|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
Thread Tools |
07-07-2008, 06:38 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 3
OS: xp
|
Windows keeps trying to shut down and reboot for security reasons HELP
I first noticed a problem when I was using my computer and the screen just went black. I rebooted and before fully doing so the computer went to a screen saying that windows was shutting down to protect my computer with some technical jargon that I unfortunately can't copy paste here or anything, but it's one of those blue screens with very plain text...hopefully you know what I mean. Anyway, when I was finally able to get to my desktop, I couldn't change the background, which had a warning about spyware on my computer. I fixed that problem and can change the background, but Windows will continue to try to reboot all the time. I am also having trouble uninstalling Norton anti-virus, which was added in naivety but I already have another anti-virus. It freezes when I click on changing it in add/remove programs. Any help is REALLY appreciated.
Deckard's System Scanner v20071014.68 Run by Brett Goodman on 2008-07-07 20:27:06 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 1.5 GiB (less than 15%) free. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-07-07 20:27:28 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.5730.11) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\McAfee.com\Agent\Mcdetect.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\McAfee.com\Agent\McTskshd.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\ltmoh.exe C:\WINDOWS\agrsmmsg.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Network Associates\VirusScan\shstat.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe C:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\lphc3wdj0ep1e.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Brett Goodman\Local Settings\Temp\.tt140.tmp C:\Documents and Settings\Brett Goodman\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [lphc3wdj0ep1e] C:\WINDOWS\system32\lphc3wdj0ep1e.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{569A2784-0F10-46A4-A6A3-AEC94F55C709}: NameServer = 68.94.156.1,151.164.8.201 O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe O23 - Service: Swupdtmr - Unknown owner - C:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 14897 bytes -- Files created between 2008-06-07 and 2008-07-07 ----------------------------- 2008-07-07 18:45:52 0 d-------- C:\WINDOWS\LastGood 2008-07-07 18:45:07 0 d-------- C:\Program Files\Panda Security 2008-07-06 22:37:43 0 d-------- C:\desktopclean 2008-07-06 20:04:35 0 d-------- C:\Program Files\Norton AntiVirus 2008-07-06 19:59:05 0 d-------- C:\Program Files\Symantec 2008-07-06 19:59:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-07-06 19:55:33 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-06 18:50:09 0 d-------- C:\quarantine 2008-07-06 15:54:42 0 d-------- C:\Program Files\rhc7wdj0ep1e 2008-07-06 15:54:12 60928 -----n--- C:\WINDOWS\system32\blphc3wdj0ep1e.scr <Not Verified; Sysinternals; Sysinternals Blue Screen> 2008-07-06 15:53:58 109056 --a------ C:\WINDOWS\system32\lphc3wdj0ep1e.exe 2008-07-04 16:35:27 0 d-------- C:\Program Files\ASIO4ALL v2 2008-07-04 16:33:19 0 d-------- C:\Program Files\Outsim 2008-07-04 15:55:49 1720086 --a------ C:\WINDOWS\system32\TmpA1465004234 2008-06-22 22:10:46 0 d-------- C:\Program Files\Anywhere.FM -- Find3M Report --------------------------------------------------------------- 2008-07-06 20  47 0 d-------- C:\Program Files\Common Files2008-07-06 18:34:20 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-06 16:35:20 0 d-------- C:\Program Files\GemMaster 2008-07-06 01:44:15 0 d-------- C:\Program Files\Soulseek 2008-07-06 00:13:06 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-07-05 17:52:43 0 d-------- C:\Program Files\Trillian 2008-07-04 16:35:10 0 d-------- C:\Program Files\Image-Line 2008-07-04 16:29:10 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\uTorrent 2008-07-01 19:30:48 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\Mozilla 2008-06-22 22:11:03 0 d--hs---- C:\Documents and Settings\Brett Goodman\Application Data\.# 2008-05-20 20:29:43 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\Azureus 2008-05-18 21:16:28 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\Ableton 2008-05-18 20:59:46 0 d-------- C:\Program Files\Ableton 2008-05-18 20:57:39 0 d-------- C:\Program Files\UnPacker 2008-05-12 09:30:08 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-05-12 09:30:08 0 --a------ C:\WINDOWS\system32\SBFC.dat 2008-05-11 11:43:06 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\SUPERAntiSpyware.com 2008-05-11 11:42:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-08 14:46:56 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\AdobeUM -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [03/11/2005 06:03 PM C:\WINDOWS\system32\TDispVol.exe] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 12:55 AM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 12:52 AM] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 12:55 AM] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 04:56 PM] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 05:02 PM] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/16/2005 03:34 AM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/16/2005 03:32 AM] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [08/18/2004 06:37 AM] "AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 09:29 AM C:\WINDOWS\agrsmmsg.exe] "NDSTray.exe"="NDSTray.exe" [] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [11/30/2005 03:25 PM] "TPSMain"="TPSMain.exe" [06/01/2005 12:00 AM C:\WINDOWS\system32\TPSMain.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM] "dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [10/06/2005 08:20 AM] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 08:37 PM] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/05/2005 02:37 PM] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [11/28/2005 01:41 PM] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [06/21/2006 12:14 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/27/2006 09:42 AM] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [08/18/2004 08:00 AM] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 11:00 AM] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/10/2005 09:57 AM] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 06:50 PM] "CFSServ.exe"="CFSServ.exe" [] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM] "@"="" [] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe" [06/15/2007 03:17 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 04:27 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 04:22 AM] "lphc3wdj0ep1e"="C:\WINDOWS\system32\lphc3wdj0ep1e.exe" [07/06/2008 03:53 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [01/14/2007 02:11 AM] "NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [01/12/2007 09:28 PM] "sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 03:32 AM] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 06:51 PM] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/06/2008 06:34 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/06/2008 06:34 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc] @="Service" *Newly Created Service* - CCEVTMGR *Newly Created Service* - ENTDRV51 *Newly Created Service* - SASDIFSV *Newly Created Service* - SBAPIFS *Newly Created Service* - SYMREDRV -- End of Deckard's System Scanner: finished at 2008-07-07 20:28:40 ------------ |
|
     |
|
07-14-2008, 06:45 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 3
OS: xp
|
Re: Windows keeps trying to shut down and reboot for security reasons HELP
um another bump. taken care of some things, here's logs. let me know please.
SDFix: Version 1.205 Run by Brett Goodman on Sun 07/13/2008 at 08:39 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Name : sysrest.sys Path : \??\C:\WINDOWS\system32\sysrest.sys sysrest.sys - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Restoring Default ScreenSaver value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\PHC3WD~1.BMP - Deleted C:\WINDOWS\SYSTEM32\BLPHC3~1.SCR - Deleted C:\DOCUME~1\BRETTG~1\JRE-6-~1.EXE - Deleted C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk - Deleted C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk - Deleted C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk - Deleted C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk - Deleted C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk - Deleted C:\Documents and Settings\Brett Goodman\My Documents\My Documents.url - Deleted C:\Documents and Settings\Brett Goodman\My Documents\My Videos\My Video.url - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt10.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt131.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt135.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt137.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt139.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt13B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt13D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt140.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt144.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt146.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt14A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt173.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt175.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt177.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt179.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt17B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt17D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt181.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt183.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt185.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt187.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt189.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1AA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1AC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1AE.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1B0.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1B2.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1B4.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1B6.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1B8.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1BA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1BC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1BF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1C1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1C3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1C5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1C7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1C9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1CB.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1CD.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1CF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1D1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1D3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1D5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1D7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1D9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1DB.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1DD.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1DF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1E1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1E3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1E5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1E7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1E9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1EB.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1ED.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1EF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1F2.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1F4.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1F6.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1F8.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1FA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1FC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt1FE.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt200.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt202.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt204.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt206.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt208.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt20A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt20C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt20E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt210.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt212.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt214.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt217.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt219.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt21B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt21D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt220.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt222.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt224.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt226.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt228.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt22A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt22C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt22E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt230.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt232.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt234.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt236.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt238.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt23A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt23C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt23E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt240.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt242.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt244.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt246.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt248.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt24A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt24C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt24E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt250.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt253.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt255.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt257.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt259.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt25B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt25D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt25F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt261.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt263.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt265.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt267.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt269.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt26B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt26D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt26F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt271.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt273.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt275.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt277.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt279.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt27B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt27D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt27F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt281.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt283.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt285.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt287.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt28A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt28C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt28E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt290.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt292.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt294.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt296.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt29F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2A4.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2A6.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2A8.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2AA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2AC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2AF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2B9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2BF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2D6.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2D8.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2E2.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2E4.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2E6.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2E9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2EB.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2ED.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2EF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2F1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2F3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2F5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2F7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2F9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2FB.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2FD.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt2FF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt301.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt303.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt305.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt307.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt309.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt30C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt30E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt310.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt312.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt314.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt316.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt318.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt31A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt31C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt31E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt320.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt322.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt324.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt326.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt328.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt32A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt32C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt32E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt330.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt332.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt334.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt336.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt338.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt33A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt33C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt33E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt340.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt343.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt345.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt347.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt349.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt34B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt34D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt34F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt351.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt353.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt355.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt357.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt359.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt35B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt35D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt35F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt361.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt363.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt369.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt381.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt383.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt385.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt387.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt389.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt38B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt38D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt38F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt392.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt394.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt396.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt398.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt39A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt39C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt39E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3A0.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3A2.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3A4.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3A6.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3A8.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3AA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3AC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3AE.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3B0.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3B2.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3B4.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3B6.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3B8.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3BA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3BC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3BF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3C1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3C3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3C5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3C7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3C9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3CB.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3CD.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3CF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3D1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3D3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3D5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3D7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3D9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3DB.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3DD.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3DF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3E1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3E3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3E5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3E7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3EA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3EC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3EE.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3F0.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3F2.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3F4.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3F6.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3F8.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3FA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3FC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt3FE.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt400.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt402.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt404.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt406.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt408.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt40A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt40C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt40E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt410.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt412.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt414.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt416.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt418.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt41A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt41D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt41F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt421.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt423.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt425.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt427.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt429.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt42B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt42D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt42F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt43.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt431.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt434.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt436.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt438.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt43A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt43C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt43E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt440.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt442.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt444.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt446.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt448.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt44A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt44C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt44E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt450.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt452.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt454.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt456.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt458.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt45A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt45C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt45F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt461.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt463.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt465.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt467.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt469.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt46B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt46D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt46F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt47.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt471.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt473.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt475.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt477.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt479.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt47B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt47D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt47F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt481.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt483.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt485.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt48B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt48D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt48F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt491.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt493.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt495.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt497.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt499.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt49B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt49D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt49F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4A1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4A3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4A5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4A7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4AA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4AC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4AE.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4B0.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4C6.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4C8.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4CA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4CC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4CE.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4D0.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4D2.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4D4.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4D6.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4D8.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4DA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4DC.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4DE.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4E1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4E3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4E5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4E7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4E9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4EB.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4ED.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4EF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4F1.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4F3.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4F5.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4F7.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4F9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4FB.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4FD.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt4FF.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt501.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt504.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt506.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt508.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt50A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt50C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt50E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt510.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt512.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt514.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt516.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt518.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt51A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt51C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt51E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt520.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt522.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt524.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt526.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt529.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt52B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt52D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt52F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt531.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt533.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt535.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt537.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt539.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt53B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt53D.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt53F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt541.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt543.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt545.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt547.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt549.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt54B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt54E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt550.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt552.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt554.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt556.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt558.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt55A.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt55C.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt55E.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt56.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt560.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt562.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt564.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt566.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt5B.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt65.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt69.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt6F.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt8.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt9.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.tt92.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.ttA.tmp - Deleted C:\DOCUME~1\BRETTG~1\LOCALS~1\Temp\.ttB.tmp - Deleted C:\Documents and Settings\Brett Goodman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk - Deleted C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk - Deleted Folder C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008 - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-13 08:52:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s0"=dword:55b2f5a2 "s1"=dword:80b1aac4 "s2"=dword:6fb69ce7 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:a6,be,8a,35,8b,b6,05,2c,85,70,e8,24,71,1c,ac,83,db,e6,a7,b6,11,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,97,67,da,d1,5c,32,0d,d1,3b,9c,50,43,49,fd,18,7c,49,.. "khjeh"=hex:b0,7d,bc,9f,2c,c6,6a,30,49,47,f4,9d,06,2a,cf,4f,74,f3,f8,0c,00,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:ac,71,cf,17,a8,ea,94,d7,d5,98,b9,d2,a9,69,13,0e,be,87,52,c2,86,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:a6,be,8a,35,8b,b6,05,2c,85,70,e8,24,71,1c,ac,83,db,e6,a7,b6,11,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,97,67,da,d1,5c,32,0d,d1,3b,9c,50,43,49,fd,18,7c,49,.. "khjeh"=hex:b0,7d,bc,9f,2c,c6,6a,30,49,47,f4,9d,06,2a,cf,4f,74,f3,f8,0c,00,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:ac,71,cf,17,a8,ea,94,d7,d5,98,b9,d2,a9,69,13,0e,be,87,52,c2,86,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine" "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed" "C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian" "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Program Files\\myTunes Redux\\mDNSResponder.exe"="C:\\Program Files\\myTunes Redux\\mDNSResponder.exe:*:Enabled:mDNSResponder" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ęTorrent" "C:\\Program Files\\WASTE\\WASTE.exe"="C:\\Program Files\\WASTE\\WASTE.exe:*:Enabled:Waste Secure Network" "C:\\Documents and Settings\\Brett Goodman\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Brett Goodman\\Desktop\\utorrent.exe:*:Enabled:ęTorrent" "C:\\Documents and Settings\\Brett Goodman\\Desktop\\utorrent(2).exe"="C:\\Documents and Settings\\Brett Goodman\\Desktop\\utorrent(2).exe:*:Enabled:ęTorrent" "C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe"="C:\\Program Files\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe:*:Enabled:MATLAB" "C:\\Documents and Settings\\Brett Goodman\\Local Settings\\Temp\\.tt140.tmp"="C:\\Documents and Settings\\Brett Goodman\\Local Settings\\Temp\\.tt140.tmp:*:Enabled:enable" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 6 Apr 2007 110,592 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\~WRL0003.tmp" Sun 8 Apr 2007 110,592 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\~WRL3614.tmp" Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll" Thu 29 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0015.tmp" Sun 13 Jan 2008 30,208 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0024.tmp" Tue 15 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0088.tmp" Tue 15 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0248.tmp" Sun 20 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0301.tmp" Tue 15 Jan 2008 30,208 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0506.tmp" Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0618.tmp" Sun 20 Jan 2008 33,792 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0669.tmp" Mon 21 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0675.tmp" Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0709.tmp" Tue 15 Jan 2008 29,184 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL0995.tmp" Tue 15 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1006.tmp" Sun 20 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1039.tmp" Tue 15 Jan 2008 28,160 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1148.tmp" Tue 15 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1236.tmp" Sun 20 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1408.tmp" Tue 15 Jan 2008 28,160 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1456.tmp" Tue 15 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL1534.tmp" Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2206.tmp" Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2226.tmp" Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2318.tmp" Tue 15 Jan 2008 30,720 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2405.tmp" Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2441.tmp" Mon 14 Jan 2008 25,088 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2550.tmp" Tue 15 Jan 2008 33,792 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2565.tmp" Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2760.tmp" Sun 13 Jan 2008 28,672 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL2910.tmp" Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3040.tmp" Sun 13 Jan 2008 29,184 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3093.tmp" Mon 21 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3186.tmp" Sun 13 Jan 2008 29,184 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3237.tmp" Tue 15 Jan 2008 30,720 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3251.tmp" Sun 13 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3370.tmp" Tue 15 Jan 2008 31,232 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3526.tmp" Sun 20 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3563.tmp" Tue 15 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3568.tmp" Wed 20 Feb 2008 37,888 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3614.tmp" Sun 13 Jan 2008 30,208 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3686.tmp" Sun 20 Jan 2008 33,280 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3756.tmp" Tue 15 Jan 2008 38,400 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3803.tmp" Sun 20 Jan 2008 33,792 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3831.tmp" Sun 20 Jan 2008 34,304 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL3967.tmp" Mon 21 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\~WRL4087.tmp" Sat 29 Jul 2006 11,116 A.SH. --- "C:\Documents and Settings\Brett Goodman\My Documents\My Music\License Backup\drmv2key.bak" Sat 12 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\ARA\~WRL3224.tmp" Mon 14 Jan 2008 25,088 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\RA\~WRL1764.tmp" Tue 25 Mar 2008 32,768 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\SOCI\~WRL3109.tmp" Thu 1 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\Brett Goodman\My Documents\School\ARA\programs\November\~WRL2182.tmp" Finished! DSS Scan Deckard's System Scanner v20071014.68 Run by Brett Goodman on 2008-07-13 08:59:30 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 1.23 GiB (less than 15%) free. -- HijackThis (run as Brett Goodman.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:00:36 AM, on 7/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Brett Goodman\Desktop\dss.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\TRENDM~1\HIJACK~1\Brett Goodman.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O17 - HKLM\System\CCS\Services\Tcpip\..\{569A2784-0F10-46A4-A6A3-AEC94F55C709}: NameServer = 68.94.156.1,151.164.8.201 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 11840 bytes -- Files created between 2008-06-13 and 2008-07-13 ----------------------------- 2008-07-13 09:00:06 0 d-------- C:\Program Files\Trend Micro 2008-07-13 08:30:25 0 d-------- C:\WINDOWS\ERUNT 2008-07-08 17:47:47 0 d-------- C:\Program Files\shc5wdj0ep1e 2008-07-07 20:28:00 0 d-------- C:\Program Files\SpywareBlaster 2008-07-07 18:45:07 0 d-------- C:\Program Files\Panda Security 2008-07-06 22:37:43 0 d-------- C:\desktopclean 2008-07-06 19:55:33 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-06 18:50:09 0 d-------- C:\quarantine 2008-07-06 15:54:42 0 d-------- C:\Program Files\rhc7wdj0ep1e 2008-07-04 16:35:27 0 d-------- C:\Program Files\ASIO4ALL v2 2008-07-04 16:33:19 0 d-------- C:\Program Files\Outsim 2008-07-04 15:55:49 1720086 --a------ C:\WINDOWS\system32\TmpA1465004234 2008-06-22 22:10:46 0 d-------- C:\Program Files\Anywhere.FM -- Find3M Report --------------------------------------------------------------- 2008-07-06 20 47 0 d-------- C:\Program Files\Common Files2008-07-06 18:34:20 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-06 16:35:20 0 d-------- C:\Program Files\GemMaster 2008-07-06 01:44:15 0 d-------- C:\Program Files\Soulseek 2008-07-06 00:13:06 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-07-05 17:52:43 0 d-------- C:\Program Files\Trillian 2008-07-04 16:35:10 0 d-------- C:\Program Files\Image-Line 2008-07-04 16:29:10 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\uTorrent 2008-07-01 19:30:48 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\Mozilla 2008-06-22 22:11:03 0 d--hs---- C:\Documents and Settings\Brett Goodman\Application Data\.# 2008-05-20 20:29:43 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\Azureus 2008-05-18 21:16:28 0 d-------- C:\Documents and Settings\Brett Goodman\Application Data\Ableton 2008-05-18 20:59:46 0 d-------- C:\Program Files\Ableton 2008-05-18 20:57:39 0 d-------- C:\Program Files\UnPacker 2008-05-12 09:30:08 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-05-12 09:30:08 0 --a------ C:\WINDOWS\system32\SBFC.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [03/11/2005 06:03 PM C:\WINDOWS\system32\TDispVol.exe] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 12:05 PM] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 12:55 AM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 12:52 AM] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 12:55 AM] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 04:56 PM] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 05:02 PM] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/16/2005 03:34 AM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/16/2005 03:32 AM] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [08/18/2004 06:37 AM] "AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 09:29 AM C:\WINDOWS\agrsmmsg.exe] "NDSTray.exe"="NDSTray.exe" [] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [11/30/2005 03:25 PM] "TPSMain"="TPSMain.exe" [06/01/2005 12:00 AM C:\WINDOWS\system32\TPSMain.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM] "dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [10/06/2005 08:20 AM] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 08:37 PM] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/05/2005 02:37 PM] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [11/28/2005 01:41 PM] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [06/21/2006 12:14 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/27/2006 09:42 AM] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [08/18/2004 08:00 AM] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 11:00 AM] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/10/2005 09:57 AM] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 06:50 PM] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe" [06/15/2007 03:17 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 04:27 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 04:22 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 03:32 AM] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 06:51 PM] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/06/2008 06:34 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/06/2008 06:34 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc] @="Service" *Newly Created Service* - SBAPIFS -- End of Deckard's System Scanner: finished at 2008-07-13 09:01:40 ------------ |
|
|
|
