 stisvc - ok
03:55:37.0562 3820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:55:37.0562 3820 swenum - ok
03:55:37.0578 3820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:55:37.0578 3820 swmidi - ok
03:55:37.0593 3820 SwPrv - ok
03:55:37.0656 3820 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
03:55:37.0656 3820 symc810 - ok
03:55:37.0671 3820 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
03:55:37.0671 3820 symc8xx - ok
03:55:37.0687 3820 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
03:55:37.0687 3820 sym_hi - ok
03:55:37.0734 3820 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
03:55:37.0734 3820 sym_u3 - ok
03:55:37.0750 3820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:55:37.0750 3820 sysaudio - ok
03:55:37.0812 3820 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
03:55:37.0812 3820 SysmonLog - ok
03:55:37.0828 3820 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
03:55:37.0828 3820 TapiSrv - ok
03:55:37.0906 3820 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:55:37.0906 3820 Tcpip - ok
03:55:37.0937 3820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:55:37.0937 3820 TDPIPE - ok
03:55:38.0015 3820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:55:38.0015 3820 TDTCP - ok
03:55:38.0046 3820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:55:38.0046 3820 TermDD - ok
03:55:38.0109 3820 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
03:55:38.0109 3820 TermService - ok
03:55:38.0156 3820 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:55:38.0156 3820 Themes - ok
03:55:38.0218 3820 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
03:55:38.0218 3820 TlntSvr - ok
03:55:38.0234 3820 tng-doba - ok
03:55:38.0312 3820 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
03:55:38.0312 3820 TosIde - ok
03:55:38.0343 3820 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
03:55:38.0343 3820 TrkWks - ok
03:55:38.0375 3820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:55:38.0390 3820 Udfs - ok
03:55:38.0421 3820 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
03:55:38.0421 3820 ultra - ok
03:55:38.0625 3820 UNS (0558985bd646203df5f36bf0fbd241a3) C:\Program Files\Intel\AMT\UNS.exe
03:55:38.0640 3820 UNS - ok
03:55:38.0718 3820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:55:38.0734 3820 Update - ok
03:55:38.0781 3820 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
03:55:38.0781 3820 upnphost - ok
03:55:38.0796 3820 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
03:55:38.0796 3820 UPS - ok
03:55:38.0859 3820 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:55:38.0859 3820 usbccgp - ok
03:55:38.0953 3820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:55:38.0953 3820 usbehci - ok
03:55:39.0031 3820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:55:39.0031 3820 usbhub - ok
03:55:39.0093 3820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:55:39.0093 3820 usbscan - ok
03:55:39.0156 3820 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:55:39.0156 3820 USBSTOR - ok
03:55:39.0203 3820 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:55:39.0203 3820 usbuhci - ok
03:55:39.0250 3820 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
03:55:39.0250 3820 VClone - ok
03:55:39.0296 3820 vcommmgr - ok
03:55:39.0328 3820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:55:39.0328 3820 VgaSave - ok
03:55:39.0359 3820 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
03:55:39.0359 3820 viaagp - ok
03:55:39.0375 3820 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
03:55:39.0375 3820 ViaIde - ok
03:55:39.0406 3820 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:55:39.0406 3820 VolSnap - ok
03:55:39.0468 3820 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
03:55:39.0468 3820 VSS - ok
03:55:39.0484 3820 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
03:55:39.0500 3820 w32time - ok
03:55:39.0500 3820 w39n51 - ok
03:55:39.0562 3820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:55:39.0562 3820 Wanarp - ok
03:55:39.0593 3820 WDICA - ok
03:55:39.0609 3820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:55:39.0609 3820 wdmaud - ok
03:55:39.0625 3820 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
03:55:39.0625 3820 WebClient - ok
03:55:39.0718 3820 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
03:55:39.0718 3820 winmgmt - ok
03:55:39.0796 3820 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
03:55:39.0796 3820 WinRM - ok
03:55:39.0843 3820 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
03:55:39.0859 3820 WmdmPmSN - ok
03:55:39.0921 3820 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
03:55:39.0937 3820 Wmi - ok
03:55:39.0953 3820 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:55:39.0953 3820 WmiApSrv - ok
03:55:40.0125 3820 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
03:55:40.0125 3820 WMPNetworkSvc - ok
