Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

65,536 temp files in Windows Temp folder?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

65,536 temp files in Windows Temp folder?

Unread postby Secrent » October 1st, 2011, 2:25 pm

I have had a 6 mo. ongoing problem with something creating exactly 65,536 (each time) temp. files, in the Windows Temp folder:
They are listed as: TMP994A.tmp. 9/29/2011 9:28pm TMP File 0 KB and progress numerically and alphabetically. It appears to be on a timer, as it can be 2 wks. without loading, sometimes a few days, and recently, it has been reloading soon after I delete them. It takes about 10 mins. to delete them & empty the recycle bin in Safe Mode, doing it on the desktop can take 20-30 mins.
I have run Malwarebytes, Norton, varies registry cleaners with no luck catching whatever it is. I have googled it without any direct hits as to what it might be. Some suggest a program, possibly Adobe causing it. I uninstalled Adobe & it still does it. My Windows startup started taking 2-3 mins. after this started. I am at wits end and may just go ahead with a clean & install, but I dread the drudgery of reloading programs etc.
Any help will be greatly appreciated. Thank you for your time.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Stephen1 at 11:19:05 on 2011-10-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1623 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\SymcPCCULaunchSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.gateway.com/g/startpage.html ... M=2905986R
uInternet Settings,ProxyOverride = *.local
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\market~1.lnk - c:\program files\hewlett-packard\marketsplash by hp\HPLocalWebPrintAgent.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAsse ... ontrol.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D7419D7-C8F0-4FEB-969C-C17A19168AAA} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301010.003\symds.sys [2011-9-20 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301010.003\symefa.sys [2011-9-20 897656]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301010.003\ccsetx86.sys [2011-9-20 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20110930.030\IDSvix86.sys [2011-9-30 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301010.003\ironx86.sys [2011-9-20 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1301010.003\symtdiv.sys [2011-9-20 344184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-12 21504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.1.3\ccsvchst.exe [2011-9-20 138760]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.3.263\SymcPCCULaunchSvc.exe [2010-5-19 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.3.263\ccSvcHst.exe [2010-5-19 126392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 232960]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2008-1-10 401408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
.
=============== Created Last 30 ================
.
2011-09-20 22:36:58 897656 ----a-w- c:\windows\system32\drivers\nis\1301010.003\symefa.sys
2011-09-20 22:36:58 566904 ----a-w- c:\windows\system32\drivers\nis\1301010.003\srtsp.sys
2011-09-20 22:36:58 344184 ----a-w- c:\windows\system32\drivers\nis\1301010.003\symtdiv.sys
2011-09-20 22:36:58 340088 ----a-r- c:\windows\system32\drivers\nis\1301010.003\symds.sys
2011-09-20 22:36:58 31864 ----a-w- c:\windows\system32\drivers\nis\1301010.003\srtspx.sys
2011-09-20 22:36:58 314488 ----a-w- c:\windows\system32\drivers\nis\1301010.003\symnets.sys
2011-09-20 22:36:58 149624 ----a-w- c:\windows\system32\drivers\nis\1301010.003\ironx86.sys
2011-09-20 22:36:58 132744 ----a-w- c:\windows\system32\drivers\nis\1301010.003\ccsetx86.sys
2011-09-20 22:36:54 2801 ----a-w- c:\windows\system32\drivers\nis\1301010.003\symvtcer.dat
2011-09-20 22:36:54 -------- d-----w- c:\windows\system32\drivers\nis\1301010.003
2011-09-13 14:51:17 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a5482dfd-57ea-493b-8e7c-d7f954da9baa}\mpengine.dll
.
==================== Find3M ====================
.
2011-09-14 02:40:55 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 11:19:34.23 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2008 12:43:20 AM
System Uptime: 10/1/2011 6:49:02 AM (5 hours ago)
.
Motherboard: ELITEGROUP | | 680IT-GB
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2403/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 377.673 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.487 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Advanced Registry Optimizer
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.0.5
BigFix
Bing Bar
Bing Rewards Client Installer
Bonjour
Browser Address Error Redirector
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Click to Call with Skype
Compatibility Pack for the 2007 Office system
CyberLink Hi-Def Suite
Digital Media Reader
Gateway Recovery Center Installer
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet 6500 E710a-f Basic Device Software
HP Officejet 6500 E710a-f Help
HP Officejet 6500 E710a-f Product Improvement Study
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
iTunes
Java(TM) SE Runtime Environment 6 Update 1
Juniper Networks Cache Cleaner 6.4.0
Juniper Networks Host Checker
Juniper Networks Setup Client
Malwarebytes' Anti-Malware version 1.51.2.1300
Marketsplash Print Software
Marketsplash Shortcuts
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Bootable Recovery Tool Wizard
Norton Internet Security
Norton PC Checkup
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
ParetoLogic PC Health Advisor
Power2Go 5.0
PowerDVD
PS2 Multimedia Keyboard Driver
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype™ 5.5
Spare Backup
Symantec Technical Support Advanced Chat Controls
Symantec Technical Support Web Controls
System Requirements Lab
Universal Caller ID
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
ViewSonic Monitor Drivers
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
9/30/2011 6:40:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/30/2011 6:38:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2011 6:38:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/30/2011 6:38:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_NIS DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 6:38:27 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2011 6:37:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/30/2011 6:37:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/30/2011 6:37:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/30/2011 6:37:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/30/2011 6:37:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/30/2011 6:36:50 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
9/30/2011 6:36:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
9/30/2011 11:02:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/30/2011 11:02:42 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/30/2011 11:02:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/27/2011 1:04:44 PM, Error: EventLog [6008] - The previous system shutdown at 1:00:26 PM on 9/27/2011 was unexpected.
.
==== End Of File ===========================
Secrent
Active Member
 
Posts: 11
Joined: September 30th, 2011, 8:55 pm
Advertisement
Register to Remove

Re: 65,536 temp files in Windows Temp folder?

Unread postby askey127 » October 3rd, 2011, 2:01 pm

Hi Secrent,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Advanced Registry Optimizer
Google Update Helper
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware version 1.51.2.1300
ParetoLogic PC Health Advisor

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
aswMBR
Download aswMBR and save it to your Desktop.
  • Double click aswMBR.exe to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to a USB flash drive. This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator". OK the permissions.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the log from aswMBR, and the two logs from OTL.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 65,536 temp files in Windows Temp folder?

Unread postby Secrent » October 4th, 2011, 11:14 pm

Hi Askey 127,

Below are the contents of aswMBR.txt and OTL.Txt and Extras.Txt scanned files. The 65,536 temp files had launched this morning, so the scans were done with the files still in the Windows Temp folder. Don't know if that matters or not. All of your instructions were completed as requested in your 1st reply.

Thank You,
Stephen

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-04 19:13:07
-----------------------------
19:13:07.504 OS Version: Windows 6.0.6002 Service Pack 2
19:13:07.504 Number of processors: 4 586 0xF0B
19:13:07.504 ComputerName: STEPHEN-PC UserName: Stephen1
19:13:08.830 Initialize success
19:13:12.496 AVAST engine defs: 11100401
19:13:27.269 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
19:13:27.269 Disk 0 Vendor: NVIDIA__ Size: 476940MB BusType: 8
19:13:29.297 Disk 0 MBR read successfully
19:13:29.297 Disk 0 MBR scan
19:13:29.313 Disk 0 Windows VISTA default MBR code
19:13:29.313 Disk 0 scanning sectors +976771072
19:13:29.375 Disk 0 scanning C:\Windows\system32\drivers
19:13:37.550 Service scanning
19:13:38.735 Modules scanning
19:13:45.116 Disk 0 trace - called modules:
19:13:45.147 ntoskrnl.exe CLASSPNP.SYS disk.sys NVRD32.SYS hal.dll acpi.sys storport.sys NVSTOR32.SYS
19:13:45.147 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86aa4ac8]
19:13:45.147 3 CLASSPNP.SYS[8a7628b3] -> nt!IofCallDriver -> \Device\00000068[0x86182030]
19:13:45.162 5 NVRD32.SYS[8a73c6a8] -> nt!IofCallDriver -> [0x84a94c38]
19:13:45.162 7 acpi.sys[8a6506bc] -> nt!IofCallDriver -> \Device\00000063[0x85588890]
19:13:46.379 AVAST engine scan C:\Windows
19:13:50.638 AVAST engine scan C:\Windows\system32
19:15:40.883 AVAST engine scan C:\Windows\system32\drivers
19:16:05.219 AVAST engine scan C:\Users\Stephen1
19:44:01.594 AVAST engine scan C:\ProgramData
19:47:19.636 Scan finished successfully
19:48:44.728 Disk 0 MBR has been saved successfully to "C:\Users\Stephen1\Desktop\MBR.dat"
19:48:44.728 The log file has been saved successfully to "C:\Users\Stephen1\Desktop\aswMBR.txt"


OTL logfile created on: 10/4/2011 7:59:40 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Stephen1\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.26% Memory free
6.20 Gb Paging File | 4.84 Gb Available in Paging File | 78.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.40 Gb Total Space | 378.34 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 4.49 Gb Free Space | 43.36% Space Free | Partition Type: NTFS

