One outgoing website 146.185.218.87 keeps popping up

rohwer3 · May 22, 2012

I have been cleaning this for a week now and it was a lot more sites than just this one. The ip is 146.185.218.87 and its an outgoing request. Obviously something Ran through the regsitry ran TDSSkiller, combo fix, super anti spyware, malware bytes, rkill, etc etc etc!!!

the DDS report is :

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Administrator at 11:38:27 on 2012-05-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2002.1121 [GMT -5:00]

.

AV: AVG Internet Security Network Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Kaseya\DLLBRT82204215057080\AgentMon.exe

C:\Program Files\Kaseya\DLLBRT82204215057080\KasAVSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Rey\Bin\Ucsinsvc.exe

C:\rey\bin\PscVersionService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\SearchIndexer.exe

c:\kworking\KRlyCLis.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\RealVNC\VNC4\vncclipboard.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Kaseya\DLLBRT82204215057080\KaUsrTsk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ChromeData\AutoBook\AUS.exe

-k netsvcs

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.siddillon.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [KASHDLLBRT82204215057080] "c:\program files\kaseya\dllbrt82204215057080\KaUsrTsk.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\chromedata\autobook\AUS.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309466389420

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.12.191.100

TCP: Interfaces\{82C9FC30-898F-4472-A025-80D6BD9CDDF8} : DhcpNameServer = 10.12.191.100

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\mmkjcr7v.default\

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoff.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npwbe.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2012-1-24 52872]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2011-1-3 24064]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2012-1-24 29712]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2012-1-24 308136]

R2 KADLLBRT82204215057080;Kaseya Agent;c:\program files\kaseya\dllbrt82204215057080\AgentMon.exe [2012-1-20 856064]

R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\dllbrt82204215057080\KasAVSrv.exe [2012-1-24 229376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-15 654408]

R2 REY Install NT Service;REY Install NT Service;c:\rey\bin\UcsInSvc.exe [2011-4-15 98304]

R2 REY PSCVersionService;REY PSCVersionService;c:\rey\bin\PSCVersionService.exe [2011-7-1 61440]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-1-3 44800]

R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [2012-1-20 17920]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-15 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-22 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

S2 UCS Install NT Service;UCS Install NT Service;c:\ucc\services\ucsinsvc.exe --> c:\ucc\services\UcsInSvc.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-14 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-15 129976]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2012-1-3 1188624]

.

=============== Created Last 30 ================

.

2012-05-22 16:29:57 -------- d-----w- c:\windows\system32\drivers\etc\archived

2012-05-22 15:37:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-22 15:06:00 57344 ------w- c:\windows\system32\ssdevm.dll

2012-05-22 15:06:00 49152 ------w- c:\windows\system32\ssusbpn.dll

2012-05-22 15:05:05 484592 ----a-w- c:\windows\SSndii.exe

2012-05-22 15:05:04 -------- d-----w- c:\windows\Dell

2012-05-22 15:05:03 21776 ----a-w- c:\windows\system32\msxml2a.dll

2012-05-22 15:03:31 26624 ----a-w- c:\windows\system32\sdp1ml3.dll

2012-05-22 15:03:25 19968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\sdp1mpc.dll

2012-05-22 15:03:21 151552 ----a-w- c:\windows\system32\sdp1mci.exe

2012-05-22 15:03:20 65536 ----a-w- c:\windows\system32\sdp1mci.dll

2012-05-22 15:02:48 -------- d-----w- c:\program files\Dell

2012-05-22 15:00:04 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2012-05-22 15:00:04 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2012-05-15 20:36:17 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2012-05-15 20:36:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-15 20:36:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-15 20:36:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-15 20:33:37 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-15 20:17:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla

2012-05-15 20:17:04 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-15 20:17:02 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2012-05-15 20:17:01 866992 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2012-05-11 15:27:59 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment

2012-05-11 15:27:07 -------- d-----w- c:\documents and settings\administrator\application data\MicroST

2012-05-10 15:18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-05-10 15:18:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-05-10 14:50:43 -------- d-----w- c:\windows\pss

2012-05-05 20:30:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-05-05 20:14:02 -------- d-----w- c:\program files\common files\WSecEdit

2012-05-04 17:49:56 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache

2012-04-25 12:48:07 -------- d-----w- c:\documents and settings\administrator\local settings\application data\offsync

.

==================== Find3M ====================

.

2012-05-22 15:58:28 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-05-05 16:44:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 16:44:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 11:46:02.65 ===============

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Any help would be appreciated!!!

D-FRED-BROWN · May 22, 2012

Hello rohwer3 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

TDSSKiller logfile
C:\ComboFix.txt
Security Check checkup.txt

How is your computer running now?

rohwer3 · May 22, 2012

I have ran the TDSS killer days before and cleaned most of it. The scan today showed now results. Posted below is the log though

----------------------------

12:31:21.0796 3364 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

12:31:22.0640 3364 ============================================================

12:31:22.0640 3364 Current date / time: 2012/05/22 12:31:22.0640

12:31:22.0671 3364 SystemInfo:

12:31:22.0671 3364

12:31:22.0671 3364 OS Version: 5.1.2600 ServicePack: 3.0

12:31:22.0671 3364 Product type: Workstation

12:31:22.0671 3364 ComputerName: BLAIRSALES32

12:31:22.0671 3364 UserName: Administrator

12:31:22.0671 3364 Windows directory: C:\WINDOWS

12:31:22.0671 3364 System windows directory: C:\WINDOWS

12:31:22.0671 3364 Processor architecture: Intel x86

12:31:22.0671 3364 Number of processors: 2

12:31:22.0671 3364 Page size: 0x1000

12:31:22.0671 3364 Boot type: Normal boot

12:31:22.0671 3364 ============================================================

12:31:22.0921 3364 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

12:31:22.0937 3364 ============================================================

12:31:22.0937 3364 \Device\Harddisk0\DR0:

12:31:22.0937 3364 MBR partitions:

12:31:22.0937 3364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

12:31:22.0937 3364 ============================================================

12:31:23.0000 3364 C: <-> \Device\Harddisk0\DR0\Partition0

12:31:23.0000 3364 ============================================================

12:31:23.0000 3364 Initialize success

12:31:23.0000 3364 ============================================================

12:31:35.0843 0632 ============================================================

12:31:35.0843 0632 Scan started

12:31:35.0843 0632 Mode: Manual;

12:31:35.0843 0632 ============================================================

12:31:37.0453 0632 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

12:31:37.0453 0632 !SASCORE - ok

12:31:37.0515 0632 6to4 - ok

12:31:37.0531 0632 Abiosdsk - ok

12:31:37.0531 0632 abp480n5 - ok

12:31:37.0562 0632 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:31:37.0593 0632 ACPI - ok

12:31:37.0625 0632 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

12:31:37.0625 0632 ACPIEC - ok

12:31:37.0671 0632 ADIHdAudAddService (2dc6ff5da4ea7ca1d4128a7541734b9f) C:\WINDOWS\system32\drivers\ADIHdAud.sys

12:31:37.0703 0632 ADIHdAudAddService - ok

12:31:37.0781 0632 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:31:37.0781 0632 AdobeFlashPlayerUpdateSvc - ok

12:31:37.0781 0632 adpu160m - ok

12:31:37.0812 0632 AEAudio (3bc9c8baf983b583e14088e6ff74a8a1) C:\WINDOWS\system32\drivers\AEAudio.sys

12:31:37.0812 0632 AEAudio - ok

12:31:37.0859 0632 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:31:37.0859 0632 aec - ok

12:31:37.0890 0632 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

12:31:37.0890 0632 AFD - ok

12:31:37.0890 0632 Aha154x - ok

12:31:37.0906 0632 aic78u2 - ok

12:31:37.0906 0632 aic78xx - ok

12:31:37.0937 0632 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

12:31:37.0937 0632 Alerter - ok

12:31:37.0968 0632 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

12:31:37.0968 0632 ALG - ok

12:31:37.0968 0632 AliIde - ok

12:31:37.0984 0632 amsint - ok

12:31:38.0000 0632 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

12:31:38.0000 0632 AppMgmt - ok

12:31:38.0000 0632 asc - ok

12:31:38.0015 0632 asc3350p - ok

12:31:38.0015 0632 asc3550 - ok

12:31:38.0109 0632 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

12:31:38.0125 0632 aspnet_state - ok

12:31:38.0140 0632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:31:38.0140 0632 AsyncMac - ok

12:31:38.0171 0632 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:31:38.0171 0632 atapi - ok

12:31:38.0171 0632 Atdisk - ok

12:31:38.0203 0632 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:31:38.0203 0632 Atmarpc - ok

12:31:38.0218 0632 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

12:31:38.0218 0632 AudioSrv - ok

12:31:38.0250 0632 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:31:38.0250 0632 audstub - ok

12:31:38.0328 0632 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe

12:31:38.0359 0632 avg9wd - ok

12:31:38.0390 0632 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys

12:31:38.0390 0632 AvgMfx86 - ok

12:31:38.0390 0632 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys

12:31:38.0390 0632 AvgRkx86 - ok

12:31:38.0437 0632 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:31:38.0437 0632 Beep - ok

12:31:38.0484 0632 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

12:31:38.0515 0632 BITS - ok

12:31:38.0546 0632 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

12:31:38.0546 0632 Browser - ok

12:31:38.0593 0632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:31:38.0593 0632 cbidf2k - ok

12:31:38.0593 0632 cd20xrnt - ok

12:31:38.0625 0632 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:31:38.0625 0632 Cdaudio - ok

12:31:38.0640 0632 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:31:38.0656 0632 Cdfs - ok

12:31:38.0671 0632 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:31:38.0671 0632 Cdrom - ok

12:31:38.0671 0632 Changer - ok

12:31:38.0687 0632 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

12:31:38.0687 0632 CiSvc - ok

12:31:38.0703 0632 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

12:31:38.0703 0632 ClipSrv - ok

12:31:38.0781 0632 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:31:38.0828 0632 clr_optimization_v2.0.50727_32 - ok

12:31:38.0875 0632 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:31:38.0875 0632 clr_optimization_v4.0.30319_32 - ok

12:31:38.0875 0632 CmdIde - ok

12:31:38.0875 0632 COMSysApp - ok

12:31:38.0875 0632 Cpqarray - ok

12:31:38.0890 0632 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

12:31:38.0906 0632 CryptSvc - ok

12:31:38.0906 0632 dac2w2k - ok

12:31:38.0906 0632 dac960nt - ok

12:31:38.0953 0632 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

12:31:38.0984 0632 DcomLaunch - ok

12:31:38.0984 0632 DgiVecp - ok

12:31:39.0015 0632 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

12:31:39.0015 0632 Dhcp - ok

12:31:39.0031 0632 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:31:39.0031 0632 Disk - ok

12:31:39.0031 0632 dmadmin - ok

12:31:39.0078 0632 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:31:39.0093 0632 dmboot - ok

12:31:39.0109 0632 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:31:39.0109 0632 dmio - ok

12:31:39.0125 0632 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:31:39.0125 0632 dmload - ok

12:31:39.0125 0632 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

12:31:39.0125 0632 dmserver - ok

12:31:39.0156 0632 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:31:39.0156 0632 DMusic - ok

12:31:39.0171 0632 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

12:31:39.0171 0632 Dnscache - ok

12:31:39.0187 0632 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

12:31:39.0187 0632 Dot3svc - ok

12:31:39.0187 0632 dpti2o - ok

12:31:39.0203 0632 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:31:39.0203 0632 drmkaud - ok

12:31:39.0234 0632 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

12:31:39.0265 0632 e1express - ok

12:31:39.0281 0632 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

12:31:39.0296 0632 EapHost - ok

12:31:39.0296 0632 emu10k - ok

12:31:39.0312 0632 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

12:31:39.0312 0632 ERSvc - ok

12:31:39.0359 0632 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

12:31:39.0359 0632 Eventlog - ok

12:31:39.0406 0632 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

12:31:39.0421 0632 EventSystem - ok

12:31:39.0437 0632 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:31:39.0453 0632 Fastfat - ok

12:31:39.0484 0632 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:31:39.0484 0632 FastUserSwitchingCompatibility - ok

12:31:39.0515 0632 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

12:31:39.0515 0632 Fdc - ok

12:31:39.0640 0632 File Backup (ed59ad1c8db2f26324051b035ae56cdd) C:\Program Files\Workspace\offSyncService.exe

12:31:39.0671 0632 File Backup - ok

12:31:39.0687 0632 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:31:39.0687 0632 Fips - ok

12:31:39.0703 0632 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

12:31:39.0703 0632 Flpydisk - ok

12:31:39.0734 0632 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

12:31:39.0734 0632 FltMgr - ok

12:31:39.0828 0632 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

12:31:39.0828 0632 FontCache3.0.0.0 - ok

12:31:39.0843 0632 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:31:39.0843 0632 Fs_Rec - ok

12:31:39.0859 0632 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:31:39.0859 0632 Ftdisk - ok

12:31:39.0906 0632 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:31:39.0906 0632 Gpc - ok

12:31:39.0906 0632 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:31:39.0921 0632 HDAudBus - ok

12:31:39.0937 0632 hdthermal - ok

12:31:39.0968 0632 HECI (0bf1d760b05caaaf231123d53c4789e2) C:\WINDOWS\system32\DRIVERS\HECI.sys

12:31:39.0968 0632 HECI - ok

12:31:40.0015 0632 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:31:40.0015 0632 helpsvc - ok

12:31:40.0046 0632 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

12:31:40.0046 0632 HidServ - ok

12:31:40.0078 0632 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:31:40.0078 0632 HidUsb - ok

12:31:40.0093 0632 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

12:31:40.0093 0632 hkmsvc - ok

12:31:40.0093 0632 hpn - ok

12:31:40.0140 0632 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:31:40.0171 0632 HTTP - ok

12:31:40.0218 0632 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

12:31:40.0218 0632 HTTPFilter - ok

12:31:40.0218 0632 hwpsgt - ok

12:31:40.0234 0632 i2omgmt - ok

12:31:40.0234 0632 i2omp - ok

12:31:40.0250 0632 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:31:40.0250 0632 i8042prt - ok

12:31:40.0578 0632 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

12:31:40.0687 0632 ialm - ok

12:31:40.0812 0632 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:31:40.0812 0632 idsvc - ok

12:31:40.0890 0632 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

12:31:40.0890 0632 IFXTPM - ok

12:31:40.0921 0632 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:31:40.0921 0632 Imapi - ok

12:31:40.0937 0632 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

12:31:40.0953 0632 ImapiService - ok

12:31:40.0953 0632 ini910u - ok

12:31:40.0953 0632 IntelIde - ok

12:31:40.0968 0632 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:31:40.0968 0632 intelppm - ok

12:31:41.0000 0632 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

12:31:41.0000 0632 Ip6Fw - ok

12:31:41.0015 0632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:31:41.0015 0632 IpFilterDriver - ok

12:31:41.0031 0632 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:31:41.0031 0632 IpInIp - ok

12:31:41.0046 0632 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:31:41.0046 0632 IpNat - ok

12:31:41.0078 0632 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:31:41.0078 0632 IPSec - ok

12:31:41.0109 0632 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:31:41.0109 0632 IRENUM - ok

12:31:41.0140 0632 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:31:41.0140 0632 isapnp - ok

12:31:41.0250 0632 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

12:31:41.0250 0632 JavaQuickStarterService - ok

12:31:41.0343 0632 KADLLBRT82204215057080 (345e0cca27e62a2aa6e507e0a095accd) C:\Program Files\Kaseya\DLLBRT82204215057080\AgentMon.exe

12:31:41.0359 0632 KADLLBRT82204215057080 - ok

12:31:41.0406 0632 KAPFA (f0c4a6d81d30866aaf8cfa983d9d13d7) C:\WINDOWS\system32\drivers\KAPFA.SYS

12:31:41.0406 0632 KAPFA - ok

12:31:41.0437 0632 KaseyaAVService (aaaa05acae034ab1599421383034e31f) C:\Program Files\Kaseya\DLLBRT82204215057080\KasAVSrv.exe

12:31:41.0484 0632 KaseyaAVService - ok

12:31:41.0500 0632 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:31:41.0500 0632 Kbdclass - ok

12:31:41.0531 0632 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:31:41.0531 0632 kbdhid - ok

12:31:41.0578 0632 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:31:41.0578 0632 kmixer - ok

12:31:41.0609 0632 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:31:41.0609 0632 KSecDD - ok

12:31:41.0656 0632 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

12:31:41.0656 0632 LanmanServer - ok

12:31:41.0703 0632 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

12:31:41.0703 0632 lanmanworkstation - ok

12:31:41.0703 0632 lbrtfdc - ok

12:31:41.0750 0632 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

12:31:41.0750 0632 LmHosts - ok

12:31:41.0765 0632 lmimaint - ok

12:31:41.0781 0632 lxdj_device (e634abb8346e8c70c7c90c9311993819) C:\WINDOWS\system32\ati.dll

12:31:41.0781 0632 lxdj_device - ok

12:31:41.0796 0632 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

12:31:41.0796 0632 MBAMProtector - ok

12:31:41.0875 0632 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

12:31:41.0875 0632 MBAMService - ok

12:31:42.0000 0632 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

12:31:42.0031 0632 MDM - ok

12:31:42.0062 0632 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

12:31:42.0078 0632 Messenger - ok

12:31:42.0093 0632 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:31:42.0093 0632 mnmdd - ok

12:31:42.0125 0632 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

12:31:42.0125 0632 mnmsrvc - ok

12:31:42.0156 0632 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:31:42.0156 0632 Modem - ok

12:31:42.0171 0632 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:31:42.0171 0632 Mouclass - ok

12:31:42.0218 0632 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:31:42.0218 0632 mouhid - ok

12:31:42.0218 0632 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:31:42.0234 0632 MountMgr - ok

12:31:42.0265 0632 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

12:31:42.0265 0632 MozillaMaintenance - ok

12:31:42.0265 0632 mraid35x - ok

12:31:42.0281 0632 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:31:42.0281 0632 MRxDAV - ok

12:31:42.0328 0632 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:31:42.0359 0632 MRxSmb - ok

12:31:42.0390 0632 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

12:31:42.0390 0632 MSDTC - ok

12:31:42.0406 0632 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:31:42.0406 0632 Msfs - ok

12:31:42.0406 0632 MSIServer - ok

12:31:42.0421 0632 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:31:42.0421 0632 MSKSSRV - ok

12:31:42.0437 0632 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:31:42.0437 0632 MSPCLOCK - ok

12:31:42.0453 0632 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:31:42.0453 0632 MSPQM - ok

12:31:42.0468 0632 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:31:42.0468 0632 mssmbios - ok

12:31:42.0500 0632 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

12:31:42.0500 0632 Mup - ok

12:31:42.0546 0632 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

12:31:42.0593 0632 napagent - ok

12:31:42.0625 0632 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:31:42.0625 0632 NDIS - ok

12:31:42.0656 0632 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:31:42.0656 0632 NdisTapi - ok

12:31:42.0671 0632 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:31:42.0671 0632 Ndisuio - ok

12:31:42.0687 0632 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:31:42.0687 0632 NdisWan - ok

12:31:42.0703 0632 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

12:31:42.0703 0632 NDProxy - ok

12:31:42.0718 0632 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:31:42.0718 0632 NetBIOS - ok

12:31:42.0734 0632 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:31:42.0734 0632 NetBT - ok

12:31:42.0765 0632 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

12:31:42.0765 0632 NetDDE - ok

12:31:42.0765 0632 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

12:31:42.0781 0632 NetDDEdsdm - ok

12:31:42.0796 0632 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:31:42.0796 0632 Netlogon - ok

12:31:42.0828 0632 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

12:31:42.0828 0632 Netman - ok

12:31:42.0921 0632 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:31:42.0921 0632 NetTcpPortSharing - ok

12:31:42.0937 0632 NICSer_WPC54G - ok

12:31:42.0984 0632 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

12:31:43.0015 0632 Nla - ok

12:31:43.0015 0632 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:31:43.0015 0632 Npfs - ok

12:31:43.0062 0632 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:31:43.0078 0632 Ntfs - ok

12:31:43.0078 0632 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:31:43.0078 0632 NtLmSsp - ok

12:31:43.0109 0632 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

12:31:43.0125 0632 NtmsSvc - ok

12:31:43.0140 0632 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:31:43.0140 0632 Null - ok

12:31:43.0156 0632 nvatabus - ok

12:31:43.0171 0632 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:31:43.0171 0632 NwlnkFlt - ok

12:31:43.0171 0632 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:31:43.0171 0632 NwlnkFwd - ok

12:31:43.0281 0632 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:31:43.0312 0632 odserv - ok

12:31:43.0328 0632 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:31:43.0343 0632 ose - ok

12:31:43.0359 0632 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:31:43.0375 0632 Parport - ok

12:31:43.0375 0632 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:31:43.0375 0632 PartMgr - ok

12:31:43.0390 0632 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:31:43.0390 0632 ParVdm - ok

12:31:43.0421 0632 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:31:43.0421 0632 PCI - ok

12:31:43.0421 0632 PCIDump - ok

12:31:43.0437 0632 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:31:43.0437 0632 PCIIde - ok

12:31:43.0453 0632 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:31:43.0453 0632 Pcmcia - ok

12:31:43.0453 0632 PDCOMP - ok

12:31:43.0468 0632 PDFRAME - ok

12:31:43.0484 0632 pdiddcci - ok

12:31:43.0484 0632 PDRELI - ok

12:31:43.0484 0632 PDRFRAME - ok

12:31:43.0484 0632 perc2 - ok

12:31:43.0484 0632 perc2hib - ok

12:31:43.0531 0632 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

12:31:43.0531 0632 PlugPlay - ok

12:31:43.0546 0632 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:31:43.0546 0632 PolicyAgent - ok

12:31:43.0578 0632 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:31:43.0578 0632 PptpMiniport - ok

12:31:43.0593 0632 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:31:43.0593 0632 ProtectedStorage - ok

12:31:43.0593 0632 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:31:43.0593 0632 PSched - ok

12:31:43.0609 0632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:31:43.0609 0632 Ptilink - ok

12:31:43.0609 0632 ql1080 - ok

12:31:43.0625 0632 Ql10wnt - ok

12:31:43.0625 0632 ql12160 - ok

12:31:43.0625 0632 ql1240 - ok

12:31:43.0625 0632 ql1280 - ok

12:31:43.0640 0632 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:31:43.0640 0632 RasAcd - ok

12:31:43.0671 0632 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

12:31:43.0671 0632 RasAuto - ok

12:31:43.0703 0632 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:31:43.0703 0632 Rasl2tp - ok

12:31:43.0734 0632 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

12:31:43.0734 0632 RasMan - ok

12:31:43.0734 0632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:31:43.0734 0632 RasPppoe - ok

12:31:43.0750 0632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:31:43.0750 0632 Raspti - ok

12:31:43.0765 0632 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:31:43.0781 0632 Rdbss - ok

12:31:43.0796 0632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:31:43.0796 0632 RDPCDD - ok

12:31:43.0828 0632 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:31:43.0828 0632 rdpdr - ok

12:31:43.0875 0632 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

12:31:43.0875 0632 RDPWD - ok

12:31:43.0890 0632 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

12:31:43.0906 0632 RDSessMgr - ok

12:31:43.0937 0632 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:31:43.0937 0632 redbook - ok

12:31:43.0968 0632 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

12:31:43.0984 0632 RemoteAccess - ok

12:31:44.0000 0632 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

12:31:44.0000 0632 RemoteRegistry - ok

12:31:44.0109 0632 REY Install NT Service (cc9662467934df7495aed66cfa5766c6) C:\Rey\Bin\Ucsinsvc.exe

12:31:44.0109 0632 REY Install NT Service - ok

12:31:44.0140 0632 REY PSCVersionService (6b8876733bd26875178db79c7830053b) C:\rey\bin\PscVersionService.exe

12:31:44.0140 0632 REY PSCVersionService - ok

12:31:44.0171 0632 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

12:31:44.0187 0632 RpcLocator - ok

12:31:44.0234 0632 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

12:31:44.0234 0632 RpcSs - ok

12:31:44.0265 0632 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

12:31:44.0265 0632 RSVP - ok

12:31:44.0281 0632 s217bus - ok

12:31:44.0296 0632 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:31:44.0296 0632 SamSs - ok

12:31:44.0375 0632 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

12:31:44.0375 0632 SASDIFSV - ok

12:31:44.0390 0632 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

12:31:44.0390 0632 SASKUTIL - ok

12:31:44.0437 0632 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

12:31:44.0453 0632 SCardSvr - ok

12:31:44.0484 0632 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

12:31:44.0484 0632 Schedule - ok

12:31:44.0531 0632 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:31:44.0531 0632 Secdrv - ok

12:31:44.0546 0632 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

12:31:44.0546 0632 seclogon - ok

12:31:44.0562 0632 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

12:31:44.0578 0632 SENS - ok

12:31:44.0593 0632 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:31:44.0593 0632 serenum - ok

12:31:44.0609 0632 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

12:31:44.0609 0632 Serial - ok

12:31:44.0656 0632 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys

12:31:44.0656 0632 SFAUDIO - ok

12:31:44.0656 0632 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:31:44.0656 0632 Sfloppy - ok

12:31:44.0718 0632 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

12:31:44.0750 0632 SharedAccess - ok

12:31:44.0796 0632 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:31:44.0796 0632 ShellHWDetection - ok

12:31:44.0796 0632 Simbad - ok

12:31:44.0796 0632 snpstd2 - ok

12:31:44.0796 0632 Sparrow - ok

12:31:44.0828 0632 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:31:44.0828 0632 splitter - ok

12:31:44.0828 0632 Spooler - ok

12:31:44.0828 0632 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:31:44.0828 0632 sr - ok

12:31:44.0843 0632 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

12:31:44.0843 0632 srservice - ok

12:31:44.0890 0632 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

12:31:44.0890 0632 Srv - ok

12:31:44.0937 0632 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

12:31:44.0937 0632 SSDPSRV - ok

12:31:44.0937 0632 SSPORT - ok

12:31:45.0000 0632 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

12:31:45.0000 0632 stisvc - ok

12:31:45.0031 0632 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:31:45.0031 0632 swenum - ok

12:31:45.0046 0632 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:31:45.0046 0632 swmidi - ok

12:31:45.0046 0632 SwPrv - ok

12:31:45.0046 0632 symc810 - ok

12:31:45.0046 0632 symc8xx - ok

12:31:45.0046 0632 sym_hi - ok

12:31:45.0062 0632 sym_u3 - ok

12:31:45.0078 0632 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:31:45.0078 0632 sysaudio - ok

12:31:45.0109 0632 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

12:31:45.0109 0632 SysmonLog - ok

12:31:45.0140 0632 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

12:31:45.0171 0632 TapiSrv - ok

12:31:45.0234 0632 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:31:45.0265 0632 Tcpip - ok

12:31:45.0312 0632 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:31:45.0312 0632 TDPIPE - ok

12:31:45.0312 0632 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:31:45.0312 0632 TDTCP - ok

12:31:45.0343 0632 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:31:45.0343 0632 TermDD - ok

12:31:45.0406 0632 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

12:31:45.0453 0632 TermService - ok

12:31:45.0484 0632 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:31:45.0484 0632 Themes - ok

12:31:45.0500 0632 tiwlnsvc - ok

12:31:45.0515 0632 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

12:31:45.0515 0632 TlntSvr - ok

12:31:45.0515 0632 TosIde - ok

12:31:45.0531 0632 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

12:31:45.0531 0632 TrkWks - ok

12:31:45.0546 0632 UCS Install NT Service - ok

12:31:45.0562 0632 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:31:45.0562 0632 Udfs - ok

12:31:45.0578 0632 ultra - ok

12:31:45.0625 0632 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:31:45.0625 0632 Update - ok

12:31:45.0656 0632 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

12:31:45.0656 0632 upnphost - ok

12:31:45.0671 0632 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

12:31:45.0671 0632 UPS - ok

12:31:45.0718 0632 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

12:31:45.0718 0632 usbaudio - ok

12:31:45.0750 0632 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:31:45.0750 0632 usbccgp - ok

12:31:45.0781 0632 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:31:45.0781 0632 usbehci - ok

12:31:45.0796 0632 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:31:45.0796 0632 usbhub - ok

12:31:45.0828 0632 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:31:45.0828 0632 usbprint - ok

12:31:45.0843 0632 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:31:45.0843 0632 usbscan - ok

12:31:45.0859 0632 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:31:45.0859 0632 USBSTOR - ok

12:31:45.0875 0632 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:31:45.0875 0632 usbuhci - ok

12:31:45.0921 0632 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:31:45.0921 0632 VgaSave - ok

12:31:45.0921 0632 ViaIde - ok

12:31:45.0937 0632 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:31:45.0937 0632 VolSnap - ok

12:31:45.0968 0632 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

12:31:45.0984 0632 VSS - ok

12:31:46.0015 0632 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

12:31:46.0015 0632 W32Time - ok

12:31:46.0062 0632 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:31:46.0062 0632 Wanarp - ok

12:31:46.0062 0632 WavxDMgr - ok

12:31:46.0062 0632 WDICA - ok

12:31:46.0109 0632 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:31:46.0109 0632 wdmaud - ok

12:31:46.0125 0632 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

12:31:46.0125 0632 WebClient - ok

12:31:46.0187 0632 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

12:31:46.0203 0632 winmgmt - ok

12:31:46.0281 0632 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll

12:31:46.0312 0632 WinRM - ok

12:31:46.0500 0632 WinVNC4 (45fbe420608d4e609d970b70fa238c31) C:\Program Files\RealVNC\VNC4\WinVNC4.exe

12:31:46.0546 0632 WinVNC4 - ok

12:31:46.0656 0632 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

12:31:46.0656 0632 WmdmPmSN - ok

12:31:46.0703 0632 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

12:31:46.0750 0632 Wmi - ok

12:31:46.0796 0632 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

12:31:46.0796 0632 WmiAcpi - ok

12:31:46.0828 0632 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

12:31:46.0828 0632 WmiApSrv - ok

12:31:46.0968 0632 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

12:31:46.0984 0632 WMPNetworkSvc - ok

12:31:47.0140 0632 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:31:47.0140 0632 WPFFontCache_v0400 - ok

12:31:47.0171 0632 WSearch - ok

12:31:47.0218 0632 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

12:31:47.0218 0632 wuauserv - ok

12:31:47.0250 0632 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:31:47.0250 0632 WudfPf - ok

12:31:47.0265 0632 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:31:47.0265 0632 WudfRd - ok

12:31:47.0296 0632 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

12:31:47.0296 0632 WudfSvc - ok

12:31:47.0343 0632 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

12:31:47.0390 0632 WZCSVC - ok

12:31:47.0406 0632 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

12:31:47.0421 0632 xmlprov - ok

12:31:47.0437 0632 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok

12:31:47.0453 0632 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

12:31:47.0796 0632 \Device\Harddisk0\DR0 - ok

12:31:47.0796 0632 Boot (0x1200) (72d7bfc29fc529999d39211b6bfffe55) \Device\Harddisk0\DR0\Partition0

12:31:47.0796 0632 \Device\Harddisk0\DR0\Partition0 - ok

12:31:47.0796 0632 ============================================================

12:31:47.0796 0632 Scan finished

12:31:47.0796 0632 ============================================================

12:31:47.0796 0640 Detected object count: 0

12:31:47.0796 0640 Actual detected object count: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I have ran the follow programs to try and remedy this problem.

Malware bytes, spybot S&D, super anti-spyware, combo fix, TDSSKiller, RKill, Removed and replaced hosts file, disabled a bunch of unneeded startup processes via msconfig. Checked all the startup regedit locations and found nothing odd(i don't know everything about registry keys but i know goofy ones ). Disables system restore and cleaned some stored malware files in there. I have cleaned many problems but this one is persistent!! I am remoted into this machine so after this next reboot I will post the combofix results.

rohwer3 · May 22, 2012

COMBO FIX LOG FILE BELOW

--------------------------------------------

ComboFix 12-05-22.02 - Administrator 05/22/2012 12:41:19.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2002.1356 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: AVG Internet Security Network Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\data

c:\documents and settings\Administrator\Application Data\MicroST

c:\documents and settings\Administrator\Application Data\MicroST\Dat100.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat101.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat102.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat103.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat104.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat105.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat106.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat107.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat108.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat109.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat10A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat10B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat10C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat10D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat10E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat10F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat110.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat111.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat112.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat113.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat114.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat115.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat116.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat117.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat118.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat119.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat11A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat11B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat11C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat11D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat11E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat11F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat120.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat121.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat122.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat123.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat124.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat125.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat126.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat127.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat128.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat129.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat12A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat12B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat12C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat12D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat12E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat12F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat130.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat131.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat132.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat133.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat134.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat135.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat136.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat137.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat138.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat139.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat13A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat13B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat13C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat13D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat13E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat13F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat140.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat141.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat142.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat143.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat144.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat145.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat146.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat146.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat147.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat147.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat148.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat148.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat149.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat149.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat14A.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat14A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat14B.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat14B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat14C.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat14C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat14D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat14E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat14F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat150.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat151.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat152.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat153.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat154.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat155.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat156.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat157.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat158.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat159.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat15A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat15B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat15C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat15D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat15E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat15F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat160.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat161.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat162.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat163.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat164.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat165.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat166.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat167.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat168.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat169.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat16A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat16B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat16C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat16D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat16E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat16F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat170.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat171.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat172.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat173.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat174.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat175.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat176.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat177.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat178.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat179.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat17A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat17B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat17C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat17D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat17E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat17F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat180.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat181.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat182.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat183.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat184.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat185.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat186.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat187.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat188.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat189.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat18A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat18B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat18C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat18D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat18E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat18F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat190.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat191.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat192.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat193.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat194.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat195.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat196.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat197.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat198.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat199.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat19A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat19B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat19C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat19D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat19E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat19F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1A0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1A1.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1A2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1A3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1A4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1A5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1A6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1A7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1A8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1A9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1AA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1AB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1AC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1AD.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1AE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1AF.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1B0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1B1.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1B2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1B3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1B4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1B5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1B6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1B7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1B8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1B9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1BA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1BB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1BC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1BD.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1BE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1BF.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1C0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1C1.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1C2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1C3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1C4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1C5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1C6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1C7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1C8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1C9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1CA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1CB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1CC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1CD.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1CE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1CF.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1D0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1D2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1D3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1D4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1D5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1D6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1D7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1D8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1D9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1DA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1E4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1E5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1E6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1E7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1E8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1E9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1EA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1EB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1EC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1ED.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1EE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1EF.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1F0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1F1.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1F2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1F3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1F4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1F5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1F6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1F7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1F8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1F9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1FA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1FB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1FC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1FD.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1FE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat1FF.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat200.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat201.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat202.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat203.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat204.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat205.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat206.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat207.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat208.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat209.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat20A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat20B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat218.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat21F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat220.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat221.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat222.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat223.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat224.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat2C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat2D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat32.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat47.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat48.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat4A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat4B.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat4B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat4C.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat4C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat4D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat4E.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat4E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat4F.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat4F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat50.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat51.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat52.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat53.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat54.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat55.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat55.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat56.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat56.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat57.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat57.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat58.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat58.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat59.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat59.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat5A.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat5A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat5B.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat5B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat5C.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat5C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat5D.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat5D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat5E.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat5E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat5F.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat5F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat60.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat60.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat61.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat61.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat62.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat62.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat63.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat63.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat64.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat64.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat65.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat65.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat66.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat66.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat67.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat67.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat68.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat68.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat69.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat69.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat6A.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat6A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat6B.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat6B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat6C.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat6C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat6D.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat6D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat6E.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat6E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat6F.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat6F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat70.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat70.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat71.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat71.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat72.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat72.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat73.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat73.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat74.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat74.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat75.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat75.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat76.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat76.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat77.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat77.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat78.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat78.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat79.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat79.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat7A.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat7A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat7B.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat7B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat7C.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat7C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat7D.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat7D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat7E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat7F.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat7F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat80.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat80.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat81.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat81.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat82.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat82.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat83.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat83.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat84.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat84.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat85.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat85.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat86.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat86.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat87.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat87.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat88.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat88.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat89.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat89.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat8A.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat8A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat8B.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat8B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat8C.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat8C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat8D.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat8D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat8E.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat8E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat8F.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat8F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat90.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat90.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat91.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat91.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat92.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat92.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat93.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat93.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat94.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat94.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat95.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat95.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat96.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat96.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat97.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat97.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat98.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat98.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat99.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat99.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat9A.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat9A.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat9B.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat9B.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat9C.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat9C.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat9D.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat9D.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat9E.tmp

c:\documents and settings\Administrator\Application Data\MicroST\Dat9E.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\Dat9F.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatA0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatA1.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatA2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatA3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatA4.tmp

c:\documents and settings\Administrator\Application Data\MicroST\DatA4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatA5.tmp

c:\documents and settings\Administrator\Application Data\MicroST\DatA5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatA6.tmp

c:\documents and settings\Administrator\Application Data\MicroST\DatA6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatA7.tmp

c:\documents and settings\Administrator\Application Data\MicroST\DatA7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatA8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatA9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatAA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatAB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatAC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatAD.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatAE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatAF.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatB0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatB1.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatB2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatB3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatB4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatB5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatB6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatB7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatB8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatB9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatBA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatBB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatBC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatBD.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatBE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatBF.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatC0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatC1.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatC2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatC3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatC4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatC5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatC6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatC7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatC8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatC9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatCA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatCB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatCC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatCD.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatCE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatCF.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatD0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatD1.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatD2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatD3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatD4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatD5.tmp

c:\documents and settings\Administrator\Application Data\MicroST\DatD5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatD6.tmp

c:\documents and settings\Administrator\Application Data\MicroST\DatD6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatD7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatD8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatD9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatDA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatDB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatDC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatDD.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatDE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatDF.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatE0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatE1.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatE2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatE3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatE4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatE5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatE6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatE7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatE8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatE9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatEA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatEB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatEC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatED.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatEE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatEF.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatF0.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatF1.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatF2.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatF3.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatF4.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatF5.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatF6.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatF7.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatF8.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatF9.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatFA.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatFB.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatFC.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatFD.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatFE.tmp.xsi

c:\documents and settings\Administrator\Application Data\MicroST\DatFF.tmp.xsi

c:\windows\system32\3comtftp.dll

c:\windows\system32\adsservice.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\ipsec.dll

c:\windows\system32\MSFWDrv.dll

c:\windows\system32\PAC7302.dll

c:\windows\system32\SDdriver.dll

c:\windows\system32\se58mgmt.dll

c:\windows\system32\tosrfec.dll

c:\windows\system32\viamraid.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_HDTHERMAL

-------\Legacy_HWPSGT

-------\Legacy_LMIMAINT

-------\Legacy_NETWORKLOG

-------\Legacy_NICSER_WPC54G

-------\Legacy_NVATABUS

-------\Legacy_PDIDDCCI

-------\Legacy_S217BUS

-------\Legacy_TIWLNSVC

-------\Legacy_USNJSVC

-------\Legacy_{A7447300-8075-4B0D-83F1-3D75C8EBC623}

-------\Service_{a7447300-8075-4b0d-83f1-3d75c8ebc623}

-------\Service_6to4

-------\Service_hdthermal

-------\Service_hwpsgt

-------\Service_lmimaint

-------\Service_NICSer_WPC54G

-------\Service_nvatabus

-------\Service_pdiddcci

-------\Service_s217bus

-------\Service_tiwlnsvc

.

((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))

.

2012-05-22 17:51 . 2012-05-22 17:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\MicroST

2012-05-22 17:00 . 2012-05-22 17:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2012-05-22 16:58 . 2012-05-22 17:00 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-05-22 16:58 . 2012-05-22 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-05-22 16:29 . 2012-05-22 16:30 -------- d-----w- c:\windows\system32\drivers\etc\archived

2012-05-22 15:06 . 2009-08-01 08:09 49152 ------w- c:\windows\system32\ssusbpn.dll

2012-05-22 15:06 . 2009-08-01 08:09 57344 ------w- c:\windows\system32\ssdevm.dll

2012-05-22 15:05 . 2009-11-03 11:59 484592 ----a-w- c:\windows\SSndii.exe

2012-05-22 15:05 . 2012-05-22 15:05 -------- d-----w- c:\windows\Dell

2012-05-22 15:05 . 2009-08-03 04:13 21776 ----a-w- c:\windows\system32\msxml2a.dll

2012-05-22 15:05 . 2012-05-22 15:05 -------- d--h--w- c:\program files\InstallShield Installation Information

2012-05-22 15:04 . 2012-05-22 15:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield

2012-05-22 15:03 . 2009-11-27 10:46 26624 ----a-w- c:\windows\system32\sdp1ml3.dll

2012-05-22 15:03 . 2009-11-27 10:46 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sdp1mpc.dll

2012-05-22 15:03 . 2009-11-27 10:46 151552 ----a-w- c:\windows\system32\sdp1mci.exe

2012-05-22 15:03 . 2009-11-27 10:46 65536 ----a-w- c:\windows\system32\sdp1mci.dll

2012-05-22 15:02 . 2012-05-22 15:02 -------- d-----w- c:\program files\Dell

2012-05-22 15:00 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2012-05-22 15:00 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2012-05-15 21:30 . 2012-05-15 21:30 -------- d-----w- C:\bgeAG6B1ToHRRfv

2012-05-15 20:36 . 2012-05-15 20:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-05-15 20:36 . 2012-05-15 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-15 20:36 . 2012-05-15 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-15 20:36 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-15 20:33 . 2012-05-15 20:33 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-15 20:17 . 2012-05-15 20:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2012-05-15 20:17 . 2012-05-15 20:17 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-11 15:27 . 2012-05-11 15:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment

2012-05-10 15:18 . 2012-05-10 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-05-10 15:18 . 2012-05-10 15:20 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-05-05 20:26 . 2012-05-05 20:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-05-05 20:14 . 2012-05-15 21:26 -------- d-----w- c:\program files\Common Files\WSecEdit

2012-05-04 17:49 . 2012-05-04 17:49 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2012-04-25 12:48 . 2012-04-25 12:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\offsync

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-22 15:58 . 2008-04-14 16:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-05-05 16:44 . 2012-04-14 16:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 16:44 . 2011-07-01 15:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-21 01:19 . 2012-05-15 20:17 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

.

[-] 2011-01-03 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

c:\windows\System32\spoolsv.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-04-09 22:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]

@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]

2012-04-25 04:51 1070352 ----a-w- c:\program files\Workspace\offsyncext.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]

@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]

2012-04-25 04:51 1070352 ----a-w- c:\program files\Workspace\offsyncext.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-03 143360]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-03 172032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-03 143360]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2011-01-03 1044480]

"KASHDLLBRT82204215057080"="c:\program files\Kaseya\DLLBRT82204215057080\KaUsrTsk.exe" [2012-03-21 409600]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

xWxmGtDhoJE.exe [2012-5-22 198145]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Auto Update System.lnk - c:\program files\ChromeData\AutoBook\AUS.exe [2011-11-22 241664]

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2012-01-25 03:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KADLLBRT82204215057080]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^xWxmGtDhoJE.exe]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\xWxmGtDhoJE.exe

backup=c:\windows\pss\xWxmGtDhoJE.exeStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

2012-04-09 22:43 1557160 ----a-w- c:\program files\Ask.com\Updater\Updater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 16:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell PanelMgr]

2009-12-11 07:49 626688 ----a-w- c:\windows\Dell\PanelMgr\SSMMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]

2012-01-10 00:12 34496 ----a-w- c:\program files\Workspace\workspaceupdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"Spooler"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NetworkLog"=2 (0x2)

"MDM"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"File Backup"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\ReynoldsCommon\\ERAccess\\wIntegSM.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"5713:TCP"= 5713:TCP:Reynolds5713

"5713:UDP"= 5713:UDP:Reynolds5713

"5714:TCP"= 5714:TCP:Reynolds5714

"5714:UDP"= 5714:UDP:Reynolds5714

"5715:TCP"= 5715:TCP:Reynolds5715

"5715:UDP"= 5715:UDP:Reynolds5715

"5281:TCP"= 5281:TCP:Reynolds5281

"5281:UDP"= 5281:UDP:Reynolds5281

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/24/2012 10:33 PM 52872]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [1/3/2011 3:57 PM 24064]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/24/2012 10:33 PM 308136]

R2 KADLLBRT82204215057080;Kaseya Agent;c:\program files\Kaseya\DLLBRT82204215057080\AgentMon.exe [1/20/2012 6:18 PM 856064]

R2 KaseyaAVService;Kaseya Security Service;c:\program files\Kaseya\DLLBRT82204215057080\KasAVSrv.exe [1/24/2012 10:30 PM 229376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/15/2012 3:36 PM 654408]

R2 REY Install NT Service;REY Install NT Service;c:\rey\Bin\UcsInSvc.exe [4/15/2011 12:59 PM 98304]

R2 REY PSCVersionService;REY PSCVersionService;c:\rey\Bin\PSCVersionService.exe [7/1/2011 2:45 PM 61440]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/3/2011 3:56 PM 44800]

R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [1/20/2012 6:18 PM 17920]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/15/2012 3:36 PM 22344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S2 UCS Install NT Service;UCS Install NT Service;c:\ucc\Services\UcsInSvc.exe --> c:\ucc\Services\UcsInSvc.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/14/2012 11:07 AM 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/15/2012 3:17 PM 129976]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 11:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [1/3/2012 3:37 PM 1188624]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Evian

vds

lhidusb

KMW_KBD

dlbx_device

bmwebcfg

lxdj_device

avcgbdr

nmsaccess

int15.sys

mcusrmgr

oracleorahomedatagatherer

adpu320

ashampoodefragservice

windrvNT

cdralw2k

SrvcEKIOMngr

w200mdfl

backupexecagentaccelerator

transactional

lxcr_device

oracleorahome811cmadmin

T6963C

msi_wlan_service

imagesrv

usrbridg

Ndismeetro

Machnm32

irbus

LVCap138

cyberpowerups

ossrv

Wbutton

avg7alrt

k750mgmt

sfcure01

genmcmn

avsinc

MegaSR

usprserv

smrt

qhwscsvc

ovmsmaccessmanager

ipcsvc

UxTuneUp

n3900

procdd

iomdisk

SE2Dobex

tappsrv

lfsfilt

hpzius12

sf

atfsd

nv4

dvd_2K

lckfldservice

USB_RNDIS_XP

tzontservice

avcgbfl

wap3gx

adiusbaw

dladresm

slservice

ypcservice

rslinx

fax

protectionservice

dlcg_device

ilicensesvc

rootmodem

U81xmgmt

LVVI500A

netdevio

stllssvr

Nmea

PCDCODEC

NETw5x32

cdudf_xp

btfirst

monfilt

acrotray

elotouchscreen

scsiaccess

VAIOMediaPlatform-VideoServer-UPnP

tangoservice

dlcf_device

oraclesnmppeerencapsulator

btnetfilter

euq_monitor

ScFBPNT3

WUSB54Gv4SVC

pctfw1

mcstrm

PGPdisk

z525mgmt

EMATCORE

WLAN_USB

se2Eunic

FireTDI

BCMTPM

VMAUDIO

V0080Dev

L6POD

mvwebserver

VAIOMediaPlatform-MusicServer-HTTP

symantecantibotfilter

oracleorahomehttpserver

IPFilter

hpconfig

VAIOMediaPlatform-PhotoServer-HTTP

lpx

SSHDRV61

pdagent

ELmon

statusagent

ZSMC211

GENERICDRV

lightscribeservice

HSXHWBS2

ixiaendpoint

lxct_device

hpdj

p2k

cdmservice

CVPND

iAimFP5

procexp90

serialkeys

se59mgmt

cdfsvc

tifmsony

eventclientmultiplexer

WaveFDE

AppnBase

U81xbus

iSMBIOS

SlWdmSup

MA8032M

k750mdfl

mclogmanagerservice

pivotmou

rtl8185

dlacdbhm

hpqcxs08

artourservice

WavxDMgr

olapserver

snpstd2

smservaz

pdlnepkt

symdns

symredrv

mcupdmgr.exe

carboncopy32

epsonbidirectionalagent

nsengine

sonicwall_netextender

CAM1210

mstee

NPDriver

VrAcFil

tvichw32

oracleorahomemanagementserver

WINFLASH

qbcfmonitorservice

sfsync02

iwebcal

Atmuni

qmofiltr

twdns

IFP700

tmmbd

FA312

SE2Dmgmt

guardian2

NMSCFG

iaimfp2

sentinelprotectionserver

CoolerXPDriver

avgntflt

tdcmdpst

carboncopyscheduler

YahooAUService

ATIBTCAP

pdlndsdl

tandpl

pivot

USBDeviceService

bcm43xx

websenselogserver

BRCMDECO

amdppm

svcwrsssdk

lktimesync

a016mgmt

msmframework

mqdmbus

bt

MobilePreInstallerService

screadspool

tmlisten

RMSvc

symantecantibotshim

SPCtl

usr11g

tpkd

ha20x2k

EACSvrMngr

toscosrv

dlcq_device

ibmfilter

X10UIF

db2das00

mysql

websensecamserver

NWDHCP

AGV

noipducservice

pcradminserver

fssfltr

prtg4service

pctavsvc

ccflic0

tvicport

UWProSys

InterBaseGuardian

uisp

HPFXBULK

nm

VirtualFD

Slpsvdr

rpcsvr4x

ANC

FET5X86V

lkclassads

scarddrv

generichidservice

ntsvcmgr

MSFWHLPR

WinFl32

mssql$pinnaclesys

license

navapel

emu10k

regsrvc

edspport

atixsaudio

U2SP

TCtrlIO

ARCSOFTVIRTUALCAPTURE

interactivelogon

W55U01

array_utility_service4,0,1,3

wacomkey

brmfbags

btkrnl

proxyhostmirrordisplay

EACSys

nvnforce

cdrbsdrv

AR5416

se45mgmt

drvnddm

SerTVOutCtlr

igateway

nv

a016mdm

SNMP

nimcdldu

C-Dilla

nimdbgk

se44mdfl

pml

hsfhwbs2

HSFHWALI

datasvr

firesvc

PDExchange

pdlnacom

CamAv

areschatserver

b57w2k

usbprint

db2governor

iAimFP6

pcdrndisuio

LPDSVC

NMSSvc

mssql$soshome22

avg7rsxp

asusgsb

ndassvc

rsvchost

s116mdm

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

napagent

hkmsvc

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.siddillon.com/

TCP: DhcpNameServer = 10.12.191.100

DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB

DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mmkjcr7v.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-30240193.sys

SafeBoot-58926005.sys

SafeBoot-71026770.sys

SafeBoot-89839122.sys

SafeBoot-KABLAIRP33608497522344

MSConfigStartUp-dplaysvr - c:\documents and settings\Administrator\Application Data\dplaysvr.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-22 12:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-854245398-507921405-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,9c,2b,0f,a3,2d,01,44,a6,65,d8,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,7a,b6,61,07,95,0c,48,b8,9d,6b,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,9c,2b,0f,a3,2d,01,44,a6,65,d8,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(684)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(2856)

c:\windows\system32\WININET.dll

c:\program files\Workspace\offsyncext.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgam.exe

c:\program files\RealVNC\VNC4\WinVNC4.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

c:\kworking\KRlyCLis.exe

c:\program files\RealVNC\VNC4\vncclipboard.exe

.

**************************************************************************

.

Completion time: 2012-05-22 12:53:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-22 17:53

.

Pre-Run: 62,759,911,424 bytes free

Post-Run: 64,457,977,856 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 8E41CE12E4834CF4CAEC26E0B9E2B883

rohwer3 · May 22, 2012

Could the spoolsv.exe file be the culprit? how do i remove and reinstall the right file?

[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

.

[-] 2011-01-03 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

c:\windows\System32\spoolsv.exe ... is missing !!

rohwer3 · May 22, 2012

Below is my Root Repeal Log - I know some people like seeing that

-------------------------------------------------------------------------------------------------

==================================================

Scan Start Time: 2012/05/22 13:21

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: catchme.sys

Image Path: C:\ComboFix\catchme.sys

Address: 0xF77FF000 Size: 31744 File Visible: No Signed: -

Status: -

Name: Combo-Fix.sys

Image Path: Combo-Fix.sys

Address: 0xF7647000 Size: 60416 File Visible: No Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xA8EE1000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF79BB000 Size: 8192 File Visible: No Signed: -

Status: -

Name: PROCEXP113.SYS

Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

Address: 0xF79E9000 Size: 7872 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA845C000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

SSDT

-------------------

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xa9016640

==EOF==

D-FRED-BROWN · May 22, 2012

Looking better!

The spoolsv issue is only a consequence, if anything, of the malware you had or possibly still have. Let's see if we can take care of some suspicious files . The fix below should also take care of the missing file spoolsv.exe:

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
Folder::
C:\bgeAG6B1ToHRRfv
FCopy::
c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe | c:\windows\System32\spoolsv.exe
Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

rohwer3 · May 22, 2012

I ran it and combofix.stalled completely. Had to cold restart the computer. (I know how temperamental it is and made sure the mouse wasn't even moved!)

went to the c:\combofix directory to see if maybe it made a log file and that directory shoots me to "my computer directory" (shows c: d: shared docs etc)

The c:\ directory called bgeAG6B1ToHRRfv I manually deleted (for now...)

Should i try running the same combo fix script through it again? Your the expert.

This is by far the most stubborn one I have run into and I have cleaned hundreds over the past year.

I truly appreciate your time an help.

D-FRED-BROWN · May 22, 2012

Sure, give it another try. If it doesn't work then, try running the script from Safe Mode.

To get in Safe Mode, tap the F8 key while the computer reboots (right before the Windows logo appears), and select Safe Mode from the list that appears.

D-FRED-BROWN · May 25, 2012

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

D-FRED-BROWN · May 30, 2012

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

Maurice Naggar · June 11, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

One outgoing website 146.185.218.87 keeps popping up

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information