Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown Problems after destructive recovery [CLOSED]

Started by acongojada , Apr 06 2008 02:02 PM

  • This topic is locked This topic is locked

#1
acongojada
Posted 06 April 2008 - 02:02 PM

acongojada

    Member

  • Member
  • PipPip
  • 16 posts
Good Afternoon,

I am sorry if my title isn't descriptive enough, but I just have no idea what is going on. After not being able to restart my computer,(with a fatal system error of "c00021a 0x0000005) I did a non-destructive recovery without success. Then I decided just to chuck it and do the destructive recovery. I have done this twice. After doing this the last time, my windows tried to reboot over and over, and this time, eventually booted. It kept showing the Windows XP welcome screen and then restarting again, and after approx. 10 times it started. In between all of this, each time I try to start in safemode, it will not let me. Just keeps looping. I followed the instructions in the post "You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide" and I got through the instructions until it requests that I have to reboot. I am afraid to try that, because it has not works before, and I have had to do recovery again. I ran ATF Cleaner per instructions, and did the system restore points per instructions. I have also run fix-it utilities 8 and it identifies virus PE_VIRUT.ART in 632 files, and also in my explorer.exe, ctfmon.exe, lsass.exe, services.exe, spoolsv.exe, svchost.exe, winlogon.exe, which could not be fixed. I am so afraid to try to restart, because of the past failure. I am working with a Compaq Presario, with the restore files on partitioned D drive, with no restore disks. I know I can send for them, but I wanted to give it as much effort now, because I am poor.:), I would appreciate any advise that can be given, and I apologize if I have written to much or too little! Below is my HiJackThis Log and My HiJackThis Uninstall List.

Thank you for any help given,
Ms. J. King
--------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:46 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\WISPTIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run
O4 - HKLM\..\Run: [firstintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak1.cmd
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: CaSup.lnk = C:\hp\region\CustAtStartUp.wsf
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7269 bytes
-----------------------------------
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Holidays from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
CC_ccProxyExt
ccCommon
ccPxyCore
Compaq Connections
Compaq Organize
Crystal Maze from Compaq (remove only)
Easy Internet Sign-up
Final Drive Nitro from Compaq (remove only)
Fix-It Utilities 8 Professional
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 2.0.2
HP Boot Optimizer
Intel® Extreme Graphics Driver
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Lexibox Deluxe from Compaq (remove only)
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works
Mozilla Firefox (2.0.0.13)
MSRedist
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Overball from Compaq (remove only)
PC-Doctor for Windows
Phoenix Assault from Compaq (remove only)
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Remove Adobe Photoshop Album 2.0 Starter Edition installer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Remove WeatherBug installer
Shooting Stars Pool from Compaq (remove only)
Slyder from Compaq (remove only)
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC
SpySubtract
Super Granny from Compaq (remove only)
SymNet
Tradewinds from Compaq (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
  • 0

Advertisements

#2
Rorschach112
Posted 10 April 2008 - 12:51 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
acongojada
Posted 10 April 2008 - 03:15 PM

acongojada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Rorschach112, I cannot tell you how happy I am that you responded. Thank you so much. I will follow your instructions and post back. I will be leaving shortly for a few hours, so I will try to run the first scan while I am gone. I will post back when I am finished.

Again, Thanks so much!

J
  • 0

#4
Rorschach112
Posted 10 April 2008 - 03:20 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok, take your time :)
  • 0

#5
acongojada
Posted 11 April 2008 - 02:03 AM

acongojada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
sorry dupe post

Edited by acongojada, 11 April 2008 - 02:07 AM.

  • 0

#6
acongojada
Posted 11 April 2008 - 02:04 AM

acongojada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Rorschach112,

Here is my text from the online scan with Kaspersky WebScanner. I will send the next scan shortly. Thanks!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 11, 2008 3:59:54 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 696917
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 63499
Number of viruses found: 3
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 01:09:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\explorer.exe Infected: Virus.Win32.Virut.x skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\lsass.exe Infected: Virus.Win32.Virut.x skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\services.exe Infected: Virus.Win32.Virut.x skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\spoolsv.exe Infected: Virus.Win32.Virut.x skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\svchost.exe Infected: Virus.Win32.Virut.x skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\winlogon.exe Infected: Virus.Win32.Virut.x skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\wscntfy.exe Infected: Virus.Win32.Virut.x skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\cert8.db Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\history.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\key3.db Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\parent.lock Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\log\plugin150.trace Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\hsc7tgkw.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\hsperfdata_Compaq_Owner\1908 Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-3022762635-148825926-2308149742-1008\Dc8.exe Infected: Virus.Win32.Virut.x skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\I386\Apps\APP00848\src\HPSummer2005.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
D:\I386\Apps\APP00848\src\HPSummer2005.exe WiseSFX: infected - 1 skipped
D:\I386\Apps\APP00848\src\HPSummer2005.exe WiseSFXDropper: infected - 1 skipped

Scan process completed.
  • 0

#7
acongojada
Posted 11 April 2008 - 02:05 AM

acongojada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
sorry dupe again

Edited by acongojada, 11 April 2008 - 02:08 AM.