Computer Name: STEPHEN-PC | User Name: Stephen1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/04 19:57:35 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen1\Desktop\OTL.exe
PRC - [2011/09/24 11:09:26 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\SymcPCCULaunchSvc.exe
PRC - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccsvchst.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/11 11:00:04 | 000,093,752 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe
PRC - [2009/06/10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvSCPAPISvr.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/13 17:22:04 | 005,252,936 | ---- | M] (SpareBackup, Inc.) -- C:\Program Files\Spare Backup\SpareBackup.exe
PRC - [2007/07/05 20:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/07 15:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2006/11/07 15:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/11 08:56:55 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
MOD - [2011/08/11 08:55:04 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll
MOD - [2011/08/11 08:55:03 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/11 08:54:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/11 08:54:55 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.ni.dll
MOD - [2011/08/11 08:54:55 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll
MOD - [2011/08/11 08:54:51 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccd064df52eb5479bf745ec2a7b74952\System.Security.ni.dll
MOD - [2011/08/11 08:54:50 | 002,510,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d6ae6d71281689587705eaed351b01d4\System.Data.SqlXml.ni.dll
MOD - [2011/08/11 08:54:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/11 08:14:29 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 08:14:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/11 08:14:07 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/11 08:13:56 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll
MOD - [2011/08/11 08:13:06 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/06/19 08:23:24 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\81bc126ce60194c5af7e6d4b1b03f6c1\Microsoft.VisualC.ni.dll
MOD - [2011/06/19 08:23:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
MOD - [2011/06/19 08:16:18 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2009/03/29 21:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/01/10 02:06:36 | 000,708,608 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Web.Services2\2.0.3.0__31bf3856ad364e35\Microsoft.Web.Services2.dll
MOD - [2007/05/18 22:59:06 | 000,356,928 | ---- | M] () -- C:\Program Files\Spare Backup\sqlite3.dll
MOD - [2007/04/03 08:05:24 | 000,577,096 | ---- | M] () -- C:\Program Files\Spare Backup\System.Data.SQLite.DLL
MOD - [2007/04/03 08:04:54 | 000,183,880 | ---- | M] () -- C:\Program Files\Spare Backup\UberCrypto.dll
MOD - [2006/11/07 15:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/09/24 11:09:26 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe -- (NIS)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/09/29 14:35:11 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110929.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/13 19:40:55 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/13 15:29:38 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111001.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/09/13 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111004.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/13 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/13 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111004.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/08 16:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 19:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1301010.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 19:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/28 20:20:02 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SYMEFA.SYS -- (SymEFA)
DRV - [2011/07/27 16:55:49 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/25 19:18:39 | 000,344,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1301010.003\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/07/25 19:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SYMDS.SYS -- (SymDS)
DRV - [2011/07/25 19:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\Ironx86.SYS -- (SymIRON)
DRV - [2009/06/10 06:03:00 | 009,899,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/09/17 08:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/09 18:12:32 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\DRIVERS\NVRD32.SYS -- (nvrd32)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\DRIVERS\NVSTOR32.SYS -- (nvstor32)
DRV - [2007/04/08 20:47:12 | 000,401,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVer88xHD.sys -- (AVer88xHD)
DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... M=2905986R


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html ... M=2905986R
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html ... M=2905986R
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/09/27 12:18:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2011/10/04 19:00:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/12/08 00:16:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2804789063-2770223520-796147465-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAsse ... ontrol.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7419D7-C8F0-4FEB-969C-C17A19168AAA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stephen1\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Stephen1\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/04 19:57:32 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Stephen1\Desktop\OTL.exe
[2011/10/04 19:09:36 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Stephen1\Desktop\aswMBR.exe
[2011/10/01 12:08:00 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/01 12:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/10/01 11:07:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Stephen1\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2011/10/04 19:57:35 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen1\Desktop\OTL.exe
[2011/10/04 19:48:44 | 000,000,512 | ---- | M] () -- C:\Users\Stephen1\Desktop\MBR.dat
[2011/10/04 19:19:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/04 19:09:39 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Stephen1\Desktop\aswMBR.exe
[2011/10/04 19:04:27 | 000,081,692 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/04 19:04:26 | 000,081,692 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/04 19:04:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/04 19:00:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 19:00:33 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 19:00:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/04 19:00:28 | 3220,439,040 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/03 23:46:40 | 000,000,859 | ---- | M] () -- C:\Users\Stephen1\Desktop\World of Warcraft.lnk
[2011/10/01 12:08:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/01 12:06:58 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/01 11:07:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Stephen1\Desktop\dds.scr
[2011/09/30 23:03:50 | 002,003,289 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301010.003\Cat.DB
[2011/09/21 20:43:09 | 000,002,609 | ---- | M] () -- C:\Users\Stephen1\Desktop\Microsoft Office Word 2003.lnk
[2011/09/21 19:18:35 | 000,004,349 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301010.003\VT20110921.019
[2011/09/20 19:38:42 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/09/16 23:22:22 | 000,001,356 | ---- | M] () -- C:\Users\Stephen1\AppData\Local\d3d9caps.dat
[2011/09/13 19:40:55 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/09/13 19:40:55 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/09/13 19:40:55 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/09/07 22:15:47 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301010.003\isolate.ini

========== Files Created - No Company Name ==========

[2011/10/04 19:48:44 | 000,000,512 | ---- | C] () -- C:\Users\Stephen1\Desktop\MBR.dat
[2011/10/01 15:37:05 | 3220,439,040 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/01 12:06:58 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/01 12:06:57 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010/12/08 00:10:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/08 00:10:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/08 00:10:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/08 00:10:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/08 00:10:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/03 22:39:58 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2009/09/17 19:44:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 19:44:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 19:43:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/27 18:07:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/25 11:23:40 | 000,081,692 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/25 11:23:35 | 000,081,692 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/10 06:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\System32\nvimage.dll
[2009/05/26 20:09:07 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/03/27 22:22:07 | 000,001,356 | ---- | C] () -- C:\Users\Stephen1\AppData\Local\d3d9caps.dat
[2008/11/30 20:20:27 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/03/15 13:17:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/13 21:19:09 | 000,024,064 | ---- | C] () -- C:\Users\Stephen1\AppData\Roaming\UserTile.png
[2008/03/12 17:51:18 | 000,020,992 | ---- | C] () -- C:\Users\Stephen1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/10 22:56:37 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2008/03/10 22:49:54 | 000,148,981 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/03/10 22:49:34 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2008/03/08 17:29:03 | 000,038,868 | ---- | C] () -- C:\Windows\hpomdl03.dat.temp
[2008/03/08 17:29:03 | 000,029,156 | ---- | C] () -- C:\Windows\hpoins03.dat.temp
[2008/03/08 16:19:53 | 000,038,868 | ---- | C] () -- C:\Windows\hpomdl03.dat
[2008/03/08 16:19:53 | 000,029,156 | ---- | C] () -- C:\Windows\hpoins03.dat
[2008/03/08 11:16:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/03/05 20:00:34 | 000,000,102 | ---- | C] () -- C:\Windows\VSWizard.ini
[2008/01/10 01:53:06 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2008/01/10 01:53:06 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2008/01/10 01:53:06 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2008/01/10 01:53:06 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2007/10/12 01:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,336,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 17:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/04/23 20:15:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitZipper
[2011/07/15 00:01:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2011/03/30 14:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Image Zone Express
[2011/07/15 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ParetoLogic
[2011/03/30 14:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Printer Info Cache
[2008/03/08 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SampleView
[2011/10/01 12:03:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spare Backup
[2010/05/17 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Image Zone Express
[2008/03/10 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Printer Info Cache
[2008/03/09 09:30:59 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\SampleView
[2011/05/26 22:13:30 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Spare Backup
[2010/04/23 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\BitZipper
[2011/05/27 23:33:52 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\DriverCure
[2011/03/30 14:50:54 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Image Zone Express
[2009/04/23 18:43:11 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Juniper Networks
[2011/05/27 23:33:51 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\ParetoLogic
[2008/03/13 21:19:09 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\PeerNetworking
[2008/03/12 17:49:44 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Printer Info Cache
[2011/10/04 18:53:05 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Sammsoft
[2008/03/12 17:54:18 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\SampleView
[2011/10/04 19:05:12 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Spare Backup
[2010/07/17 16:24:06 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Tific
[2011/01/29 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\Uniblue
[2009/04/23 18:43:13 | 000,000,000 | ---D | M] -- C:\Users\Stephen1\AppData\Roaming\WholeSecurity
[2011/10/04 18:57:28 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 10/4/2011 7:59:40 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Stephen1\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.26% Memory free
6.20 Gb Paging File | 4.84 Gb Available in Paging File | 78.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.40 Gb Total Space | 378.34 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 4.49 Gb Free Space | 43.36% Space Free | Partition Type: NTFS

Computer Name: STEPHEN-PC | User Name: Stephen1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20223725-64C5-4DCC-96A9-8D692616AFC1}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{2C6BFFE1-E5DA-4668-90E4-C39D730D1834}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{519D749D-415E-4178-963F-0A6871516214}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A2B12A1-C022-40E0-A88B-C0CA02EDA771}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{63B7CF03-3E17-46AF-AA28-698E0926EF5F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6651477B-112A-4306-952A-DA3F3FC2B6EF}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{A56B7C21-B666-4019-8B60-FC41983A9032}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{A5FBDF26-1703-4A6B-854E-DABAE3B129E8}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{BF2DC3B5-53DC-44B4-82E9-3AC443C2A8B4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D10A4E70-5E22-4054-9057-E5D04CC90F0C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{D2D562D3-3F7B-4F54-B4BC-7939C4C40EC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6079F82-878D-4182-B6D2-F080D8B8DF91}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{1130592C-54AF-8E02-D781-2D9ABB6947A1}" = Universal Caller ID
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Hi-Def Suite
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{474A7BA6-A657-4152-8FB5-244D178D7174}" = HP Officejet 6500 E710a-f Product Improvement Study
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{61933675-EFC7-4190-90B6-5AD56E1D9294}" = Marketsplash Print Software
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{670A25D9-1029-4D4E-93FF-66B3C07769D6}" = HP Officejet 6500 E710a-f Basic Device Software
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVerMedia M791 PCIe Combo NTSC/ATSC" = AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.0.5
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"com.comcast.callerid.4C7707E731FA230A00265DE26809CEAF299D5FFD.1" = Universal Caller ID
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"NortonPCCheckup" = Norton PC Checkup
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SystemRequirementsLab" = System Requirements Lab
"World of Warcraft" = World of Warcraft
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2804789063-2770223520-796147465-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2010 5:47:41 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4539

Error - 12/6/2010 5:47:41 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4539

Error - 12/6/2010 5:47:42 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/6/2010 5:47:42 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5616

Error - 12/6/2010 5:47:42 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5616

Error - 12/6/2010 5:47:46 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/6/2010 5:47:47 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8985

Error - 12/6/2010 5:47:47 AM | Computer Name = Stephen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8985

Error - 12/6/2010 11:30:46 AM | Computer Name = Stephen-PC | Source = System Restore | ID = 8193
Description =

Error - 12/6/2010 9:41:50 PM | Computer Name = Stephen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module mshtml.dll, version 8.0.6001.18975, time stamp 0x4c87263d,
exception code 0xc0000005, fault offset 0x00029e0f, process id 0xed0, application
start time 0x01cb95aeb35cb2e0.

