I can't open c: when double click on it but pop up a message
"C:\resycled\boot.com is not a valid Win32 application". Please help.
Thanks.
|
|
Empty your recycle bin and try again. Also try right clicking the drive and
select explore.
Neil
"Marks" <eed[ at ]site.com> wrote in message news:490b15bb$1_1[ at ]news.tm.net.my...
[Quoted Text] >I can't open c: when double click on it but pop up a message
>"C:\resycled\boot.com is not a valid Win32 application". Please help.
>Thanks.
>
|
|
Open a cmd prompt. Start > Run... [type in] cmd > Ok
At the prompt, enter the following two commands:
attrib -h -r -s C:\Autorun.inf
del C:\Autorun.inf
"Marks" <eed[ at ]site.com> wrote in message news:490b15bb$1_1[ at ]news.tm.net.my...
[Quoted Text] >I can't open c: when double click on it but pop up a message "C:\resycled\boot.com is not a valid Win32 application". Please help.
>Thanks.
>
|
|
Thanks for your reply but
Its "resycled" not recycled
"neil" <neilp67_[ at ]_hotmail.com> wrote in message
news:O$8$eW3OJHA.1744[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > Empty your recycle bin and try again. Also try right clicking the drive
> and select explore.
> Neil
> "Marks" <eed[ at ]site.com> wrote in message
> news:490b15bb$1_1[ at ]news.tm.net.my...
>>I can't open c: when double click on it but pop up a message
>>"C:\resycled\boot.com is not a valid Win32 application". Please help.
>>Thanks.
>>
>
>
|
|
Make sure that your anti-malware software is running, then download the
latest signatures and run a full scan.
If you don't have comprehensive anti-malware software, that's like
driving a car without seats belts or air bags. Either way, you're
eventually going to get hammered. Install comprehensive anti-malware
software and learn how to use its features. A 'comprehensive' solution
scans for all types of malicious software in the background, on demand
and on schedule.
For now try scanning your system with /several/ of the better online
scanners, such as:
Kaspersky Antivirus (http://www.kaspersky.com/virusscanner)
Panda ActiveScan (http://www.pandasoftware.com/activescan)
Download HijackThis from www.trendsecure.com. Run it, save a log, and
post the log at one of the many sites that support HJT, such as
spywarewarrior.com, bleepingcomputer.com, and temerc.com -- but not
here. Within a day, sometimes within an hour, you'll have one-on-one
step-by-step advice from a security expert on cleaning up any
infestations—or you'll have a clean bill of health from the volunteer
expert.
Even the best detection and removal software can't fix every malware
infection. If none of the above remove the infection, you may want to
show the computer to a professional.
---
Leonard Grey
Errare Humanum Est
Marks wrote:
[Quoted Text] > Thanks for your reply but
> Its "resycled" not recycled
>
> "neil" <neilp67_[ at ]_hotmail.com> wrote in message
> news:O$8$eW3OJHA.1744[ at ]TK2MSFTNGP06.phx.gbl...
>> Empty your recycle bin and try again. Also try right clicking the drive
>> and select explore.
>> Neil
>> "Marks" <eed[ at ]site.com> wrote in message
>> news:490b15bb$1_1[ at ]news.tm.net.my...
>>> I can't open c: when double click on it but pop up a message
>>> "C:\resycled\boot.com is not a valid Win32 application". Please help.
>>> Thanks.
>>>
>>
>
>
|
|
Oh great thanks, problem solved.
"Bill Blanton" <bblanton[ at ]REMOVEmagicnet.net> wrote in message
news:%23wvHlj3OJHA.3980[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > Open a cmd prompt. Start > Run... [type in] cmd > Ok
> At the prompt, enter the following two commands:
>
> attrib -h -r -s C:\Autorun.inf
>
> del C:\Autorun.inf
>
>
>
>
>
> "Marks" <eed[ at ]site.com> wrote in message
> news:490b15bb$1_1[ at ]news.tm.net.my...
>>I can't open c: when double click on it but pop up a message
>>"C:\resycled\boot.com is not a valid Win32 application". Please help.
>>Thanks.
>>
>
>
|
|
Symptom solved.. Something put that file there. Read over
Leonard Grey's post.
"Marks" <eed[ at ]site.com> wrote in message news:490cfe4c$1_1[ at ]news.tm.net.my...
[Quoted Text] > Oh great thanks, problem solved.
>
> "Bill Blanton" <bblanton[ at ]REMOVEmagicnet.net> wrote in message news:%23wvHlj3OJHA.3980[ at ]TK2MSFTNGP06.phx.gbl...
>> Open a cmd prompt. Start > Run... [type in] cmd > Ok
>> At the prompt, enter the following two commands:
>>
>> attrib -h -r -s C:\Autorun.inf
>>
>> del C:\Autorun.inf
>>
>>
>>
>>
>>
>> "Marks" <eed[ at ]site.com> wrote in message news:490b15bb$1_1[ at ]news.tm.net.my...
>>>I can't open c: when double click on it but pop up a message "C:\resycled\boot.com is not a valid Win32 application". Please
>>>help. Thanks.
>>>
>>
>>
>
>
|
|
Thanks for your info.
"Leonard Grey" <l.grey[ at ]invalid.invalid> wrote in message
news:%23ZNgmbIPJHA.2392[ at ]TK2MSFTNGP04.phx.gbl...