  • 0

#8
Rorschach112
Posted 11 April 2008 - 06:57 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Delete this file in bold

D:\I386\Apps\APP00848\src\HPSummer2005.exe/WISE0016.BIN


Then post the DSS logs
  • 0

#9
acongojada
Posted 11 April 2008 - 01:34 PM

acongojada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Rorschach112,

I am ready to delete that entry, but I am unable to view the files in that folder. I have the option checked to show all hidden files. any ideas how to see it to be able to delete it? Also, I have already run the other test scans you asked for should I just post them, or wait until I can delete the entry you mentioned and rerun them and post?

Thanks again for your help!!
  • 0

#10
Rorschach112
Posted 11 April 2008 - 03:51 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Go ahead and post the DSS logs
  • 0

Advertisements

#11
acongojada
Posted 11 April 2008 - 05:34 PM

acongojada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Below are the DSS logs. Thanks!

Main.Txt
Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-04-11 04:10:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-11 08:10:36 UTC - RP7 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:49 AM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Compaq_Owner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run
O4 - HKLM\..\Run: [firstintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak1.cmd
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [Prefs] C:\Program Files\oDesk\oDeskLaunch.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: CaSup.lnk = C:\hp\region\CustAtStartUp.wsf
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7673 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080406-144536-843 O4 - HKLM\..\Run: [AutoInclude] C:\WINDOWS\TEMP\DILE.tmp

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\4&1A671D0C&0&58F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\4&1A671D0C&0&58F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2005-05-14 19:54:39 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 02:11:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-11 02:11:34 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-09 05:32:44 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Help
2008-04-09 04:50:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-09 04:50:09 0 d-------- C:\Program Files\Security Task Manager
2008-04-09 04:42:13 0 d--h----- C:\WINDOWS\PIF
2008-04-08 23:19:21 388608 --a------ C:\WINDOWS\system32\CF18338.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-08 23:19:16 0 d-------- C:\327882R2FWJFW
2008-04-08 21:59:25 0 d-------- C:\WINDOWS\pss
2008-04-08 21:56:52 13824 -----n--- C:\WINDOWS\system32\wscntfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-08 21:56:49 502272 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-08 21:56:47 14336 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-08 21:56:46 57856 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-08 21:56:44 108032 --a------ C:\WINDOWS\system32\services.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-08 21:56:41 13312 --a------ C:\WINDOWS\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-08 21:56:39 1032192 -----n--- C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-08 21:54:44 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-08 21:04:55 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-04-08 21:00:48 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Bitdefender
2008-04-08 20:58:41 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-08 20:12:29 3982 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-08 18:32:16 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-08 18:32:16 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-08 18:32:16 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-08 18:32:16 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-08 18:32:16 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-08 18:32:16 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-08 18:32:16 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-08 18:21:48 47104 --a------ C:\WINDOWS\system32\Wh2Robo.dll
2008-04-08 18:21:48 317952 --a------ C:\WINDOWS\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2008-04-08 18:21:48 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-04-08 18:21:42 0 d-------- C:\Program Files\Paint Shop Pro 6
2008-04-08 07:01:29 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SecondLife
2008-04-08 06:55:22 0 d-------- C:\Program Files\SecondLife
2008-04-07 04:50:02 1158 --a------ C:\WINDOWS\mozver.dat
2008-04-06 23:11:23 0 d-------- C:\a6a9cc17fb27c9608243090cdb17cd
2008-04-06 23:08:42 0 d-------- C:\Program Files\MSXML 4.0
2008-04-06 22:48:59 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-06 22:18:45 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-06 17:14:43 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Template
2008-04-06 17:14:20 1296 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-04-06 17:01:57 0 d--h----- C:\_Backup
2008-04-06 17:00:34 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Avanquest
2008-04-06 17:00:11 0 d-------- C:\Program Files\Avanquest
2008-04-06 16:57:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 16:53:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-06 16:53:29 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia
2008-04-06 16:46:42 0 d--h----- C:\Documents and Settings\Compaq_Owner\Local Settings
2008-04-06 16:46:42 0 dr------- C:\Documents and Settings\Compaq_Owner\Favorites
2008-04-06 16:46:42 0 d-------- C:\Documents and Settings\Compaq_Owner\Desktop
2008-04-06 16:46:42 0 d---s---- C:\Documents and Settings\Compaq_Owner\Cookies
2008-04-06 16:46:42 0 dr-h----- C:\Documents and Settings\Compaq_Owner\Application Data
2008-04-06 16:46:42 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
2008-04-06 16:46:42 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
2008-04-06 16:46:42 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2008-04-06 16:46:42 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
2008-04-06 16:46:42 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Identities
2008-04-06 16:46:42 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2008-04-06 16:46:41 0 d-------- C:\Documents and Settings\Compaq_Owner\WINDOWS
2008-04-06 16:46:41 0 d--h----- C:\Documents and Settings\Compaq_Owner\Templates
2008-04-06 16:46:41 0 dr------- C:\Documents and Settings\Compaq_Owner\Start Menu
2008-04-06 16:46:41 0 dr-h----- C:\Documents and Settings\Compaq_Owner\SendTo
2008-04-06 16:46:41 0 dr-h----- C:\Documents and Settings\Compaq_Owner\Recent
2008-04-06 16:46:41 0 d--h----- C:\Documents and Settings\Compaq_Owner\PrintHood
2008-04-06 16:46:41 1310720 --ah----- C:\Documents and Settings\Compaq_Owner\NTUSER.DAT
2008-04-06 16:46:41 0 d--h----- C:\Documents and Settings\Compaq_Owner\NetHood
2008-04-06 16:46:41 0 dr------- C:\Documents and Settings\Compaq_Owner\My Documents
2008-04-06 16:45:10 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-04-06 16:44:27 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-04-06 16:44:27 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-04-06 16:44:27 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-04-06 16:44:27 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2008-04-06 16:44:27 0 d-------- C:\Documents and Settings\Default User\Application Data\InterMute
2008-04-06 16:44:27 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-06 16:43:22 0 d-------- C:\WINDOWS\Sun
2008-04-06 16:43:22 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Sun
2008-04-06 16:42:35 0 d-------- C:\WINDOWS\Prefetch
2008-04-06 16:25:14 0 d-------- C:\WINDOWS\LastGood
2008-04-06 16:17:08 0 d--hs---- C:\System Volume Information
2008-04-06 16:12:44 0 d-------- C:\Program Files\oDesk
2008-04-06 15:33:17 246 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-04-06 15:32:43 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-04-06 15:32:30 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2008-04-06 15:32:27 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-06 15:31:34 0 d-------- C:\WINDOWS\I386
2008-04-06 15:24:39 0 dr-h----- C:\MSOCache
2008-04-06 15:24:36 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-06 15:24:36 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-06 15:24:36 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-04-06 15:24:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-06 15:24:36 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-06 15:24:36 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-06 15:24:34 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-06 15:24:13 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-06 15:23:41 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-04-06 14:43:42 0 d-------- C:\Program Files\Trend Micro
2008-04-06 14:26:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-06 14:26:53 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2008-04-06 14:20:09 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Google
2008-04-06 14:03:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-04-06 14:02:46 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-06 14:01:58 0 dr-hs---- C:\_Backup.RC


-- Find3M Report ---------------------------------------------------------------

2008-04-08 20:57:43 0 d-------- C:\Program Files\Common Files
2008-04-07 19:59:42 0 d-------- C:\Program Files\Windows NT
2008-04-07 19:58:18 0 d-------- C:\Program Files\QuickTime
2008-04-07 19:58:16 0 d-------- C:\Program Files\PC-Doctor for Windows
2008-04-07 19:56:59 0 d-------- C:\Program Files\Movie Maker
2008-04-07 19:56:58 0 d-------- C:\Program Files\Microsoft Works
2008-04-07 19:56:48 0 d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2008-04-07 19:56:39 0 d-------- C:\Program Files\Microsoft Plus! Dancer LE
2008-04-07 19:56:27 0 d-------- C:\Program Files\Messenger
2008-04-07 19:56:04 0 d-------- C:\Program Files\iTunes
2008-04-07 19:55:43 0 d-------- C:\Program Files\Easy Internet signup
2008-04-07 19:51:26 5632 -----n--- C:\WINDOWS\system32\write.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:26 32256 -----n--- C:\WINDOWS\system32\wpnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:24 189952 -----n--- C:\WINDOWS\system32\WISPTIS.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:24 5632 -----n--- C:\WINDOWS\system32\winver.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:23 11776 -----n--- C:\WINDOWS\system32\winmsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:23 119808 -----n--- C:\WINDOWS\system32\winmine.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:22 8192 -----n--- C:\WINDOWS\system32\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:22 433664 -----n--- C:\WINDOWS\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:22 65536 -----n--- C:\WINDOWS\system32\wextract.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:21 49664 -----n--- C:\WINDOWS\system32\w32tm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:21 289792 -----n--- C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:21 33792 -----n--- C:\WINDOWS\system32\vssadmin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:21 98304 -----n--- C:\WINDOWS\system32\verifier.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:21 28672 -----n--- C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:20 47104 -----n--- C:\WINDOWS\system32\uwdf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:20 50176 -----n--- C:\WINDOWS\system32\utilman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:20 69632 -----n--- C:\WINDOWS\system32\usrshuta.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver>
2008-04-07 19:51:20 61440 -----n--- C:\WINDOWS\system32\usrprbda.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics modem>
2008-04-07 19:51:20 77824 -----n--- C:\WINDOWS\system32\usrmlnka.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver>
2008-04-07 19:51:20 24576 -----n--- C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:19 18432 -----n--- C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:19 16896 -----n--- C:\WINDOWS\system32\upnpcont.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:19 4096 -----n--- C:\WINDOWS\system32\unlodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:19 16896 -----n--- C:\WINDOWS\system32\tsshutdn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:18 16384 -----n--- C:\WINDOWS\system32\tskill.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:18 14848 -----n--- C:\WINDOWS\system32\tsdiscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:18 44544 -----n--- C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:18 14848 -----n--- C:\WINDOWS\system32\tscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:17 31744 -----n--- C:\WINDOWS\system32\tracert6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:17 12288 -----n--- C:\WINDOWS\system32\tracert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:17 347136 -----n--- C:\WINDOWS\system32\tourstart.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:17 16896 -----n--- C:\WINDOWS\system32\tftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:17 75264 -----n--- C:\WINDOWS\system32\telnet.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:17 12288 -----n--- C:\WINDOWS\system32\tcmsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:16 3072 -----n--- C:\WINDOWS\system32\systray.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:16 105984 -----n--- C:\WINDOWS\system32\sysocmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:16 36864 -----n--- C:\WINDOWS\system32\syskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:51:16 51200 -----n--- C:\WINDOWS\system32\syncapp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:50:39 283648 -----n--- C:\WINDOWS\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:50:38 25600 -----n--- C:\WINDOWS\twunk_32.exe <Not Verified; Twain Working Group; Twain Thunker>
2008-04-07 19:50:38 146432 -----n--- C:\WINDOWS\regedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:50:38 69120 -----n--- C:\WINDOWS\NOTEPAD.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 19:50:38 306688 -----n--- C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-07 19:50:37 64512 -----n--- C:\WINDOWS\agrsmdel.exe <Not Verified; Agere Systems; LTRemove>
2008-04-07 01:12:57 135680 -----n--- C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 01:12:48 19456 -----n--- C:\WINDOWS\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 01:12:37 15360 -----n--- C:\WINDOWS\system32\taskman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 01:11:54 15360 -----n--- C:\WINDOWS\TASKMAN.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:08 9216 -----n--- C:\WINDOWS\system32\subst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:07 14848 -----n--- C:\WINDOWS\system32\stimon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:07 679936 -----n--- C:\WINDOWS\system32\sstext3d.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:07 14336 -----n--- C:\WINDOWS\system32\ssstars.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:07 610304 -----n--- C:\WINDOWS\system32\sspipes.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:07 18944 -----n--- C:\WINDOWS\system32\ssmyst.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:07 47104 -----n--- C:\WINDOWS\system32\ssmypics.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:06 20992 -----n--- C:\WINDOWS\system32\ssmarque.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:06 393216 -----n--- C:\WINDOWS\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:06 19968 -----n--- C:\WINDOWS\system32\ssbezier.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:06 704512 -----n--- C:\WINDOWS\system32\ss3dfo.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:04 11776 -----n--- C:\WINDOWS\system32\spnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:04 538624 -----n--- C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:04 23552 -----n--- C:\WINDOWS\system32\sort.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:04 56832 -----n--- C:\WINDOWS\system32\sol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:03 138752 -----n--- C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:03 131584 -----n--- C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:03 89600 -----n--- C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:03 8192 -----n--- C:\WINDOWS\system32\smbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:03 26112 -----n--- C:\WINDOWS\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:03 70144 -----n--- C:\WINDOWS\system32\sigverif.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:02 19456 -----n--- C:\WINDOWS\system32\shutdown.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:02 77824 -----n--- C:\WINDOWS\system32\shrpubw.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:02 42496 -----n--- C:\WINDOWS\system32\shmgrate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:01 14848 -----n--- C:\WINDOWS\system32\shadow.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:01 9728 -----n--- C:\WINDOWS\system32\sfc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:01 23040 -----n--- C:\WINDOWS\system32\setup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:46:00 31232 -----n--- C:\WINDOWS\system32\sethc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:58 140800 -----n--- C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:58 77312 -----n--- C:\WINDOWS\system32\sdbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:58 9216 -----n--- C:\WINDOWS\system32\scrnsave.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:58 95744 -----n--- C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:57 31232 -----n--- C:\WINDOWS\system32\sc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:57 13312 -----n--- C:\WINDOWS\system32\savedump.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:57 15872 -----n--- C:\WINDOWS\system32\rwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:57 14336 -----n--- C:\WINDOWS\system32\runonce.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:57 33280 -----n--- C:\WINDOWS\system32\rundll32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:57 16384 -----n--- C:\WINDOWS\system32\runas.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:56 77312 -----n--- C:\WINDOWS\system32\rtcshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:56 132608 -----n--- C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:56 49152 -----n--- C:\WINDOWS\system32\rsmui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Whistler® Operating System>
2008-04-07 00:45:56 24576 -----n--- C:\WINDOWS\system32\rsmsink.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Whistler® Operating System>
2008-04-07 00:45:56 49152 -----n--- C:\WINDOWS\system32\rsm.exe <Not Verified; Microsoft Corp; Microsoft® Windows ® 2000 Operating System>
2008-04-07 00:45:56 14848 -----n--- C:\WINDOWS\system32\rsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:56 25600 -----n--- C:\WINDOWS\system32\routemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:55 19968 -----n--- C:\WINDOWS\system32\route.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:55 13824 -----n--- C:\WINDOWS\system32\rexec.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:55 9728 -----n--- C:\WINDOWS\system32\reset.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:55 12800 -----n--- C:\WINDOWS\system32\replace.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:51 4608 -----n--- C:\WINDOWS\system32\regwiz.exe <Not Verified; Microsoft; RegWizExe>
2008-04-07 00:45:51 11776 -----n--- C:\WINDOWS\system32\regsvr32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:51 33792 -----n--- C:\WINDOWS\system32\regini.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:50 3584 -----n--- C:\WINDOWS\system32\regedt32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:50 50176 -----n--- C:\WINDOWS\system32\reg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:50 7168 -----n--- C:\WINDOWS\system32\recover.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:50 67072 -----n--- C:\WINDOWS\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:50 13824 -----n--- C:\WINDOWS\system32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:50 62464 -----n--- C:\WINDOWS\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:50 21504 -----n--- C:\WINDOWS\system32\rcp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:49 35840 -----n--- C:\WINDOWS\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:49 56832 -----n--- C:\WINDOWS\system32\rasphone.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:49 11264 -----n--- C:\WINDOWS\system32\rasdial.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:49 11776 -----n--- C:\WINDOWS\system32\rasautou.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:48 22016 -----n--- C:\WINDOWS\system32\qwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:47 20480 -----n--- C:\WINDOWS\system32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:46 16896 -----n--- C:\WINDOWS\system32\qappsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:46 9216 -----n--- C:\WINDOWS\system32\proxycfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:46 50176 -----n--- C:\WINDOWS\system32\proquota.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:45 109568 -----n--- C:\WINDOWS\system32\progman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:45 9216 -----n--- C:\WINDOWS\system32\print.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:45 49152 -----n--- C:\WINDOWS\system32\powercfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:44 33280 -----n--- C:\WINDOWS\system32\ping6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:44 17920 -----n--- C:\WINDOWS\system32\ping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:44 15872 -----n--- C:\WINDOWS\system32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:44 15360 -----n--- C:\WINDOWS\system32\pentnt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:42 21504 -----n--- C:\WINDOWS\system32\pathping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:42 58368 -----n--- C:\WINDOWS\system32\packager.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:41 40448 -----n--- C:\WINDOWS\system32\osuninst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:41 215552 -----n--- C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:36 419840 -----n--- C:\WINDOWS\system32\ntvdm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:36 31744 -----n--- C:\WINDOWS\system32\ntsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:35 76800 -----n--- C:\WINDOWS\system32\nslookup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:34 69120 -----n--- C:\WINDOWS\system32\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:34 36864 -----n--- C:\WINDOWS\system32\netstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:34 86016 -----n--- C:\WINDOWS\system32\netsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:34 331776 -----n--- C:\WINDOWS\system32\netsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:33 111104 -----n--- C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:33 124928 -----n--- C:\WINDOWS\system32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:33 42496 -----n--- C:\WINDOWS\system32\net.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:33 4096 -----n--- C:\WINDOWS\system32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:33 20480 -----n--- C:\WINDOWS\system32\nbtstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:33 53760 -----n--- C:\WINDOWS\system32\narrator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:30 407552 -----n--- C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:30 12288 -----n--- C:\WINDOWS\system32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:30 6656 -----n--- C:\WINDOWS\system32\msswchx.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:29 343040 -----n--- C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:29 78848 -----n--- C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-04-07 00:45:28 29184 -----n--- C:\WINDOWS\system32\mshta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:28 126976 -----n--- C:\WINDOWS\system32\mshearts.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:28 20992 -----n--- C:\WINDOWS\system32\msg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:28 6144 -----n--- C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-07 00:45:26 12800 -----n--- C:\WINDOWS\system32\mrinfo.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:26 22016 -----n--- C:\WINDOWS\system32\mpnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:26 123392 -----n--- C:\WINDOWS\system32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:26 8192 -----n--- C:\WINDOWS\system32\mountvol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:26 143360 -----n--- C:\WINDOWS\system32\mobsync.exe <Not Verified; Microsoft Corporation; Microsoft Synchronization Manager>
2008-04-07 00:45:25 32768 -----n--- C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-07 00:45:25 815104 -----n--- C:\WINDOWS\system32\mmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:25 51712 -----n--- C:\WINDOWS\system32\migpwd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:24 85504 -----n--- C:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:23 72704 -----n--- C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:22 8192 -----n--- C:\WINDOWS\system32\lpr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:22 6144 -----n--- C:\WINDOWS\system32\lpq.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:22 514560 -----n--- C:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:22 220672 -----n--- C:\WINDOWS\system32\logon.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:22 15360 -----n--- C:\WINDOWS\system32\logoff.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:21 59392 -----n--- C:\WINDOWS\system32\logman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:21 96768 -----n--- C:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-04-07 00:45:21 5120 -----n--- C:\WINDOWS\system32\lodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:21 75264 -----n--- C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:21 25088 -----n--- C:\WINDOWS\system32\lnkstub.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:21 29696 -----n--- C:\WINDOWS\system32\lights.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:20 9728 -----n--- C:\WINDOWS\system32\label.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:18 23552 -----n--- C:\WINDOWS\system32\ipxroute.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:17 53248 -----n--- C:\WINDOWS\system32\ipv6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:17 44032 -----n--- C:\WINDOWS\system32\ipsec6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:17 55808 -----n--- C:\WINDOWS\system32\ipconfig.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:16 150016 -----n--- C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:16 114688 -----n--- C:\WINDOWS\system32\igfxzoom.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-07 00:45:16 155648 -----n--- C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-07 00:45:15 106496 -----n--- C:\WINDOWS\system32\igfxext.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-07 00:45:14 151552 -----n--- C:\WINDOWS\system32\igfxdiag.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-07 00:45:14 503808 -----n--- C:\WINDOWS\system32\igfxcfg.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-07 00:45:14 114688 -----n--- C:\WINDOWS\system32\iexpress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:12 7680 -----n--- C:\WINDOWS\system32\hostname.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:12 14848 -----n--- C:\WINDOWS\system32\help.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:11 39424 -----n--- C:\WINDOWS\system32\grpconv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:10 267776 -----n--- C:\WINDOWS\system32\fxssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:10 11264 -----n--- C:\WINDOWS\system32\fxssend.exe <Not Verified; Microsoft Corporation; Microsoft® Fax Server>
2008-04-07 00:45:10 229376 -----n--- C:\WINDOWS\system32\fxscover.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:10 143360 -----n--- C:\WINDOWS\system32\fxsclnt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:09 42496 -----n--- C:\WINDOWS\system32\ftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:09 56320 -----n--- C:\WINDOWS\system32\fsutil.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:09 193024 -----n--- C:\WINDOWS\system32\fsquirt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:09 55296 -----n--- C:\WINDOWS\system32\freecell.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:09 7168 -----n--- C:\WINDOWS\system32\forcedos.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:09 20992 -----n--- C:\WINDOWS\system32\fontview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:08 22528 -----n--- C:\WINDOWS\system32\fltMc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:08 3072 -----n--- C:\WINDOWS\system32\fixmapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:08 9216 -----n--- C:\WINDOWS\system32\finger.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:08 27136 -----n--- C:\WINDOWS\system32\findstr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:08 9216 -----n--- C:\WINDOWS\system32\find.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:08 14848 -----n--- C:\WINDOWS\system32\fc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:07 45568 -----n--- C:\WINDOWS\system32\extrac32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:07 15872 -----n--- C:\WINDOWS\system32\expand.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:07 8704 -----n--- C:\WINDOWS\system32\eventvwr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:07 193024 -----n--- C:\WINDOWS\system32\eudcedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:06 39424 -----n--- C:\WINDOWS\system32\esentutl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:06 1298432 -----n--- C:\WINDOWS\system32\dxdiag.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:05 180224 -----n--- C:\WINDOWS\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2008-04-07 00:45:05 17920 -----n--- C:\WINDOWS\system32\dvdupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:05 55296 -----n--- C:\WINDOWS\system32\dvdplay.exe <Not Verified; ; dvdplay Application>
2008-04-07 00:45:05 10752 -----n--- C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:45:04 45568 -----n--- C:\WINDOWS\system32\drwtsn32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:44:59 83456 -----n--- C:\WINDOWS\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:44:59 18432 -----n--- C:\WINDOWS\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:44:59 30208 -----n--- C:\WINDOWS\system32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:44:59 10752 -----n--- C:\WINDOWS\system32\doskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:44:58 15872 -----n--- C:\WINDOWS\system32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-04-07 00:44:58 224768 -----n--- C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2008-04-07 00:44:58 4608 -----n--- C:\WINDOWS\system32\dllhst3g.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:43:23 17920 -----n--- C:\WINDOWS\system32\diskperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:43:23 163840 -----n--- C:\WINDOWS\system32\diskpart.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-04-07 00:43:21 85504 -----n--- C:\WINDOWS\system32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:43:20 82432 -----n--- C:\WINDOWS\system32\dfrgfat.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-07 00:43:20 25088 -----n--- C:\WINDOWS\system32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-07 00:43:19 30208 -----n--- C:\WINDOWS\system32\ddeshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:43:19 5120 -----n--- C:\WINDOWS\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2008-04-07 00:43:17 98304 -----n--- C:\WINDOWS\system32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-04-07 00:43:16 13824 -----n--- C:\WINDOWS\system32\convert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:43:16 8192 -----n--- C:\WINDOWS\system32\control.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:43:16 27648 -----n--- C:\WINDOWS\system32\conime.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:43:07 17408 -----n--- C:\WINDOWS\system32\compact.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:43:07 15872 -----n--- C:\WINDOWS\system32\comp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:58 63488 -----n--- C:\WINDOWS\system32\cmstp.exe <Not Verif
  • 0

#12
acongojada
Posted 11 April 2008 - 06:15 PM

acongojada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
sorry here is the rest of the main.txt

2008-04-07 00:42:58 63488 -----n--- C:\WINDOWS\system32\cmstp.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-07 00:42:55 39936 -----n--- C:\WINDOWS\system32\cmmon32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-07 00:42:54 47104 -----n--- C:\WINDOWS\system32\cmdl32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-07 00:42:53 388608 -----n--- C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:51 33280 -----n--- C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:50 102912 -----n--- C:\WINDOWS\system32\clipbrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:48 64000 -----n--- C:\WINDOWS\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:47 7680 -----n--- C:\WINDOWS\system32\ckcnv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:46 5632 -----n--- C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:44 8192 -----n--- C:\WINDOWS\system32\cidaemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:43 11264 -----n--- C:\WINDOWS\system32\chkntfs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:41 11776 -----n--- C:\WINDOWS\system32\chkdsk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:40 80384 -----n--- C:\WINDOWS\system32\charmap.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:33 114688 -----n--- C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:32 18432 -----n--- C:\WINDOWS\system32\cacls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:29 5120 -----n--- C:\WINDOWS\system32\bootvrfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:28 4608 -----n--- C:\WINDOWS\system32\bootok.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:27 71680 -----n--- C:\WINDOWS\system32\blastcln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:23 14336 -----n--- C:\WINDOWS\system32\auditusr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:23 11264 -----n--- C:\WINDOWS\system32\attrib.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:21 11264 -----n--- C:\WINDOWS\system32\atmadm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:18 25088 -----n--- C:\WINDOWS\system32\at.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:14 19456 -----n--- C:\WINDOWS\system32\arp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:12 44544 -----n--- C:\WINDOWS\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:11 98304 -----n--- C:\WINDOWS\system32\ahui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:42:08 4096 -----n--- C:\WINDOWS\system32\actmovie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-04-07 00:42:06 183808 -----n--- C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:37:02 32256 -----n--- C:\WINDOWS\system32\wpabaln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:36:47 114688 -----n--- C:\WINDOWS\system32\wscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-04-07 00:36:28 165888 -----n--- C:\WINDOWS\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:36:19 32256 -----n--- C:\WINDOWS\system32\wupdmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:36:06 30720 -----n--- C:\WINDOWS\system32\xcopy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 00:20:47 10752 -----n--- C:\WINDOWS\hh.exe <Not Verified; Microsoft Corporation; HTML Help>
2008-04-06 16:53:34 0 d-------- C:\Program Files\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [05/14/2005 07:01 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [04/07/2008 07:50 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 01:31 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 01:06 PM C:\WINDOWS\AGRSMMSG.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/07/2008 07:55 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/09/2008 05:43 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/07/2008 08:05 PM]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/03/2004 02:59 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/27/2004 07:22 PM]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [08/17/2004 06:36 PM]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [08/30/2004 10:29 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [04/07/2008 07:55 PM]
"firstintel"="c:\hp\bin\cloaker.exe" [04/07/2008 07:53 PM]
"_SetRes"="c:\hp\bin\cloaker c:\hp\bin\res.bat" []
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [04/07/2008 08:01 PM]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [09/01/2007 06:58 AM]
"regcmdcons"="c:\hp\bin\cloaker.exe" [04/07/2008 07:53 PM]
"Prefs"="C:\Program Files\oDesk\oDeskLaunch.exe" [04/07/2008 07:57 PM]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [04/02/2007 03:48 PM]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [03/26/2007 02:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/06/2008 04:53 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CaSup.lnk - C:\hp\region\CustAtStartUp.wsf [5/14/2005 7:28:58 PM]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [5/14/2005 7:28:28 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e4affb4-0416-11dd-8a3c-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - BDFDLL
*Newly Created Service* - BDSS
*Newly Created Service* - FIX-IT_TASK_MANAGER
*Newly Created Service* - LIVESRV
*Newly Created Service* - VSSERV
*Newly Created Service* - WMIAPSRV
*Newly Created Service* - XCOMM



-- End of Deckard's System Scanner: finished at 2008-04-11 04:14:01 ------------
  • 0

#13
acongojada
Posted 11 April 2008 - 06:16 PM

acongojada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
here is the text for the extra.txt thanks again

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 247.48 MiB / 65.85 MiB
Pagefile Memory (total/avail): 660.3 MiB / 454.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.29 MiB

C: is Fixed (NTFS) - 68.53 GiB total, 61.81 GiB free.
D: is Fixed (FAT32) - 5.99 GiB total, 1.49 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 6 GiB - D:
\PARTITION1 (bootable) - Installable File System - 68.53 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Bitdefender Antivirus v8.0 (Softwin)
AV: Norton Internet Security v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Avanquest\\Fix-It\\Fix-It.exe"="C:\\Program Files\\Avanquest\\Fix-It\\Fix-It.exe:*:Enabled:Fix-It Utilities 8 Professional"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NANCY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Owner
LOGONSERVER=\\NANCY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
USERDOMAIN=NANCY
USERNAME=Compaq_Owner
USERPROFILE=C:\Documents and Settings\Compaq_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Compaq_Owner (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem --> agrsmdel
BitDefender Free Edition v10 --> MsiExec.exe /I{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}
Blackhawk Striker 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\Uninstall.exe"
Blasterball 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Blasterball 2 Holidays from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D06AB82F-D68E-405A-9886-AB8804291B6D\Uninstall.exe"
Blasterball 2 Remix from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\Uninstall.exe"
Bounce Symphony from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Compaq Connections --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 6750491
Compaq Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Crystal Maze from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Final Drive Nitro from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\657A0149-EEC7-4FB2-AB4F-CB7AA027748E\Uninstall.exe"
Fix-It Utilities 8 Professional --> MsiExec.exe /I{5158974E-2D28-4018-9335-7694C2974746}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Help and Support Additions --> WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexibox Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F05A08BF-E600-4FBD-A53A-3D47296B1275\Uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
oDesk MiniCam 2.0.55 --> C:\Program Files\oDesk\oDeskCommonPrefs.exe -uninst MiniCam
oDesk ScreenSnap 2.0.70 --> C:\Program Files\oDesk\oDeskCommonPrefs.exe -uninst ScreenSnap
oDesk Share 2.0.64 --> C:\Program Files\oDesk\oDeskCommonPrefs.exe -uninst Share
oDesk Team 2.0.83 --> C:\Program Files\oDesk\oDeskCommonPrefs.exe -uninst Team
Overball from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\FA7F5211-C629-4711-BD82-7DFFB08CB518\Uninstall.exe"
Paint Shop Pro 6.02 EVAL --> C:\Program Files\Paint Shop Pro 6\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG
PC-Doctor for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Phoenix Assault from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\CCCDE323-C76D-44DA-BB5B-B8ABE767756E\Uninstall.exe"
Polar Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
Polar Golfer from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Adobe Photoshop Album 2.0 Starter Edition installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Adobe_PhotoShop_Album\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Microsoft Money 2005 installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Quicken New User Edition installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove WeatherBug installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\WeatherBug\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Shooting Stars Pool from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\045C89A0-CA37-443C-8826-F750227DE69C\Uninstall.exe"
Slyder from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\Uninstall.exe"
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpySubtract --> C:\Program Files\InterMute\SpySubtract\SpySub.exe -uninstall
Super Granny from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tradewinds from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type160 / Error
Event Submitted/Written: 04/09/2008 04:56:25 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type130 / Warning
Event Submitted/Written: 04/08/2008 11:10:23 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type119 / Error
Event Submitted/Written: 04/08/2008 09:37:36 PM
Event ID/Source: 11933 / MsiInstaller
Event Description:
Product: Microsoft Office Standard Edition 2003 -- Error 1933. The Windows Installer service cannot update one or more protected Windows files. SFP Error: 1223. List of protected files:\r\nc:\windows\system32\ctfmon.exe

Event Record #/Type118 / Error
Event Submitted/Written: 04/08/2008 09:37:32 PM
Event ID/Source: 11931 / MsiInstaller
Event Description:
Product: Microsoft Office Standard Edition 2003 -- Error 1931. Setup cannot update file c:\windows\system32\ctfmon.exe because it is protected by Windows. You may need to update your operating system for this program to work correctly. Contact Microsoft Product Support Services (PSS) for assistance. For information about how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM. Package version: 5.1.2409.7, OS Protected version: 0.0.0.0

Event Record #/Type117 / Warning
Event Submitted/Written: 04/08/2008 09:36:52 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91120409-6000-11D3-8CFE-0150048383C9}', feature 'HandWritingFiles' failed during request for component '{E6BFD503-3A35-4B78-BAB5-9570EDDEF81C}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type439 / Error
Event Submitted/Written: 04/11/2008 04:13:27 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the navapsvc service.

Event Record #/Type435 / Error
Event Submitted/Written: 04/11/2008 02:27:23 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The BitDefender Virus Shield service terminated unexpectedly. It has done this 3 time(s).

Event Record #/Type434 / Error
Event Submitted/Written: 04/11/2008 02:27:20 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The BitDefender Communicator service terminated unexpectedly. It has done this 3 time(s).

Event Record #/Type433 / Error
Event Submitted/Written: 04/11/2008 02:27:20 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The BitDefender Scan Server service terminated unexpectedly. It has done this 3 time(s).

Event Record #/Type432 / Error
Event Submitted/Written: 04/11/2008 02:00:02 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDRsDrv service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-04-11 04:14:01 ------------
  • 0

#14
Rorschach112
Posted 11 April 2008 - 06:24 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

You have two anti-virus programs, Norton and Bitdefender, you need to remove one of these


You have two firewalls, so you need to disable Windows firewall

1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
D:\I386\Apps\APP00848\src\HPSummer2005.exe/WISE0016.BIN
C:\WINDOWS\system32\CF18338.exe 
C:\327882R2FWJFW
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e4affb4-0416-11dd-8a3c-806d6172696f}
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log and tell me how your PC is running
  • 0

#15
acongojada
Posted 11 April 2008 - 11:42 PM

acongojada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok,

I am about to follow the latest instructions,
but I want to let you know that whenever I have tried to reboot since these problems have come up, It will not reboot at all, not in safe mode either. That is why I did the Undestructive recovery, with no luck, and then the destructive one, which tried to start up for about 30 mins and finally let me in. I have not shut down my computer since then, so if I do this, and can't get back on, any advice in advance? Thanks again,

Ja King
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP