Thread: Windows keeps trying to shut down and reboot for security reasons HELP
View Single Post
Old 07-14-2008, 07:45 PM   #3 (permalink)
bballbrett5
Registered User
 
Join Date: Jul 2008
Posts: 3
OS: xp


Re: Windows keeps trying to shut down and reboot for security reasons HELP
um another bump. taken care of some things, here's logs. let me know please.
SDFix: Version 1.205
Run by Brett Goodman on Sun 07/13/2008 at 08:39 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
sysrest.sys

Path :
\??\C:\WINDOWS\system32\sysrest.sys

sysrest.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\PHC3WD~1.BMP - Deleted
C:\WINDOWS\SYSTEM32\BLPHC3~1.SCR - Deleted
C:\DOCUME~1\BRETTG~1\JRE-6-~1.EXE - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk - Deleted
C:\Documents and Settings\Brett Goodman\My Documents\My Documents.url - Deleted
C:\Documents and Settings\Brett Goodman\My Documents\My Videos\My Video.url - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt10.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt131.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt135.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt137.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt139.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt13B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt13D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt140.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt144.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt146.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt14A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt173.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt175.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt177.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt179.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt17B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt17D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt181.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt183.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt185.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt187.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt189.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1AA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1AC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1AE.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1B0.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1B2.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1B4.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1B6.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1B8.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1BA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1BC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1BF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1C1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1C3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1C5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1C7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1C9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1CB.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1CD.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1CF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1D1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1D3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1D5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1D7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1D9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1DB.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1DD.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1DF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1E1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1E3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1E5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1E7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1E9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1EB.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1ED.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1EF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1F2.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1F4.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1F6.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1F8.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1FA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1FC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1FE.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt200.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt202.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt204.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt206.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt208.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt20A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt20C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt20E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt210.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt212.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt214.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt217.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt219.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt21B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt21D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt220.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt222.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt224.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt226.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt228.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt22A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt22C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt22E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt230.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt232.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt234.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt236.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt238.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt23A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt23C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt23E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt240.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt242.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt244.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt246.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt248.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt24A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt24C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt24E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt250.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt253.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt255.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt257.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt259.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt25B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt25D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt25F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt261.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt263.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt265.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt267.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt269.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt26B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt26D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt26F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt271.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt273.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt275.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt277.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt279.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt27B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt27D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt27F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt281.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt283.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt285.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt287.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt28A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt28C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt28E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt290.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt292.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt294.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt296.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt29F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2A4.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2A6.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2A8.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2AA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2AC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2AF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2BF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2D6.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2D8.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2E2.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2E4.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2E6.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2E9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2EB.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2ED.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2EF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2F1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2F3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2F5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2F7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2F9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2FB.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2FD.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2FF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt301.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt303.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt305.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt307.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt309.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt30C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt30E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt310.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt312.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt314.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt316.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt318.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt31A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt31C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt31E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt320.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt322.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt324.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt326.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt328.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt32A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt32C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt32E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt330.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt332.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt334.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt336.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt338.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt33A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt33C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt33E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt340.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt343.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt345.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt347.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt349.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt34B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt34D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt34F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt351.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt353.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt355.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt357.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt359.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt35B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt35D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt35F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt361.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt363.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt369.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt381.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt383.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt385.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt387.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt389.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt38B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt38D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt38F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt392.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt394.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt396.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt398.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt39A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt39C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt39E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3A0.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3A2.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3A4.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3A6.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3A8.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3AA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3AC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3AE.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3B0.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3B2.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3B4.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3B6.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3B8.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3BA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3BC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3BF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3C1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3C3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3C5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3C7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3C9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3CB.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3CD.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3CF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3D1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3D3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3D5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3D7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3D9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3DB.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3DD.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3DF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3E1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3E3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3E5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3E7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3EA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3EC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3EE.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3F0.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3F2.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3F4.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3F6.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3F8.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3FA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3FC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3FE.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt400.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt402.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt404.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt406.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt408.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt40A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt40C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt40E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt410.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt412.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt414.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt416.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt418.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt41A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt41D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt41F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt421.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt423.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt425.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt427.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt429.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt42B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt42D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt42F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt43.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt431.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt434.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt436.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt438.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt43A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt43C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt43E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt440.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt442.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt444.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt446.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt448.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt44A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt44C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt44E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt450.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt452.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt454.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt456.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt458.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt45A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt45C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt45F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt461.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt463.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt465.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt467.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt469.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt46B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt46D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt46F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt47.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt471.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt473.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt475.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt477.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt479.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt47B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt47D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt47F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt481.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt483.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt485.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt48B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt48D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt48F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt491.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt493.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt495.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt497.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt499.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt49B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt49D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt49F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4A1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4A3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4A5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4A7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4AA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4AC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4AE.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4B0.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4C6.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4C8.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4CA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4CC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4CE.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4D0.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4D2.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4D4.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4D6.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4D8.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4DA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4DC.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4DE.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4E1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4E3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4E5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4E7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4E9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4EB.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4ED.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4EF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4F1.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4F3.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4F5.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4F7.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4F9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4FB.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4FD.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4FF.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt501.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt504.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt506.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt508.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt50A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt50C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt50E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt510.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt512.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt514.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt516.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt518.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt51A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt51C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt51E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt520.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt522.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt524.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt526.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt529.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt52B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt52D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt52F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt531.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt533.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt535.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt537.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt539.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt53B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt53D.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt53F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt541.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt543.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt545.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt547.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt549.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt54B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt54E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt550.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt552.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt554.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt556.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt558.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt55A.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt55C.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt55E.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt56.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt560.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt562.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt564.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt566.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt5B.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt65.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt69.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt6F.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt9.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt92.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.ttA.tmp - Deleted
C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.ttB.tmp - Deleted
C:\Documents and Settings\Brett Goodman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk - Deleted