[Quoted Text] > Make sure that your anti-malware software is running, then download the > latest signatures and run a full scan. > > If you don't have comprehensive anti-malware software, that's like driving > a car without seats belts or air bags. Either way, you're eventually going > to get hammered. Install comprehensive anti-malware software and learn how > to use its features. A 'comprehensive' solution scans for all types of > malicious software in the background, on demand and on schedule. > > For now try scanning your system with /several/ of the better online > scanners, such as: > Kaspersky Antivirus ( http://www.kaspersky.com/virusscanner)> Panda ActiveScan ( http://www.pandasoftware.com/activescan)> > Download HijackThis from www.trendsecure.com. Run it, save a log, and post > the log at one of the many sites that support HJT, such as > spywarewarrior.com, bleepingcomputer.com, and temerc.com -- but not here. > Within a day, sometimes within an hour, you'll have one-on-one > step-by-step advice from a security expert on cleaning up any > infestations—or you'll have a clean bill of health from the volunteer > expert. > > Even the best detection and removal software can't fix every malware > infection. If none of the above remove the infection, you may want to show > the computer to a professional. > > --- > Leonard Grey > Errare Humanum Est > > Marks wrote: >> Thanks for your reply but >> Its "resycled" not recycled >> >> "neil" <neilp67_[ at ]_hotmail.com> wrote in message >> news:O$8$eW3OJHA.1744[ at ]TK2MSFTNGP06.phx.gbl... >>> Empty your recycle bin and try again. Also try right clicking the drive >>> and select explore. >>> Neil >>> "Marks" <eed[ at ]site.com> wrote in message >>> news:490b15bb$1_1[ at ]news.tm.net.my... >>>> I can't open c: when double click on it but pop up a message >>>> "C:\resycled\boot.com is not a valid Win32 application". Please help. >>>> Thanks. >>>> >>> >>
|
|
i'm having the same problem and i have don the cmd cmded and didnt' do anything
could it be a virus or somesort and if so what do you recom?
"Bill Blanton" wrote:
[Quoted Text] > Symptom solved.. Something put that file there. Read over
> Leonard Grey's post.
>
>
>
> "Marks" <eed[ at ]site.com> wrote in message news:490cfe4c$1_1[ at ]news.tm.net.my...
> > Oh great thanks, problem solved.
> >
> > "Bill Blanton" <bblanton[ at ]REMOVEmagicnet.net> wrote in message news:%23wvHlj3OJHA.3980[ at ]TK2MSFTNGP06.phx.gbl...
> >> Open a cmd prompt. Start > Run... [type in] cmd > Ok
> >> At the prompt, enter the following two commands:
> >>
> >> attrib -h -r -s C:\Autorun.inf
> >>
> >> del C:\Autorun.inf
> >>
> >>
> >>
> >>
> >>
> >> "Marks" <eed[ at ]site.com> wrote in message news:490b15bb$1_1[ at ]news.tm.net.my...
> >>>I can't open c: when double click on it but pop up a message "C:\resycled\boot.com is not a valid Win32 application". Please
> >>>help. Thanks.
> >>>
> >>
> >>
> >
> >
>
>
>
|
|
What do you mean exactly by it "didn't do anything"? Any error messages
at the cmd prompt? The commands have to be typed exactly. Is it the
C: drive? If not, you'd need to substitute the C: with whatever drive (letter)
you are having problems with.
To answer your question, yes, if you are getting the message
"C:\resycled\boot.com is not a valid Win32 application", then you apparently
have some sort of infestation.
"Thomas" <Thomas[ at ]discussions.microsoft.com> wrote in message news:6C350E50-2AE6-4367-A06E-378177BC9ACF[ at ]microsoft.com...
[Quoted Text] > i'm having the same problem and i have don the cmd cmded and didnt' do anything
> could it be a virus or somesort and if so what do you recom?
>
> "Bill Blanton" wrote:
>
>> Symptom solved.. Something put that file there. Read over
>> Leonard Grey's post.
>>
>>
>>
>> "Marks" <eed[ at ]site.com> wrote in message news:490cfe4c$1_1[ at ]news.tm.net.my...
>> > Oh great thanks, problem solved.
>> >
>> > "Bill Blanton" <bblanton[ at ]REMOVEmagicnet.net> wrote in message news:%23wvHlj3OJHA.3980[ at ]TK2MSFTNGP06.phx.gbl...
>> >> Open a cmd prompt. Start > Run... [type in] cmd > Ok
>> >> At the prompt, enter the following two commands:
>> >>
>> >> attrib -h -r -s C:\Autorun.inf
>> >>
>> >> del C:\Autorun.inf
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> "Marks" <eed[ at ]site.com> wrote in message news:490b15bb$1_1[ at ]news.tm.net.my...
>> >>>I can't open c: when double click on it but pop up a message "C:\resycled\boot.com is not a valid Win32 application". Please
>> >>>help. Thanks.
