Broadband Connection Drops out After 3 or so Hours...everytime..

mflynn · 2008/02/04

Hello Wav

OK been at work and as I said I am checking back, how is it going?

Have you been online more than 3 hours yet?

Mike

Waverley73 · 2008/02/04

Hey Mike,

Well, after posting all the above I ran a virus scan using Avast which lasted about 5 hours (full scan, on high sensitivity) and it picked up around 24 trojans (which I deleted). The other news is that when I checked my PC this morning (I left it on overnight) the internet was still connected! (so it has been connected for around 9 hours and counting)

Many thanks mate - it appears to have worked.

I'm now at work and will be back on the home PC in around 11 hours to do follow though on what you recently posted.

mflynn · 2008/02/04

Hmmmm

There were some unusual entries in your HJT and the one DSS log you did post but these seemed to be related to games.

I would like to see what it found, if you can paste the Virus log from Avast.

And for sure restart and do another HJT and DSS (all dss logs this time) since these were removed.

We may have to move this to the Malware removal forum. But lets see if the 3 hour limit has been fixed!

Some Malware can not be removed by a general virus scanner and requires surgical removal.

Mike

Waverley73 · 2008/02/04

Will do mate - once I've done all that I'll repost (and let you know if the connection issue is still looking like it's resolved).

I was going to ask you (and you'll see them in the log I post tonight my time) but although there were some Trojans found (and subsequently deleted) there were also a list of files it said it couldn't scan because they were password protected (can't remember the exact wording).

Waverley73 · 2008/02/05

Hi Mike - here is the first of the two log files from the first Deckard directory (my next post will be the 'moved' log file). these are the only 'extra' or 'moved' files.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 511.48 MiB / 247.82 MiB
Pagefile Memory (total/avail): 1236.64 MiB / 998.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.4 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 74.51 GiB total, 2.53 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380012A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 74.53 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Application Data\\printer.exe "= "C:\\Documents and Settings\\user\\Application Data\\printer.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\system32\\printer.exe "= "C:\\WINDOWS\\system32\\printer.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\system32\\spoolvs.exe "= "C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\shell.exe "= "C:\\WINDOWS\\shell.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast.exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabledxpsp2res.dll,-22019 "
"%windir%\\system32\\winav.exe "= "%windir%\\system32\\winav.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Application Data\\mcrupdate.exe "= "C:\\Documents and Settings\\user\\Application Data\\mcrupdate.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Application Data\\trant.exe "= "C:\\Documents and Settings\\user\\Application Data\\trant.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe "= "C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\shell .exe "= "C:\\WINDOWS\\shell .exe:*:Enabledxpsp2res.dll,-22019 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe "= "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*isabled:backWeb-7288971 "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\NewSoft\\Presto! PageManager 6\\NetGroup.exe "= "C:\\Program Files\\NewSoft\\Presto! PageManager 6\\NetGroup.exe:*:Enabled:NewSoft Network Group "
"C:\\Program Files\\Azureus\\Azureus.exe "= "C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus "
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe "= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008 "
"C:\\DOCUME~1\\user\\LOCALS~1\\Temp\\winB.exe "= "C:\\DOCUME~1\\user\\LOCALS~1\\Temp\\winB.exe:*:Enabled:winB "
"C:\\Documents and Settings\\user\\Application Data\\printer.exe "= "C:\\Documents and Settings\\user\\Application Data\\printer.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\system32\\printer.exe "= "C:\\WINDOWS\\system32\\printer.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\system32\\spoolvs.exe "= "C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\shell.exe "= "C:\\WINDOWS\\shell.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast.exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabledxpsp2res.dll,-22019 "
"%windir%\\system32\\winav.exe "= "%windir%\\system32\\winav.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Application Data\\mcrupdate.exe "= "C:\\Documents and Settings\\user\\Application Data\\mcrupdate.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Application Data\\trant.exe "= "C:\\Documents and Settings\\user\\Application Data\\trant.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe "= "C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\shell .exe "= "C:\\WINDOWS\\shell .exe:*:Enabledxpsp2res.dll,-22019 "

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OEM-VSW4ECXI8FT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\OEM-VSW4ECXI8FT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Autodesk Shared\;V5.00;C:\WINDOWS\LHSP
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=OEM-VSW4ECXI8FT
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

user (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S /R
--> "C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\System32\UninstIPP.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC69B6-B2FE-442E-B106-A1E57DEBC5C1}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC69B6-B2FE-442E-B106-A1E57DEBC5C1}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe "
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c "C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll "
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AltoMP3 Gold 5.20 --> C:\Program Files\AltoMP3 Gold\uninst.exe
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D= "C:\Program Files\SlySoft\AnyDVD "
Askey HSFi V.90(V.92) 56K PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D89144F\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_8D89144F
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
Aspire Screen Saver --> C:\WINDOWS\Aspire.scr /u
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AutoCAD 2005 - English --> MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BigPhoto Print Wizard 4.0.4.2 --> "C:\Program Files\BigPhoto\Print Wizard\unins000.exe "
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
Canon MP Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58F8C6D9-5B55-486A-A322-4E8D87670031}\Setup.exe" -l0x9 -Uninstall
Canon MP Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4669544E-20E4-4E56-8B44-2E6E1200051F}\Setup.exe" -l0x9 -Uninstall
Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c "C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL "
Cars --> C:\Program Files\THQ\Disney-Pixar\Cars\_uninst\uninstaller.exe
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe "
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Children's Encyclopedia --> C:\WINDOWS\uninst.exe -r "DK Multimedia\Children's Encyclopedia\1.0.0" -n "Children's Encyclopedia" -fC:\PROGRA~1\DKMULT~1\CHILDR~1\DeIsL1.isu -cC:\PROGRA~1\DKMULT~1\CHILDR~1\uninst.dll
Core FTP LE 1.3c --> C:\PROGRA~1\COREFTP\UNWISE.EXE C:\PROGRA~1\COREFTP\INSTALL.LOG
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN Neeon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD4E589A-C44A-4498-A8AF-6AFF09E07901}\SETUP.EXE" -l0x9 /remove
Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
D-Link DSL-302G USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCEC3BD-FFCA-4146-8587-17650B86165B}\Setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
Dora Lost City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{747C231B-062D-4586-8221-8E7870987D5B}\setup.exe" -l0x9 -uninst
DVD Shrink 3.1.7 --> "C:\Program Files\DVD Shrink\unins000.exe "
DVDFab Decrypter 2.9.8.1 --> "C:\Program Files\DVDFab Decrypter\unins000.exe "
e-tax 2007 --> C:\Data\2007 ETax\etax2007\e-tax 2007_uninstall.exe
Easy Spyware Cleaner --> "C:\Program Files\EasySpywareCleaner\uninstall.exe "
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Eye Candy 4000 --> C:\EYECAN~1\UNWISE.EXE C:\EYECAN~1\INSTALL.LOG
FIFA 07 --> C:\Program Files\EA SPORTS\FIFA 07\EAUninstall.exe
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
Football Manager 2007 --> C:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe "
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe "
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Ligos\Indeo\Uninst.isu" -c "C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll "
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KB Piano v.2.2 --> C:\Program Files\KB Piano 2\uninstall.exe
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3d001c_292bbf4b\Setup.exe /APR-REMOVE
Korean Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ko.inf, Uninstall
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learning in Toyland --> G:\setup.exe -funinst.ins
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Magic ISO Maker v5.3 (build 0229) --> C:\PROGRA~1\MAGICISO\UNWISE.EXE C:\PROGRA~1\MAGICISO\INSTALL.LOG
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe "
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe "
MediaRecorder --> MsiExec.exe /I{F8EB85B9-490E-4697-AFF2-279EE83B9FBC}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MouseWare 9.43 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OptusNet DSL --> C:\Program Files\OptusNet DSL Internet\Uninstall.exe
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Presto! PageManager 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{580183A6-FF92-11D5-9294-0050BA073EEC}\Setup.exe" -l0x9 anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Race Driver 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0297C87B-CC40-446F-865A-031B4FC0CF22}\Setup.exe" -l0x9 -removeonly
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Real Alternative 1.51 --> "C:\Program Files\Real Alternative\unins000.exe "
SDP Downloader --> MsiExec.exe /I{B547CB8D-549A-436E-97B5-E79F911B11E2}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SiS 650_651_M650_M652_740 --> Rundll32 SiSInst.dll,Uninstall VGA,r,0
SiS 650_740 --> RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f "C:\PROGRA~1\SISCOM~1.22\DeIsL1.isu "&P.U 4 xvga.in&-1
Sony DVD Architect 4.0 --> MsiExec.exe /X{219CB444-F2B6-4A17-8A76-BB7847F3DB26}
Sony Media Manager 2.2 --> MsiExec.exe /X{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sony Vegas 7.0a --> MsiExec.exe /X{251C3815-7A55-4607-A82D-C3B98F0FBAB8}
Sound Blaster Audigy 2 ZS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x9
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ulead COOL 3D 3.0 --> C:\WINDOWS\Ulead.dat\uninstall\setup.exe
Ulead GIF Animator 5 ESD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
UltraGet Video Downloader 1.1.2 --> "C:\Program Files\UltraGet Video Downloader\unins000.exe "
USB Multimedia Keyboard Driver Ver1.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08DA21BF-9912-409E-B802-943C6DC2DA81}\Setup.exe" -l0x9
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
WinAVI VideoConverter --> "C:\Program Files\WinAVI VideoConverter\unins000.exe "
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove

-- Application Event Log -------------------------------------------------------

Event Record #/Type7099 / Warning
Event Submitted/Written: 01/07/2008 10:53:37 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete' failed during request for component '{A6C8A50F-4808-43A4-A147-ACAA2598DE52}'

Event Record #/Type7098 / Warning
Event Submitted/Written: 01/07/2008 10:53:37 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete', component '{B2B6EDF3-22B8-47B3-8358-4D1976F0949D}' failed. The resource 'C:\Program Files\SUPERAntiSpyware\Quarantine\' does not exist.

Event Record #/Type7097 / Warning
Event Submitted/Written: 01/07/2008 10:18:58 PM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type7091 / Warning
Event Submitted/Written: 01/07/2008 07:55:26 PM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type7087 / Warning
Event Submitted/Written: 01/07/2008 08:08:52 AM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type44405 / Error
Event Submitted/Written: 01/07/2008 10:19:02 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Cql57
PCLEPCI

Event Record #/Type44403 / Error
Event Submitted/Written: 01/07/2008 10:18:56 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ScsiAccess service failed to start due to the following error:
%%2

Event Record #/Type44375 / Error
Event Submitted/Written: 01/07/2008 07:55:55 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Cql57
PCLEPCI

Event Record #/Type44374 / Error
Event Submitted/Written: 01/07/2008 07:55:47 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ScsiAccess service failed to start due to the following error:
%%2

Event Record #/Type44349 / Error
Event Submitted/Written: 01/07/2008 08:08:53 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ScsiAccess service failed to start due to the following error:
%%2