03:55:40.0250 3820 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
03:55:40.0250 3820 WS2IFSL - ok
03:55:40.0312 3820 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
03:55:40.0312 3820 wscsvc - ok
03:55:40.0328 3820 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
03:55:40.0328 3820 wuauserv - ok
03:55:40.0359 3820 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:55:40.0359 3820 WudfPf - ok
03:55:40.0390 3820 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:55:40.0390 3820 WudfRd - ok
03:55:40.0421 3820 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
03:55:40.0421 3820 WudfSvc - ok
03:55:40.0484 3820 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
03:55:40.0484 3820 WZCSVC - ok
03:55:40.0500 3820 XAudio - ok
03:55:40.0531 3820 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
03:55:40.0531 3820 xmlprov - ok
03:55:40.0578 3820 xMrMINI (cbf2cf50e28d968ad811cd512754d151) C:\WINDOWS\system32\DRIVERS\xMrMini.sys
03:55:40.0578 3820 xMrMINI - ok
03:55:40.0703 3820 xVGAMINI (07e55eabc0d9d21a013b0b8075fe0a5c) C:\WINDOWS\system32\DRIVERS\xVgaMini.sys
03:55:40.0703 3820 xVGAMINI - ok
03:55:40.0765 3820 xVGAUSB (fd854e6b6c7585e0b39870d5d9233c03) C:\WINDOWS\system32\drivers\xvgausb.sys
03:55:40.0765 3820 xVGAUSB - ok
03:55:40.0796 3820 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:55:40.0984 3820 \Device\Harddisk0\DR0 - ok
03:55:40.0984 3820 Boot (0x1200) (febf7ee79f7f36fccbcc0ed1a04ca984) \Device\Harddisk0\DR0\Partition0
03:55:40.0984 3820 \Device\Harddisk0\DR0\Partition0 - ok
03:55:40.0984 3820 ============================================================
03:55:40.0984 3820 Scan finished
03:55:40.0984 3820 ============================================================
03:55:40.0984 1556 Detected object count: 0
03:55:40.0984 1556 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-16 03:58:01
-----------------------------
03:58:01.609 OS Version: Windows 5.1.2600 Service Pack 3
03:58:01.609 Number of processors: 2 586 0x1706
03:58:01.609 ComputerName: DI UserName:
03:58:02.125 Initialize success
03:58:56.937 AVAST engine defs: 12041502
03:59:03.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:59:03.156 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
03:59:03.171 Disk 0 MBR read successfully
03:59:03.171 Disk 0 MBR scan
03:59:03.203 Disk 0 Windows XP default MBR code
03:59:03.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 117 MB offset 63
03:59:03.218 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76159 MB offset 240975
03:59:03.218 Disk 0 scanning sectors +156216060
03:59:03.312 Disk 0 scanning C:\WINDOWS\system32\drivers
03:59:12.750 Service scanning
03:59:31.375 Modules scanning
03:59:36.125 Disk 0 trace - called modules:
03:59:36.156 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys iaStor.sys hal.dll
03:59:36.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5efab8]
03:59:36.171 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a59d030]
03:59:36.578 AVAST engine scan C:\WINDOWS
03:59:40.234 AVAST engine scan C:\WINDOWS\system32
04:01:44.906 AVAST engine scan C:\WINDOWS\system32\drivers
04:01:57.609 AVAST engine scan C:\Documents and Settings\NHRFR
04:03:26.562 AVAST engine scan C:\Documents and Settings\All Users
04:03:45.203 Scan finished successfully
04:07:10.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\NHRFR\Desktop\MBR.dat"
04:07:10.265 The log file has been saved successfully to "C:\Documents and Settings\NHRFR\Desktop\aswMBR1.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 PM

Posted 16 April 2012 - 10:02 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 PM

Posted 18 April 2012 - 11:31 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 21 April 2012 - 08:43 AM

Unfortunately due to an illness I had to stop for a few days. I am going back to work on Monday night and I will try the above then. Lets just leave the topic open and I'll reply before Midnight on Monday night.
Thank you again!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 PM

Posted 21 April 2012 - 08:46 AM

no problem and I will see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 PM

Posted 23 April 2012 - 11:38 PM

Hello


Just a friendly bump to check in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 NJguy

NJguy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 24 April 2012 - 10:23 AM

Now the computer wont even go past the start screen. Well thank you all for the help, but at this point I'm going to reinstall windows. I had previously backed up the word files and they were all that mattered. Again, much thanks, this topic can be closed.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 PM

Posted 24 April 2012 - 01:06 PM

Hello


reinstall would be the fastest thing to do but I would like to know what happened and when.



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:03 PM

Posted 26 April 2012 - 11:16 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users