>> >>>
>> >>
>> >>
>> >
>> >
>>
>>
>>
|
|
im having the same prob with C:\resycled\boot.com ad all of my drives now i
tryed doin the cmd thing it sed that the attrib -h -r -s C:\Autorun.inf and
c:\Autorun.inf and ether were found i have the OTScanIt can sum 1 help me
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/paint.ocx\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/swapit.ocx\\.Owner -> {AC2881FD-5760-46DB-83AE-20A5C6432A7E} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/swapit.ocx\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/wwlaunch.ocx\\.Owner -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}
->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/wwlaunch.ocx\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{97438FE9-D361-4279-BA82-98CC0877A717} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{97438FE9-D361-4279-BA82-98CC0877A717} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{97438FE9-D361-4279-BA82-98CC0877A717} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> ->
[Files/Folders - Created Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date =
11/11/2008 9:04:12 PM | Attr = H ]
resycled -> %SystemDrive%\resycled -> [Folder | Created Date = 11/10/2008
7:13:35 AM | Attr = RHS]
_OTScanIt -> %SystemDrive%\_OTScanIt -> [Folder | Created Date = 11/12/2008
6:28:14 AM | Attr = ]
Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date =
11/11/2008 8:41:54 PM | Attr = ]
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size =
6061540 bytes | Created Date = 11/11/2008 8:41:54 PM | Attr = ]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = |
Size = 29988216 bytes | Created Date = 11/11/2008 8:41:54 PM | Attr = ]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = |
Size = 27569 bytes | Created Date = 11/11/2008 8:41:54 PM | Attr = ]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = |
Size = 334743 bytes | Created Date = 11/11/2008 8:41:54 PM | Attr = ]
ndisprot.sys -> %SystemRoot%\System32\drivers\ndisprot.sys -> Windows (R)
Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size
= 27904 bytes | Created Date = 11/10/2008 7:13:38 AM | Attr = ]
RKHit.sys -> %SystemRoot%\System32\drivers\RKHit.sys -> [Ver = 2, 0, 0, 0 |
Size = 30080 bytes | Created Date = 11/10/2008 7:10:03 AM | Attr = ]
AK083E209605E394C.lie -> %SystemRoot%\System32\AK083E209605E394C.lie ->
[Ver = | Size = 42 bytes | Created Date = 11/9/2008 3:40:43 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes |
Created Date = 11/9/2008 2:51:32 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes |
Created Date = 11/9/2008 2:51:32 PM | Attr = H ]
[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified
Date = 11/11/2008 8:31:48 PM | Attr = HS]
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size =
6061540 bytes | Modified Date = 11/11/2008 8:41:54 PM | Attr = ]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = |
Size = 29988216 bytes | Modified Date = 11/11/2008 8:45:51 PM | Attr = ]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = |
Size = 27569 bytes | Modified Date = 11/11/2008 8:45:34 PM | Attr = ]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = |
Size = 334743 bytes | Modified Date = 11/11/2008 8:45:34 PM | Attr = ]
dump_wmimmc.sys -> %SystemRoot%\System32\drivers\dump_wmimmc.sys -> [Ver =
| Size = 153925 bytes | Modified Date = 11/11/2008 5:16:55 PM | Attr = ]
ndisprot.sys -> %SystemRoot%\System32\drivers\ndisprot.sys -> Windows (R)
Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size
= 27904 bytes | Modified Date = 11/10/2008 7:13:38 AM | Attr = ]
AK083E209605E394C.lie -> %SystemRoot%\System32\AK083E209605E394C.lie ->
[Ver = | Size = 42 bytes | Modified Date = 11/9/2008 3:40:43 PM | Attr = ]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size =
205712 bytes | Modified Date = 11/10/2008 7:01:58 AM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size =
41040 bytes | Modified Date = 11/9/2008 2:25:15 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size =
314838 bytes | Modified Date = 11/9/2008 2:25:15 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver
= | Size = 360124 bytes | Modified Date = 11/9/2008 2:25:15 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes |
Modified Date = 11/11/2008 8:03:07 PM | Attr = ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes |
Modified Date = 11/11/2008 8:36:37 PM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes |
Modified Date = 11/10/2008 6:50:45 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes |
Modified Date = 11/9/2008 2:51:32 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes |
Modified Date = 11/11/2008 8:07:23 PM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 271 bytes |
Modified Date = 11/11/2008 8:31:48 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 826 bytes | Modified
Date = 11/11/2008 8:31:48 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified
Date = 11/11/2008 8:36:50 PM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ ->
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->
[Folder | Modified Date = 4/26/2007 7:11:58 AM | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application
Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8134 bytes |
Modified Date = 4/26/2007 7:11:58 AM | Attr = ]
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All
Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified
Date = 4/2/2007 9:43:49 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes |
Modified Date = 11/9/2008 7:56:14 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes |
Modified Date = 11/9/2008 7:56:14 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\
-> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA
-> [Folder | Modified Date = 8/15/2007 9:00:25 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application
Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes |
Modified Date = 8/15/2007 9:00:25 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\ -> C:\Documents
and Settings\DEMON_GRUB\Local Settings\Temp -> [Folder | Modified Date =
11/12/2008 6:26:01 AM | Attr = ]
d2l_Install.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\d2l_Install.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 |
Size = 352256 bytes | Modified Date = 5/9/2001 11:19:26 AM | Attr = ]
d2l_PlayD2.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\d2l_PlayD2.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 |
Size = 331776 bytes | Modified Date = 5/21/2000 3:46:38 PM | Attr = ]
DXSETUP.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\DXSETUP.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size =
503144 bytes | Modified Date = 7/19/2007 8:00:32 PM | Attr = ]
EXEtender.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\EXEtender.exe -> Exent Technologies Ltd.
[Ver = 06.02.22.00
| Size = 11503440 bytes | Modified Date = 1/11/2008 9:49:35 AM | Attr =
]
matcleanup.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\matcleanup.exe -> [Ver = | Size = 16384 bytes | Modified Date
= 9/28/2007 1:33:00 PM | Attr = ]
messenger_update.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\messenger_update.exe -> [Ver = | Size = 606000 bytes |
Modified Date = 8/29/2007 6:08:19 PM | Attr = ]
mun3.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\mun3.exe -> Microsoft Corporation [Ver = 6.10.0016.1624 | Size
= 32768 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
regincd2.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\regincd2.exe -> [Ver = | Size = 3072 bytes | Modified Date =
4/14/2008 11:04:31 AM | Attr = ]
regtdi.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\regtdi.exe -> [Ver = | Size = 3584 bytes | Modified Date =
4/14/2008 11:04:43 AM | Attr = ]
setup_wm.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 9.00.00.3250 |
Size = 774144 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
verizonhelpSupport.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\verizonhelpSupport.exe -> [Ver = | Size = 10153176 bytes |
Modified Date = 1/11/2008 9:51:22 AM | Attr = ]
VISS-6.0.1-21393-Consumer-Setup.exe -> C:\Documents and
Settings\DEMON_GRUB\Local Settings\Temp\VISS-6.0.1-21393-Consumer-Setup.exe
-> Verizon [Ver = 6.0.1.21393 | Size = 36153392 bytes | Modified Date =
1/11/2008 9:52:37 AM | Attr = ]
VZ_Backup_Sharing.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\VZ_Backup_Sharing.exe -> Verizon
[Ver = 1.0.0.8 | Size = 287071 bytes |
Modified Date = 1/11/2008 9:52:34 AM | Attr = ]
VZ_DSL_BookMarks.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\VZ_DSL_BookMarks.exe -> Verizon
[Ver = 1.0.0.7 | Size = 343440 bytes |
Modified Date = 1/11/2008 9:57:17 AM | Attr = ]
VZ_DSL_controls.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\VZ_DSL_controls.exe -> Verizon
[Ver = 6.5.0.17 | Size = 4370224 bytes |
Modified Date = 1/11/2008 9:41:20 AM | Attr = ]
VZ_OEConfig.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\VZ_OEConfig.exe -> Verizon
[Ver = 1.0.0.8 | Size = 375624 bytes | Modified
Date = 1/11/2008 9:49:25 AM | Attr = ]
vz_ServicePoint.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\vz_ServicePoint.exe -> Verizon
[Ver = 1.0.0.8 | Size = 1590640 bytes |
Modified Date = 1/11/2008 9:57:01 AM | Attr = ]
_is1B.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is1B.exe -> Verizon [Ver = 6.0.3.27063 | Size = 476400 bytes |
Modified Date = 2/26/2008 5:14:28 PM | Attr = ]
_is56.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is56.exe -> Verizon [Ver = 6.0.3.27063 | Size = 476400 bytes |
Modified Date = 2/26/2008 5:14:28 PM | Attr = ]
211 C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp files ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267} -> [Folder | Modified
Date = 11/10/2008 7:26:16 AM | Attr = ]
dotnetinstaller.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267}\dotnetinstaller.exe ->
InstallShield Software Corporation [Ver = 12.0.0.49974 | Size = 10672 bytes |
Modified Date = 5/17/2006 10:21:16 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD} -> [Folder | Modified
Date = 11/9/2008 2:38:42 PM | Attr = ]
dotnetinstaller.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD}\dotnetinstaller.exe ->
InstallShield Software Corporation [Ver = 12.0.0.49974 | Size = 10672 bytes |
Modified Date = 5/17/2006 10:21:16 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892} -> [Folder | Modified
Date = 11/9/2008 3:48:49 PM | Attr = ]
dotnetinstaller.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892}\dotnetinstaller.exe ->
InstallShield Software Corporation [Ver = 12.0.0.49974 | Size = 10672 bytes |
Modified Date = 5/17/2006 10:21:16 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67} -> [Folder | Modified
Date = 11/9/2008 3:23:43 PM | Attr = ]
dotnetinstaller.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67}\dotnetinstaller.exe ->
InstallShield Software Corporation [Ver = 12.0.0.49974 | Size = 10672 bytes |
Modified Date = 5/17/2006 10:21:16 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2 -> [Folder
| Modified Date = 4/13/2008 12:01:08 PM | Attr = ]
setup.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\setup.exe -> AVG Technologies CZ, s.r.o. [Ver =
8.0.0.86 | Size = 1748736 bytes | Modified Date = 3/12/2008 12:28:31 PM |
Attr = ]
vcredist_x86.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\vcredist_x86.exe -> Microsoft Corporation [Ver =
6.00.3790.0 (srv03_rtm.030324-2048) | Size = 2723264 bytes | Modified Date =
9/4/2007 9:22:51 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\ -> C:\Documents
and Settings\DEMON_GRUB\Local Settings\Temp -> [Folder | Modified Date =
11/12/2008 6:26:01 AM | Attr = ]
bigmoney.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\bigmoney.dll -> [Ver = | Size = 2150400 bytes | Modified Date
= 2/1/2008 10:33:29 PM | Attr = ]
binkw32.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\binkw32.dll -> [Ver = | Size = 263168 bytes | Modified Date =
4/5/2000 11:00:00 PM | Attr = ]
bookworm.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\bookworm.dll -> [Ver = 2.0.0.6 | Size = 2220032 bytes |
Modified Date = 2/1/2008 10:42:07 PM | Attr = ]
chuzzle.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\chuzzle.dll -> [Ver = | Size = 2269184 bytes | Modified Date
= 2/1/2008 10:37:01 PM | Attr = ]
DSETUP.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size =
77160 bytes | Modified Date = 7/19/2007 7:55:30 PM | Attr = ]
dsetup32.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size
= 1673576 bytes | Modified Date = 7/19/2007 7:55:16 PM | Attr = ]
InstHelp.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\InstHelp.dll -> [Ver = | Size = 57344 bytes | Modified Date =
10/12/2004 11:14:18 AM | Attr = ]
lingo.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\lingo.dll -> [Ver = | Size = 2048000 bytes | Modified Date =
2/2/2008 11:05:27 AM | Attr = ]
SIntf16.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\SIntf16.dll -> [Ver = | Size = 12305 bytes | Modified Date =
10/15/2007 7:03:33 PM | Attr = ]
SIntf32.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\SIntf32.dll -> [Ver = | Size = 20016 bytes | Modified Date =
10/15/2007 7:03:33 PM | Attr = ]
SIntfNT.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\SIntfNT.dll -> [Ver = | Size = 24744 bytes | Modified Date =
10/15/2007 7:03:33 PM | Attr = ]
swt-awt-win32-3346.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\swt-awt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 |
