reesboi6522

Zlob.g Trojan Infection[INACTIVE]

Recommended Posts

Hi

I have attempted to rid my computer of this virus a number of times now and although the infection itself has been said to be removed, the effects, namely pop-ups of a bogus trojan warning leading to an anti-spyware webpage still occur every ten minutes. I have enclosed the log, please help mates, thanks.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:16:01, on 08/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: TBSB06180 Class - {4A2E1038-0885-4C92-8E28-A04CF8B94911} - C:\PROGRA~1\WINSTR~1\tbu5BC0\WIN_ST~1.DLL (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk...ows-i586-jc.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{30E6958D-2E25-4006-B133-4D74B8433018}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O24 - Desktop Component 0: Privacy Protection - (no file)

--

End of file - 8572 bytes

Share this post


Link to post
Share on other sites

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

Share this post


Link to post
Share on other sites

Thanks mate

here is a copy of the report, however, the pop up and changed browser remain!!

SDFix: Version 1.240

Run by Gareth on 08/12/2008 at 16:39

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\DOCUME~1\Gareth\LOCALS~1\Temp\atmadm2.exe.bat - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\lwpwer.exe.bat - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\scksexde.exe.bat - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\sfsrv.exe.bat - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\tmp1F.tmp - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\tmp2C.tmp - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\tmp2D.tmp - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\tmp37.tmp - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\tmp49.tmp - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\removalfile.bat - Deleted

C:\DOCUME~1\Gareth\LOCALS~1\Temp\s1265.php.bat - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-08 17:18:05

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"

"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\Arcade Tribe\\arcadetribe.exe"="C:\\Program Files\\Arcade Tribe\\arcadetribe.exe:*:Enabled:Arcade Tribe"

"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\Program Files\\IP Hider\\IP Hider.exe"="C:\\Program Files\\IP Hider\\IP Hider.exe:*:Enabled:IP Hider"

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 24 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Mon 7 Feb 2005 59,392 A..H. --- "C:\Documents and Settings\Gareth\My Documents\~WRL0446.tmp"

Thu 3 Feb 2005 58,880 A..H. --- "C:\Documents and Settings\Gareth\My Documents\~WRL3153.tmp"

Mon 7 Feb 2005 70,144 A..H. --- "C:\Documents and Settings\Gareth\My Documents\~WRL3494.tmp"

Sat 5 Feb 2005 59,392 A..H. --- "C:\Documents and Settings\Gareth\My Documents\~WRL4081.tmp"

Fri 27 Jul 2007 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti7D.tmp"

Fri 18 May 2007 729,088 A..H. --- "C:\Documents and Settings\All Users\Documents\My Pictures\~WRL1155.tmp"

Fri 18 May 2007 3,080,704 A..H. --- "C:\Documents and Settings\All Users\Documents\My Pictures\~WRL1906.tmp"

Fri 2 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Fri 22 Jul 2005 21,504 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL0864.tmp"

Wed 9 Mar 2005 72,704 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL1371.tmp"

Wed 9 Mar 2005 59,904 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL2018.tmp"

Sun 30 Oct 2005 19,456 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL2448.tmp"

Sat 19 Mar 2005 72,704 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL2799.tmp"

Sat 19 Mar 2005 72,704 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL3686.tmp"

Fri 15 Jul 2005 19,456 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL3711.tmp"

Sat 19 Nov 2005 70,656 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Templates\~WRL0067.tmp"

Thu 8 Mar 2007 125,440 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Templates\~WRL1407.tmp"

Fri 4 Mar 2005 44,032 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Templates\~WRL1685.tmp"

Wed 23 Mar 2005 46,080 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Templates\~WRL3884.tmp"

Thu 6 Apr 2006 84,992 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Templates\~WRL4077.tmp"

Sat 19 Jul 2008 23,552 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0005.tmp"

Fri 4 Nov 2005 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0061.tmp"

Sat 26 May 2007 40,448 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0123.tmp"

Thu 21 Dec 2006 22,016 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0237.tmp"

Mon 9 Apr 2007 20,480 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0298.tmp"

Thu 14 Jun 2007 41,472 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0378.tmp"

Tue 6 Mar 2007 19,968 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0475.tmp"

Sun 30 Apr 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0524.tmp"

Thu 29 Jun 2006 96,256 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0709.tmp"

Thu 29 Jun 2006 128,000 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0732.tmp"

Fri 23 Dec 2005 19,968 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0770.tmp"

Sun 29 Oct 2006 24,064 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1007.tmp"

Thu 21 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1102.tmp"

Mon 9 Apr 2007 19,968 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1147.tmp"

Thu 2 Dec 2004 41,984 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1215.tmp"

Sat 19 May 2007 39,424 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1390.tmp"

Sun 30 Apr 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1494.tmp"

Thu 31 May 2007 36,352 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1557.tmp"

Wed 1 Nov 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1744.tmp"

Thu 21 Dec 2006 20,480 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1778.tmp"

Thu 2 Dec 2004 42,496 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1873.tmp"

Mon 8 Nov 2004 40,448 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1990.tmp"

Tue 6 Mar 2007 21,504 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2173.tmp"

Fri 13 Oct 2006 102,912 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2185.tmp"

Tue 6 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2220.tmp"

Tue 6 Mar 2007 24,064 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2265.tmp"

Sun 20 May 2007 39,424 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2582.tmp"

Mon 9 Apr 2007 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2609.tmp"

Sat 14 Oct 2006 103,424 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2614.tmp"

Tue 8 May 2007 37,376 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2628.tmp"

Sun 12 Jun 2005 91,648 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2635.tmp"

Wed 2 Feb 2005 46,592 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2675.tmp"

Wed 25 Apr 2007 34,304 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2684.tmp"

Wed 20 Apr 2005 102,400 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2718.tmp"

Tue 6 Mar 2007 24,576 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2722.tmp"

Tue 6 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2754.tmp"

Wed 1 Nov 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2769.tmp"

Sun 6 May 2007 39,936 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2782.tmp"

Mon 9 Apr 2007 20,480 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2865.tmp"

Tue 6 Mar 2007 20,992 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2958.tmp"

Sun 6 May 2007 32,256 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2959.tmp"

Thu 27 Jul 2006 22,016 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3139.tmp"

Tue 21 Nov 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3359.tmp"

Fri 4 Nov 2005 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3372.tmp"

Sun 6 May 2007 38,912 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3416.tmp"

Sun 6 May 2007 36,864 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3552.tmp"

Tue 29 May 2007 40,448 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3722.tmp"

Sat 5 May 2007 35,840 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3788.tmp"

Sun 29 Oct 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3907.tmp"

Fri 23 Dec 2005 20,480 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3920.tmp"

Wed 20 Apr 2005 54,784 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3983.tmp"

Tue 21 Nov 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL4019.tmp"

Tue 6 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL4087.tmp"

Wed 19 Jul 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\~WRL2302.tmp"

Sun 3 Sep 2006 24,064 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\~WRL2719.tmp"

Thu 31 Aug 2006 19,968 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\~WRL3449.tmp"

Sun 6 Aug 2006 23,040 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\~WRL3785.tmp"

Tue 31 Oct 2006 23,552 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\Christmas Lists\~WRL0809.tmp"

Mon 30 Oct 2006 23,040 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\Christmas Lists\~WRL0955.tmp"

Mon 30 Oct 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\Christmas Lists\~WRL2994.tmp"

Fri 27 Apr 2007 30,720 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\WWE\Main\~WRL0827.tmp"

Fri 20 Oct 2006 27,648 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\WWE\Main\~WRL1090.tmp"

Wed 28 Feb 2007 28,160 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\WWE\Main\~WRL2053.tmp"

Sat 31 Mar 2007 25,088 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\WWE\Main\~WRL2474.tmp"

Finished!

Share this post


Link to post
Share on other sites

Hello

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.