[ Media Center Events ]
Error - 9/12/2008 1:50:47 AM | Computer Name = Stephen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/29/2009 9:32:09 PM | Computer Name = Stephen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/1/2011 5:15:27 PM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/1/2011 5:15:48 PM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/1/2011 5:15:48 PM | Computer Name = Stephen-PC | Source = DCOM | ID = 10005
Description =

Error - 10/1/2011 5:15:48 PM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/1/2011 5:31:33 PM | Computer Name = Stephen-PC | Source = DCOM | ID = 10005
Description =

Error - 10/2/2011 11:48:08 AM | Computer Name = Stephen-PC | Source = DCOM | ID = 10005
Description =

Error - 10/2/2011 11:48:09 AM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 10/2/2011 11:48:09 AM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/3/2011 12:08:16 PM | Computer Name = Stephen-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:04:04 AM on 10/3/2011 was unexpected.

Error - 10/3/2011 1:32:05 PM | Computer Name = Stephen-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
Secrent
Active Member
 
Posts: 11
Joined: September 30th, 2011, 8:55 pm

Re: 65,536 temp files in Windows Temp folder?

Unread postby askey127 » October 5th, 2011, 3:52 pm

Secrent,
----------------------------------------------------------------------------------
Download and Run a New MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download in the Free column..
When the next page comes up, click on the Download Now button.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
    (You can Decline any Offer for a Trial if you don't want the paid version)
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.

Also tell me how you use the program "Spare Backup", and how much of the machine you have set to back up.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 65,536 temp files in Windows Temp folder?

Unread postby Secrent » October 5th, 2011, 11:41 pm

Hi,
It loaded again today, although it was 65,539 temp files instead of the usual 65,536 files. I don't know it that means anything. When I did a restart after deleting all the files in Safe Mode, Windows started up right away instead of the usual 2-3 mins.
I downloaded Malwarebytes Pro version as I had it paid for it previously. No malicious items were detected in a Quick Scan. Below is the log.
Thank You,
Stephen

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7882

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/5/2011 8:35:38 PM
mbam-log-2011-10-05 (20-35-38).txt

Scan type: Quick scan
Objects scanned: 201390
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Secrent
Active Member
 
Posts: 11
Joined: September 30th, 2011, 8:55 pm

Re: 65,536 temp files in Windows Temp folder?

Unread postby askey127 » October 6th, 2011, 5:54 am

The reason I had you uninstall Malwarebytes' originally is that you had an obsolete one.

Tell me what you know about Spare Backup.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 65,536 temp files in Windows Temp folder?

Unread postby Secrent » October 6th, 2011, 9:39 pm

Hi,
Sorry, I forgot to answer you about Spare Backup. I know what it is, but I don't use it for anything and haven't really paid attention to it. The temp. files loaded again this morning, went back to usual 65,536 files.
Thank You,
Stephen
Secrent
Active Member
 
Posts: 11
Joined: September 30th, 2011, 8:55 pm

Re: 65,536 temp files in Windows Temp folder?

Unread postby askey127 » October 7th, 2011, 7:47 am

Secrent,
I have a few questions in pursuit of what is causing that phenomenon.

Can you look at the files in the Temp folder and see what they are?
Are they copies of files that may be yours, or do they all look alien?
------------------------------------------------
Remove Program Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click this Entry, if it exists, choose Uninstall/Change, and give permission to Continue:

Spare Backup

------------------------------------------------
Open CCleaner and empty the Temp files.

Tell me what you use for backup, and whether it is automated.
Can you open this file and read the contents? Is it familiar to you?
C:\Windows\Tasks\SCHEDLGU.TXT

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 65,536 temp files in Windows Temp folder?

Unread postby Secrent » October 7th, 2011, 11:00 pm

Hi askey127

I can look at the Windows temp files, nothing that I recognize. I can open them, but there is nothing in them. Of course I did not open all 65,536, but did random thru the list.

I uninstalled Spare Backup. I never paid attention to it or used it. Although, it would occasionally pop up and ask if I wanted to run it, which I did not do. Wonder if it may possibly be the cause of the problem, will see what happens now that it is uninstalled. The Windows Temp files loaded again today. There is a time window that I notice when the files load, usually varies between 9:00am and 12:00pm

I updated CCleaner and emptied the Temp files. I am not using anything for back up.

I am able to open and read C:\Windows\Tasks\SCHEDLGU.TXT. I am not familiar with it. Not sure if you wanted a copy but will post it just in case.

If it is of any help...Prior to this Window Temp files problem, I did have a Google Re-direct that was annoying, until I got Malwarebytes and ran it. Also ran Norton's
NBRT that found an imbedded Trojan virus (forget the name of it) that was not picked up with normal Norton scanning.

Thank You,
Stephen

"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 9/27/2011 1:04:45 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/27/2011 4:58:54 PM
"Task Scheduler Service"
Started at 9/27/2011 6:00:52 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/27/2011 10:34:52 PM
"Task Scheduler Service"
Started at 9/28/2011 7:38:27 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/28/2011 10:29:37 PM
"Task Scheduler Service"
Started at 9/28/2011 10:32:38 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/28/2011 10:42:51 PM
"Task Scheduler Service"
Started at 9/28/2011 11:32:24 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/29/2011 12:02:50 AM
"Task Scheduler Service"
Started at 9/29/2011 8:52:36 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/29/2011 6:15:11 PM
"Task Scheduler Service"
Started at 9/29/2011 6:18:08 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/29/2011 6:31:49 PM
"Task Scheduler Service"
Started at 9/29/2011 6:51:26 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/29/2011 7:23:47 PM
"Task Scheduler Service"
Started at 9/29/2011 7:26:42 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/29/2011 11:41:47 PM
"Task Scheduler Service"
Started at 9/30/2011 9:01:54 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/30/2011 6:33:35 PM
"Task Scheduler Service"
Started at 9/30/2011 6:44:04 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/30/2011 9:33:14 PM
"Task Scheduler Service"
Started at 9/30/2011 9:36:27 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/30/2011 11:38:00 PM
"Task Scheduler Service"
Started at 9/30/2011 11:40:56 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 10/1/2011 2:10:46 PM
"Task Scheduler Service"
Started at 10/1/2011 3:37:10 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 10/3/2011 9:08:18 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 10/3/2011 11:48:41 PM
"Task Scheduler Service"
Started at 10/4/2011 9:58:11 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 10/4/2011 6:57:27 PM
"Task Scheduler Service"
Started at 10/4/2011 7:00:32 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 10/4/2011 8:50:45 PM
"Task Scheduler Service"
Started at 10/4/2011 9:14:27 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 10/4/2011 11:27:52 PM
"Task Scheduler Service"
Started at 10/5/2011 9:31:03 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 10/5/2011 7:40:44 PM
"Task Scheduler Service"
Started at 10/5/2011 8:15:46 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 10/5/2011 11:57:41 PM
"Task Scheduler Service"
Started at 10/6/2011 7:50:59 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 10/6/2011 6:11:01 PM
"Task Scheduler Service"
Started at 10/6/2011 6:28:11 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 10/7/2011 9:43:30 AM
"Task Scheduler Service"
Started at 10/7/2011 5:37:49 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 10/7/2011 5:39:21 PM
"Task Scheduler Service"
Started at 10/7/2011 5:51:58 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
[ ***** Most recent entry is above this line ***** ]


"Task Scheduler Service"
Started at 7/17/2011 1:40:13 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 7/18/2011 6:56:12 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/18/2011 11:52:11 PM
"Task Scheduler Service"
Started at 7/19/2011 9:19:20 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 7/19/2011 1:10:17 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 7/19/2011 4:40:41 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/19/2011 8:53:32 PM
"Task Scheduler Service"
Started at 7/19/2011 10:36:53 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/19/2011 11:28:08 PM
"Task Scheduler Service"
Started at 7/20/2011 7:52:00 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/20/2011 10:43:49 PM
"Task Scheduler Service"
Started at 7/21/2011 11:33:29 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/21/2011 11:06:50 PM
"Task Scheduler Service"
Started at 7/22/2011 11:39:02 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 7/22/2011 9:23:07 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/23/2011 12:42:28 AM
"Task Scheduler Service"
Started at 7/23/2011 9:51:40 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/23/2011 10:36:32 AM
"Task Scheduler Service"
Started at 7/23/2011 7:32:10 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/23/2011 11:59:01 PM
"Task Scheduler Service"
Started at 7/24/2011 10:19:07 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/24/2011 9:37:07 PM
"Task Scheduler Service"
Started at 7/25/2011 8:11:06 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/25/2011 10:36:06 PM
"Task Scheduler Service"
Started at 7/26/2011 8:55:39 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/26/2011 11:48:56 PM
"Task Scheduler Service"
Started at 7/27/2011 9:03:31 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/27/2011 11:29:23 PM
"Task Scheduler Service"
Started at 7/28/2011 7:33:23 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/28/2011 11:41:10 PM
"Task Scheduler Service"
Started at 7/29/2011 8:56:19 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/29/2011 11:55:54 PM
"Task Scheduler Service"
Started at 7/30/2011 7:33:28 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/30/2011 11:34:05 PM
"Task Scheduler Service"
Started at 7/31/2011 9:02:42 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 7/31/2011 10:41:03 PM
"Task Scheduler Service"
Started at 8/1/2011 8:45:05 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/1/2011 10:31:23 PM
"Task Scheduler Service"
Started at 8/2/2011 7:18:17 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 8/2/2011 4:51:30 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/2/2011 9:10:06 PM
"Task Scheduler Service"
Started at 8/2/2011 9:35:58 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/2/2011 11:52:48 PM
"Task Scheduler Service"
Started at 8/3/2011 8:28:46 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 8/3/2011 8:41:24 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/3/2011 11:34:06 PM
"Task Scheduler Service"
Started at 8/3/2011 11:37:41 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/4/2011 12:06:03 AM
"Task Scheduler Service"
Started at 8/4/2011 7:15:52 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 8/4/2011 8:19:29 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/4/2011 10:31:16 PM
"Task Scheduler Service"
Started at 8/5/2011 7:28:50 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/5/2011 11:55:36 PM
"Task Scheduler Service"
Started at 8/6/2011 7:46:00 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/7/2011 12:31:22 AM
"Task Scheduler Service"
Started at 8/7/2011 7:38:52 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/8/2011 10:08:53 PM
"Task Scheduler Service"
Started at 8/9/2011 8:42:44 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/11/2011 8:08:01 AM
"Task Scheduler Service"
Started at 8/11/2011 8:12:10 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 8/17/2011 11:50:54 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 8/23/2011 9:46:48 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/23/2011 10:22:55 PM
"Task Scheduler Service"
Started at 8/24/2011 7:15:21 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/24/2011 10:42:01 PM
"Task Scheduler Service"
Started at 8/25/2011 7:43:38 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/25/2011 11:34:38 PM
"Task Scheduler Service"
Started at 8/26/2011 8:24:48 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/27/2011 1:24:29 AM
"Task Scheduler Service"
Started at 8/27/2011 8:02:07 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/28/2011 12:44:23 AM
"Task Scheduler Service"
Started at 8/28/2011 8:47:21 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/28/2011 11:13:00 PM
"Task Scheduler Service"
Started at 8/29/2011 8:07:52 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 8/31/2011 11:04:19 PM
"Task Scheduler Service"
Started at 9/1/2011 8:08:57 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 9/1/2011 5:08:50 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/1/2011 11:35:03 PM
"Task Scheduler Service"
Started at 9/2/2011 8:34:54 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/4/2011 11:25:00 PM
"Task Scheduler Service"
Started at 9/5/2011 8:46:57 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 9/6/2011 5:13:08 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/13/2011 7:41:55 PM
"Task Scheduler Service"
Started at 9/13/2011 7:45:54 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 9/14/2011 8:29:35 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/14/2011 11:24:55 PM
"Task Scheduler Service"
Started at 9/15/2011 7:58:57 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/15/2011 11:16:08 PM
"Task Scheduler Service"
Started at 9/16/2011 7:58:35 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/16/2011 11:07:32 PM
"Task Scheduler Service"
Started at 9/16/2011 11:27:32 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/18/2011 4:10:51 PM
"Task Scheduler Service"
Started at 9/18/2011 6:30:16 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/18/2011 9:33:30 PM
"Task Scheduler Service"
Started at 9/18/2011 10:51:13 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/19/2011 11:02:04 PM
"Task Scheduler Service"
Started at 9/19/2011 11:03:17 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/20/2011 7:20:07 PM
"Task Scheduler Service"
Started at 9/20/2011 7:38:32 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 9/20/2011 9:52:29 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/20/2011 10:16:50 PM
"Task Scheduler Service"
Started at 9/21/2011 3:08:55 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/21/2011 11:18:01 PM
"Task Scheduler Service"
Started at 9/22/2011 9:01:36 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/22/2011 11:15:01 PM
"Task Scheduler Service"
Started at 9/24/2011 10:08:09 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/24/2011 11:30:23 AM
"Task Scheduler Service"
Started at 9/24/2011 7:03:08 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/24/2011 7:12:23 PM
"Task Scheduler Service"
Started at 9/24/2011 7:14:01 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/25/2011 12:51:01 AM
"Task Scheduler Service"
Started at 9/25/2011 4:10:59 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/25/2011 10:22:44 PM
"Task Scheduler Service"
Started at 9/26/2011 7:10:07 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/26/2011 7:14:47 PM
"Task Scheduler Service"
Started at 9/26/2011 7:41:25 PM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/26/2011 11:33:39 PM
"Task Scheduler Service"
Started at 9/27/2011 10:22:10 AM
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Exited at 9/27/2011 12:16:52 PM
"Task Scheduler Service"
Started at 9/27/2011 12:18:02 PM
Secrent
Active Member
 
Posts: 11
Joined: September 30th, 2011, 8:55 pm

Re: 65,536 temp files in Windows Temp folder?

Unread postby askey127 » October 8th, 2011, 7:34 am

Secrent,
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    C:\Windows\Tasks /S
    :Filefind
    *snap*
    :folderfind
    *snap*
    :Regfind
    snapserver
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 65,536 temp files in Windows Temp folder?

Unread postby Secrent » October 8th, 2011, 2:00 pm

Hi,
Something we did affected the problem, as this morning only 6 temp. files had loaded. I am having trouble trying to open one, not sure which program will work. Tried several with no luck. I may have mis-advised you about the contents of the files, if indeed there is anything in them, as I assumed with 0 bytes there is nothing in them?

I ran SystemLook as directed, here is the text file:

SystemLook 30.07.11 by jpshortstuff
Log created at 10:49 on 08/10/2011 by Stephen1
Administrator - Elevation successful

========== dir ==========

C:\Windows\Tasks - Parameters: "/S"

---Files---
GoogleUpdateTaskMachineCore.job --a---- 886 bytes [18:44 26/03/2011] [15:02 08/10/2011]
GoogleUpdateTaskMachineUA.job --a---- 890 bytes [18:44 26/03/2011] [17:19 08/10/2011]
SA.DAT --ah--- 6 bytes [13:01 02/11/2006] [14:59 08/10/2011]
SCHEDLGU.TXT --a---- 32540 bytes [13:01 02/11/2006] [08:14 08/10/2011]

No folders found.

========== Filefind ==========

Searching for "*snap*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk --a---- 2020 bytes [20:16 15/03/2008] [20:16 15/03/2008] BB5582EA996CCE075C41AC796AAEFB86
C:\Qoobox\SnapShot@2010-12-08_07.16.54.dat --a---- 0 bytes [07:17 08/12/2010] [07:17 08/12/2010] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Administrator\AppData\Local\Microsoft\Toolbar\IsolatedStorage\BlinkyApp\6.3.2291.0\Resources\AppResources\Images\Jewel\IP2\snappy_74x54_stack.png --a---- 8582 bytes [00:39 31/03/2011] [00:39 31/03/2011] 357C0FF20EF8252673F990125DD7E65E
C:\Users\Administrator\AppData\Local\Microsoft\Toolbar\IsolatedStorage\Chameleon\6.3.2291.0\Resources\AppResources\Images\Jewel\IP2\snappy_74x54_stack.png --a---- 8582 bytes [00:39 31/03/2011] [00:39 31/03/2011] 357C0FF20EF8252673F990125DD7E65E
C:\Users\Administrator\AppData\Local\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\6.3.2291.0\Resources\AppResources\Images\Jewel\IP2\snappy_74x54_stack.png --a---- 8582 bytes [00:39 31/03/2011] [00:39 31/03/2011] 357C0FF20EF8252673F990125DD7E65E
C:\Users\Administrator\AppData\Local\Microsoft\Toolbar\IsolatedStorage\SearchApp\6.3.2291.0\Resources\AppResources\Images\Jewel\IP2\snappy_74x54_stack.png --a---- 8582 bytes [00:39 31/03/2011] [00:39 31/03/2011] 357C0FF20EF8252673F990125DD7E65E
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk --a---- 2020 bytes [20:16 15/03/2008] [20:16 15/03/2008] BB5582EA996CCE075C41AC796AAEFB86
C:\Users\Stephen1\AppData\Local\Microsoft\Toolbar\IsolatedStorage\BlinkyApp\6.3.2291.0\Resources\AppResources\Images\Jewel\IP2\snappy_74x54_stack.png --a---- 8582 bytes [01:21 31/03/2011] [01:21 31/03/2011] 357C0FF20EF8252673F990125DD7E65E
C:\Users\Stephen1\AppData\Local\Microsoft\Toolbar\IsolatedStorage\Chameleon\6.3.2291.0\Resources\AppResources\Images\Jewel\IP2\snappy_74x54_stack.png --a---- 8582 bytes [01:21 31/03/2011] [01:21 31/03/2011] 357C0FF20EF8252673F990125DD7E65E
C:\Users\Stephen1\AppData\Local\Microsoft\Toolbar\IsolatedStorage\ObsidianApp\6.3.2291.0\Resources\AppResources\Images\Jewel\IP2\snappy_74x54_stack.png --a---- 8582 bytes [01:21 31/03/2011] [01:21 31/03/2011] 357C0FF20EF8252673F990125DD7E65E
C:\Users\Stephen1\AppData\Local\Microsoft\Toolbar\IsolatedStorage\SearchApp\6.3.2291.0\Resources\AppResources\Images\Jewel\IP2\snappy_74x54_stack.png --a---- 8582 bytes [01:21 31/03/2011] [01:21 31/03/2011] 357C0FF20EF8252673F990125DD7E65E
C:\Users\Stephen1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GJ08FQQ\vlcsnap-2011-10-04-16h52m57s11[1].jpg --a---- 2713 bytes [03:27 08/10/2011] [03:27 08/10/2011] 2FB1BE2977CE2B141F0B3136C9DC407C
C:\Users\Stephen1\Favorites\Go Karts\Snap-on Stars of Karting Racing.url --a---- 136 bytes [19:51 15/03/2008] [22:24 17/07/2011] D13DD56B0C40FCCEE26F30120437BEAD
C:\Windows\assembly\GAC_MSIL\napsnap\6.0.0.0__31bf3856ad364e35\NAPSNAP.DLL --a---- 458752 bytes [23:37 12/06/2008] [07:38 19/01/2008] E23E798E853A609BABBFD45AF89FE91C
C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_en_31bf3856ad364e35\napsnap.resources.dll --a---- 245760 bytes [02:43 18/09/2009] [06:38 11/04/2009] CC0BF237BDEA84A252B8AC7731B83109
C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap\49d8412c8fdaa298f0941bbf8f961fe1\napsnap.ni.dll --a---- 724992 bytes [15:56 11/08/2011] [15:56 11/08/2011] A7A4120E5851A72D0047979341BD9893
C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap\b8d46b3c732915ab09f6f38f9fc3c581\napsnap.ni.dll --a---- 724992 bytes [15:35 19/06/2011] [15:35 19/06/2011] ADEF99EFE039257CE4D6340386CB90D2
C:\Windows\inf\volsnap.inf --a---- 1790 bytes [10:25 02/11/2006] [10:25 02/11/2006] E5EE5E075DAB1367001C467C70E8C580
C:\Windows\inf\volsnap.PNF --a---- 4940 bytes [10:25 02/11/2006] [08:49 10/01/2008] 8BB59B2576993A142AF85BAC5D9995F7
C:\Windows\System32\AuthFWSnapin.dll --a---- 4595712 bytes [23:38 12/06/2008] [07:38 19/01/2008] FC772BA174094D86AA73A65A8AD77047
C:\Windows\System32\comsnap.dll --a---- 220160 bytes [23:38 12/06/2008] [07:33 19/01/2008] 973642071FD324603235AFD9B1B199AA
C:\Windows\System32\eqossnap.dll --a---- 54784 bytes [08:57 02/11/2006] [09:46 02/11/2006] 523719F4E7786DF8F515DE7628E75A22
C:\Windows\System32\iasnap.dll --a---- 150528 bytes [02:43 18/09/2009] [06:28 11/04/2009] 1E767541B585BB3ED02FF33BC60E92A7
C:\Windows\System32\ipsmsnap.dll --a---- 396288 bytes [02:44 18/09/2009] [06:28 11/04/2009] C192DD0C53FD0616AC31A9E0ADAE0C39
C:\Windows\System32\napdsnap.dll --a---- 67584 bytes [23:37 12/06/2008] [07:35 19/01/2008] 8BF64493F9E9BEBFE5BFD148CDD3B992
C:\Windows\System32\drivers\volsnap.sys --a---- 226280 bytes [02:43 18/09/2009] [06:32 11/04/2009] 147281C01FCB1DF9252DE2A10D5E7093
C:\Windows\System32\drivers\en-US\volsnap.sys.mui --a---- 32768 bytes [23:36 12/06/2008] [07:36 19/01/2008] 2A3DEAD70397152006B4E3CED20B41C4
C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc --a---- 198 bytes [12:41 02/11/2006] [12:41 02/11/2006] F040058B592FE682204B2FC15DDEAC0D
C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf --a---- 1790 bytes [10:25 02/11/2006] [06:35 02/11/2006] E5EE5E075DAB1367001C467C70E8C580
C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF --a---- 4940 bytes [13:03 02/11/2006] [08:49 10/01/2008] F86E905420A12D5AAE107DBBC25E6A18
C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys --a---- 226280 bytes [02:43 18/09/2009] [06:32 11/04/2009] 147281C01FCB1DF9252DE2A10D5E7093
C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys --a---- 208488 bytes [10:25 02/11/2006] [09:51 02/11/2006] 11EF6C1CAEF76B685233450A126125D6
C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys --a---- 227896 bytes [23:38 12/06/2008] [07:42 19/01/2008] D8B4A53DD2769F226B3EB374374987C9
C:\Windows\System32\en\AuthFWSnapIn.Resources.dll --a---- 1327104 bytes [12:41 02/11/2006] [12:41 02/11/2006] 8F50790B130E746D7DE05F5F175624B9
C:\Windows\System32\en-US\eqossnap.dll.mui --a---- 13824 bytes [12:41 02/11/2006] [12:41 02/11/2006] 0296AA320895597AFDA5F486C59B34D2
C:\Windows\System32\en-US\IpsmSnap.dll.mui --a---- 61440 bytes [12:41 02/11/2006] [12:41 02/11/2006] 9AF50A42DFA24230F7CEBA8D020C59F8
C:\Windows\System32\en-US\napdsnap.dll.mui --a---- 4096 bytes [12:41 02/11/2006] [12:41 02/11/2006] F5AB6EFB02E97D00DF4C14280DE12DB9
C:\Windows\System32\migwiz\dlmanifests\GroupPolicy-Admin-Gpedit-Snapin-DL.man --a---- 1288 bytes [12:35 02/11/2006] [12:35 02/11/2006] 03877F92BFF31DCB8CA8F9F5F4197BDE
C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IIS-LegacySnapIn-Deployment-DL.man --a---- 1950 bytes [23:36 12/06/2008] [11:28 05/01/2008] EC10AF3E9BBFAEFCB16A2180951A82CF
C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{0ae015d5-007d-496d-a7d2-f77de902c519}\snapshot.etl --a---- 1769472 bytes [01:02 07/10/2011] [14:50 06/10/2011] 1F84AA13C814820B578F5118CC46A9A6
C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{0bf2b866-4e31-4ea1-ae05-3e8eb1696d12}\snapshot.etl --a---- 1900544 bytes [06:25 07/10/2011] [01:28 07/10/2011] F9ED023A39AB4AD48AE9FE01ABA8A508
C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{555be70f-d32c-4eb4-9703-07d1ec9b7e14}\snapshot.etl --a---- 1130496 bytes [00:36 07/10/2011] [14:50 06/10/2011] 27510C4FC280CB386206CCF9500F4200
C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{8f2d00d0-c55e-4dd9-8e89-30c630a33f66}\snapshot.etl --a---- 1048576 bytes [17:19 08/10/2011] [14:59 08/10/2011] 363018FDC8B3EA0ED31E32B114CEB095
C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{95b211bb-9d7a-461e-bbc9-3b0c07491171}\snapshot.etl --a---- 2097152 bytes [15:20 07/10/2011] [01:28 07/10/2011] 6A4C8A6FB1AD1AA4C458FAFDF42383FF
C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{b4aa6921-48c0-4517-bbae-af9837390926}\snapshot.etl --a---- 1048576 bytes [03:26 07/10/2011] [01:28 07/10/2011] 4EDE97C2919F6885DFEC3730C648154D
C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{21eaf7dc-dd85-49f0-b457-cffe826e8824}\snapshot.etl --a---- 262144 bytes [04:15 05/10/2011] [04:14 05/10/2011] EEA70323D38A111ACAC66ADB65EFA57C
C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{8147fab0-3e9b-4673-b73f-7476beb30904}\snapshot.etl --a---- 262144 bytes [02:01 05/10/2011] [02:00 05/10/2011] 53685BD8E7EE80EF83C38F2B3D6CE8DE
C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{b91ce1fe-cb4d-44ff-8f49-23eea00b1224}\snapshot.etl --a---- 245760 bytes [14:52 06/10/2011] [14:50 06/10/2011] D9123FA2639A4537268307A4BA56E0A6
C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{be6c9422-97c2-41bd-b4d7-d3acbc0d7df0}\snapshot.etl --a---- 245760 bytes [15:01 08/10/2011] [14:59 08/10/2011] CD32CEE54A8193EA2024354E0E9463ED
C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{18d6c37d-8ac7-4e8e-9f88-e946fa100bd5}\snapshot.etl --a---- 344064 bytes [16:59 04/10/2011] [16:58 04/10/2011] 3C5195C1135CB2CD278DE8BD80FEB4FA
C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{56283073-3e51-4116-bb22-171db33be064}\snapshot.etl --a---- 294912 bytes [01:30 07/10/2011] [01:28 07/10/2011] E89BEF0EA2763E8596142C1E61BF56DF
C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{a5fcb269-6d28-4fd6-80e3-0524200da8cd}\snapshot.etl --a---- 360448 bytes [02:05 05/10/2011] [02:00 05/10/2011] DDE6762F5ED6C6805E8ED668383CA372
C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bdda3ccc-449a-4696-8b53-10eaa20695ec}\snapshot.etl --a---- 344064 bytes [15:00 06/10/2011] [14:50 06/10/2011] 5891ED9DC52DA56F4A34E09DCCB8DF02