Folder C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 08:52:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:55b2f5a2
"s1"=dword:80b1aac4
"s2"=dword:6fb69ce7
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a6,be,8a,35,8b,b6,05,2c,85,70,e8,24,71,1c,ac,83,db,e6,a7,b6,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,97,67,da,d1,5c,32,0d,d1,3b,9c,50,43,49,fd,18,7c,49,..
"khjeh"=hex:b0,7d,bc,9f,2c,c6,6a,30,49,47,f4,9d,06,2a,cf,4f,74,f3,f8,0c,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ac,71,cf,17,a8,ea,94,d7,d5,98,b9,d2,a9,69,13,0e,be,87,52,c2,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a6,be,8a,35,8b,b6,05,2c,85,70,e8,24,71,1c,ac,83,db,e6,a7,b6,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,97,67,da,d1,5c,32,0d,d1,3b,9c,50,43,49,fd,18,7c,49,..
"khjeh"=hex:b0,7d,bc,9f,2c,c6,6a,30,49,47,f4,9d,06,2a,cf,4f,74,f3,f8,0c,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ac,71,cf,17,a8,ea,94,d7,d5,98,b9,d2,a9,69,13,0e,be,87,52,c2,86,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\myTunes Redux\\mDNSResponder.exe"="C:\\Program Files\\myTunes Redux\\mDNSResponder.exe:*:Enabled:mDNSResponder"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\WASTE\\WASTE.exe"="C:\\Program Files\\WASTE\\WASTE.exe:*:Enabled:Waste Secure Network"
"C:\\Documents and Settings\\Brett Goodman\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Brett Goodman\\Desktop\\utorrent.exe:*:Enabled:ęTorrent"
"C:\\Documents and Settings\\Brett Goodman\\Desktop\\utorrent(2).exe"="C:\\Documents and Settings\\Brett Goodman\\Desktop\\utorrent(2).exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe"="C:\\Program Files\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe:*:Enabled:MATLAB"
"C:\\Documents and Settings\\Brett Goodman\\Local Settings\\Temp\\.tt140.tmp"="C:\\Documents and Settings\\Brett Goodman\\Local Settings\\Temp\\.tt140.tmp:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 6 Apr 2007 110,592 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\~WRL0003.tmp"
Sun 8 Apr 2007 110,592 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\~WRL3614.tmp"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Thu 29 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0015.tmp"
Sun 13 Jan 2008 30,208 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0024.tmp"
Tue 15 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0088.tmp"
Tue 15 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0248.tmp"
Sun 20 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0301.tmp"
Tue 15 Jan 2008 30,208 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0506.tmp"
Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0618.tmp"
Sun 20 Jan 2008 33,792 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0669.tmp"
Mon 21 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0675.tmp"
Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0709.tmp"
Tue 15 Jan 2008 29,184 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0995.tmp"
Tue 15 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1006.tmp"
Sun 20 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1039.tmp"
Tue 15 Jan 2008 28,160 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1148.tmp"
Tue 15 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1236.tmp"
Sun 20 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1408.tmp"
Tue 15 Jan 2008 28,160 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1456.tmp"
Tue 15 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1534.tmp"
Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2206.tmp"
Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2226.tmp"
Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2318.tmp"
Tue 15 Jan 2008 30,720 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2405.tmp"
Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2441.tmp"
Mon 14 Jan 2008 25,088 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2550.tmp"
Tue 15 Jan 2008 33,792 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2565.tmp"
Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2760.tmp"
Sun 13 Jan 2008 28,672 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2910.tmp"
Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3040.tmp"
Sun 13 Jan 2008 29,184 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3093.tmp"
Mon 21 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3186.tmp"
Sun 13 Jan 2008 29,184 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3237.tmp"
Tue 15 Jan 2008 30,720 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3251.tmp"
Sun 13 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3370.tmp"
Tue 15 Jan 2008 31,232 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3526.tmp"
Sun 20 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3563.tmp"
Tue 15 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3568.tmp"
Wed 20 Feb 2008 37,888 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3614.tmp"
Sun 13 Jan 2008 30,208 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3686.tmp"
Sun 20 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3756.tmp"
Tue 15 Jan 2008 38,400 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3803.tmp"
Sun 20 Jan 2008 33,792 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3831.tmp"
Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3967.tmp"
Mon 21 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL4087.tmp"
Sat 29 Jul 2006 11,116 A.SH. --- "C:\Documents and Settings\Brett Goodman\My Documents\My Music\License Backup\drmv2key.bak"
Sat 12 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\ARA\~WRL3224.tmp"
Mon 14 Jan 2008 25,088 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\RA\~WRL1764.tmp"
Tue 25 Mar 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\SOCI\~WRL3109.tmp"
Thu 1 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\ARA\programs\November\~WRL2182.tmp"

Finished!


DSS Scan
Deckard's System Scanner v20071014.68
Run by Brett Goodman on 2008-07-13 08:59:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.23 GiB (less than 15%) free.


-- HijackThis (run as Brett Goodman.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:36 AM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brett Goodman\Desktop\dss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brett Goodman.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O17 - HKLM\System\CCS\Services\Tcpip\..\{569A2784-0F10-46A4-A6A3-AEC94F55C709}: NameServer = 68.94.156.1,151.164.8.201
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 11840 bytes

-- Files created between 2008-06-13 and 2008-07-13 -----------------------------

2008-07-13 09:00:06 0 d-------- C:\Program Files\Trend Micro
2008-07-13 08:30:25 0 d-------- C:\WINDOWS\ERUNT
2008-07-08 17:47:47 0 d-------- C:\Program Files\shc5wdj0ep1e
2008-07-07 20:28:00 0 d-------- C:\Program Files\SpywareBlaster
2008-07-07 18:45:07 0 d-------- C:\Program Files\Panda Security
2008-07-06 22:37:43 0 d-------- C:\desktopclean
2008-07-06 19:55:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-06 18:50:09 0 d-------- C:\quarantine
2008-07-06 15:54:42 0 d-------- C:\Program Files\rhc7wdj0ep1e
2008-07-04 16:35:27 0 d-------- C:\Program Files\ASIO4ALL v2
2008-07-04 16:33:19 0 d-------- C:\Program Files\Outsim
2008-07-04 15:55:49 1720086 --a------ C:\WINDOWS\system32\TmpA1465004234
2008-06-22 22:10:46 0 d-------- C:\Program Files\Anywhere.FM


-- Find3M Report ---------------------------------------------------------------

2008-07-06 2047 0 d-------- C:\Program Files\Common Files
2008-07-06 18:34:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 16:35:20 0 d-------- C:\Program Files\GemMaster
2008-07-06 01:44:15 0 d-------- C:\Program Files\Soulseek
2008-07-06 00:13:06 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-05 17:52:43 0 d-------- C:\Program Files\Trillian
2008-07-04 16:35:10 0 d-------- C:\Program Files\Image-Line
2008-07-04 16:29:10 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\uTorrent
2008-07-01 19:30:48 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\Mozilla
2008-06-22 22:11:03 0 d--hs---- C:\Documents and Settings\Brett Goodman\Application Data\.#
2008-05-20 20:29:43 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\Azureus
2008-05-18 21:16:28 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\Ableton
2008-05-18 20:59:46 0 d-------- C:\Program Files\Ableton
2008-05-18 20:57:39 0 d-------- C:\Program Files\UnPacker
2008-05-12 09:30:08 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-12 09:30:08 0 --a------ C:\WINDOWS\system32\SBFC.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [03/11/2005 06:03 PM C:\WINDOWS\system32\TDispVol.exe]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 12:05 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 12:55 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 12:52 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 12:55 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 04:56 PM]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 05:02 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/16/2005 03:34 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/16/2005 03:32 AM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [08/18/2004 06:37 AM]
"AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 09:29 AM C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [11/30/2005 03:25 PM]
"TPSMain"="TPSMain.exe" [06/01/2005 12:00 AM C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" []
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [10/06/2005 08:20 AM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 08:37 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/05/2005 02:37 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [11/28/2005 01:41 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [06/21/2006 12:14 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/27/2006 09:42 AM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [08/18/2004 08:00 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 11:00 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/10/2005 09:57 AM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 06:50 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe" [06/15/2007 03:17 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 04:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 04:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 03:32 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 06:51 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/06/2008 06:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/06/2008 06:34 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

*Newly Created Service* - SBAPIFS



-- End of Deckard's System Scanner: finished at 2008-07-13 09:01:40 ------------
bballbrett5 is offline