Size = 32768 bytes | Modified Date = 3/27/2008 11:55:31 PM | Attr = ]
swt-win32-3346.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\swt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size =
307200 bytes | Modified Date = 3/27/2008 11:55:31 PM | Attr = ]
211 C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp files ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and
Settings\DEMON_GRUB\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> [Folder
| Modified Date = 4/6/2007 8:29:50 PM | Attr = ]
5085858.DLL -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\5085858.DLL -> [Ver = | Size = 28160
bytes | Modified Date = 7/19/2002 3:19:34 PM | Attr = R ]
HSAPI.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\HSAPI.dll -> [Ver = | Size = 55808
bytes | Modified Date = 7/19/2002 3:19:34 PM | Attr = R ]
Instaide.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Instaide.dll -> Palm Computing, Inc., a
3Com Company [Ver = 3.0.1 | Size = 195584 bytes | Modified Date = 7/19/2002
3:19:34 PM | Attr = R ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9} -> [Folder | Modified
Date = 11/10/2008 7:26:15 AM | Attr = ]
_Setup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9}\_Setup.dll ->
Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified
Date = 5/17/2006 10:21:06 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031} -> [Folder | Modified
Date = 11/9/2008 3:48:47 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031}\_Setup.dll ->
Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified
Date = 5/17/2006 10:21:06 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0} -> [Folder | Modified
Date = 11/9/2008 3:23:42 PM | Attr = ]
ISSetup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0}\ISSetup.dll ->
Macrovision Corporation [Ver = 12.0.58849 | Size = 492032 bytes | Modified
Date = 1/19/2007 11:05:28 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0}\_Setup.dll ->
Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified
Date = 5/17/2006 10:21:06 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5} -> [Folder | Modified
Date = 11/9/2008 2:38:42 PM | Attr = ]
ISSetup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5}\ISSetup.dll ->
Macrovision Corporation [Ver = 12.0.58849 | Size = 492032 bytes | Modified
Date = 1/19/2007 11:05:28 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5}\_Setup.dll ->
Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified
Date = 5/17/2006 10:21:06 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\7345671\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\7345671 -> [Folder
| Modified Date = 4/12/2007 12:16:59 AM | Attr = ]
ywiseext.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\7345671\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 3, 7, 1 | Size
= 102400 bytes | Modified Date = 3/7/2007 12:52:18 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2 -> [Folder
| Modified Date = 4/13/2008 12:01:08 PM | Attr = ]
sporder.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\sporder.dll -> Microsoft Corporation [Ver = 5.00.2134.1
| Size = 8464 bytes | Modified Date = 8/7/2007 7:01:31 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RSPSoftware\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RSPSoftware ->
[Folder | Modified Date = 1/26/2008 11:07:00 AM | Attr = ]
rspov2701.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RSPSoftware\rspov2701.dll -> RSP Software -
http://rspsoftware.clic3.net [Ver = 1, 0, 0, 1 | Size = 196608 bytes |
Modified Date = 1/26/2008 11:07:00 AM | Attr = ]
|
|
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\ -> C:\Documents and
Settings\DEMON_GRUB\Local Settings\Temp -> [Folder | Modified Date =
11/12/2008 6:26:01 AM | Attr = ]
Perflib_Perfdata_a7c.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\Perflib_Perfdata_a7c.dat -> [Ver = | Size = 16384 bytes |
Modified Date = 12/14/2007 1:30:06 PM | Attr = ]
Perflib_Perfdata_abc.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\Perflib_Perfdata_abc.dat -> [Ver = | Size = 16384 bytes |
Modified Date = 3/5/2008 1:15:30 PM | Attr = ]
Perflib_Perfdata_d6c.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\Perflib_Perfdata_d6c.dat -> [Ver = | Size = 16384 bytes |
Modified Date = 12/24/2007 1:43:08 PM | Attr = ]
Perflib_Perfdata_d78.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\Perflib_Perfdata_d78.dat -> [Ver = | Size = 16384 bytes |
Modified Date = 12/3/2007 1:27:55 AM | Attr = ]
211 C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp files ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2 -> [Folder
| Modified Date = 4/13/2008 12:01:08 PM | Attr = ]
afuinst64.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\afuinst64.dat -> [Ver = 7, 1, 0, 377 | Size = 317440
bytes | Modified Date = 7/3/2007 12:14:31 PM | Attr = ]
avgfinst.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\avgfinst.dat -> AVG Technologies CZ, s.r.o. [Ver =
8.0.0.86 | Size = 189952 bytes | Modified Date = 3/12/2008 12:28:29 PM | Attr
= ]
BUYLNK.DAT -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\BUYLNK.DAT -> [Ver = | Size = 47 bytes | Modified
Date = 3/27/2008 1:26:29 PM | Attr = ]
files.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\files.dat -> [Ver = | Size = 105571682 bytes |
Modified Date = 3/12/2008 12:29:00 PM | Attr = ]
setup.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\setup.dat -> [Ver = | Size = 836669 bytes | Modified
Date = 3/12/2008 12:28:28 PM | Attr = ]
trialkey.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\trialkey.dat -> [Ver = | Size = 67 bytes | Modified
Date = 3/26/2008 11:26:07 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\ -> C:\Documents
and Settings\DEMON_GRUB\Local Settings\Temp -> [Folder | Modified Date =
11/12/2008 6:26:01 AM | Attr = ]
RunTime.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RunTime.ini -> [Ver = | Size = 578 bytes | Modified Date =
12/10/2007 4:43:41 PM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> [Ver = | Size =
761 bytes | Modified Date = 3/31/2008 9:09:30 PM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size =
578 bytes | Modified Date = 3/31/2008 9:10:06 PM | Attr = ]
211 C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp files ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\_is8D\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\_is8D -> [Folder |
Modified Date = 4/2/2007 11:42:42 PM | Attr = ]
0x0404.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0404.ini -> [Ver = | Size = 3261 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
0x0406.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0406.ini -> [Ver = | Size = 4855 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
0x0407.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0407.ini -> [Ver = | Size = 5140 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0409.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0409.ini -> [Ver = | Size = 4632 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
0x040a.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x040a.ini -> [Ver = | Size = 5275 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x040b.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x040b.ini -> [Ver = | Size = 4734 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
0x040c.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x040c.ini -> [Ver = | Size = 5406 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0410.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0410.ini -> [Ver = | Size = 5130 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0411.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0411.ini -> [Ver = | Size = 5014 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0412.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0412.ini -> [Ver = | Size = 4303 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0413.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0413.ini -> [Ver = | Size = 5118 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
0x0414.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0414.ini -> [Ver = | Size = 4810 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x041d.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x041d.ini -> [Ver = | Size = 4636 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0804.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0804.ini -> [Ver = | Size = 3326 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
Setup.INI -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\Setup.INI -> [Ver = | Size = 1440 bytes | Modified Date
= 4/2/2007 11:41:29 PM | Attr = ]
_ISMSIDEL.INI -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\_ISMSIDEL.INI -> [Ver = | Size = 1203 bytes | Modified
Date = 4/2/2007 11:42:43 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9} -> [Folder | Modified
Date = 11/10/2008 7:26:15 AM | Attr = ]
setup.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9}\setup.ini -> [Ver = |
Size = 530 bytes | Modified Date = 11/10/2008 7:26:15 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267} -> [Folder | Modified
Date = 11/10/2008 7:26:16 AM | Attr = ]
corecomp.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267}\corecomp.ini -> [Ver =
| Size = 65503 bytes | Modified Date = 5/16/2006 10:58:14 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031} -> [Folder | Modified
Date = 11/9/2008 3:48:47 PM | Attr = ]
setup.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031}\setup.ini -> [Ver = |
Size = 530 bytes | Modified Date = 11/9/2008 3:48:46 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0} -> [Folder | Modified
Date = 11/9/2008 3:23:42 PM | Attr = ]
setup.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0}\setup.ini -> [Ver = |
Size = 530 bytes | Modified Date = 11/9/2008 3:23:41 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD} -> [Folder | Modified
Date = 11/9/2008 2:38:42 PM | Attr = ]
corecomp.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD}\corecomp.ini -> [Ver =
| Size = 65503 bytes | Modified Date = 5/16/2006 10:58:14 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892} -> [Folder | Modified
Date = 11/9/2008 3:48:49 PM | Attr = ]
corecomp.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892}\corecomp.ini -> [Ver =
| Size = 65503 bytes | Modified Date = 5/16/2006 10:58:14 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67} -> [Folder | Modified
Date = 11/9/2008 3:23:43 PM | Attr = ]
corecomp.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67}\corecomp.ini -> [Ver =
| Size = 65503 bytes | Modified Date = 5/16/2006 10:58:14 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5} -> [Folder | Modified
Date = 11/9/2008 2:38:42 PM | Attr = ]
setup.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5}\setup.ini -> [Ver = |
Size = 530 bytes | Modified Date = 11/9/2008 2:38:41 PM | Attr = ]
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified
Date = 4/6/2007 7:29:02 PM | Attr = HS]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384
bytes | Modified Date = 1/9/2008 9:56:01 PM | Attr = ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\
-> [Folder | Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = |
Size = 32768 bytes | Modified Date = 1/9/2008 9:56:01 PM | Attr = ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified
Date = 4/6/2007 7:29:02 PM | Attr = HS]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
-> [Ver = | Size = 32768 bytes | Modified Date = 1/9/2008 9:56:01 PM | Attr
= ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\
-> [Folder | Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = |
Size = 113 bytes | Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified
Date = 4/6/2007 7:29:02 PM | Attr = HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet
Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date =
4/6/2007 7:29:02 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CHA3Q7WL\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CHA3Q7WL -> [Folder |
Modified Date = 1/9/2008 9:56:06 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet
Files\Content.IE5\CHA3Q7WL\desktop.ini -> [Ver = | Size = 67 bytes |
Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CXY30ZIX\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CXY30ZIX -> [Folder |
Modified Date = 1/9/2008 9:56:08 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet
Files\Content.IE5\CXY30ZIX\desktop.ini -> [Ver = | Size = 67 bytes |
Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KLUB85QL\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KLUB85QL -> [Folder |
Modified Date = 1/9/2008 9:56:08 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet
Files\Content.IE5\KLUB85QL\desktop.ini -> [Ver = | Size = 67 bytes |
Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YB8PIJAL\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YB8PIJAL -> [Folder |
Modified Date = 1/9/2008 9:56:07 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet
Files\Content.IE5\YB8PIJAL\desktop.ini -> [Ver = | Size = 67 bytes |
Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
< End of report >
|
|
Open a cmd prompt. Start > Run... [type in] cmd > Ok
At the prompt, enter the following commands:
attrib -h -r -s C:\Autorun.inf
del C:\Autorun.inf
attrib -h -r -s D:\Autorun.inf
del D:\Autorun.inf
etc.
(do this for every drive letter (C: D: E: etc) and do NOT open any drives with
Explorer until you're completed)
Here are a couple of useful links previously posted in this thread
Kaspersky Antivirus (http://www.kaspersky.com/virusscanner)
Panda ActiveScan (http://www.pandasoftware.com/activescan)
"ralph rosancrans" <ralph rosancrans[ at ]discussions.microsoft.com> wrote in message
news:9BAAE10C-6D6A-4D77-85A3-8E46E51BF126[ at ]microsoft.com...
[Quoted Text] > im having the same prob with C:\resycled\boot.com ad all of my drives now i
> tryed doin the cmd thing it sed that the attrib -h -r -s C:\Autorun.inf and
> c:\Autorun.inf and ether were found i have the OTScanIt can sum 1 help me
|
|
This "forum" doesn't generally accept scanner logs. See my previous reply.
"ralph rosancrans" <ralphrosancrans[ at ]discussions.microsoft.com> wrote in message
news:45BB485F-6007-48BF-B3DD-07B2E7A85761[ at ]microsoft.com...
[Quoted Text] > C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\ -> C:\Documents and
> Settings\DEMON_GRUB\Local Settings\Temp -> [Folder | Modified Date =
> 11/12/2008 6:26:01 AM | Attr = ]
> Perflib_Perfdata_a7c.dat -> C:\Documents and Settings\DEMON_GRUB\Local
> Settings\Temp\Perflib_Perfdata_a7c.dat -> [Ver = | Size = 16384 bytes |
> Modified Date = 12/14/2007 1:30:06 PM | Attr = ]
> Perflib_Perfdata_abc.dat -> C:\Documents and Settings\DEMON_GRUB\Local
|
|
I have the same problem exept C: works fine, Its all my other hard drives
that this is happening to.
"Marks" wrote:
[Quoted Text] > I can't open c: when double click on it but pop up a message
> "C:\resycled\boot.com is not a valid Win32 application". Please help.
> Thanks.
>
>
>
|
|
"Marks" wrote:
[Quoted Text] > I can't open c: when double click on it but pop up a message
> "C:\resycled\boot.com is not a valid Win32 application". Please help.
> not only c drive almost all the drives.
Thanks.
>
>
>
|
|
here is my logfile:
Logfile of HijackThis v1.99.1
Scan saved at 17:36:17, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Documents and Settings\Lauren1\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.logitech.com/msnmsg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local;<local>
O4 - HKLM\..\Run: [AS00_WN311B] C:\Program
Files\NETGEAR\WN311B\Utility\WN311B.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common
Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdptu.exe]
C:\WINDOWS\system32\kdptu.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common
Files\mc-58-12-0000080.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Acme.PCHButton]
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE"
/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: [ at ]xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program
files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) -
https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{01A8033F-7BC4-45DB-8913-C399E8E1E28C}:
NameServer = 85.255.112.113;85.255.112.73
O17 -
HKLM\System\CCS\Services\Tcpip\..\{828A1076-8579-481E-BDD9-ABD78DE5D3E4}:
NameServer = 85.255.112.113;85.255.112.73
O17 -
HKLM\System\CS1\Services\Tcpip\..\{01A8033F-7BC4-45DB-8913-C399E8E1E28C}:
NameServer = 85.255.112.113;85.255.112.73
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -
C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll
(file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
p.s my removal programmes: malwarebytes', spybot and ad-aware are not
removing the repeated infected items. obviously i haven't got a clue
what to do! also when i try and download live messenger the download
page cannot be displayed or when i use google i am directed to other
pages?!
--
laurie
------------------------------------------------------------------------
laurie's Profile: http://forums.techarena.in/members/laurie.htm
View this thread: http://forums.techarena.in/windows-xp-support/1064141.htm
http://forums.techarena.in
|
|
|
|
|
|
I can't open c: , e: ,d: when double click on it but pop up a message
"C:\resycled\boot.com is not a valid Win32 application".
i try to scan with panda internet security,and malware when i double
click c: there is no a message C:\resycled\boot.com is not a valid Win32
application
but when i double click d: and e: pop up a message
"C:\resycled\boot.com is not a valid Win32 application".
what should i do?
thx
--
sylv
------------------------------------------------------------------------
sylv's Profile: http://forums.techarena.in/members/sylv.htm
View this thread: http://forums.techarena.in/windows-xp-support/1064141.htm
http://forums.techarena.in
|
|
On Sat, 6 Dec 2008 20:30:07 +0530, sylv wrote in message
<news:sylv.3k06ba[ at ]DoNotSpam.com>:
[Quoted Text] > I can't open c: , e: ,d: when double click on it but pop up a message
> "C:\resycled\boot.com is not a valid Win32 application".
> i try to scan with panda internet security,and malware when i double
> click c: there is no a message C:\resycled\boot.com is not a valid Win32
> application
> but when i double click d: and e: pop up a message
> "C:\resycled\boot.com is not a valid Win32 application".
> what should i do?
> thx
It's a virus, all right (as you might have suspected due to the misspelling
of "recycled").
Start Windows in safe mode, then click Start -> Run. Type in regedit and
click okay.
Now at the top of the registry editor, click Edit -> Find. Type boot.com
and click Find Next. Every time it finds a new boot.com, press the delete
key and then enter. It should find a dozen or so copies.
Now, plug in any external drives or flash drives you have used with this
computer. Open My Computer. Click Tools -> Folder Options -> View and
select "Show Hidden Files and Folders" and click okay.
For each drive, open it and delete the "resycled" folder and autorun.inf.
Back up each autorun.inf before deleting them off external drives, because
they might be important.
Restart the computer and the problem should be gone.
|
|
Iceman;4115995 Wrote:
> On Sat, 6 Dec 2008 20:30:07 +0530, sylv wrote in message
[Quoted Text] > <news:sylv.3k06ba[ at ]DoNotSpam.com>:
>
> > I can't open c: , e: ,d: when double click on it but pop up a
> message
> > "C:\resycled\boot.com is not a valid Win32 application".
> > i try to scan with panda internet security,and malware when i double
> > click c: there is no a message C:\resycled\boot.com is not a valid
> Win32
> > application
> > but when i double click d: and e: pop up a message
> > "C:\resycled\boot.com is not a valid Win32 application".
> > what should i do?
> > thx
>
> It's a virus, all right (as you might have suspected due to the
> misspelling
> of "recycled").
>
> Start Windows in safe mode, then click Start -> Run. Type in regedit
> and
> click okay.
>
> Now at the top of the registry editor, click Edit -> Find. Type
> boot.com
> and click Find Next. Every time it finds a new boot.com, press the
> delete
> key and then enter. It should find a dozen or so copies.
>
> Now, plug in any external drives or flash drives you have used with
> this
> computer. Open My Computer. Click Tools -> Folder Options -> View and
> select "Show Hidden Files and Folders" and click okay.
>
> For each drive, open it and delete the "resycled" folder and
> autorun.inf.
> Back up each autorun.inf before deleting them off external drives,
> because
> they might be important.
>
> Restart the computer and the problem should be gone.
Thanks Man..It Really helped :)
--
egohere
------------------------------------------------------------------------
egohere's Profile: http://forums.techarena.in/members/egohere.htm
View this thread: http://forums.techarena.in/windows-xp-support/1064141.htm
http://forums.techarena.in
|
|
For a better answer
See the Posts submitted by Bill Blanton
Post #3 and Post #9
Thanx Bill
It really helpful for me but still hv problem in "E:" and "F:" while
attribute cmd worked for c drive and d drive
OTHER METHOD
You should do these steps after a fresh reboot or in safe mode.
1) Navigate to the problem drive(s) via the Explore option.
2) Click on TOOLS -> FOLDER OPTIONS
3) Click the button which says ‘Show hidden files and folders.
4) UNCHECK the following boxes:
Hide extensions for known file types
Hide protected operrating system files
5) Find and delete the autorun.ini file and the resycled folder on the
root directory of all affected drives.
6) Check “c:\windows\system32\dllcache” for boot.com file and delete it
if present.
7) Check “c:\windows\prefetch” for boot.com file and delete if
present.
8) Delete all files from c:\windows\temp
(Some files may not delete, that’s ok, they’re in use by the system and
not virus files.)
9) Delete all files from c:\Documents and Settings\[USER PROFILE]\Local
Settings\Temp
(Again, a couple files may not delete, don’t worry.)
10) Run Regedit
11) Make sure you are at the very first entry of the registry hive. (y
Computer should be hilighted) then click EDIT -> FIND
12) Search for “boot.com”. If it finds an entry, delete it. Keep
hitting F3 until you’ve deleted all instances of boot.com in the entire
registry.
13) Scroll the left comumn back up to the top and hilight the My
Computer again at the top of the registry hive.
14) Click Edit -> Find again and search for ‘resycled’ and repeat as in
step 13, deleting the entries as it finds them. (I found 2 of each)
15) Close registry editor and try opening the infected drives. They
should work now.
--
negims82
------------------------------------------------------------------------
negims82's Profile: http://forums.techarena.in/members/negims82.htm
View this thread: http://forums.techarena.in/windows-xp-support/1064141.htm
http://forums.techarena.in
|
|
|
|
|
|
|
|