C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{d16dc61f-53e7-4250-b248-3327743a9a25}\snapshot.etl --a---- 278528 bytes [03:17 06/10/2011] [03:15 06/10/2011] 78BFC5AF034C23883B829C065AF8C04A
C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{d3580469-8559-48a8-8548-44630a2581bb}\snapshot.etl --a---- 360448 bytes [04:17 05/10/2011] [04:14 05/10/2011] 24668F54B8ADBBBE828C27AD1128D749
C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{d471f8b2-ef0e-4268-abd6-df9fb741a2d0}\snapshot.etl --a---- 327680 bytes [00:53 08/10/2011] [00:51 08/10/2011] 05F8030F7CEC0C223901F3F1897E7A47
C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f2d53c26-35ca-4633-922b-f42258b3e83e}\snapshot.etl --a---- 344064 bytes [16:32 05/10/2011] [16:31 05/10/2011] BFFAFC21A21C7A2EBFD9F9EA5A870CD0
C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f35afc7d-8156-472d-92d0-a9837682a217}\snapshot.etl --a---- 311296 bytes [15:04 08/10/2011] [14:59 08/10/2011] C17BC0568D122E864EA102D874ED8E8C
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{382f82f4-d44a-45d0-9261-d070b5a9f48a}\ksnapshot.etl --a---- 3997696 bytes [15:23 07/10/2011] [15:23 07/10/2011] DC47CC7315F57FC1CB8074A04B77B131
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{4747ac21-fed2-4656-87f1-79173d4cb1c1}\ksnapshot.etl --a---- 3997696 bytes [17:31 08/10/2011] [17:31 08/10/2011] 90F3F88EDBC564C69EEA65F847044B7A
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{62673e5e-78e4-437d-b588-2b232c5dda8e}\ksnapshot.etl --a---- 3997696 bytes [02:49 08/10/2011] [02:49 08/10/2011] 65E2E2F40CECC69C6C3FD3777AA51372
C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{0fccbc9d-acb4-4602-8854-47f3519e0a4f}\snapshot.etl --a---- 1130496 bytes [00:36 07/10/2011] [14:50 06/10/2011] 27510C4FC280CB386206CCF9500F4200
C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{2c9832c0-e4e2-4092-9b24-6577d392c914}\snapshot.etl --a---- 1048576 bytes [03:26 07/10/2011] [01:28 07/10/2011] 4EDE97C2919F6885DFEC3730C648154D
C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{5733db38-4c43-4a34-bc61-b98685863ada}\snapshot.etl --a---- 1048576 bytes [17:19 08/10/2011] [14:59 08/10/2011] 363018FDC8B3EA0ED31E32B114CEB095
C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{b9184f7c-0bb4-4ea6-bfb2-8c3182675ed3}\snapshot.etl --a---- 1900544 bytes [06:25 07/10/2011] [01:28 07/10/2011] F9ED023A39AB4AD48AE9FE01ABA8A508
C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{cdde8530-19bc-4d83-a6c7-220d8684c188}\snapshot.etl --a---- 2097152 bytes [15:20 07/10/2011] [01:28 07/10/2011] 6A4C8A6FB1AD1AA4C458FAFDF42383FF
C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ee8d7c4c-7d54-4819-b004-264231765416}\snapshot.etl --a---- 1769472 bytes [01:02 07/10/2011] [14:50 06/10/2011] 1F84AA13C814820B578F5118CC46A9A6
C:\Windows\winsxs\Manifests\msil_napsnap.resources_31bf3856ad364e35_6.0.6000.16386_en-us_cd254aa6f5122ce2.manifest --a---- 2495 bytes [12:39 02/11/2006] [12:39 02/11/2006] 5D3F13B4EAFB664D2FBCF0F21EEE02C3
C:\Windows\winsxs\Manifests\msil_napsnap.resources_31bf3856ad364e35_6.0.6001.18000_en-us_cf5c0ca2f1fd3db6.manifest ------- 2495 bytes [23:23 12/06/2008] [07:02 19/01/2008] 3106033228CDE37BBF15A07B88BE4D95
C:\Windows\winsxs\Manifests\msil_napsnap.resources_31bf3856ad364e35_6.0.6002.18005_en-us_d14785aeef1f0902.manifest ------- 2495 bytes [02:31 18/09/2009] [06:43 11/04/2009] DA128E66A6AFD3AE01A9F2F36039998A
C:\Windows\winsxs\Manifests\msil_napsnap_31bf3856ad364e35_6.0.6000.16386_none_0a60a349abf48fe3.manifest --a---- 3304 bytes [10:22 02/11/2006] [10:13 02/11/2006] 627F4CA4B6C7B73AE2739FB6B1456360
C:\Windows\winsxs\Manifests\msil_napsnap_31bf3856ad364e35_6.0.6001.18000_none_0c976545a8dfa0b7.manifest ------- 3304 bytes [23:24 12/06/2008] [07:04 19/01/2008] 8FB577D8608B24320968E3DD5D1A7906
C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.0.6000.16386_none_52e9c56faea16603.manifest --a---- 42095 bytes [10:21 02/11/2006] [10:06 02/11/2006] 6E6E4031313CB38002C7B16AE57A3F1B
C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.0.6001.18000_none_5520876bab8c76d7.manifest ------- 41757 bytes [23:24 12/06/2008] [07:04 19/01/2008] 8AC49E9E2E0B6EE5D0E0AE171AAE34DD
C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.0.6002.18005_none_570c0077a8ae4223.manifest ------- 41757 bytes [02:31 18/09/2009] [07:15 11/04/2009] 173FA5B9F54A4D37174746167BB81266
C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_750d4c53f2339f36.manifest --a---- 3441 bytes [12:39 02/11/2006] [12:39 02/11/2006] 8E720577968B872041A9B4A1067E66EA
C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_6.0.6000.16386_en-us_f9f6ac02a7879b80.manifest --a---- 3569 bytes [12:39 02/11/2006] [12:39 02/11/2006] B0AFB57837A38253152CF62B473B8E13
C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.0.6000.16386_none_48df5e2f796be961.manifest --a---- 20780 bytes [10:21 02/11/2006] [10:08 02/11/2006] 004143EE803E4038BDDF37F7D67140E3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.0.6001.18000_none_4b16202b7656fa35.manifest ------- 21421 bytes [23:24 12/06/2008] [07:05 19/01/2008] A6E20DECC580B092342965556727049D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.0.6002.18005_none_4d0199377378c581.manifest ------- 21368 bytes [02:31 18/09/2009] [07:36 11/04/2009] 3A719D1066AA6F70BA9636BF98D7601E
C:\Windows\winsxs\Manifests\x86_microsoft-windows-diskmanagement-snapin_31bf3856ad364e35_6.0.6000.16386_none_99cc9737cdb82ee6.manifest --a---- 6084 bytes [10:21 02/11/2006] [10:18 02/11/2006] 7250D97A08EA068BB9097DC6C1A0E0DA
C:\Windows\winsxs\Manifests\x86_microsoft-windows-diskmanagement-snapin_31bf3856ad364e35_6.0.6001.18000_none_9c035933caa33fba.manifest ------- 6084 bytes [23:24 12/06/2008] [07:08 19/01/2008] 88840F5268A4C5291E8BC2C805BA403F
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..-service-mmc-snapin_31bf3856ad364e35_6.0.6000.16386_none_1878337051b5d554.manifest --a---- 14147 bytes [12:33 02/11/2006] [12:33 02/11/2006] 7096E52C4D52EB53BC111AD40A988E5A
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..-service-mmc-snapin_31bf3856ad364e35_6.0.6001.18000_none_1aaef56c4ea0e628.manifest ------- 14147 bytes [23:24 12/06/2008] [07:09 19/01/2008] 673B071A5FC2E8D87442DC737A294802
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_b548a03c95a5f7f1.manifest --a---- 10607 bytes [12:39 02/11/2006] [12:39 02/11/2006] 35C531BBDBD5F51D8160C58925A8522C
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..cysnapin-deployment_31bf3856ad364e35_6.0.6000.16386_none_1ab96e75a2c1a8d2.manifest --a---- 1881 bytes [12:33 02/11/2006] [12:33 02/11/2006] CA88E9BB174062A9E0F0CFF1BA152E63
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..mc-snapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6d833336b24ca76f.manifest --a---- 3538 bytes [12:39 02/11/2006] [12:39 02/11/2006] 7C732955AEA192C8CE60E5052CB0F390
C:\Windows\winsxs\Manifests\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6000.16386_none_7eea120bb51aecf6.manifest --a---- 34717 bytes [12:33 02/11/2006] [12:33 02/11/2006] C6129E13A0FFB9C54ACBAD48FB1897F2
C:\Windows\winsxs\Manifests\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6001.18000_none_8120d407b205fdca.manifest ------- 34929 bytes [23:24 12/06/2008] [07:39 19/01/2008] 4F82CB62916DD8EFAA483D2916F6EBBE
C:\Windows\winsxs\Manifests\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6002.18005_none_830c4d13af27c916.manifest ------- 34689 bytes [02:31 18/09/2009] [07:36 11/04/2009] FB2E78710711A1EBA77DCDAB0758E3C4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..ergrouppolicysnapin_31bf3856ad364e35_6.0.6001.18000_none_fff5b884953b2f43.manifest ------- 11366 bytes [23:23 12/06/2008] [07:14 19/01/2008] C3EEB054046568445593D7F860FAA3C0
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_6.0.6001.18000_en-us_e47d9ceb7fbe29ca.manifest ------- 3097 bytes [23:23 12/06/2008] [07:04 19/01/2008] 0CAE78741FB6EC20E2A5D8F5097781E0
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_ff66df8bc204a05f.manifest --a---- 2703 bytes [12:39 02/11/2006] [12:39 02/11/2006] E8DAACD420051F64C0A13A1C2D529DAD
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.0.6000.16386_none_7743fe8e58396814.manifest --a---- 6220 bytes [10:20 02/11/2006] [10:09 02/11/2006] A5ECE223DE91CE837820E047EEEEE1A6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.0.6001.18000_none_797ac08a552478e8.manifest ------- 6220 bytes [23:23 12/06/2008] [07:04 19/01/2008] 60362234F0C7E283B772B6DF8CFF11A0
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.0.6002.18005_none_7b66399652464434.manifest ------- 6220 bytes [02:31 18/09/2009] [07:15 11/04/2009] D0935DB59073342B24B96DF1D182CEB5
C:\Windows\winsxs\Manifests\x86_microsoft-windows-networking-eqossnapin_31bf3856ad364e35_6.0.6000.16386_none_153496b792a2cf3a.manifest --a---- 13249 bytes [10:21 02/11/2006] [10:08 02/11/2006] A9C35A346A6389F417C54569A475A105
C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0.manifest --a---- 2382 bytes [12:39 02/11/2006] [12:39 02/11/2006] 0B735020C96FAC167360A2E0A6400ED5
C:\Windows\winsxs\Manifests\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f.manifest --a---- 3746 bytes [10:21 02/11/2006] [10:18 02/11/2006] 50290D068C9273C755E993BDBCD6CC4E
C:\Windows\winsxs\Manifests\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3.manifest ------- 3746 bytes [23:23 12/06/2008] [07:08 19/01/2008] A94DF4BDD6E54C8C4FD8551C166B5759
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..minsnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_05fefd4d9a8a41f7.manifest --a---- 4316 bytes [12:39 02/11/2006] [12:39 02/11/2006] 0D7733828E89EFCE19C140BECBE7059E
C:\Windows\winsxs\Manifests\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.0.6000.16386_none_754654f2e2561352.manifest --a---- 16901 bytes [10:21 02/11/2006] [10:11 02/11/2006] FDCBFC15D86EDDDA9313FD13ADA8D879
C:\Windows\winsxs\Manifests\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.0.6001.18000_none_777d16eedf412426.manifest ------- 16826 bytes [23:23 12/06/2008] [07:39 19/01/2008] AD1ABAFDC67169E1D759AABB26154BD7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d6aa00a44c18a549.manifest --a---- 4546 bytes [12:39 02/11/2006] [12:39 02/11/2006] D275479C9E3F1398CE94AF46C086548D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-wmi-management-snapins_31bf3856ad364e35_6.0.6000.16386_none_99af1bbcbe07ab2c.manifest --a---- 26153 bytes [10:20 02/11/2006] [10:18 02/11/2006] AA3CAF4FA79BEF520AE7BBF19A0DE816
C:\Windows\winsxs\Manifests\x86_microsoft-windows-wmi-management-snapins_31bf3856ad364e35_6.0.6001.18000_none_9be5ddb8baf2bc00.manifest ------- 26108 bytes [23:23 12/06/2008] [07:40 19/01/2008] 75DEB598259BA53E6BAA777B37426341
C:\Windows\winsxs\Manifests\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6.manifest --a---- 1910 bytes [12:39 02/11/2006] [12:39 02/11/2006] 6AB82C548B2381F359B8494398B1A8E1
C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.0.6000.16386_en-us_cd254aa6f5122ce2\napsnap.resources.dll --a---- 245760 bytes [12:41 02/11/2006] [12:41 02/11/2006] 0A25430406CEA8671EBEC1A4477D9F07
C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.0.6001.18000_en-us_cf5c0ca2f1fd3db6\napsnap.resources.dll --a---- 245760 bytes [23:36 12/06/2008] [07:49 19/01/2008] 1A4DB6D3CF3A2B998030EEFAFA4C629B
C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.0.6002.18005_en-us_d14785aeef1f0902\napsnap.resources.dll --a---- 245760 bytes [02:43 18/09/2009] [06:38 11/04/2009] CC0BF237BDEA84A252B8AC7731B83109
C:\Windows\winsxs\msil_napsnap_31bf3856ad364e35_6.0.6000.16386_none_0a60a349abf48fe3\NAPSNAP.DLL --a---- 458752 bytes [07:39 02/11/2006] [09:47 02/11/2006] D81ABBBB625D4E0EB745AB1FACA3A016
C:\Windows\winsxs\msil_napsnap_31bf3856ad364e35_6.0.6001.18000_none_0c976545a8dfa0b7\NAPSNAP.DLL --a---- 458752 bytes [23:37 12/06/2008] [07:38 19/01/2008] E23E798E853A609BABBFD45AF89FE91C
C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.0.6000.16386_none_ae7101b94b4d808a\comsnap.dll --a---- 212992 bytes [08:51 02/11/2006] [09:46 02/11/2006] 995C3A4D0DC394D642ECBD893032475E
C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.0.6001.18000_none_b0a7c3b54838915e\comsnap.dll --a---- 220160 bytes [23:38 12/06/2008] [07:33 19/01/2008] 973642071FD324603235AFD9B1B199AA
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6000.16386_none_0041f38286aeaf07\GroupPolicy-Admin-Gpedit-Snapin-DL.man --a---- 1288 bytes [12:35 02/11/2006] [12:35 02/11/2006] 03877F92BFF31DCB8CA8F9F5F4197BDE
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6000.16386_none_0041f38286aeaf07\Microsoft-Windows-IIS-LegacySnapIn-Deployment-DL.man --a---- 2385 bytes [12:34 02/11/2006] [12:34 02/11/2006] DC55DC9364D9251D867B3CCBA308E018
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\GroupPolicy-Admin-Gpedit-Snapin-DL.man --a---- 1288 bytes [12:35 02/11/2006] [12:35 02/11/2006] 03877F92BFF31DCB8CA8F9F5F4197BDE
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\Microsoft-Windows-IIS-LegacySnapIn-Deployment-DL.man --a---- 1950 bytes [23:36 12/06/2008] [11:28 05/01/2008] EC10AF3E9BBFAEFCB16A2180951A82CF
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\GroupPolicy-Admin-Gpedit-Snapin-DL.man --a---- 1288 bytes [12:35 02/11/2006] [12:35 02/11/2006] 03877F92BFF31DCB8CA8F9F5F4197BDE
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\Microsoft-Windows-IIS-LegacySnapIn-Deployment-DL.man --a---- 1950 bytes [23:36 12/06/2008] [11:28 05/01/2008] EC10AF3E9BBFAEFCB16A2180951A82CF
C:\Windows\winsxs\x86_microsoft-windows-msmq-admin_31bf3856ad364e35_6.0.6000.16386_none_b5173fa2408153e2\mqsnap.dll --a---- 600064 bytes [12:35 02/11/2006] [12:35 02/11/2006] B050D2D28AF479E79F65693361173919
C:\Windows\winsxs\x86_microsoft-windows-msmq-admin_31bf3856ad364e35_6.0.6001.18000_none_b74e019e3d6c64b6\mqsnap.dll --a---- 603136 bytes [23:38 12/06/2008] [07:34 19/01/2008] 72857625867B38E9D0043A48A8207624
C:\Windows\winsxs\x86_microsoft-windows-msmq-admin_31bf3856ad364e35_6.0.6002.18005_none_b9397aaa3a8e3002\mqsnap.dll --a---- 603136 bytes [02:44 18/09/2009] [06:28 11/04/2009] EE760271895028A5818D05BEDC200E31
C:\Windows\winsxs\x86_microsoft-windows-n..g-napclientconfigui_31bf3856ad364e35_6.0.6000.16386_none_736b559342fe7c9f\napdsnap.dll --a---- 67584 bytes [08:57 02/11/2006] [09:46 02/11/2006] 1CC588B8889A9AFFB1503739EBA17280
C:\Windows\winsxs\x86_microsoft-windows-n..g-napclientconfigui_31bf3856ad364e35_6.0.6001.18000_none_75a2178f3fe98d73\napdsnap.dll --a---- 67584 bytes [23:37 12/06/2008] [07:35 19/01/2008] 8BF64493F9E9BEBFE5BFD148CDD3B992
C:\Windows\winsxs\x86_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5fb64d0b707e423a\IpsmSnap.dll.mui --a---- 61440 bytes [12:41 02/11/2006] [12:41 02/11/2006] 9AF50A42DFA24230F7CEBA8D020C59F8
C:\Windows\winsxs\x86_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_ff66df8bc204a05f\eqossnap.dll.mui --a---- 13824 bytes [12:41 02/11/2006] [12:41 02/11/2006] 0296AA320895597AFDA5F486C59B34D2
C:\Windows\winsxs\x86_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_6.0.6000.16386_none_18a3b9dcf54aac13\ipsmsnap.dll --a---- 396288 bytes [08:56 02/11/2006] [09:46 02/11/2006] 51FF925241289D30E0A9816695288D92
C:\Windows\winsxs\x86_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_6.0.6001.18000_none_1ada7bd8f235bce7\ipsmsnap.dll --a---- 396288 bytes [23:38 12/06/2008] [07:34 19/01/2008] 9CA3FCB7269998FFA5FC9DBF39D1F444
C:\Windows\winsxs\x86_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_6.0.6002.18005_none_1cc5f4e4ef578833\ipsmsnap.dll --a---- 396288 bytes [02:44 18/09/2009] [06:28 11/04/2009] C192DD0C53FD0616AC31A9E0ADAE0C39
C:\Windows\winsxs\x86_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.0.6000.16386_en-us_401a5b7bcc8be3fc\napdsnap.dll.mui --a---- 4096 bytes [12:41 02/11/2006] [12:41 02/11/2006] F5AB6EFB02E97D00DF4C14280DE12DB9
C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.0.6000.16386_none_7743fe8e58396814\iasnap.dll --a---- 126976 bytes [08:57 02/11/2006] [09:46 02/11/2006] 674F0D54EC1596BADFDE7D4D3217A442
C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.0.6001.18000_none_797ac08a552478e8\iasnap.dll --a---- 147968 bytes [23:38 12/06/2008] [07:34 19/01/2008] 20A3CABD3AADB2C802EADDCE02663BFB
C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.0.6002.18005_none_7b66399652464434\iasnap.dll --a---- 150528 bytes [02:43 18/09/2009] [06:28 11/04/2009] 1E767541B585BB3ED02FF33BC60E92A7
C:\Windows\winsxs\x86_microsoft-windows-networking-eqossnapin_31bf3856ad364e35_6.0.6000.16386_none_153496b792a2cf3a\eqossnap.dll --a---- 54784 bytes [08:57 02/11/2006] [09:46 02/11/2006] 523719F4E7786DF8F515DE7628E75A22
C:\Windows\winsxs\x86_microsoft-windows-s..nt-configuration-ui_31bf3856ad364e35_6.0.6000.16386_none_a1c2e48a74880032\snmpsnap.dll --a---- 179712 bytes [12:35 02/11/2006] [12:35 02/11/2006] 723FDDC0B7109DA790DD013BF4F03DA1
C:\Windows\winsxs\x86_microsoft-windows-s..nt-configuration-ui_31bf3856ad364e35_6.0.6002.18005_none_a5e51f926e94dc52\snmpsnap.dll --a---- 179712 bytes [02:44 18/09/2009] [06:28 11/04/2009] 8DB579161AFF3B7246A60C7312853B30
C:\Windows\winsxs\x86_microsoft-windows-s..ration-ui.resources_31bf3856ad364e35_6.0.6000.16386_en-us_60e503f68eecdc01\snmpsnap.dll.mui --a---- 16896 bytes [12:41 02/11/2006] [12:41 02/11/2006] 60F7907EC152A66D0C823FD2EFD18253
C:\Windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3eb9598099de86cf\AuthFWSnapIn.Resources.dll --a---- 1327104 bytes [12:41 02/11/2006] [12:41 02/11/2006] 8F50790B130E746D7DE05F5F175624B9
C:\Windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6001.18000_en-us_40f01b7c96c997a3\AuthFWSnapIn.Resources.dll --a---- 1327104 bytes [12:41 02/11/2006] [12:41 02/11/2006] 8F50790B130E746D7DE05F5F175624B9
C:\Windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6002.18005_en-us_42db948893eb62ef\AuthFWSnapIn.Resources.dll --a---- 1327104 bytes [12:41 02/11/2006] [12:41 02/11/2006] 8F50790B130E746D7DE05F5F175624B9
C:\Windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6000.16386_none_a31b6bf784e3e536\AuthFWSnapin.dll --a---- 4591616 bytes [07:38 02/11/2006] [09:46 02/11/2006] 55A1CF37F984B199020EBB5B2356B347
C:\Windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6001.18000_none_a5522df381cef60a\AuthFWSnapin.dll --a---- 4595712 bytes [23:38 12/06/2008] [07:38 19/01/2008] FC772BA174094D86AA73A65A8AD77047
C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc --a---- 198 bytes [12:41 02/11/2006] [12:41 02/11/2006] F040058B592FE682204B2FC15DDEAC0D
C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui --a---- 14848 bytes [12:41 02/11/2006] [12:41 02/11/2006] F9B09F7E31E49004666C9B3EB0BEBD94
C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui --a---- 32768 bytes [23:36 12/06/2008] [07:36 19/01/2008] 2A3DEAD70397152006B4E3CED20B41C4
C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys --a---- 227896 bytes [23:38 12/06/2008] [07:42 19/01/2008] D8B4A53DD2769F226B3EB374374987C9
C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys --a---- 226280 bytes [02:43 18/09/2009] [06:32 11/04/2009] 147281C01FCB1DF9252DE2A10D5E7093

========== folderfind ==========

Searching for "*snap*"
C:\Windows\assembly\GAC_MSIL\napsnap dr----- [11:18 02/11/2006]
C:\Windows\assembly\GAC_MSIL\napsnap.resources dr----- [12:42 02/11/2006]
C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap d------ [15:35 19/06/2011]
C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5 d------ [11:18 02/11/2006]
C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.0.6000.16386_en-us_cd254aa6f5122ce2 d------ [12:41 02/11/2006]
C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.0.6001.18000_en-us_cf5c0ca2f1fd3db6 d------ [23:44 12/06/2008]
C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.0.6002.18005_en-us_d14785aeef1f0902 d------ [23:49 22/09/2009]
C:\Windows\winsxs\msil_napsnap_31bf3856ad364e35_6.0.6000.16386_none_0a60a349abf48fe3 d------ [11:18 02/11/2006]
C:\Windows\winsxs\msil_napsnap_31bf3856ad364e35_6.0.6001.18000_none_0c976545a8dfa0b7 d------ [23:43 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.0.6000.16386_none_52e9c56faea16603 d------ [11:18 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.0.6001.18000_none_5520876bab8c76d7 d------ [23:25 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.0.6002.18005_none_570c0077a8ae4223 d------ [02:36 18/09/2009]
C:\Windows\winsxs\x86_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_750d4c53f2339f36 d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_6.0.6000.16386_en-us_f9f6ac02a7879b80 d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.0.6000.16386_none_48df5e2f796be961 d------ [11:18 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.0.6001.18000_none_4b16202b7656fa35 d------ [23:25 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.0.6002.18005_none_4d0199377378c581 d------ [02:35 18/09/2009]
C:\Windows\winsxs\x86_microsoft-windows-diskmanagement-snapin_31bf3856ad364e35_6.0.6000.16386_none_99cc9737cdb82ee6 d------ [11:18 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-diskmanagement-snapin_31bf3856ad364e35_6.0.6001.18000_none_9c035933caa33fba d------ [23:43 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-i..-service-mmc-snapin_31bf3856ad364e35_6.0.6000.16386_none_1878337051b5d554 d------ [12:36 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-i..-service-mmc-snapin_31bf3856ad364e35_6.0.6001.18000_none_1aaef56c4ea0e628 d------ [23:26 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_b548a03c95a5f7f1 d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-i..mc-snapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6d833336b24ca76f d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6000.16386_none_7eea120bb51aecf6 d------ [12:36 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6001.18000_none_8120d407b205fdca d------ [23:26 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6002.18005_none_830c4d13af27c916 d------ [02:37 18/09/2009]
C:\Windows\winsxs\x86_microsoft-windows-n..ergrouppolicysnapin_31bf3856ad364e35_6.0.6001.18000_none_fff5b884953b2f43 d------ [23:43 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_6.0.6001.18000_en-us_e47d9ceb7fbe29ca d------ [23:44 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_ff66df8bc204a05f d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.0.6000.16386_none_7743fe8e58396814 d------ [11:19 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.0.6001.18000_none_797ac08a552478e8 d------ [23:43 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.0.6002.18005_none_7b66399652464434 d------ [23:48 22/09/2009]
C:\Windows\winsxs\x86_microsoft-windows-networking-eqossnapin_31bf3856ad364e35_6.0.6000.16386_none_153496b792a2cf3a d------ [11:19 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0 d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f d------ [11:19 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3 d------ [23:25 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-t..minsnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_05fefd4d9a8a41f7 d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.0.6000.16386_none_754654f2e2561352 d------ [11:19 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.0.6001.18000_none_777d16eedf412426 d------ [23:26 12/06/2008]
C:\Windows\winsxs\x86_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d6aa00a44c18a549 d------ [12:40 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-wmi-management-snapins_31bf3856ad364e35_6.0.6000.16386_none_99af1bbcbe07ab2c d------ [11:19 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-wmi-management-snapins_31bf3856ad364e35_6.0.6001.18000_none_9be5ddb8baf2bc00 d------ [23:25 12/06/2008]
C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6 d------ [12:41 02/11/2006]

========== Regfind ==========

Searching for "snapserver"
No data found.

-= EOF =-
Secrent
Active Member
 
Posts: 11
Joined: September 30th, 2011, 8:55 pm

Re: 65,536 temp files in Windows Temp folder?

Unread postby askey127 » October 9th, 2011, 3:48 pm

I don't see any additional problems there.
Let's verify that the problem has been solved. We should know soon.
The files you are showing in that temp folder now are normal.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 65,536 temp files in Windows Temp folder?

Unread postby Secrent » October 10th, 2011, 12:11 am

Hi askey127

So far so good, no Windows temp files loaded as of tonight. Will keep you posted.

Stephen
Secrent
Active Member
 
Posts: 11
Joined: September 30th, 2011, 8:55 pm

Re: 65,536 temp files in Windows Temp folder?

Unread postby askey127 » October 10th, 2011, 8:35 am

Although you may not have intended it, the program Spare Backup was running every time you started your machine.
The files in your Windows Temp folder were generated by an outside server of the type used to backup files over the Internet.
I am fairly confident you won't see the problem again.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: 65,536 temp files in Windows Temp folder?

Unread postby Secrent » October 10th, 2011, 11:44 pm

Hi askey 127,
Makes sense that Spare Backup was causing the situation, I really had no idea that it was running. My fault for not looking at it more closely and seeing what it was all about.
There were 7 temp. files in the Windows temp folder that loaded. Better than 65,536 files. Are these the norm or is there something else that I need to check.
Also, I was very happy to contribute to MalWare Removal, you have been patient and very very helpful.
Thank You,
Stephen
Secrent
Active Member
 
Posts: 11
Joined: September 30th, 2011, 8:55 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware