Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp directory has 72gb


  • This topic is locked This topic is locked
1 reply to this topic

#1 drobtoy

drobtoy

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:11:49 AM

Posted 24 October 2013 - 12:40 PM

This is my second post and the eerily similar to the first one, but on an older computer.

 

A temp file has 72gb of data in it:

 

c:\program files\symantec shared\virusdefs

 

This computer had Symantec on it in the past, but no longer.

 

I ran Malwarebytes, Security Essentials and TDSSkiller but found nothing.

 

I ran Combofix. but nothing was deleted.

 

Following instructions in the first post, I ran GMER, but am unable to read the log report.

 

I probably can just delete the temp folder, but would like to get to the root cause of the issue.

 

Can you help?

 

thanks

 

Daryl

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702
Run by Allen Demar at 13:08:00 on 2013-10-24
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.367 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - <orphaned>
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe"  /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [SMRequiresRestart] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155596813870
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1382612170640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9347A765-8ED4-463A-9C6B-2580C78A2306} : DHCPNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2013-10-23 1164328]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2013-10-23 68464]
S2 gupdate1c99f7b9fa7d2d0;Google Update Service (gupdate1c99f7b9fa7d2d0);c:\program files\google\update\GoogleUpdate.exe [2009-3-7 133104]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
.
=============== Created Last 30 ================
.
2013-10-24 17:05:51 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb6f02ba-f5a5-4f5a-a193-e32654d33e1a}\mpengine.dll
2013-10-24 15:29:12 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2013-10-24 15:29:09 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-10-24 12:22:33 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-10-24 12:22:25 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-10-24 12:22:21 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-10-24 12:22:14 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-10-24 12:22:07 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-10-24 12:21:13 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2013-10-24 12:21:03 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-10-24 12:20:58 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-10-24 12:20:48 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-10-24 12:20:43 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-10-24 12:20:38 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2013-10-24 12:11:21 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-10-24 12:11:12 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-10-24 12:11:05 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-10-24 12:10:29 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2013-10-24 12:10:20 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2013-10-24 12:10:16 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2013-10-24 12:10:14 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2013-10-24 12:10:03 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2013-10-24 12:10:01 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2013-10-24 12:09:58 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2013-10-24 12:09:52 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2013-10-24 12:09:41 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2013-10-24 12:09:38 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys
2013-10-24 12:09:36 29311 ----a-w- c:\windows\system32\dllcache\watv01nt.sys
2013-10-24 12:09:32 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2013-10-24 12:09:27 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys
2013-10-24 12:09:25 12127 ----a-w- c:\windows\system32\dllcache\wadv02nt.sys
2013-10-24 12:09:23 12415 ----a-w- c:\windows\system32\dllcache\wadv01nt.sys
2013-10-24 12:09:14 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys
2013-10-24 12:09:08 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys
2013-10-24 12:09:02 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys
2013-10-24 12:08:58 5632 ----a-w- c:\windows\system32\dllcache\w3svapi.dll
2013-10-24 12:08:56 73728 ----a-w- c:\windows\system32\dllcache\w3ext.dll
2013-10-24 12:08:54 4608 ----a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2013-10-24 12:08:52 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2013-10-24 12:08:47 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2013-10-24 12:08:40 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2013-10-24 12:08:30 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2013-10-24 12:08:24 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2013-10-24 12:08:18 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2013-10-24 12:08:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2013-10-24 12:08:04 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2013-10-24 12:07:57 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2013-10-24 12:07:50 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2013-10-24 12:07:45 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2013-10-24 12:07:36 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2013-10-24 12:07:29 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2013-10-24 12:07:23 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2013-10-24 12:07:16 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2013-10-24 12:07:08 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2013-10-24 12:07:04 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2013-10-24 12:06:54 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2013-10-24 12:06:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2013-10-24 12:06:31 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2013-10-24 12:06:25 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2013-10-24 12:06:19 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2013-10-24 12:06:14 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2013-10-24 12:06:08 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2013-10-24 12:06:02 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2013-10-24 12:05:56 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2013-10-24 12:05:49 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2013-10-24 12:05:44 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2013-10-24 12:05:35 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2013-10-24 12:05:32 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2013-10-24 12:05:15 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2013-10-24 12:05:10 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2013-10-24 12:05:05 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2013-10-24 12:04:59 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2013-10-24 12:04:53 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2013-10-24 12:04:47 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2013-10-24 12:04:42 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2013-10-24 12:04:37 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2013-10-24 12:04:35 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2013-10-24 12:04:31 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2013-10-24 12:04:20 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2013-10-24 12:04:16 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2013-10-24 12:04:11 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2013-10-24 12:04:04 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2013-10-24 12:02:57 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2013-10-24 12:01:58 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2013-10-24 12:00:59 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2013-10-24 11:59:57 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2013-10-24 11:58:58 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2013-10-24 11:57:56 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2013-10-24 11:56:57 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2013-10-24 11:55:58 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2013-10-24 11:54:59 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2013-10-24 11:53:58 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys
2013-10-24 11:52:59 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2013-10-24 11:51:55 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2013-10-24 11:50:58 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys
2013-10-24 11:50:54 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2013-10-24 11:50:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
2013-10-24 11:50:47 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2013-10-24 11:50:43 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2013-10-24 11:50:40 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2013-10-24 11:50:36 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2013-10-24 11:50:35 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2013-10-24 11:50:31 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2013-10-24 11:50:17 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2013-10-24 11:50:16 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2013-10-24 11:50:10 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-10-24 11:49:58 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-10-24 11:49:55 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2013-10-24 11:49:53 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2013-10-24 11:49:43 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2013-10-24 11:49:39 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2013-10-24 11:49:37 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2013-10-24 11:47:17 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2013-10-24 11:46:57 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2013-10-24 11:46:49 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2013-10-24 11:46:43 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2013-10-24 11:46:38 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2013-10-24 11:46:36 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2013-10-24 11:46:34 92032 ----a-w- c:\windows\system32\dllcache\mga.dll
2013-10-24 11:46:28 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2013-10-24 11:46:24 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2013-10-24 11:46:19 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2013-10-24 11:46:16 26624 ----a-w- c:\windows\system32\dllcache\mdsync.dll
2013-10-24 11:46:10 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2013-10-24 11:44:51 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2013-10-24 11:44:46 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2013-10-24 11:44:41 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys
2013-10-24 11:44:35 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2013-10-24 11:44:31 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2013-10-24 11:44:26 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys
2013-10-24 11:44:21 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2013-10-24 11:44:11 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2013-10-24 11:44:09 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2013-10-24 11:44:06 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll
2013-10-24 11:44:04 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2013-10-24 11:44:01 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll
2013-10-24 11:42:56 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2013-10-24 11:41:53 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2013-10-24 11:40:56 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2013-10-24 11:39:58 324608 ----a-w- c:\windows\system32\dllcache\hpojwia.dll
2013-10-24 11:38:59 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys
2013-10-24 11:37:53 22090 ----a-w- c:\windows\system32\dllcache\fem556n5.sys
2013-10-24 11:36:59 72192 ----a-w- c:\windows\system32\dllcache\es1969.sys
2013-10-24 11:35:59 69194 ----a-w- c:\windows\system32\dllcache\el656cd5.sys
2013-10-24 11:34:59 31305 ----a-w- c:\windows\system32\dllcache\disrvpp.dll
2013-10-24 11:33:53 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2013-10-24 11:32:58 39936 ----a-w- c:\windows\system32\dllcache\cnxt1803.sys
2013-10-24 11:31:58 74240 ----a-w- c:\windows\system32\dllcache\camexo20.dll
2013-10-24 11:30:59 45568 ----a-w- c:\windows\system32\dllcache\browscap.dll
2013-10-24 11:29:59 137216 ----a-w- c:\windows\system32\dllcache\atidrae.dll
2013-10-24 11:28:54 10240 ----a-w- c:\windows\system32\dllcache\npwmsdrm.dll
2013-10-24 11:28:53 364544 ----a-w- c:\windows\system32\dllcache\npdsplay.dll
2013-10-24 11:28:42 4639 ----a-w- c:\windows\system32\dllcache\mplayer2.exe
2013-10-24 11:25:01 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2013-10-24 11:24:48 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-10-24 11:24:28 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2013-10-24 11:24:25 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2013-10-24 11:24:23 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2013-10-24 11:24:22 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2013-10-24 11:24:21 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2013-10-24 11:24:20 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2013-10-24 03:05:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-10-24 02:53:07 -------- d-----w- c:\program files\Microsoft Security Client
2013-10-24 02:44:23 -------- d-----w- c:\documents and settings\allen demar\application data\Malwarebytes
2013-10-24 02:44:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-10-24 02:44:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-24 02:44:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-24 02:27:16 -------- d-sha-r- C:\cmdcons
2013-10-24 02:23:59 98816 ----a-w- c:\windows\sed.exe
2013-10-24 02:23:59 256000 ----a-w- c:\windows\PEV.exe
2013-10-24 02:23:59 208896 ----a-w- c:\windows\MBR.exe
2013-10-24 02:11:28 -------- d-----w- c:\windows\ERUNT
2013-10-24 02:09:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-24 02:09:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-24 02:05:20 -------- d-----w- C:\AdwCleaner
2013-10-24 00:43:16 -------- d-----w- c:\program files\Windows Media Connect 2
2013-10-24 00:41:30 -------- d-----w- C:\4130a27fe36cb4d46413
2013-10-24 00:41:27 -------- d-----w- c:\windows\system32\LogFiles
2013-10-24 00:41:02 -------- d-----w- C:\6c5d239f9757759641a8f0b86f
2013-10-24 00:34:40 -------- d-----w- c:\documents and settings\allen demar\application data\Windows Desktop Search
2013-10-24 00:34:19 -------- d-----w- c:\program files\Windows Desktop Search
2013-10-24 00:28:58 -------- d-----w- c:\windows\system32\winrm
2013-10-24 00:28:58 -------- d-----w- c:\windows\system32\GroupPolicy
2013-10-24 00:28:54 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-10-23 23:20:27 -------- d-----w- c:\windows\system32\XPSViewer
2013-10-23 23:19:56 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-10-23 23:19:43 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-10-23 23:19:43 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-10-23 23:19:43 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-10-23 23:19:43 117760 ------w- c:\windows\system32\prntvpt.dll
2013-10-23 23:19:42 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-10-23 23:19:42 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-10-23 23:19:42 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-10-23 23:19:42 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2013-10-23 23:19:42 -------- d-----w- C:\92c8681dda434c8bdee417
2013-10-23 23:01:17 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2013-10-23 22:00:26 60160 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-23 21:59:30 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-10-23 21:58:18 3072 ------w- c:\windows\system32\iacenc.dll
2013-10-23 21:58:18 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2013-10-23 21:37:12 2097984 ----a-w- c:\windows\system32\Incinerator32.dll
2013-10-23 21:37:10 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2013-10-23 21:37:10 56200 ----a-w- c:\windows\system32\offreg.dll
2013-10-23 21:37:10 41616 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-10-23 21:37:10 23568 ----a-w- c:\windows\system32\smrgdf.exe
2013-10-23 21:37:09 -------- d-----w- c:\program files\iolo
2013-10-23 21:33:49 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-10-23 21:33:24 74703 ----a-w- c:\windows\system32\mfc45.dll
2013-10-23 21:33:24 -------- d-----w- c:\documents and settings\allen demar\application data\iolo
2013-10-23 21:33:24 -------- d-----w- c:\documents and settings\all users\application data\iolo
2013-10-23 20:55:27 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-10-23 20:14:05 -------- d-----w- c:\windows\system32\scripting
2013-10-23 20:14:04 -------- d-----w- c:\windows\system32\en
2013-10-23 20:14:04 -------- d-----w- c:\windows\system32\bits
2013-10-23 20:14:04 -------- d-----w- c:\windows\l2schemas
2013-10-23 20:10:39 -------- d-----w- c:\windows\network diagnostic
2013-10-23 19:05:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-10-23 19:05:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
.
==================== Find3M  ====================
.
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 18:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
============= FINISH: 13:11:12.59 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:49 PM

Posted 24 October 2013 - 03:58 PM

Closing this topic. Duplicate here: http://www.bleepingcomputer.com/forums/t/511762/temp-directory-is-72gb/
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users