-- End of Deckard's System Scanner: finished at 2008-01-07 23:10:24 ------------

Waverley73 · 2008/02/05

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-01-06 22:45:36 9728 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\TMP31.tmp
2008-01-06 22:46:26 516096 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX3C.tmp <Not Verified; DT Soft Ltd.; DAEMON Tools>
2008-01-06 22:46:28 2488832 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX48.tmp <Not Verified; OptusNet; OptusNet Desktop Service Centre>
2008-01-06 22:46:44 516096 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX6D.tmp <Not Verified; DT Soft Ltd.; DAEMON Tools>
2008-01-06 22:46:44 2488832 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX79.tmp <Not Verified; OptusNet; OptusNet Desktop Service Centre>
2008-01-06 22:47:30 516096 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX9E.tmp <Not Verified; DT Soft Ltd.; DAEMON Tools>
2008-01-06 22:47:32 2488832 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCXAA.tmp <Not Verified; OptusNet; OptusNet Desktop Service Centre>
2008-01-07 08:11:04 2228736 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX5.tmp <Not Verified; Microsoft Corporation; Messenger>
2008-01-07 08:11:06 516096 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX8.tmp <Not Verified; DT Soft Ltd.; DAEMON Tools>
2008-01-07 08:11:12 1774592 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCXB.tmp <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware>
2008-01-07 08:11:16 2488832 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX14.tmp <Not Verified; OptusNet; OptusNet Desktop Service Centre>
2008-01-07 08:10:36 26624 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\TMP18.tmp <Not Verified; MskSoftStudy Corp.; Anti-Virus Project (AVP) spyware removal module>
2008-01-07 19:56:48 516096 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX25.tmp <Not Verified; DT Soft Ltd.; DAEMON Tools>
2008-01-07 19:56:48 1774592 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX28.tmp <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware>
2008-01-07 19:56:48 379392 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX2B.tmp <Not Verified; Logitech Inc.; MouseWare>
2008-01-07 19:56:48 2488832 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX31.tmp <Not Verified; OptusNet; OptusNet Desktop Service Centre>
2008-01-07 19:56:12 26624 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\TMP35.tmp <Not Verified; MskSoftStudy Corp.; Anti-Virus Project (AVP) spyware removal module>
2008-01-07 22:20:30 0 d-------- C:\DOCUME~1\user\LOCALS~1\Temp\{E3060073-E87D-498A-8D52-C69AB1E9E91A}
2008-01-07 22:45:00 516096 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX27.tmp <Not Verified; DT Soft Ltd.; DAEMON Tools>
2008-01-07 22:45:02 1774592 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX2A.tmp <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware>
2008-01-07 22:45:02 354816 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX34.tmp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-07 22:45:02 2488832 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\RCX3B.tmp <Not Verified; OptusNet; OptusNet Desktop Service Centre>
2008-01-07 22:19:50 26624 --a------ C:\DOCUME~1\user\LOCALS~1\Temp\TMP3F.tmp <Not Verified; MskSoftStudy Corp.; Anti-Virus Project (AVP) spyware removal module>
2008-01-07 22:19:24 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2008-01-07 00:06:56 0 --a------ C:\WINDOWS\temp\win3A.tmp
2008-01-07 00:10:56 0 --a------ C:\WINDOWS\temp\win40.tmp
2008-01-06 22:13:18 0 --a------ C:\WINDOWS\temp\T30DebugLogFile.txt
2008-01-07 22:19:32 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2008-01-06 22:05:32 0 --a------ C:\WINDOWS\temp\win135.tmp
2008-01-06 22:05:32 0 --a------ C:\WINDOWS\temp\win136.tmp
2008-01-06 22:05:32 0 --a------ C:\WINDOWS\temp\win137.tmp
2008-01-07 00:06:56 0 --a------ C:\WINDOWS\temp\win3B.tmp
2008-01-07 00:06:56 0 --a------ C:\WINDOWS\temp\win3C.tmp
2008-01-07 00:08:56 0 --a------ C:\WINDOWS\temp\win3D.tmp
2008-01-07 00:08:56 0 --a------ C:\WINDOWS\temp\win3E.tmp
2008-01-07 00:08:56 0 --a------ C:\WINDOWS\temp\win3F.tmp
2008-01-07 00:10:56 0 --a------ C:\WINDOWS\temp\win41.tmp
2008-01-07 00:10:56 0 --a------ C:\WINDOWS\temp\win42.tmp
2008-01-07 00:12:56 0 --a------ C:\WINDOWS\temp\win43.tmp
2008-01-07 00:12:56 0 --a------ C:\WINDOWS\temp\win44.tmp
2008-01-07 00:12:56 0 --a------ C:\WINDOWS\temp\win45.tmp
2008-01-07 00:14:56 0 --a------ C:\WINDOWS\temp\win46.tmp
2008-01-07 00:14:56 0 --a------ C:\WINDOWS\temp\win47.tmp
2008-01-07 00:14:56 0 --a------ C:\WINDOWS\temp\win48.tmp
2008-01-07 00:16:56 0 --a------ C:\WINDOWS\temp\win49.tmp
2008-01-07 00:16:56 0 --a------ C:\WINDOWS\temp\win4A.tmp
2008-01-07 00:16:56 0 --a------ C:\WINDOWS\temp\win4B.tmp
2008-01-07 00:18:56 0 --a------ C:\WINDOWS\temp\win4C.tmp
2008-01-07 00:18:56 0 --a------ C:\WINDOWS\temp\win4D.tmp
2008-01-07 00:18:56 0 --a------ C:\WINDOWS\temp\win4E.tmp
2008-01-07 00:20:56 0 --a------ C:\WINDOWS\temp\win4F.tmp
2008-01-07 00:20:56 0 --a------ C:\WINDOWS\temp\win50.tmp
2008-01-07 00:20:56 0 --a------ C:\WINDOWS\temp\win51.tmp
2008-01-07 00:22:56 0 --a------ C:\WINDOWS\temp\win52.tmp
2008-01-07 00:22:56 0 --a------ C:\WINDOWS\temp\win53.tmp
2008-01-07 00:22:56 0 --a------ C:\WINDOWS\temp\win54.tmp
2008-01-07 00:24:56 0 --a------ C:\WINDOWS\temp\win55.tmp
2008-01-07 00:24:56 0 --a------ C:\WINDOWS\temp\win56.tmp
2008-01-07 00:24:56 0 --a------ C:\WINDOWS\temp\win57.tmp
2008-01-07 00:26:56 0 --a------ C:\WINDOWS\temp\win58.tmp
2008-01-07 00:26:56 0 --a------ C:\WINDOWS\temp\win59.tmp
2008-01-07 00:26:56 0 --a------ C:\WINDOWS\temp\win5A.tmp
2008-01-07 00:28:56 0 --a------ C:\WINDOWS\temp\win5B.tmp
2008-01-07 00:28:56 0 --a------ C:\WINDOWS\temp\win5C.tmp
2008-01-07 00:28:56 0 --a------ C:\WINDOWS\temp\win5D.tmp
2008-01-07 00:30:56 0 --a------ C:\WINDOWS\temp\win5E.tmp
2008-01-07 00:30:56 0 --a------ C:\WINDOWS\temp\win5F.tmp
2008-01-07 00:30:56 0 --a------ C:\WINDOWS\temp\win60.tmp
2008-01-07 00:32:56 0 --a------ C:\WINDOWS\temp\win61.tmp
2008-01-07 00:32:56 0 --a------ C:\WINDOWS\temp\win62.tmp
2008-01-07 00:32:56 0 --a------ C:\WINDOWS\temp\win63.tmp
2008-01-07 00:34:56 0 --a------ C:\WINDOWS\temp\win64.tmp
2008-01-07 00:34:56 0 --a------ C:\WINDOWS\temp\win65.tmp
2008-01-07 00:34:56 0 --a------ C:\WINDOWS\temp\win66.tmp
2008-01-07 00:36:56 0 --a------ C:\WINDOWS\temp\win67.tmp
2008-01-07 00:36:56 0 --a------ C:\WINDOWS\temp\win68.tmp
2008-01-07 00:36:56 0 --a------ C:\WINDOWS\temp\win69.tmp
2008-01-07 00:38:56 0 --a------ C:\WINDOWS\temp\win6A.tmp
2008-01-07 00:38:56 0 --a------ C:\WINDOWS\temp\win6B.tmp
2008-01-07 00:38:56 0 --a------ C:\WINDOWS\temp\win6C.tmp
2008-01-07 00:40:56 0 --a------ C:\WINDOWS\temp\win6D.tmp
2008-01-07 00:40:56 0 --a------ C:\WINDOWS\temp\win6E.tmp
2008-01-07 00:40:56 0 --a------ C:\WINDOWS\temp\win6F.tmp
2008-01-07 00:42:56 0 --a------ C:\WINDOWS\temp\win70.tmp
2008-01-07 00:42:56 0 --a------ C:\WINDOWS\temp\win71.tmp
2008-01-07 00:42:56 0 --a------ C:\WINDOWS\temp\win72.tmp
2008-01-07 00:44:56 0 --a------ C:\WINDOWS\temp\win73.tmp
2008-01-07 00:44:56 0 --a------ C:\WINDOWS\temp\win74.tmp
2008-01-07 00:44:56 0 --a------ C:\WINDOWS\temp\win75.tmp
2008-01-07 00:46:56 0 --a------ C:\WINDOWS\temp\win76.tmp
2008-01-07 00:46:56 0 --a------ C:\WINDOWS\temp\win77.tmp
2008-01-07 00:46:56 0 --a------ C:\WINDOWS\temp\win78.tmp
2008-01-07 00:48:56 0 --a------ C:\WINDOWS\temp\win79.tmp
2008-01-07 00:48:56 0 --a------ C:\WINDOWS\temp\win7A.tmp
2008-01-07 00:48:56 0 --a------ C:\WINDOWS\temp\win7B.tmp
2008-01-07 00:50:56 0 --a------ C:\WINDOWS\temp\win7C.tmp
2008-01-07 00:50:56 0 --a------ C:\WINDOWS\temp\win7D.tmp
2008-01-07 00:50:56 0 --a------ C:\WINDOWS\temp\win7E.tmp
2008-01-07 00:52:56 0 --a------ C:\WINDOWS\temp\win7F.tmp
2008-01-07 00:52:56 0 --a------ C:\WINDOWS\temp\win80.tmp
2008-01-07 00:52:56 0 --a------ C:\WINDOWS\temp\win81.tmp
2008-01-07 00:54:56 0 --a------ C:\WINDOWS\temp\win82.tmp
2008-01-07 00:54:56 0 --a------ C:\WINDOWS\temp\win83.tmp
2008-01-07 00:54:56 0 --a------ C:\WINDOWS\temp\win84.tmp
2008-01-07 00:56:56 0 --a------ C:\WINDOWS\temp\win85.tmp
2008-01-07 00:56:56 0 --a------ C:\WINDOWS\temp\win86.tmp
2008-01-07 00:56:56 0 --a------ C:\WINDOWS\temp\win87.tmp
2008-01-07 00:58:58 0 --a------ C:\WINDOWS\temp\win88.tmp
2008-01-07 00:58:58 0 --a------ C:\WINDOWS\temp\win89.tmp
2008-01-07 00:58:58 0 --a------ C:\WINDOWS\temp\win8A.tmp
2008-01-07 01:00:58 0 --a------ C:\WINDOWS\temp\win8B.tmp
2008-01-07 01:00:58 0 --a------ C:\WINDOWS\temp\win8C.tmp
2008-01-07 01:00:58 0 --a------ C:\WINDOWS\temp\win8D.tmp
2008-01-07 01:02:58 0 --a------ C:\WINDOWS\temp\win8E.tmp
2008-01-07 01:02:58 0 --a------ C:\WINDOWS\temp\win8F.tmp
2008-01-07 01:02:58 0 --a------ C:\WINDOWS\temp\win90.tmp
2008-01-07 01:04:58 0 --a------ C:\WINDOWS\temp\win91.tmp
2008-01-07 01:04:58 0 --a------ C:\WINDOWS\temp\win92.tmp
2008-01-07 01:04:58 0 --a------ C:\WINDOWS\temp\win93.tmp
2008-01-07 01:06:58 0 --a------ C:\WINDOWS\temp\win94.tmp
2008-01-07 01:06:58 0 --a------ C:\WINDOWS\temp\win95.tmp
2008-01-07 01:06:58 0 --a------ C:\WINDOWS\temp\win96.tmp
2008-01-07 01:08:58 0 --a------ C:\WINDOWS\temp\win97.tmp
2008-01-07 01:08:58 0 --a------ C:\WINDOWS\temp\win98.tmp
2008-01-07 01:08:58 0 --a------ C:\WINDOWS\temp\win99.tmp
2008-01-07 01:10:58 0 --a------ C:\WINDOWS\temp\win9A.tmp
2008-01-07 01:10:58 0 --a------ C:\WINDOWS\temp\win9B.tmp
2008-01-07 01:10:58 0 --a------ C:\WINDOWS\temp\win9C.tmp
2008-01-07 01:12:58 0 --a------ C:\WINDOWS\temp\win9D.tmp
2008-01-07 01:12:58 0 --a------ C:\WINDOWS\temp\win9E.tmp
2008-01-07 01:12:58 0 --a------ C:\WINDOWS\temp\win9F.tmp
2008-01-07 01:14:58 0 --a------ C:\WINDOWS\temp\winA0.tmp
2008-01-07 01:14:58 0 --a------ C:\WINDOWS\temp\winA1.tmp
2008-01-07 01:14:58 0 --a------ C:\WINDOWS\temp\winA2.tmp
2008-01-07 01:16:58 0 --a------ C:\WINDOWS\temp\winA3.tmp
2008-01-07 01:16:58 0 --a------ C:\WINDOWS\temp\winA4.tmp
2008-01-07 01:16:58 0 --a------ C:\WINDOWS\temp\winA5.tmp
2008-01-07 01:18:58 0 --a------ C:\WINDOWS\temp\winA6.tmp
2008-01-07 01:18:58 0 --a------ C:\WINDOWS\temp\winA7.tmp
2008-01-07 01:18:58 0 --a------ C:\WINDOWS\temp\winA8.tmp
2008-01-07 01:20:58 0 --a------ C:\WINDOWS\temp\winA9.tmp
2008-01-07 01:20:58 0 --a------ C:\WINDOWS\temp\winAA.tmp
2008-01-07 01:20:58 0 --a------ C:\WINDOWS\temp\winAB.tmp
2008-01-07 01:22:58 0 --a------ C:\WINDOWS\temp\winAC.tmp
2008-01-07 01:22:58 0 --a------ C:\WINDOWS\temp\winAD.tmp
2008-01-07 01:22:58 0 --a------ C:\WINDOWS\temp\winAE.tmp
2008-01-07 01:24:58 0 --a------ C:\WINDOWS\temp\winAF.tmp
2008-01-07 01:24:58 0 --a------ C:\WINDOWS\temp\winB0.tmp
2008-01-07 01:24:58 0 --a------ C:\WINDOWS\temp\winB1.tmp
2008-01-07 01:26:58 0 --a------ C:\WINDOWS\temp\winB2.tmp
2008-01-07 01:26:58 0 --a------ C:\WINDOWS\temp\winB3.tmp
2008-01-07 01:26:58 0 --a------ C:\WINDOWS\temp\winB4.tmp
2008-01-07 01:28:58 0 --a------ C:\WINDOWS\temp\winB5.tmp
2008-01-07 01:28:58 0 --a------ C:\WINDOWS\temp\winB6.tmp
2008-01-07 01:28:58 0 --a------ C:\WINDOWS\temp\winB7.tmp
2008-01-07 01:30:58 0 --a------ C:\WINDOWS\temp\winB8.tmp
2008-01-07 01:30:58 0 --a------ C:\WINDOWS\temp\winB9.tmp
2008-01-07 01:30:58 0 --a------ C:\WINDOWS\temp\winBA.tmp
2008-01-07 01:32:58 0 --a------ C:\WINDOWS\temp\winBB.tmp
2008-01-07 01:32:58 0 --a------ C:\WINDOWS\temp\winBC.tmp
2008-01-07 01:32:58 0 --a------ C:\WINDOWS\temp\winBD.tmp
2008-01-07 01:34:58 0 --a------ C:\WINDOWS\temp\winBE.tmp
2008-01-07 01:34:58 0 --a------ C:\WINDOWS\temp\winBF.tmp
2008-01-07 01:34:58 0 --a------ C:\WINDOWS\temp\winC0.tmp
2008-01-07 01:36:58 0 --a------ C:\WINDOWS\temp\winC1.tmp
2008-01-07 01:36:58 0 --a------ C:\WINDOWS\temp\winC2.tmp
2008-01-07 01:36:58 0 --a------ C:\WINDOWS\temp\winC3.tmp
2008-01-07 01:38:58 0 --a------ C:\WINDOWS\temp\winC4.tmp
2008-01-07 01:38:58 0 --a------ C:\WINDOWS\temp\winC5.tmp
2008-01-07 01:38:58 0 --a------ C:\WINDOWS\temp\winC6.tmp
2008-01-07 01:40:58 0 --a------ C:\WINDOWS\temp\winC7.tmp
2008-01-07 01:40:58 0 --a------ C:\WINDOWS\temp\winC8.tmp
2008-01-07 01:40:58 0 --a------ C:\WINDOWS\temp\winC9.tmp
2008-01-07 01:42:58 0 --a------ C:\WINDOWS\temp\winCA.tmp
2008-01-07 01:42:58 0 --a------ C:\WINDOWS\temp\winCB.tmp
2008-01-07 01:42:58 0 --a------ C:\WINDOWS\temp\winCC.tmp
2008-01-07 01:44:58 0 --a------ C:\WINDOWS\temp\winCD.tmp
2008-01-07 01:44:58 0 --a------ C:\WINDOWS\temp\winCE.tmp
2008-01-07 01:44:58 0 --a------ C:\WINDOWS\temp\winCF.tmp
2008-01-07 01:46:58 0 --a------ C:\WINDOWS\temp\winD0.tmp
2008-01-07 01:46:58 0 --a------ C:\WINDOWS\temp\winD1.tmp
2008-01-07 01:46:58 0 --a------ C:\WINDOWS\temp\winD2.tmp
2008-01-07 01:48:58 0 --a------ C:\WINDOWS\temp\winD3.tmp
2008-01-07 01:48:58 0 --a------ C:\WINDOWS\temp\winD4.tmp
2008-01-07 01:48:58 0 --a------ C:\WINDOWS\temp\winD5.tmp
2008-01-07 01:50:58 0 --a------ C:\WINDOWS\temp\winD6.tmp
2008-01-07 01:50:58 0 --a------ C:\WINDOWS\temp\winD7.tmp
2008-01-07 01:50:58 0 --a------ C:\WINDOWS\temp\winD8.tmp
2008-01-07 01:52:58 0 --a------ C:\WINDOWS\temp\winD9.tmp
2008-01-07 01:52:58 0 --a------ C:\WINDOWS\temp\winDA.tmp
2008-01-07 01:52:58 0 --a------ C:\WINDOWS\temp\winDB.tmp
2008-01-07 01:54:58 0 --a------ C:\WINDOWS\temp\winDC.tmp
2008-01-07 01:54:58 0 --a------ C:\WINDOWS\temp\winDD.tmp
2008-01-07 01:54:58 0 --a------ C:\WINDOWS\temp\winDE.tmp
2008-01-07 01:56:58 0 --a------ C:\WINDOWS\temp\winDF.tmp
2008-01-07 01:56:58 0 --a------ C:\WINDOWS\temp\winE0.tmp
2008-01-07 01:56:58 0 --a------ C:\WINDOWS\temp\winE1.tmp
2008-01-07 01:58:58 0 --a------ C:\WINDOWS\temp\winE2.tmp
2008-01-07 01:58:58 0 --a------ C:\WINDOWS\temp\winE3.tmp
2008-01-07 01:58:58 0 --a------ C:\WINDOWS\temp\winE4.tmp
2008-01-07 02:00:58 0 --a------ C:\WINDOWS\temp\winE5.tmp
2008-01-07 02:00:58 0 --a------ C:\WINDOWS\temp\winE6.tmp
2008-01-07 02:00:58 0 --a------ C:\WINDOWS\temp\winE7.tmp
2008-01-07 02:02:58 0 --a------ C:\WINDOWS\temp\winE8.tmp
2008-01-07 02:02:58 0 --a------ C:\WINDOWS\temp\winE9.tmp
2008-01-07 02:02:58 0 --a------ C:\WINDOWS\temp\winEA.tmp
2008-01-07 02:04:58 0 --a------ C:\WINDOWS\temp\winEB.tmp
2008-01-07 02:04:58 0 --a------ C:\WINDOWS\temp\winEC.tmp
2008-01-07 02:04:58 0 --a------ C:\WINDOWS\temp\winED.tmp
2008-01-07 02:06:58 0 --a------ C:\WINDOWS\temp\winEE.tmp
2008-01-07 02:06:58 0 --a------ C:\WINDOWS\temp\winEF.tmp
2008-01-07 02:06:58 0 --a------ C:\WINDOWS\temp\winF0.tmp
2008-01-07 02:08:58 0 --a------ C:\WINDOWS\temp\winF1.tmp
2008-01-07 02:08:58 0 --a------ C:\WINDOWS\temp\winF2.tmp
2008-01-07 02:08:58 0 --a------ C:\WINDOWS\temp\winF3.tmp
2008-01-07 02:10:58 0 --a------ C:\WINDOWS\temp\winF4.tmp
2008-01-07 02:10:58 0 --a------ C:\WINDOWS\temp\winF5.tmp
2008-01-07 02:10:58 0 --a------ C:\WINDOWS\temp\winF6.tmp
2008-01-07 02:12:58 0 --a------ C:\WINDOWS\temp\winF7.tmp
2008-01-07 02:12:58 0 --a------ C:\WINDOWS\temp\winF8.tmp
2008-01-07 02:12:58 0 --a------ C:\WINDOWS\temp\winF9.tmp
2008-01-07 02:14:58 0 --a------ C:\WINDOWS\temp\winFA.tmp
2008-01-07 02:14:58 0 --a------ C:\WINDOWS\temp\winFB.tmp
2008-01-07 02:14:58 0 --a------ C:\WINDOWS\temp\winFC.tmp
2008-01-07 02:16:58 0 --a------ C:\WINDOWS\temp\winFD.tmp
2008-01-07 02:16:58 0 --a------ C:\WINDOWS\temp\winFE.tmp
2008-01-07 02:16:58 0 --a------ C:\WINDOWS\temp\winFF.tmp
2008-01-07 02:18:58 0 --a------ C:\WINDOWS\temp\win100.tmp
2008-01-07 02:18:58 0 --a------ C:\WINDOWS\temp\win101.tmp
2008-01-07 02:18:58 0 --a------ C:\WINDOWS\temp\win102.tmp
2008-01-07 02:20:58 0 --a------ C:\WINDOWS\temp\win103.tmp
2008-01-07 02:20:58 0 --a------ C:\WINDOWS\temp\win104.tmp
2008-01-07 02:20:58 0 --a------ C:\WINDOWS\temp\win105.tmp
2008-01-07 02:22:58 0 --a------ C:\WINDOWS\temp\win106.tmp
2008-01-07 02:22:58 0 --a------ C:\WINDOWS\temp\win107.tmp
2008-01-07 02:22:58 0 --a------ C:\WINDOWS\temp\win108.tmp
2008-01-07 02:24:58 0 --a------ C:\WINDOWS\temp\win109.tmp
2008-01-07 02:24:58 0 --a------ C:\WINDOWS\temp\win10A.tmp
2008-01-07 02:24:58 0 --a------ C:\WINDOWS\temp\win10B.tmp
2008-01-07 02:26:58 0 --a------ C:\WINDOWS\temp\win10C.tmp
2008-01-07 02:26:58 0 --a------ C:\WINDOWS\temp\win10D.tmp
2008-01-07 02:26:58 0 --a------ C:\WINDOWS\temp\win10E.tmp
2008-01-07 02:28:58 0 --a------ C:\WINDOWS\temp\win10F.tmp
2008-01-07 02:28:58 0 --a------ C:\WINDOWS\temp\win110.tmp
2008-01-07 02:28:58 0 --a------ C:\WINDOWS\temp\win111.tmp
2008-01-07 02:30:58 0 --a------ C:\WINDOWS\temp\win112.tmp
2008-01-07 02:30:58 0 --a------ C:\WINDOWS\temp\win113.tmp
2008-01-07 02:30:58 0 --a------ C:\WINDOWS\temp\win114.tmp
2008-01-07 02:32:58 0 --a------ C:\WINDOWS\temp\win115.tmp
2008-01-07 02:32:58 0 --a------ C:\WINDOWS\temp\win116.tmp
2008-01-07 02:32:58 0 --a------ C:\WINDOWS\temp\win117.tmp
2008-01-07 02:34:58 0 --a------ C:\WINDOWS\temp\win118.tmp
2008-01-07 02:34:58 0 --a------ C:\WINDOWS\temp\win119.tmp
2008-01-07 02:34:58 0 --a------ C:\WINDOWS\temp\win11A.tmp
2008-01-07 02:36:58 0 --a------ C:\WINDOWS\temp\win11B.tmp
2008-01-07 02:36:58 0 --a------ C:\WINDOWS\temp\win11C.tmp
2008-01-07 02:36:58 0 --a------ C:\WINDOWS\temp\win11D.tmp
2008-01-07 02:38:58 0 --a------ C:\WINDOWS\temp\win11E.tmp
2008-01-07 02:38:58 0 --a------ C:\WINDOWS\temp\win11F.tmp
2008-01-07 02:38:58 0 --a------ C:\WINDOWS\temp\win120.tmp
2008-01-07 02:40:58 0 --a------ C:\WINDOWS\temp\win121.tmp
2008-01-07 02:40:58 0 --a------ C:\WINDOWS\temp\win122.tmp
2008-01-07 02:40:58 0 --a------ C:\WINDOWS\temp\win123.tmp
2008-01-07 02:42:58 0 --a------ C:\WINDOWS\temp\win124.tmp
2008-01-07 02:42:58 0 --a------ C:\WINDOWS\temp\win125.tmp
2008-01-07 02:42:58 0 --a------ C:\WINDOWS\temp\win126.tmp
2008-01-07 02:44:58 0 --a------ C:\WINDOWS\temp\win127.tmp
2008-01-07 02:44:58 0 --a------ C:\WINDOWS\temp\win128.tmp
2008-01-07 02:44:58 0 --a------ C:\WINDOWS\temp\win129.tmp
2008-01-07 02:46:58 0 --a------ C:\WINDOWS\temp\win12A.tmp
2008-01-07 02:46:58 0 --a------ C:\WINDOWS\temp\win12B.tmp
2008-01-07 02:46:58 0 --a------ C:\WINDOWS\temp\win12C.tmp
2008-01-07 02:48:58 0 --a------ C:\WINDOWS\temp\win12D.tmp
2008-01-07 02:48:58 0 --a------ C:\WINDOWS\temp\win12E.tmp
2008-01-07 02:48:58 0 --a------ C:\WINDOWS\temp\win12F.tmp
2008-01-07 02:50:58 0 --a------ C:\WINDOWS\temp\win130.tmp
2008-01-07 02:50:58 0 --a------ C:\WINDOWS\temp\win131.tmp
2008-01-07 02:50:58 0 --a------ C:\WINDOWS\temp\win132.tmp
2008-01-07 02:52:58 0 --a------ C:\WINDOWS\temp\win133.tmp
2008-01-07 02:52:58 0 --a------ C:\WINDOWS\temp\win134.tmp
2008-01-07 02:52:58 0 --a------ C:\WINDOWS\temp\win138.tmp
2008-01-07 02:54:58 0 --a------ C:\WINDOWS\temp\win139.tmp
2008-01-07 02:54:58 0 --a------ C:\WINDOWS\temp\win13A.tmp
2008-01-07 02:54:58 0 --a------ C:\WINDOWS\temp\win13B.tmp
2008-01-07 02:56:58 0 --a------ C:\WINDOWS\temp\win13C.tmp
2008-01-07 02:56:58 0 --a------ C:\WINDOWS\temp\win13D.tmp
2008-01-07 02:56:58 0 --a------ C:\WINDOWS\temp\win13E.tmp
2008-01-07 02:58:58 0 --a------ C:\WINDOWS\temp\win13F.tmp
2008-01-07 02:58:58 0 --a------ C:\WINDOWS\temp\win140.tmp
2008-01-07 02:58:58 0 --a------ C:\WINDOWS\temp\win141.tmp
2008-01-07 03:00:58 0 --a------ C:\WINDOWS\temp\win142.tmp
2008-01-07 03:00:58 0 --a------ C:\WINDOWS\temp\win143.tmp
2008-01-07 03:00:58 0 --a------ C:\WINDOWS\temp\win144.tmp
2008-01-07 03:02:58 0 --a------ C:\WINDOWS\temp\win145.tmp
2008-01-07 03:02:58 0 --a------ C:\WINDOWS\temp\win146.tmp
2008-01-07 03:02:58 0 --a------ C:\WINDOWS\temp\win147.tmp
2008-01-07 03:04:58 0 --a------ C:\WINDOWS\temp\win148.tmp
2008-01-07 03:04:58 0 --a------ C:\WINDOWS\temp\win149.tmp
2008-01-07 03:04:58 0 --a------ C:\WINDOWS\temp\win14A.tmp
2008-01-07 03:06:58 0 --a------ C:\WINDOWS\temp\win14B.tmp
2008-01-07 03:06:58 0 --a------ C:\WINDOWS\temp\win14C.tmp
2008-01-07 03:06:58 0 --a------ C:\WINDOWS\temp\win14D.tmp
2008-01-07 03:08:58 0 --a------ C:\WINDOWS\temp\win14E.tmp
2008-01-07 03:08:58 0 --a------ C:\WINDOWS\temp\win14F.tmp
2008-01-07 03:08:58 0 --a------ C:\WINDOWS\temp\win150.tmp
2008-01-07 03:10:58 0 --a------ C:\WINDOWS\temp\win151.tmp
2008-01-07 03:10:58 0 --a------ C:\WINDOWS\temp\win152.tmp
2008-01-07 03:10:58 0 --a------ C:\WINDOWS\temp\win153.tmp
2008-01-07 03:12:58 0 --a------ C:\WINDOWS\temp\win154.tmp
2008-01-07 03:12:58 0 --a------ C:\WINDOWS\temp\win155.tmp
2008-01-07 03:12:58 0 --a------ C:\WINDOWS\temp\win156.tmp
2008-01-07 03:14:58 0 --a------ C:\WINDOWS\temp\win157.tmp
2008-01-07 03:14:58 0 --a------ C:\WINDOWS\temp\win158.tmp
2008-01-07 03:14:58 0 --a------ C:\WINDOWS\temp\win159.tmp
2008-01-07 03:16:58 0 --a------ C:\WINDOWS\temp\win15A.tmp
2008-01-07 03:16:58 0 --a------ C:\WINDOWS\temp\win15B.tmp
2008-01-07 03:16:58 0 --a------ C:\WINDOWS\temp\win15C.tmp
2008-01-07 03:18:58 0 --a------ C:\WINDOWS\temp\win15D.tmp
2008-01-07 03:18:58 0 --a------ C:\WINDOWS\temp\win15E.tmp
2008-01-07 03:18:58 0 --a------ C:\WINDOWS\temp\win15F.tmp
2008-01-07 03:20:58 0 --a------ C:\WINDOWS\temp\win160.tmp
2008-01-07 03:20:58 0 --a------ C:\WINDOWS\temp\win161.tmp
2008-01-07 03:20:58 0 --a------ C:\WINDOWS\temp\win162.tmp
2008-01-07 03:22:58 0 --a------ C:\WINDOWS\temp\win163.tmp
2008-01-07 03:22:58 0 --a------ C:\WINDOWS\temp\win164.tmp
2008-01-07 03:22:58 0 --a------ C:\WINDOWS\temp\win165.tmp
2008-01-07 03:24:58 0 --a------ C:\WINDOWS\temp\win166.tmp
2008-01-07 03:24:58 0 --a------ C:\WINDOWS\temp\win167.tmp
2008-01-07 03:24:58 0 --a------ C:\WINDOWS\temp\win168.tmp
2008-01-07 03:26:58 0 --a------ C:\WINDOWS\temp\win169.tmp
2008-01-07 03:26:58 0 --a------ C:\WINDOWS\temp\win16A.tmp
2008-01-07 03:26:58 0 --a------ C:\WINDOWS\temp\win16B.tmp
2008-01-07 03:28:58 0 --a------ C:\WINDOWS\temp\win16C.tmp
2008-01-07 03:28:58 0 --a------ C:\WINDOWS\temp\win16D.tmp
2008-01-07 03:28:58 0 --a------ C:\WINDOWS\temp\win16E.tmp
2008-01-07 03:30:58 0 --a------ C:\WINDOWS\temp\win16F.tmp
2008-01-07 03:30:58 0 --a------ C:\WINDOWS\temp\win170.tmp
2008-01-07 03:30:58 0 --a------ C:\WINDOWS\temp\win171.tmp
2008-01-07 03:32:58 0 --a------ C:\WINDOWS\temp\win172.tmp
2008-01-07 03:32:58 0 --a------ C:\WINDOWS\temp\win173.tmp
2008-01-07 03:32:58 0 --a------ C:\WINDOWS\temp\win174.tmp
2008-01-07 03:34:58 0 --a------ C:\WINDOWS\temp\win175.tmp
2008-01-07 03:34:58 0 --a------ C:\WINDOWS\temp\win176.tmp
2008-01-07 03:34:58 0 --a------ C:\WINDOWS\temp\win177.tmp
2008-01-07 03:36:58 0 --a------ C:\WINDOWS\temp\win178.tmp
2008-01-07 03:36:58 0 --a------ C:\WINDOWS\temp\win179.tmp
2008-01-07 03:36:58 0 --a------ C:\WINDOWS\temp\win17A.tmp
2008-01-07 03:38:58 0 --a------ C:\WINDOWS\temp\win17B.tmp
2008-01-07 03:38:58 0 --a------ C:\WINDOWS\temp\win17C.tmp
2008-01-07 03:38:58 0 --a------ C:\WINDOWS\temp\win17D.tmp
2008-01-07 03:40:58 0 --a------ C:\WINDOWS\temp\win17E.tmp
2008-01-07 03:40:58 0 --a------ C:\WINDOWS\temp\win17F.tmp
2008-01-07 03:40:58 0 --a------ C:\WINDOWS\temp\win180.tmp
2008-01-07 03:42:58 0 --a------ C:\WINDOWS\temp\win181.tmp
2008-01-07 03:42:58 0 --a------ C:\WINDOWS\temp\win182.tmp
2008-01-07 03:42:58 0 --a------ C:\WINDOWS\temp\win183.tmp
2008-01-07 03:44:58 0 --a------ C:\WINDOWS\temp\win184.tmp
2008-01-07 03:44:58 0 --a------ C:\WINDOWS\temp\win185.tmp
2008-01-07 03:44:58 0 --a------ C:\WINDOWS\temp\win186.tmp
2008-01-07 03:46:58 0 --a------ C:\WINDOWS\temp\win187.tmp
2008-01-07 03:46:58 0 --a------ C:\WINDOWS\temp\win188.tmp
2008-01-07 03:46:58 0 --a------ C:\WINDOWS\temp\win189.tmp
2008-01-07 03:48:58 0 --a------ C:\WINDOWS\temp\win18A.tmp
2008-01-07 03:48:58 0 --a------ C:\WINDOWS\temp\win18B.tmp
2008-01-07 03:48:58 0 --a------ C:\WINDOWS\temp\win18C.tmp
2008-01-07 03:50:58 0 --a------ C:\WINDOWS\temp\win18D.tmp
2008-01-07 03:50:58 0 --a------ C:\WINDOWS\temp\win18E.tmp
2008-01-07 03:50:58 0 --a------ C:\WINDOWS\temp\win18F.tmp
2008-01-07 03:52:58 0 --a------ C:\WINDOWS\temp\win190.tmp
2008-01-07 03:52:58 0 --a------ C:\WINDOWS\temp\win191.tmp
2008-01-07 03:52:58 0 --a------ C:\WINDOWS\temp\win192.tmp
2008-01-07 03:54:58 0 --a------ C:\WINDOWS\temp\win193.tmp
2008-01-07 03:54:58 0 --a------ C:\WINDOWS\temp\win194.tmp
2008-01-07 03:54:58 0 --a------ C:\WINDOWS\temp\win195.tmp
2008-01-07 03:56:58 0 --a------ C:\WINDOWS\temp\win196.tmp
2008-01-07 03:56:58 0 --a------ C:\WINDOWS\temp\win197.tmp
2008-01-07 03:56:58 0 --a------ C:\WINDOWS\temp\win198.tmp
2008-01-07 03:58:58 0 --a------ C:\WINDOWS\temp\win199.tmp
2008-01-07 03:58:58 0 --a------ C:\WINDOWS\temp\win19A.tmp
2008-01-07 03:58:58 0 --a------ C:\WINDOWS\temp\win19B.tmp
2008-01-07 04:00:58 0 --a------ C:\WINDOWS\temp\win19C.tmp

Log cut in half (due to size) - rest to follow in next post.

Waverley73 · 2008/02/05

2008-01-07 04:00:58 0 --a------ C:\WINDOWS\temp\win19D.tmp
2008-01-07 04:00:58 0 --a------ C:\WINDOWS\temp\win19E.tmp
2008-01-07 04:02:58 0 --a------ C:\WINDOWS\temp\win19F.tmp
2008-01-07 04:02:58 0 --a------ C:\WINDOWS\temp\win1A0.tmp
2008-01-07 04:02:58 0 --a------ C:\WINDOWS\temp\win1A1.tmp
2008-01-07 04:04:58 0 --a------ C:\WINDOWS\temp\win1A2.tmp
2008-01-07 04:04:58 0 --a------ C:\WINDOWS\temp\win1A3.tmp
2008-01-07 04:04:58 0 --a------ C:\WINDOWS\temp\win1A4.tmp
2008-01-07 04:06:58 0 --a------ C:\WINDOWS\temp\win1A5.tmp
2008-01-07 04:06:58 0 --a------ C:\WINDOWS\temp\win1A6.tmp
2008-01-07 04:06:58 0 --a------ C:\WINDOWS\temp\win1A7.tmp
2008-01-07 04:08:58 0 --a------ C:\WINDOWS\temp\win1A8.tmp
2008-01-07 04:08:58 0 --a------ C:\WINDOWS\temp\win1A9.tmp
2008-01-07 04:08:58 0 --a------ C:\WINDOWS\temp\win1AA.tmp
2008-01-07 04:10:58 0 --a------ C:\WINDOWS\temp\win1AB.tmp
2008-01-07 04:10:58 0 --a------ C:\WINDOWS\temp\win1AC.tmp
2008-01-07 04:10:58 0 --a------ C:\WINDOWS\temp\win1AD.tmp
2008-01-07 04:12:58 0 --a------ C:\WINDOWS\temp\win1AE.tmp
2008-01-07 04:12:58 0 --a------ C:\WINDOWS\temp\win1AF.tmp
2008-01-07 04:12:58 0 --a------ C:\WINDOWS\temp\win1B0.tmp
2008-01-07 04:14:58 0 --a------ C:\WINDOWS\temp\win1B1.tmp
2008-01-07 04:14:58 0 --a------ C:\WINDOWS\temp\win1B2.tmp
2008-01-07 04:14:58 0 --a------ C:\WINDOWS\temp\win1B3.tmp
2008-01-07 04:16:58 0 --a------ C:\WINDOWS\temp\win1B4.tmp
2008-01-07 04:16:58 0 --a------ C:\WINDOWS\temp\win1B5.tmp
2008-01-07 04:16:58 0 --a------ C:\WINDOWS\temp\win1B6.tmp
2008-01-07 04:18:58 0 --a------ C:\WINDOWS\temp\win1B7.tmp
2008-01-07 04:18:58 0 --a------ C:\WINDOWS\temp\win1B8.tmp
2008-01-07 04:18:58 0 --a------ C:\WINDOWS\temp\win1B9.tmp
2008-01-07 04:20:58 0 --a------ C:\WINDOWS\temp\win1BA.tmp
2008-01-07 04:20:58 0 --a------ C:\WINDOWS\temp\win1BB.tmp
2008-01-07 04:20:58 0 --a------ C:\WINDOWS\temp\win1BC.tmp
2008-01-07 04:22:58 0 --a------ C:\WINDOWS\temp\win1BD.tmp
2008-01-07 04:22:58 0 --a------ C:\WINDOWS\temp\win1BE.tmp
2008-01-07 04:22:58 0 --a------ C:\WINDOWS\temp\win1BF.tmp
2008-01-07 04:24:58 0 --a------ C:\WINDOWS\temp\win1C0.tmp
2008-01-07 04:24:58 0 --a------ C:\WINDOWS\temp\win1C1.tmp
2008-01-07 04:24:58 0 --a------ C:\WINDOWS\temp\win1C2.tmp
2008-01-07 04:26:58 0 --a------ C:\WINDOWS\temp\win1C3.tmp
2008-01-07 04:26:58 0 --a------ C:\WINDOWS\temp\win1C4.tmp
2008-01-07 04:26:58 0 --a------ C:\WINDOWS\temp\win1C5.tmp
2008-01-07 04:28:58 0 --a------ C:\WINDOWS\temp\win1C6.tmp
2008-01-07 04:28:58 0 --a------ C:\WINDOWS\temp\win1C7.tmp
2008-01-07 04:28:58 0 --a------ C:\WINDOWS\temp\win1C8.tmp
2008-01-07 04:30:58 0 --a------ C:\WINDOWS\temp\win1C9.tmp
2008-01-07 04:30:58 0 --a------ C:\WINDOWS\temp\win1CA.tmp
2008-01-07 04:30:58 0 --a------ C:\WINDOWS\temp\win1CB.tmp
2008-01-07 04:32:58 0 --a------ C:\WINDOWS\temp\win1CC.tmp
2008-01-07 04:32:58 0 --a------ C:\WINDOWS\temp\win1CD.tmp
2008-01-07 04:32:58 0 --a------ C:\WINDOWS\temp\win1CE.tmp
2008-01-07 04:34:58 0 --a------ C:\WINDOWS\temp\win1CF.tmp
2008-01-07 04:34:58 0 --a------ C:\WINDOWS\temp\win1D0.tmp
2008-01-07 04:34:58 0 --a------ C:\WINDOWS\temp\win1D1.tmp
2008-01-07 04:36:58 0 --a------ C:\WINDOWS\temp\win1D2.tmp
2008-01-07 04:36:58 0 --a------ C:\WINDOWS\temp\win1D3.tmp
2008-01-07 04:36:58 0 --a------ C:\WINDOWS\temp\win1D4.tmp
2008-01-07 04:38:58 0 --a------ C:\WINDOWS\temp\win1D5.tmp
2008-01-07 04:38:58 0 --a------ C:\WINDOWS\temp\win1D6.tmp
2008-01-07 04:38:58 0 --a------ C:\WINDOWS\temp\win1D7.tmp
2008-01-07 04:40:58 0 --a------ C:\WINDOWS\temp\win1D8.tmp
2008-01-07 04:40:58 0 --a------ C:\WINDOWS\temp\win1D9.tmp
2008-01-07 04:40:58 0 --a------ C:\WINDOWS\temp\win1DA.tmp
2008-01-07 04:42:58 0 --a------ C:\WINDOWS\temp\win1DB.tmp
2008-01-07 04:42:58 0 --a------ C:\WINDOWS\temp\win1DC.tmp
2008-01-07 04:42:58 0 --a------ C:\WINDOWS\temp\win1DD.tmp
2008-01-07 04:44:58 0 --a------ C:\WINDOWS\temp\win1DE.tmp
2008-01-07 04:44:58 0 --a------ C:\WINDOWS\temp\win1DF.tmp
2008-01-07 04:44:58 0 --a------ C:\WINDOWS\temp\win1E0.tmp
2008-01-07 04:46:58 0 --a------ C:\WINDOWS\temp\win1E1.tmp
2008-01-07 04:46:58 0 --a------ C:\WINDOWS\temp\win1E2.tmp
2008-01-07 04:46:58 0 --a------ C:\WINDOWS\temp\win1E3.tmp
2008-01-07 04:48:58 0 --a------ C:\WINDOWS\temp\win1E4.tmp
2008-01-07 04:48:58 0 --a------ C:\WINDOWS\temp\win1E5.tmp
2008-01-07 04:48:58 0 --a------ C:\WINDOWS\temp\win1E6.tmp
2008-01-07 04:50:58 0 --a------ C:\WINDOWS\temp\win1E7.tmp
2008-01-07 04:50:58 0 --a------ C:\WINDOWS\temp\win1E8.tmp
2008-01-07 04:50:58 0 --a------ C:\WINDOWS\temp\win1E9.tmp
2008-01-07 04:52:58 0 --a------ C:\WINDOWS\temp\win1EA.tmp
2008-01-07 04:52:58 0 --a------ C:\WINDOWS\temp\win1EB.tmp
2008-01-07 04:52:58 0 --a------ C:\WINDOWS\temp\win1EC.tmp
2008-01-07 04:54:58 0 --a------ C:\WINDOWS\temp\win1ED.tmp
2008-01-07 04:54:58 0 --a------ C:\WINDOWS\temp\win1EE.tmp
2008-01-07 04:54:58 0 --a------ C:\WINDOWS\temp\win1EF.tmp
2008-01-07 04:56:58 0 --a------ C:\WINDOWS\temp\win1F0.tmp
2008-01-07 04:56:58 0 --a------ C:\WINDOWS\temp\win1F1.tmp
2008-01-07 04:56:58 0 --a------ C:\WINDOWS\temp\win1F2.tmp
2008-01-07 04:58:58 0 --a------ C:\WINDOWS\temp\win1F3.tmp
2008-01-07 04:58:58 0 --a------ C:\WINDOWS\temp\win1F4.tmp
2008-01-07 04:58:58 0 --a------ C:\WINDOWS\temp\win1F5.tmp
2008-01-07 05:00:58 0 --a------ C:\WINDOWS\temp\win1F6.tmp
2008-01-07 05:00:58 0 --a------ C:\WINDOWS\temp\win1F7.tmp
2008-01-07 05:00:58 0 --a------ C:\WINDOWS\temp\win1F8.tmp
2008-01-07 05:02:58 0 --a------ C:\WINDOWS\temp\win1F9.tmp
2008-01-07 05:02:58 0 --a------ C:\WINDOWS\temp\win1FA.tmp
2008-01-07 05:02:58 0 --a------ C:\WINDOWS\temp\win1FB.tmp
2008-01-07 05:04:58 0 --a------ C:\WINDOWS\temp\win1FC.tmp
2008-01-07 05:04:58 0 --a------ C:\WINDOWS\temp\win1FD.tmp
2008-01-07 05:04:58 0 --a------ C:\WINDOWS\temp\win1FE.tmp
2008-01-07 05:06:58 0 --a------ C:\WINDOWS\temp\win1FF.tmp
2008-01-07 05:06:58 0 --a------ C:\WINDOWS\temp\win200.tmp
2008-01-07 05:06:58 0 --a------ C:\WINDOWS\temp\win201.tmp
2008-01-07 05:08:58 0 --a------ C:\WINDOWS\temp\win202.tmp
2008-01-07 05:08:58 0 --a------ C:\WINDOWS\temp\win203.tmp
2008-01-07 05:08:58 0 --a------ C:\WINDOWS\temp\win204.tmp
2008-01-07 05:10:58 0 --a------ C:\WINDOWS\temp\win205.tmp
2008-01-07 05:10:58 0 --a------ C:\WINDOWS\temp\win206.tmp
2008-01-07 05:10:58 0 --a------ C:\WINDOWS\temp\win207.tmp
2008-01-07 05:12:58 0 --a------ C:\WINDOWS\temp\win208.tmp
2008-01-07 05:12:58 0 --a------ C:\WINDOWS\temp\win209.tmp
2008-01-07 05:12:58 0 --a------ C:\WINDOWS\temp\win20A.tmp
2008-01-07 05:14:58 0 --a------ C:\WINDOWS\temp\win20B.tmp
2008-01-07 05:14:58 0 --a------ C:\WINDOWS\temp\win20C.tmp
2008-01-07 05:14:58 0 --a------ C:\WINDOWS\temp\win20D.tmp
2008-01-07 05:16:58 0 --a------ C:\WINDOWS\temp\win20E.tmp
2008-01-07 05:16:58 0 --a------ C:\WINDOWS\temp\win20F.tmp
2008-01-07 05:16:58 0 --a------ C:\WINDOWS\temp\win210.tmp
2008-01-07 05:18:58 0 --a------ C:\WINDOWS\temp\win211.tmp
2008-01-07 05:18:58 0 --a------ C:\WINDOWS\temp\win212.tmp
2008-01-07 05:18:58 0 --a------ C:\WINDOWS\temp\win213.tmp
2008-01-07 05:20:58 0 --a------ C:\WINDOWS\temp\win214.tmp
2008-01-07 05:20:58 0 --a------ C:\WINDOWS\temp\win215.tmp
2008-01-07 05:20:58 0 --a------ C:\WINDOWS\temp\win216.tmp
2008-01-07 05:22:58 0 --a------ C:\WINDOWS\temp\win217.tmp
2008-01-07 05:22:58 0 --a------ C:\WINDOWS\temp\win218.tmp
2008-01-07 05:22:58 0 --a------ C:\WINDOWS\temp\win219.tmp
2008-01-07 05:24:58 0 --a------ C:\WINDOWS\temp\win21A.tmp
2008-01-07 05:24:58 0 --a------ C:\WINDOWS\temp\win21B.tmp
2008-01-07 05:24:58 0 --a------ C:\WINDOWS\temp\win21C.tmp
2008-01-07 05:26:58 0 --a------ C:\WINDOWS\temp\win21D.tmp
2008-01-07 05:26:58 0 --a------ C:\WINDOWS\temp\win21E.tmp
2008-01-07 05:26:58 0 --a------ C:\WINDOWS\temp\win21F.tmp
2008-01-07 05:28:58 0 --a------ C:\WINDOWS\temp\win220.tmp
2008-01-07 05:28:58 0 --a------ C:\WINDOWS\temp\win221.tmp
2008-01-07 05:28:58 0 --a------ C:\WINDOWS\temp\win222.tmp
2008-01-07 05:30:58 0 --a------ C:\WINDOWS\temp\win223.tmp
2008-01-07 05:30:58 0 --a------ C:\WINDOWS\temp\win224.tmp
2008-01-07 05:30:58 0 --a------ C:\WINDOWS\temp\win225.tmp
2008-01-07 05:32:58 0 --a------ C:\WINDOWS\temp\win226.tmp
2008-01-07 05:32:58 0 --a------ C:\WINDOWS\temp\win227.tmp
2008-01-07 05:32:58 0 --a------ C:\WINDOWS\temp\win228.tmp
2008-01-07 05:34:58 0 --a------ C:\WINDOWS\temp\win229.tmp
2008-01-07 05:34:58 0 --a------ C:\WINDOWS\temp\win22A.tmp
2008-01-07 05:34:58 0 --a------ C:\WINDOWS\temp\win22B.tmp
2008-01-07 05:36:58 0 --a------ C:\WINDOWS\temp\win22C.tmp
2008-01-07 05:36:58 0 --a------ C:\WINDOWS\temp\win22D.tmp
2008-01-07 05:36:58 0 --a------ C:\WINDOWS\temp\win22E.tmp
2008-01-07 05:38:58 0 --a------ C:\WINDOWS\temp\win22F.tmp
2008-01-07 05:38:58 0 --a------ C:\WINDOWS\temp\win230.tmp
2008-01-07 05:38:58 0 --a------ C:\WINDOWS\temp\win231.tmp
2008-01-07 05:40:58 0 --a------ C:\WINDOWS\temp\win232.tmp
2008-01-07 05:40:58 0 --a------ C:\WINDOWS\temp\win233.tmp
2008-01-07 05:40:58 0 --a------ C:\WINDOWS\temp\win234.tmp
2008-01-07 05:42:58 0 --a------ C:\WINDOWS\temp\win235.tmp
2008-01-07 05:42:58 0 --a------ C:\WINDOWS\temp\win236.tmp
2008-01-07 05:42:58 0 --a------ C:\WINDOWS\temp\win237.tmp
2008-01-07 05:44:58 0 --a------ C:\WINDOWS\temp\win238.tmp
2008-01-07 05:44:58 0 --a------ C:\WINDOWS\temp\win239.tmp
2008-01-07 05:44:58 0 --a------ C:\WINDOWS\temp\win23A.tmp
2008-01-07 05:46:58 0 --a------ C:\WINDOWS\temp\win23B.tmp
2008-01-07 05:46:58 0 --a------ C:\WINDOWS\temp\win23C.tmp
2008-01-07 05:46:58 0 --a------ C:\WINDOWS\temp\win23D.tmp
2008-01-07 05:48:58 0 --a------ C:\WINDOWS\temp\win23E.tmp
2008-01-07 05:48:58 0 --a------ C:\WINDOWS\temp\win23F.tmp
2008-01-07 05:48:58 0 --a------ C:\WINDOWS\temp\win240.tmp
2008-01-07 05:50:58 0 --a------ C:\WINDOWS\temp\win241.tmp
2008-01-07 05:50:58 0 --a------ C:\WINDOWS\temp\win242.tmp
2008-01-07 05:50:58 0 --a------ C:\WINDOWS\temp\win243.tmp
2008-01-07 05:52:58 0 --a------ C:\WINDOWS\temp\win244.tmp
2008-01-07 05:52:58 0 --a------ C:\WINDOWS\temp\win245.tmp
2008-01-07 05:52:58 0 --a------ C:\WINDOWS\temp\win246.tmp
2008-01-07 05:54:58 0 --a------ C:\WINDOWS\temp\win247.tmp
2008-01-07 05:54:58 0 --a------ C:\WINDOWS\temp\win248.tmp
2008-01-07 05:54:58 0 --a------ C:\WINDOWS\temp\win249.tmp
2008-01-07 05:56:58 0 --a------ C:\WINDOWS\temp\win24A.tmp
2008-01-07 05:56:58 0 --a------ C:\WINDOWS\temp\win24B.tmp
2008-01-07 05:56:58 0 --a------ C:\WINDOWS\temp\win24C.tmp
2008-01-07 05:58:58 0 --a------ C:\WINDOWS\temp\win24D.tmp
2008-01-07 05:58:58 0 --a------ C:\WINDOWS\temp\win24E.tmp
2008-01-07 05:58:58 0 --a------ C:\WINDOWS\temp\win24F.tmp
2008-01-07 06:00:58 0 --a------ C:\WINDOWS\temp\win250.tmp
2008-01-07 06:00:58 0 --a------ C:\WINDOWS\temp\win251.tmp
2008-01-07 06:00:58 0 --a------ C:\WINDOWS\temp\win252.tmp
2008-01-07 06:02:58 0 --a------ C:\WINDOWS\temp\win253.tmp
2008-01-07 06:02:58 0 --a------ C:\WINDOWS\temp\win254.tmp
2008-01-07 06:02:58 0 --a------ C:\WINDOWS\temp\win255.tmp
2008-01-07 06:04:58 0 --a------ C:\WINDOWS\temp\win256.tmp
2008-01-07 06:04:58 0 --a------ C:\WINDOWS\temp\win257.tmp
2008-01-07 06:04:58 0 --a------ C:\WINDOWS\temp\win258.tmp
2008-01-07 06:06:58 0 --a------ C:\WINDOWS\temp\win259.tmp
2008-01-07 06:06:58 0 --a------ C:\WINDOWS\temp\win25A.tmp
2008-01-07 06:06:58 0 --a------ C:\WINDOWS\temp\win25B.tmp
2008-01-07 06:08:58 0 --a------ C:\WINDOWS\temp\win25C.tmp
2008-01-07 06:08:58 0 --a------ C:\WINDOWS\temp\win25D.tmp
2008-01-07 06:08:58 0 --a------ C:\WINDOWS\temp\win25E.tmp
2008-01-07 06:10:58 0 --a------ C:\WINDOWS\temp\win25F.tmp
2008-01-07 06:10:58 0 --a------ C:\WINDOWS\temp\win260.tmp
2008-01-07 06:10:58 0 --a------ C:\WINDOWS\temp\win261.tmp
2008-01-07 06:12:58 0 --a------ C:\WINDOWS\temp\win262.tmp
2008-01-07 06:12:58 0 --a------ C:\WINDOWS\temp\win263.tmp
2008-01-07 06:12:58 0 --a------ C:\WINDOWS\temp\win264.tmp
2008-01-07 06:14:58 0 --a------ C:\WINDOWS\temp\win265.tmp
2008-01-07 06:14:58 0 --a------ C:\WINDOWS\temp\win266.tmp
2008-01-07 06:14:58 0 --a------ C:\WINDOWS\temp\win267.tmp
2008-01-07 06:16:58 0 --a------ C:\WINDOWS\temp\win268.tmp
2008-01-07 06:16:58 0 --a------ C:\WINDOWS\temp\win269.tmp
2008-01-07 06:16:58 0 --a------ C:\WINDOWS\temp\win26A.tmp
2008-01-07 06:18:58 0 --a------ C:\WINDOWS\temp\win26B.tmp
2008-01-07 06:18:58 0 --a------ C:\WINDOWS\temp\win26C.tmp
2008-01-07 06:18:58 0 --a------ C:\WINDOWS\temp\win26D.tmp
2008-01-07 06:20:58 0 --a------ C:\WINDOWS\temp\win26E.tmp
2008-01-07 06:20:58 0 --a------ C:\WINDOWS\temp\win26F.tmp
2008-01-07 06:20:58 0 --a------ C:\WINDOWS\temp\win270.tmp
2008-01-07 06:22:58 0 --a------ C:\WINDOWS\temp\win271.tmp
2008-01-07 06:22:58 0 --a------ C:\WINDOWS\temp\win272.tmp
2008-01-07 06:22:58 0 --a------ C:\WINDOWS\temp\win273.tmp
2008-01-07 06:24:58 0 --a------ C:\WINDOWS\temp\win274.tmp
2008-01-07 06:24:58 0 --a------ C:\WINDOWS\temp\win275.tmp
2008-01-07 06:24:58 0 --a------ C:\WINDOWS\temp\win276.tmp
2008-01-07 06:26:58 0 --a------ C:\WINDOWS\temp\win277.tmp
2008-01-07 06:26:58 0 --a------ C:\WINDOWS\temp\win278.tmp
2008-01-07 06:26:58 0 --a------ C:\WINDOWS\temp\win279.tmp
2008-01-07 06:28:58 0 --a------ C:\WINDOWS\temp\win27A.tmp
2008-01-07 06:28:58 0 --a------ C:\WINDOWS\temp\win27B.tmp
2008-01-07 06:28:58 0 --a------ C:\WINDOWS\temp\win27C.tmp
2008-01-07 06:30:58 0 --a------ C:\WINDOWS\temp\win27D.tmp
2008-01-07 06:30:58 0 --a------ C:\WINDOWS\temp\win27E.tmp
2008-01-07 06:30:58 0 --a------ C:\WINDOWS\temp\win27F.tmp
2008-01-07 06:32:58 0 --a------ C:\WINDOWS\temp\win280.tmp
2008-01-07 06:32:58 0 --a------ C:\WINDOWS\temp\win281.tmp
2008-01-07 06:32:58 0 --a------ C:\WINDOWS\temp\win282.tmp
2008-01-07 06:34:58 0 --a------ C:\WINDOWS\temp\win283.tmp
2008-01-07 06:34:58 0 --a------ C:\WINDOWS\temp\win284.tmp
2008-01-07 06:34:58 0 --a------ C:\WINDOWS\temp\win285.tmp
2008-01-07 06:36:58 0 --a------ C:\WINDOWS\temp\win286.tmp
2008-01-07 06:36:58 0 --a------ C:\WINDOWS\temp\win287.tmp
2008-01-07 06:36:58 0 --a------ C:\WINDOWS\temp\win288.tmp
2008-01-07 06:38:58 0 --a------ C:\WINDOWS\temp\win289.tmp
2008-01-07 06:38:58 0 --a------ C:\WINDOWS\temp\win28A.tmp
2008-01-07 06:38:58 0 --a------ C:\WINDOWS\temp\win28B.tmp
2008-01-07 06:40:58 0 --a------ C:\WINDOWS\temp\win28C.tmp
2008-01-07 06:40:58 0 --a------ C:\WINDOWS\temp\win28D.tmp
2008-01-07 06:40:58 0 --a------ C:\WINDOWS\temp\win28E.tmp
2008-01-07 06:42:58 0 --a------ C:\WINDOWS\temp\win28F.tmp
2008-01-07 06:42:58 0 --a------ C:\WINDOWS\temp\win290.tmp
2008-01-07 06:42:58 0 --a------ C:\WINDOWS\temp\win291.tmp
2008-01-07 06:44:58 0 --a------ C:\WINDOWS\temp\win292.tmp
2008-01-07 06:44:58 0 --a------ C:\WINDOWS\temp\win293.tmp
2008-01-07 06:44:58 0 --a------ C:\WINDOWS\temp\win294.tmp
2008-01-07 06:46:58 0 --a------ C:\WINDOWS\temp\win295.tmp
2008-01-07 06:46:58 0 --a------ C:\WINDOWS\temp\win296.tmp
2008-01-07 06:46:58 0 --a------ C:\WINDOWS\temp\win297.tmp
2008-01-07 06:48:58 0 --a------ C:\WINDOWS\temp\win298.tmp
2008-01-07 06:48:58 0 --a------ C:\WINDOWS\temp\win299.tmp
2008-01-07 06:48:58 0 --a------ C:\WINDOWS\temp\win29A.tmp
2008-01-07 06:50:58 0 --a------ C:\WINDOWS\temp\win29B.tmp
2008-01-07 06:50:58 0 --a------ C:\WINDOWS\temp\win29C.tmp
2008-01-07 06:50:58 0 --a------ C:\WINDOWS\temp\win29D.tmp
2008-01-07 06:52:58 0 --a------ C:\WINDOWS\temp\win29E.tmp
2008-01-07 06:52:58 0 --a------ C:\WINDOWS\temp\win29F.tmp
2008-01-07 06:52:58 0 --a------ C:\WINDOWS\temp\win2A0.tmp
2008-01-07 06:54:58 0 --a------ C:\WINDOWS\temp\win2A1.tmp
2008-01-07 06:54:58 0 --a------ C:\WINDOWS\temp\win2A2.tmp
2008-01-07 06:54:58 0 --a------ C:\WINDOWS\temp\win2A3.tmp
2008-01-07 06:56:58 0 --a------ C:\WINDOWS\temp\win2A4.tmp
2008-01-07 06:56:58 0 --a------ C:\WINDOWS\temp\win2A5.tmp
2008-01-07 06:56:58 0 --a------ C:\WINDOWS\temp\win2A6.tmp
2008-01-07 06:58:58 0 --a------ C:\WINDOWS\temp\win2A7.tmp
2008-01-07 06:58:58 0 --a------ C:\WINDOWS\temp\win2A8.tmp
2008-01-07 06:58:58 0 --a------ C:\WINDOWS\temp\win2A9.tmp
2008-01-07 07:00:58 0 --a------ C:\WINDOWS\temp\win2AA.tmp
2008-01-07 07:00:58 0 --a------ C:\WINDOWS\temp\win2AB.tmp
2008-01-07 07:00:58 0 --a------ C:\WINDOWS\temp\win2AC.tmp
2008-01-07 07:02:58 0 --a------ C:\WINDOWS\temp\win2AD.tmp
2008-01-07 07:02:58 0 --a------ C:\WINDOWS\temp\win2AE.tmp
2008-01-07 07:02:58 0 --a------ C:\WINDOWS\temp\win2AF.tmp
2008-01-07 07:04:58 0 --a------ C:\WINDOWS\temp\win2B0.tmp
2008-01-07 07:04:58 0 --a------ C:\WINDOWS\temp\win2B1.tmp
2008-01-07 07:04:58 0 --a------ C:\WINDOWS\temp\win2B2.tmp
2008-01-07 07:06:58 0 --a------ C:\WINDOWS\temp\win2B3.tmp
2008-01-07 07:06:58 0 --a------ C:\WINDOWS\temp\win2B4.tmp
2008-01-07 07:06:58 0 --a------ C:\WINDOWS\temp\win2B5.tmp
2008-01-07 07:08:58 0 --a------ C:\WINDOWS\temp\win2B6.tmp
2008-01-07 07:08:58 0 --a------ C:\WINDOWS\temp\win2B7.tmp
2008-01-07 07:08:58 0 --a------ C:\WINDOWS\temp\win2B8.tmp
2008-01-07 07:10:58 0 --a------ C:\WINDOWS\temp\win2B9.tmp
2008-01-07 07:10:58 0 --a------ C:\WINDOWS\temp\win2BA.tmp
2008-01-07 07:10:58 0 --a------ C:\WINDOWS\temp\win2BB.tmp
2008-01-07 07:12:58 0 --a------ C:\WINDOWS\temp\win2BC.tmp
2008-01-07 07:12:58 0 --a------ C:\WINDOWS\temp\win2BD.tmp
2008-01-07 07:12:58 0 --a------ C:\WINDOWS\temp\win2BE.tmp
2008-01-07 07:14:58 0 --a------ C:\WINDOWS\temp\win2BF.tmp
2008-01-07 07:14:58 0 --a------ C:\WINDOWS\temp\win2C0.tmp
2008-01-07 07:14:58 0 --a------ C:\WINDOWS\temp\win2C1.tmp
2008-01-07 07:16:58 0 --a------ C:\WINDOWS\temp\win2C2.tmp
2008-01-07 07:16:58 0 --a------ C:\WINDOWS\temp\win2C3.tmp
2008-01-07 07:16:58 0 --a------ C:\WINDOWS\temp\win2C4.tmp
2008-01-07 07:18:58 0 --a------ C:\WINDOWS\temp\win2C5.tmp
2008-01-07 07:18:58 0 --a------ C:\WINDOWS\temp\win2C6.tmp
2008-01-07 07:18:58 0 --a------ C:\WINDOWS\temp\win2C7.tmp
2008-01-07 07:20:58 0 --a------ C:\WINDOWS\temp\win2C8.tmp
2008-01-07 07:20:58 0 --a------ C:\WINDOWS\temp\win2C9.tmp
2008-01-07 07:20:58 0 --a------ C:\WINDOWS\temp\win2CA.tmp
2008-01-07 07:22:58 0 --a------ C:\WINDOWS\temp\win2CB.tmp
2008-01-07 07:22:58 0 --a------ C:\WINDOWS\temp\win2CC.tmp
2008-01-07 07:22:58 0 --a------ C:\WINDOWS\temp\win2CD.tmp
2008-01-07 07:24:58 0 --a------ C:\WINDOWS\temp\win2CE.tmp
2008-01-07 07:24:58 0 --a------ C:\WINDOWS\temp\win2CF.tmp
2008-01-07 07:24:58 0 --a------ C:\WINDOWS\temp\win2D0.tmp
2008-01-07 07:26:58 0 --a------ C:\WINDOWS\temp\win2D1.tmp
2008-01-07 07:26:58 0 --a------ C:\WINDOWS\temp\win2D2.tmp
2008-01-07 07:26:58 0 --a------ C:\WINDOWS\temp\win2D3.tmp
2008-01-07 07:28:58 0 --a------ C:\WINDOWS\temp\win2D4.tmp
2008-01-07 07:28:58 0 --a------ C:\WINDOWS\temp\win2D5.tmp
2008-01-07 07:28:58 0 --a------ C:\WINDOWS\temp\win2D6.tmp
2008-01-07 07:30:58 0 --a------ C:\WINDOWS\temp\win2D7.tmp
2008-01-07 07:30:58 0 --a------ C:\WINDOWS\temp\win2D8.tmp
2008-01-07 07:30:58 0 --a------ C:\WINDOWS\temp\win2D9.tmp
2008-01-07 07:32:58 0 --a------ C:\WINDOWS\temp\win2DA.tmp
2008-01-07 07:32:58 0 --a------ C:\WINDOWS\temp\win2DB.tmp
2008-01-07 07:32:58 0 --a------ C:\WINDOWS\temp\win2DC.tmp
2008-01-07 07:34:58 0 --a------ C:\WINDOWS\temp\win2DD.tmp
2008-01-07 07:34:58 0 --a------ C:\WINDOWS\temp\win2DE.tmp
2008-01-07 07:34:58 0 --a------ C:\WINDOWS\temp\win2DF.tmp
2008-01-07 07:36:58 0 --a------ C:\WINDOWS\temp\win2E0.tmp
2008-01-07 07:36:58 0 --a------ C:\WINDOWS\temp\win2E1.tmp
2008-01-07 07:36:58 0 --a------ C:\WINDOWS\temp\win2E2.tmp
2008-01-07 07:38:58 0 --a------ C:\WINDOWS\temp\win2E3.tmp
2008-01-07 07:38:58 0 --a------ C:\WINDOWS\temp\win2E4.tmp
2008-01-07 07:38:58 0 --a------ C:\WINDOWS\temp\win2E5.tmp
2008-01-07 07:40:58 0 --a------ C:\WINDOWS\temp\win2E6.tmp
2008-01-07 07:40:58 0 --a------ C:\WINDOWS\temp\win2E7.tmp
2008-01-07 07:40:58 0 --a------ C:\WINDOWS\temp\win2E8.tmp
2008-01-07 07:42:58 0 --a------ C:\WINDOWS\temp\win2E9.tmp
2008-01-07 07:42:58 0 --a------ C:\WINDOWS\temp\win2EA.tmp
2008-01-07 07:42:58 0 --a------ C:\WINDOWS\temp\win2EB.tmp
2008-01-07 07:44:58 0 --a------ C:\WINDOWS\temp\win2EC.tmp
2008-01-07 07:44:58 0 --a------ C:\WINDOWS\temp\win2ED.tmp
2008-01-07 07:44:58 0 --a------ C:\WINDOWS\temp\win2EE.tmp
2008-01-07 07:46:58 0 --a------ C:\WINDOWS\temp\win2EF.tmp
2008-01-07 07:46:58 0 --a------ C:\WINDOWS\temp\win2F0.tmp
2008-01-07 07:46:58 0 --a------ C:\WINDOWS\temp\win2F1.tmp
2008-01-07 07:48:58 0 --a------ C:\WINDOWS\temp\win2F2.tmp
2008-01-07 07:48:58 0 --a------ C:\WINDOWS\temp\win2F3.tmp
2008-01-07 07:48:58 0 --a------ C:\WINDOWS\temp\win2F4.tmp
2008-01-07 07:50:58 0 --a------ C:\WINDOWS\temp\win2F5.tmp
2008-01-07 07:50:58 0 --a------ C:\WINDOWS\temp\win2F6.tmp
2008-01-07 07:50:58 0 --a------ C:\WINDOWS\temp\win2F7.tmp
2008-01-07 07:52:58 0 --a------ C:\WINDOWS\temp\win2F8.tmp
2008-01-07 07:52:58 0 --a------ C:\WINDOWS\temp\win2F9.tmp
2008-01-07 07:52:58 0 --a------ C:\WINDOWS\temp\win2FA.tmp
2008-01-07 07:54:58 0 --a------ C:\WINDOWS\temp\win2FB.tmp
2008-01-07 07:54:58 0 --a------ C:\WINDOWS\temp\win2FC.tmp
2008-01-07 07:54:58 0 --a------ C:\WINDOWS\temp\win2FD.tmp
2008-01-07 07:56:58 0 --a------ C:\WINDOWS\temp\win2FE.tmp
2008-01-07 07:56:58 0 --a------ C:\WINDOWS\temp\win2FF.tmp
2008-01-07 07:56:58 0 --a------ C:\WINDOWS\temp\win300.tmp
2008-01-07 07:58:58 0 --a------ C:\WINDOWS\temp\win301.tmp
2008-01-07 07:58:58 0 --a------ C:\WINDOWS\temp\win302.tmp
2008-01-07 07:58:58 0 --a------ C:\WINDOWS\temp\win303.tmp
2007-03-29 11:07:12 206384 --a------ C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll <Verified; Husdawg, LLC; System Requirements Lab>

-*- End of Logfile -*-

Waverley73 · 2008/02/05

"mflynn said: ↑

Hi Wav

Good morning from where it is morning! Smile!

Go to
Start-Run
type cmd
enter or OK

copy the line

then paste to the c: prompt.

Some of these may not work from Run cmd

For the tasklist just try the below

tasklist.exe /svc > "%USERPROFILE% "\Desktop\Tasklist.txt
Click to expand...

This isn't working. When I do paste the above into the crompt (figured out that ctr-v doesnt work - right clicking on mouse does...doh!) it says:

'tasklist.exe is not recognised as an internal or external command, operable program or batch file'

..and then just regenerates the empty tasklist file on the desktop.

Waverley73 · 2008/02/05

"mflynn said: ↑

Hmmmm

There were some unusual entries in your HJT and the one DSS log you did post but these seemed to be related to games.

I would like to see what it found, if you can paste the Virus log from Avast.

And for sure restart and do another HJT and DSS (all dss logs this time) since these were removed.

We may have to move this to the Malware removal forum. But lets see if the 3 hour limit has been fixed!

Some Malware can not be removed by a general virus scanner and requires surgical removal.

Mike
Click to expand...

Here's all I could find from the Avast scan I did (got this from the 'warning.log' file:

5/02/2008 12:39:34 AM 1202132374 user 2200 Sign of "Win32:Agent-OYI [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\TMP31.tmp\[UPX]" file.
5/02/2008 12:53:57 AM 1202133237 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX3C.tmp\[Embedded#295a8]" file.
5/02/2008 12:54:07 AM 1202133247 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX48.tmp\[Embedded#2080a4]" file.
5/02/2008 12:54:13 AM 1202133253 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX6D.tmp\[Embedded#295a8]" file.
5/02/2008 12:54:15 AM 1202133255 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX79.tmp\[Embedded#2080a4]" file.
5/02/2008 12:54:18 AM 1202133258 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX9E.tmp\[Embedded#295a8]" file.
5/02/2008 12:54:22 AM 1202133262 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCXAA.tmp\[Embedded#2080a4]" file.
5/02/2008 12:54:25 AM 1202133265 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX5.tmp\[Embedded#19fb00]" file.
5/02/2008 12:54:28 AM 1202133268 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX8.tmp\[Embedded#295a8]" file.
5/02/2008 12:54:30 AM 1202133270 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCXB.tmp\[Embedded#143850]" file.
5/02/2008 12:54:32 AM 1202133272 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX14.tmp\[Embedded#2080a4]" file.
5/02/2008 12:54:33 AM 1202133273 user 2200 Sign of "Win32:BHO-LC [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\TMP18.tmp\[PECompact]\[Embedded#4000]\[PECompact]" file.
5/02/2008 12:54:35 AM 1202133275 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX25.tmp\[Embedded#295a8]" file.
5/02/2008 12:54:36 AM 1202133276 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX28.tmp\[Embedded#143850]" file.
5/02/2008 12:54:38 AM 1202133278 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX2B.tmp\[Embedded#09720]" file.
5/02/2008 12:54:40 AM 1202133280 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX31.tmp\[Embedded#2080a4]" file.
5/02/2008 12:54:41 AM 1202133281 user 2200 Sign of "Win32:BHO-LC [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\TMP35.tmp\[PECompact]\[Embedded#4000]\[PECompact]" file.
5/02/2008 12:54:42 AM 1202133282 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX27.tmp\[Embedded#295a8]" file.
5/02/2008 12:54:43 AM 1202133283 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX2A.tmp\[Embedded#143850]" file.
5/02/2008 12:54:46 AM 1202133286 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX34.tmp\[Embedded#03b20]" file.
5/02/2008 12:54:48 AM 1202133288 user 2200 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\RCX3B.tmp\[Embedded#2080a4]" file.
5/02/2008 12:54:49 AM 1202133289 user 2200 Sign of "Win32:BHO-LC [Trj]" has been found in "C:\Deckard\System Scanner\20080124220855\backup\DOCUME~1\user\LOCALS~1\Temp\TMP3F.tmp\[PECompact]\[Embedded#4000]\[PECompact]" file.
5/02/2008 1:47:52 AM 1202136472 user 2200 Sign of "Win32:Agent-AWB [Adw]" has been found in "F:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1295\A0148458.exe\$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe" file.

Waverley73 · 2008/02/05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:09 PM, on 5/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Daemon Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199965207687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6339 bytes

Waverley73 · 2008/02/05

Deckard's System Scanner v20071014.68
Run by user on 2008-02-05 20:43:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:05 PM, on 5/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Daemon Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199965207687
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6371 bytes

-- Files created between 2008-01-05 and 2008-02-05 -----------------------------

2008-02-03 20:20:34 2973696 --a------ C:\Program Files\NFSHP2.exe
2008-02-03 20:19:13 45184 --a------ C:\Program Files\Win2kHook.dll
2008-02-03 20:19:13 41900 --a------ C:\Program Files\RegSetup.exe <Not Verified; CLASS/BACKLASH; CLASS/BACKLASH regsetup>
2008-02-03 20:19:08 970 --a------ C:\Program Files\setup.bat
2008-02-03 20:19:03 0 d-------- C:\Program Files\tracks
2008-02-03 20:19:03 0 d-------- C:\Program Files\Particle
2008-02-03 20:19:03 0 d-------- C:\Program Files\movies
2008-02-03 20:19:02 0 d-------- C:\Program Files\Cars
2008-02-03 20:19:02 0 d-------- C:\Program Files\autorun
2008-02-03 20:19:02 0 d-------- C:\Program Files\AI
2008-02-03 20:19:01 0 d-------- C:\Program Files\Text
2008-02-03 20:19:01 0 d-------- C:\Program Files\ReadMe
2008-02-03 20:19:01 0 d-------- C:\Program Files\FrontEnd
2008-02-03 20:19:01 0 d-------- C:\Program Files\EAGL
2008-02-03 20:19:01 0 d-------- C:\Program Files\Controllers
2008-02-03 20:19:01 0 d-------- C:\Program Files\audio
2008-02-03 20:19:01 0 d-------- C:\Program Files\actors
2008-02-03 20:12:30 0 d-------- C:\Program Files\Need For Speed
2008-02-03 10:28:59 0 d-------- C:\Program Files\Nascar
2008-01-29 22:30:05 1158 --a------ C:\WINDOWS\mozver.dat
2008-01-28 21:48:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 21:48:05 0 d-------- C:\Documents and Settings\user\Application Data\Mozilla
2008-01-28 21:06:13 0 d-------- C:\Program Files\Lavasoft
2008-01-28 21:06:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 21:05:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 20:55:03 0 d-------- C:\Program Files\Alwil Software
2008-01-20 14:27:34 0 d--hs---- C:\FOUND.011
2008-01-18 18:49:57 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-18 18:44:00 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-17 22:13:16 0 d-------- C:\Program Files\Arcade
2008-01-16 22:11:14 0 d-------- C:\Program Files\Mp3TagToolsv12
2008-01-16 22:10:38 0 d-------- C:\Program Files\Razorlame
2008-01-16 22:09:58 0 d-------- C:\Program Files\Lame
2008-01-11 22:59:40 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-10 22:13:47 0 d-------- C:\Documents and Settings\user\Application Data\Comodo
2008-01-10 22:13:45 0 d-------- C:\Program Files\COMODO
2008-01-10 22:13:45 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-09 21:41:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-09 21:41:24 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 06:53:07 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-07 23:23:27 24576 --a------ C:\WINDOWS\system32\CTHELPER.EXE <Not Verified; Creative Technology Ltd; CtHelper Application>
2008-01-07 22:58:44 0 d-------- C:\Program Files\Trend Micro
2008-01-06 23:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 22:30:35 0 dr-h----- C:\Documents and Settings\user\Recent
2008-01-06 22:26:28 0 d-------- C:\Program Files\RogueRemover FREE
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-06 21:58:01 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-06 21:58:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-01-06 21:58:00 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-06 21:58:00 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-06 21:58:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-06 21:57:59 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT

-- Find3M Report ---------------------------------------------------------------

2007-12-15 13:31:04 0 d-------- C:\Program Files\Codemasters
2007-11-30 16:56:50 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-09 14:39:56 94664 --a------ C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC "= "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" []
"CTHelper "= "CTHELPER.EXE" [08/01/2008 07:26 PM C:\WINDOWS\system32\CTHELPER.EXE]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 05:14 PM]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [08/01/2008 07:26 PM]
"Cmaudio "= "cmicnfg.cpl" []
"nwiz "= "nwiz.exe" []
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 05:14 PM]
"SBDrvDet "= "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [08/01/2008 07:26 PM]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [08/01/2008 07:26 PM]
"COMODO Firewall Pro "= "C:\Program Files\COMODO\Firewall\cfp.exe" [10/01/2008 10:13 PM]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/12/2007 12:00 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\MSMSGS.exe" [08/01/2008 07:26 PM]
"DAEMON Tools "= "C:\Program Files\Daemon Tools\daemon.exe" [08/01/2008 07:26 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [30/06/2006 9:29:09 AM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [25/02/2004 1:35:22 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

-- End of Deckard's System Scanner: finished at 2008-02-05 20:43:47 ------------

Waverley73 · 2008/02/05

By the way Mike - the connection problem does seem to be fixed. Other than the fact I can't produce that tasklist file I've been able to follow all of your instructions.

Please let me know if there is any other action that needs to be taken to clean up any other problems you see.

Thanks mate.

mflynn · 2008/02/05

Good morning from where it is morning Wav

Sorry about the tasklist. It is appearently one of the short comings of XP Home. It will run on XP Home so..

Get it here copy it to the c:\Windows folder then run the line I posted.
http://www.computerhope.com/download/winxp/tasklist.exe

OK Those last HJT and DSS scans look good. But since so much was found we need to be sure.

You have a excellent Firewall (Comodo) you have AdAware and you have Avast a good Virus

scanner.

But everyone should also have SpyBot and Xclean_Micro. No one program does it all.

Additionally no one Virus scanner does it all so you need a couple of stand alone virus

cleaners, these you have to run and are not resident all the time like Avast.

You also need good general cleanup programs to clean Windows and Internet temps and the

registry.

So to that end do the below. Use all of these at the first sign of trouble or slow down and at least once a month if no obvious problems. Don't bother even running if you don't update first!!!!!

If problems found do again in safe mode.

Disk and temps
Go back to where you got DSS and get and run ATF-Cleaner "select all" run untill it says no

more to clean

go here http://www.ccleaner.com/download/builds/downloadbinslim
Run it clean all temps, then click Registry and click scan ok to backup and delete all. Run temp and registry clean repeatedly untill the come up clean.
-------------------------------------------------------------------------

Spyware cleaners
Xclean

http://www.xblock.com/download/xclean_micro.exe
Run it delete all it finds, deline to reboot after each find, but do so after it finishes

and rerun untill it comes up clean. Even better if second run is in Safe mode.

SpyBot http://projects.securitywonks.net/projects/details.php?file=2
Install and update go to top and select Advanced mode, but don't run

to run paste the following to the cmd prompt this runs Spybot in max mode that most people do not use and it automaticlly downloads updates

"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoupdate /autocheck /autofix /autoimmunize

--------------------------------------------------------------------------

Stand alone Virus cleaners
download update and run

http://info.prevx.com/download.asp?grab=prevxcsi
http://www.freedrweb.com/cureit/

Run these rebboot send fresk HJT and DSS logs.

Mike

Waverley73 · 2008/02/05

Hi again Mike,

Will do the above tonight my time. Have also de-fragged my hard drive overnight (it was on around 80% this morning after about 9 hours). Does a de-frag of a 80gb hard drive that has arond 60gb of data typically take this long?

Cheers

mflynn · 2008/02/05

Hi Wav

Well it depends on several things.

Speed of HD access, free space available on HD. Depth of fragmentation. Speed of CPU.

But the things that slow it the most are running processes such as resident Virus scanners, resident antispyware even instant messengers and Realplayer updates etc. And of course active Malware!!!!

If some of these do just the right thing it will cause the defrag to start all over from the beginning.

To late now but a good deep temp clean (using the tools in my last post you don't have yet) is recomended before each defrag. Why defrag junk and the junk increases the defrag time. I even defrag my registy befor a disk defrag.

But after you install and run these tools since you now have defraged the next run in safe mode should be only minutes.

I typically do Defrags in safe mode or kill all unnessesary processes.

OK I think you are OK and we will know by morning.

Keep me posted.

Mike

mflynn · 2008/02/05

Wow I just reread this entire thread.

Lots going on.

I forgot to answer your question on things that can not be scanned?

This is mostly normal and are files open and/or protected by Windows.

I also forgot to tell you that some of the Virus's found by Avast were false positives from Deckard.

Finally after all above is done make sure to run the temp and Reg cleaners, reboot and without running anything else run HJT and Deckard and post all logs.

Mike

Waverley73 · 2008/02/05

"mflynn said: ↑

Wow I just reread this entire thread.

Lots going on.

I forgot to answer your question on things that can not be scanned?

This is mostly normal and are files open and/or protected by Windows.

I also forgot to tell you that some of the Virus's found by Avast were false positives from Deckard.

Finally after all above is done make sure to run the temp and Reg cleaners, reboot and without running anything else run HJT and Deckard and post all logs.

Mike
Click to expand...

Tell me about it - I was posting posts/logs like a crazy man last night...hehe

I saw after posting them that a lot of the virus's found were in the Deckard directory.

Also, I have found that there is a subdirectory called 'Qoobox' (or something similar) which has a bunch of files/folders which look like they've been generated during the first lot of clean-ups I did with Noahdfear a few weeks back. I should be able to just delete them alright shouldn't I? It's mostly just made up of logs and other various files/folders.

Thanks again Mike - your help has been much appreciated.

noahdfear · 2008/02/05

Do you still have ComboFix.exe sitting on your desktop? If not, download it from here and save it to the desktop.

With ComboFix.exe on the desktop, click Start>Run and type ComboFix /u then hit Enter. This will uninstall ComboFix, remove the qoobox folder, the Deckards folder, reset System Restore, rehide hidden and system files and finally remove ComboFix.exe as well.

Waverley73 · 2008/02/05

"noahdfear said: ↑

Do you still have ComboFix.exe sitting on your desktop? If not, download it from here and save it to the desktop.

With ComboFix.exe on the desktop, click Start>Run and type ComboFix /u then hit Enter. This will uninstall ComboFix, remove the qoobox folder, the Deckards folder, reset System Restore, rehide hidden and system files and finally remove ComboFix.exe as well.
Click to expand...

Hey there mate,

I'm pretty sure that I do still have combofix.exe on my desktop (I've kept all those programs I used a few weeks back until I was 100% sure all the problems were resolved).

I will do that tonight.

Cheers

noahdfear · 2008/02/05

I'm a bit curious about all of the directories created in C:\Program Files within a few minutes a couple of days ago.

2008-02-03 20:19:03 0 d-------- C:\Program Files\tracks
2008-02-03 20:19:03 0 d-------- C:\Program Files\Particle
2008-02-03 20:19:03 0 d-------- C:\Program Files\movies
2008-02-03 20:19:02 0 d-------- C:\Program Files\Cars
2008-02-03 20:19:02 0 d-------- C:\Program Files\autorun
2008-02-03 20:19:02 0 d-------- C:\Program Files\AI
2008-02-03 20:19:01 0 d-------- C:\Program Files\Text
2008-02-03 20:19:01 0 d-------- C:\Program Files\ReadMe
2008-02-03 20:19:01 0 d-------- C:\Program Files\FrontEnd
2008-02-03 20:19:01 0 d-------- C:\Program Files\EAGL
2008-02-03 20:19:01 0 d-------- C:\Program Files\Controllers
2008-02-03 20:19:01 0 d-------- C:\Program Files\audio
2008-02-03 20:19:01 0 d-------- C:\Program Files\actors

Did you create these, know what did or what they are? Possibly belonging to the program installed 7 minutes prior?

2008-02-03 20:12:30 0 d-------- C:\Program Files\Need For Speed

Also, do you recognize the files created shortly after the above mentioned folders?

2008-02-03 20:20:34 2973696 --a------ C:\Program Files\NFSHP2.exe
2008-02-03 20:19:13 45184 --a------ C:\Program Files\Win2kHook.dll
2008-02-03 20:19:13 41900 --a------ C:\Program Files\RegSetup.exe <Not Verified; CLASS/BACKLASH; CLASS/BACKLASH regsetup>
2008-02-03 20:19:08 970 --a------ C:\Program Files\setup.bat

Please investigate, check folder contents, file properties, etc and let me know.

For the record, specialized tools such as ComboFix, Rogue Remover, SmitfraudFix, etc, are updated very frequently. They should never be kept onboard for use at a later time, but re-downloaded fresh if ever needed again. It would be comparable to installing an antivirus program, then expecting it to be effective a year from now without ever updating it's definitions.

Just wanted to take this opportunity to welcome Mike back, and give him a round of applause for identifying not only the rogue antispyware app I missed, but also the cause of your connection issue ..... OptusNet.

Log in or Sign up

Broadband Connection Drops out After 3 or so Hours...everytime..

mflynn Inactive

Waverley73 Inactive Thread Starter

mflynn Inactive

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

mflynn Inactive

Waverley73 Inactive Thread Starter

mflynn Inactive

mflynn Inactive

Waverley73 Inactive Thread Starter

noahdfear Inactive

Waverley73 Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Broadband Connection Drops out After 3 or so Hours...everytime..

mflynn Inactive

Waverley73 Inactive Thread Starter

mflynn Inactive

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

Waverley73 Inactive Thread Starter

mflynn Inactive

Waverley73 Inactive Thread Starter

mflynn Inactive

mflynn Inactive

Waverley73 Inactive Thread Starter

noahdfear Inactive

Waverley73 Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches