Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have Multiple Infections - Help Please?


  • This topic is locked This topic is locked
35 replies to this topic

#1 silverado2

silverado2

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 06 October 2007 - 10:35 PM

I started having porn popups on my e-mail page and then at many different sites. I found that my AVG icon was missing and the Windows firewall had been disabled. I updated and scanned with AVG, Ad Aware and Spybot. Spybot was the only one that found something called DeepDive. It removed the problem. I then thought that the software might have been compromised so I did an online scan at Trendmicro and here is what was found. I had them remove the files:

ADWARE_WINAD
ADWARE_TOPSEARCH
TSPY_RENOS
DOWNLOADER_SMALL
SPYW_PPNETWORK.A
ADW_PPNETWORK.C
ADW_ALTNET.A

I rescaned with all three and found nothing. Can someone take a look as there were several items on HJT that should not have been there. Thanks in advance. Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:29 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Utilities\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EyeOnIE Class - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\THESHI~1\THESHI~1.1\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156994990923
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: bw+0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B68DE300-1F24-4D2A-B089-3AD922AA57C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
O24 - Desktop Component 1: Anfy HUEROT - C:\Program Files\AnfyTeam\Applet\huerot\preview.html

--
End of file - 19324 bytes

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:13 AM

Posted 09 October 2007 - 12:21 AM

hello silverado2,

Download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe
Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced that we need to look at.
Please post it in your reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 silverado2

silverado2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 October 2007 - 10:08 AM

Hi SifuMike,

Many thanks for the help. First a couple of questions... I am not receiving any notification that this posting (your reply) was posted. I bookmarked my posting and just keep coming back here to see if there was a reply. I am not sure I checked the box to make sure I was notified of replies and it's becoming VERY buried in all the posts.

Secondly I did as you instructed and "FindAWF" ran for literally hours. I finally went to bed and let it run all night. When I got up this morning it was done. I'm not sure you want to look through this as the file, "awf.txt", is 3601 kb. It's so large it's almost unreadable but let me know and I will post it. It also might be easier to send as an attachment rather that cut & paste. Please let me know.

Thanks again so much!

Greg aka silverado2 :thumbsup:

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:13 AM

Posted 09 October 2007 - 10:23 AM

Hi silverado2,

I am not receiving any notification that this posting (your reply) was posted. I bookmarked my posting and just keep coming back here to see if there was a reply. I am not sure I checked the box to make sure I was notified of replies and it's becoming VERY buried in all the posts.


You should be notified of reply to your thread. Nothing I can do about that, as that is a forum problem. First time I have heard of such a problem on this forum.
I suggest you search you put your name in the Search function at the top of the page. It will show your threads.


Secondly I did as you instructed and "FindAWF" ran for literally hours. I finally went to bed and let it run all night. When I got up this morning it was done. I'm not sure you want to look through this as the file, "awf.txt", is 3601 kb. It's so large it's almost unreadable but let me know and I will post it. It also might be easier to send as an attachment rather that cut & paste. Please let me know.


Please attach it. I am curious as to why it so big and why it took so long to run. It should run in minutes, not hours.

Edited by SifuMike, 09 October 2007 - 10:25 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 silverado2

silverado2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 October 2007 - 12:25 PM

Oh Oh, I tried pasting it into a reply a couple of seconds ago. It took forever but finally finished. I then clicked "post" to post it and got an errer saying the "reply was too large, please reduce it". I then tried hitting my back button to see what had happened and the computer locked up. Now what???

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:13 AM

Posted 09 October 2007 - 12:52 PM

Just post a portion of it. Whatever fill fit in the attachment.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 silverado2

silverado2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 October 2007 - 01:46 PM

Let's try this. I "think" the germain stuff is at the top. If not let me know and I will try to send the rest. The bottom portion goes on forever. This is my son's computer and he is a DJ so has tons of music files etc., etc.. Sorry this is creating havoc with you. :thumbsup:


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Tue 10/09/2007
The current time is: 1:11:09.40


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

07/31/2007 06:44 PM 271,672 iTunesHelper.exe
1 File(s) 271,672 bytes

Directory of C:\PROGRA~1\MI0A1E~1\BAK

08/24/2005 06:25 PM 101,080 LocationFinder.exe
1 File(s) 101,080 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\WINDOW~2\BAK

10/18/2006 09:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\BACK\GREG'S~1\SITES\APACHE~1.BAK

0 File(s) 0 bytes

Directory of C:\BACK\GREG'S~1\SITES\DJ.BAK

08/21/2001 07:22 PM 1,470 index.htm
1 File(s) 1,470 bytes

Directory of C:\BACK\GREG'S~1\SITES\LINDAS~1.BAK

08/23/2002 01:35 AM 1,236 index.htm
1 File(s) 1,236 bytes

Directory of C:\BACK\GREG'S~1\SITES\PROJEC~1.BAK

02/26/2003 05:11 PM 6,329 index.htm
1 File(s) 6,329 bytes

Directory of C:\BACK\GREG'S~1\SITES\TYLERS~1.BAK

08/21/2001 07:22 PM 1,470 index.htm
1 File(s) 1,470 bytes

Directory of C:\PROGRA~1\CREATIVE\SYNCMA~1\BAK

08/07/2006 10:06 AM 700,416 CTSyncU.exe
1 File(s) 700,416 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

09/14/2007 07:00 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MEDIC\BIN\BAK

07/06/2006 09:45 AM 192,512 sprtcmd.exe
1 File(s) 192,512 bytes

Directory of C:\PROGRA~1\PCSECU~1\SHIELD~1\BAK

01/18/2006 06:07 PM 249,916 vrmonnt.exe
03/11/2004 01:00 PM 266,304 Vrres.exe
2 File(s) 516,220 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

01/30/2007 02:55 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of E:\GREG'S~1\SITES\APACHE~1.BAK

0 File(s) 0 bytes

Directory of E:\GREG'S~1\SITES\DJ.BAK

08/21/2001 07:22 PM 1,470 index.htm
1 File(s) 1,470 bytes

Directory of E:\GREG'S~1\SITES\LINDAS~1.BAK

08/23/2002 01:35 AM 1,236 index.htm
1 File(s) 1,236 bytes

Directory of E:\GREG'S~1\SITES\PROJEC~1.BAK

02/26/2003 05:11 PM 6,329 index.htm
1 File(s) 6,329 bytes

Directory of E:\GREG'S~1\SITES\TYLERS~1.BAK

08/21/2001 07:22 PM 1,470 index.htm
1 File(s) 1,470 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28172 Oct 5 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Aug 13 2007 "C:\WINDOWS\Installer\{E0219810-16E4-437D-9165-93D7B22524F9}\iTunesIco.exe"
116024 Jul 31 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.2.6\iTunesSetupAdmin.exe"
28172 Oct 5 2007 "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
101080 Aug 24 2005 "C:\Program Files\Microsoft Location Finder\bak\LocationFinder.exe"
28172 Oct 5 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
28172 Oct 5 2007 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
4742 Dec 21 2000 "C:\BACK\GREG'S STUFF\Sites\Apache Trader - OLD - Indian Art\apache.css"
4742 Dec 21 2000 "C:\BACK\GREG'S STUFF\Sites\apachetrader.bak\ApacheTrader 09-24-01\apache.css"
4742 Dec 21 2000 "E:\GREG'S STUFF\Sites\Apache Trader - OLD - Indian Art\apache.css"
4742 Dec 21 2000 "E:\GREG'S STUFF\Sites\apachetrader.bak\ApacheTrader 09-24-01\apache.css"
92044 Dec 16 2000 "C:\BACK\GREG'S STUFF\Sites\Apache Trader - OLD - Indian Art\ApacheTrader.apf"
92044 Dec 16 2000 "C:\BACK\GREG'S STUFF\Sites\apachetrader.bak\ApacheTrader 09-24-01\ApacheTrader.apf"
92044 Dec 16 2000 "E:\GREG'S STUFF\Sites\Apache Trader - OLD - Indian Art\ApacheTrader.apf"
92044 Dec 16 2000 "E:\GREG'S STUFF\Sites\apachetrader.bak\ApacheTrader 09-24-01\ApacheTrader.apf"
926 Jan 12 2007 "C:\BACK\GREG'S STUFF\agroovyplace\index.htm"
6089 May 3 2007 "C:\BACK\GREG'S STUFF\- Sailing Maps\web_info\index.htm"
6025 Jan 17 2007 "C:\BACK\GREG'S STUFF\agroovyplace\family\index.htm"
3931 Jul 16 2007 "C:\BACK\GREG'S STUFF\CYR'S STUFF\KUTHUMI-HANDS\index.htm"
8059 Jul 2 2007 "C:\BACK\GREG'S STUFF\RV INFO FOR SELLING\AD\index.htm"
424 May 5 2007 "C:\BACK\GREG'S STUFF\Sites\- ZZAX\index.htm"
897 Mar 24 2000 "C:\BACK\GREG'S STUFF\Sites\------- FAMILY TREE CD\index.htm"
386 Jan 30 2005 "C:\BACK\GREG'S STUFF\Sites\- Apache Trader\index.htm"
386 Jan 30 2005 "C:\BACK\GREG'S STUFF\Sites\- Apache from 1&1\index.htm"
1861 Nov 4 2006 "C:\BACK\GREG'S STUFF\Sites\- Kassie Paul\index.htm"
1236 Jun 24 2005 "C:\BACK\GREG'S STUFF\Sites\- Lindas Little Kids\index.htm"
6970 Jan 27 2005 "C:\BACK\GREG'S STUFF\Sites\- Project Wellbeing\index.htm"
5413 Apr 5 2002 "C:\BACK\GREG'S STUFF\Sites\Apache Trader - OLD - Indian Art\index.htm"
1470 Aug 21 2001 "C:\BACK\GREG'S STUFF\Sites\DJ\index.htm"
1470 Aug 21 2001 "C:\BACK\GREG'S STUFF\Sites\dj.bak\index.htm"
2894 Mar 25 2000 "C:\BACK\GREG'S STUFF\Sites\Kuthumi Hands BAK\index.htm"
2894 Mar 25 2000 "C:\BACK\GREG'S STUFF\Sites\Kuthumi Hands\index.htm"
1236 May 5 2002 "C:\BACK\GREG'S STUFF\Sites\Linda's Little Kids - Work Folder\index.htm"
1236 Aug 23 2002 "C:\BACK\GREG'S STUFF\Sites\lindaslittlekids.bak\index.htm"
6329 Feb 26 2003 "C:\BACK\GREG'S STUFF\Sites\ProjectWellbeing.BAK\index.htm"
1470 Aug 21 2001 "C:\BACK\GREG'S STUFF\Sites\Tyler Saint Paul.bak\index.htm"
730 Sep 14 2002 "C:\BACK\GREG'S STUFF\Sites\UNMWATCH.ORG\index.htm"
6791 Sep 16 2006 "C:\BACK\GREG'S STUFF\Web Sites\Blue Ridge Mini Storage\index.htm"

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:13 AM

Posted 09 October 2007 - 02:15 PM

See if you can attached a larger portion of the file, at that online post is to small to tell much.
You should be able to attach 1000k which is many pages.


I am betting that the AWF program is listing everying in C:\BACK\GREG'S STUFF\ folder, and he probably has thousands of files.
See if I am correct and report back

If I am correct, then we can edit out C:\BACK\GREG'S STUFF\.

But lets wait until I see the attached file.

Edited by SifuMike, 09 October 2007 - 02:16 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 silverado2

silverado2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 October 2007 - 02:46 PM

You're correct. There is a TON of /BACK/Greg's stuff in the report. How about I rename that folder and rescan? If that folder is eliminated is will probably scan pretty quickly.

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:13 AM

Posted 09 October 2007 - 02:48 PM

Yes, please do that. It should make the report a lot smaller.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 silverado2

silverado2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 October 2007 - 07:53 PM

Well, I tried renaming the folder and it didn't do any good. AWF searches for "duplicate files" regardless of what the folder name is so I had to completely delete the folder and everything in it then scan again. It's still 970 kb but maybe it will fit now. Here it is..... I hope:

NOPE! I got the same "too large" error. I am going to edit out anything relating to the duplicates for /GREG etc and send that if I can get it small enough.

Again, sorry for this hassle!

#12 silverado2

silverado2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 October 2007 - 08:56 PM

I found that there were literally thousands of pictures on his 160 gig "E" drive in hundreds of folders. Of course thousands of them will have the same name "and" thumbnail, i.e. 01.jpg, 02.jpg etc. an infinatum. :thumbsup: Anyway I removed everything that I knew was from his picture folders, music folders and several websites he has created and supports. Hopefully this will work.


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Tue 10/09/2007
The current time is: 18:22:00.68


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

07/31/2007 06:44 PM 271,672 iTunesHelper.exe
1 File(s) 271,672 bytes

Directory of C:\PROGRA~1\MI0A1E~1\BAK

08/24/2005 06:25 PM 101,080 LocationFinder.exe
1 File(s) 101,080 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\WINDOW~2\BAK

10/18/2006 09:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\PROGRA~1\CREATIVE\SYNCMA~1\BAK

08/07/2006 10:06 AM 700,416 CTSyncU.exe
1 File(s) 700,416 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

09/14/2007 07:00 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MEDIC\BIN\BAK

07/06/2006 09:45 AM 192,512 sprtcmd.exe
1 File(s) 192,512 bytes

Directory of C:\PROGRA~1\PCSECU~1\SHIELD~1\BAK

01/18/2006 06:07 PM 249,916 vrmonnt.exe
03/11/2004 01:00 PM 266,304 Vrres.exe
2 File(s) 516,220 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

01/30/2007 02:55 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of E:\GREG'S~1\SITES\APACHE~1.BAK

0 File(s) 0 bytes

Directory of E:\GREG'S~1\SITES\DJ.BAK

08/21/2001 07:22 PM 1,470 index.htm
1 File(s) 1,470 bytes

Directory of E:\GREG'S~1\SITES\LINDAS~1.BAK

08/23/2002 01:35 AM 1,236 index.htm
1 File(s) 1,236 bytes

Directory of E:\GREG'S~1\SITES\PROJEC~1.BAK

02/26/2003 05:11 PM 6,329 index.htm
1 File(s) 6,329 bytes

Directory of E:\GREG'S~1\SITES\TYLERS~1.BAK

08/21/2001 07:22 PM 1,470 index.htm
1 File(s) 1,470 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28172 Oct 5 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Aug 13 2007 "C:\WINDOWS\Installer\{E0219810-16E4-437D-9165-93D7B22524F9}\iTunesIco.exe"
116024 Jul 31 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes

7.3.2.6\iTunesSetupAdmin.exe"
28172 Oct 5 2007 "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
101080 Aug 24 2005 "C:\Program Files\Microsoft Location Finder\bak\LocationFinder.exe"
28172 Oct 5 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
28172 Oct 5 2007 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
28172 Oct 5 2007 "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
700416 Aug 7 2006 "C:\Program Files\Creative\Sync Manager Unicode\bak\CTSyncU.exe"
28172 Oct 5 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
28172 Oct 5 2007 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
28172 Oct 5 2007 "C:\Program Files\MEDIC\bin\sprtcmd.exe"
192512 Jul 6 2006 "C:\Program Files\MEDIC\bin\bak\sprtcmd.exe"
28172 Oct 5 2007 "C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe"
249916 Jan 18 2006 "C:\Program Files\PCSecurityShield\ShieldAntivirus\bak\vrmonnt.exe"
28172 Oct 5 2007 "C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe"
266304 Mar 11 2004 "C:\Program Files\PCSecurityShield\ShieldAntivirus\bak\Vrres.exe"
28172 Oct 5 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Jan 30 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
7702 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\HTML_Reference\INDEX.HTM"
1477 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\System\blurbs\Index.htm"
2911 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Index.htm"
527 Sep 3 2007 "E:\Web Sites\index.htm"
2360 Sep 28 2007 "C:\Program Files\NCH Swift Sound\Switch\help\convertingaudiostreams.html"
1552 Jan 8 2007 "C:\Program Files\MEDIC\agentui\snapins\email\email.htm"
1726 Jan 8 2007 "C:\Program Files\MEDIC\agentui\snapins\firstrun\email.htm"
6677 Jul 22 2005 "C:\Program Files\Microsoft Location Finder\Help.htm"
5811 Apr 18 2006 "C:\Program Files\Logitech\Desktop

Messenger\8876480\7.2.0.157-8876480SL\Program\EN\PortalUI\NotificationMgr\help\help.htm"
6870 Apr 18 2006 "C:\Program Files\Logitech\Desktop

Messenger\8876480\7.2.0.157-8876480SL\Program\EN\PortalUI\SubmissionMgr\help\help.htm"
81967 Dec 16 2004 "C:\Program Files\HP\Digital Imaging\bin\hpqscimg\Background.jpg"
6729 Oct 10 2000 "C:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Table\images\background.jpg"
3464 Nov 6 2006 "C:\Documents and Settings\Tyler\Application

Data\Sun\Java\Deployment\cache\javapi\v1.0\file\backgrid.jpg-6f3ad750-799a215c.jpg"
6729 Oct 10 2000 "E:\Adobe\Photoshop 7.0\Presets\WebContactSheet\Table\images\background.jpg"
2 Aug 4 2004 "C:\WINDOWS\desktop.ini"
371 Feb 1 2007 "C:\MP3 Catalogs\test1\desktop.ini"
65 Oct 9 2007 "C:\RECYCLER\S-1-5-21-839522115-776561741-725345543-1003\desktop.ini"
65 May 8 2006 "C:\RECYCLER\S-1-5-21-839522115-776561741-725345543-500\desktop.ini"
227 Dec 5 2005 "C:\WINDOWS\assembly\Desktop.ini"
65 Dec 3 2005 "C:\WINDOWS\Downloaded Program Files\desktop.ini"
67 Dec 3 2005 "C:\WINDOWS\Fonts\desktop.ini"
65 Dec 3 2005 "C:\WINDOWS\Offline Web Pages\desktop.ini"
2 Aug 4 2004 "C:\WINDOWS\system32\desktop.ini"
65 Aug 4 2004 "C:\WINDOWS\Tasks\desktop.ini"
62 Dec 3 2005 "C:\Documents and Settings\Administrator\Application Data\desktop.ini"
62 May 8 2006 "C:\Documents and Settings\Administrator\Local Settings\desktop.ini"
181 Dec 3 2005 "C:\Documents and Settings\Administrator\SendTo\desktop.ini"
62 Dec 3 2005 "C:\Documents and Settings\Administrator\Start Menu\desktop.ini"
62 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Application Data\desktop.ini"
62 Oct 7 2007 "C:\Documents and Settings\Administrator.GORDON\Local Settings\desktop.ini"
181 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\SendTo\desktop.ini"
62 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Start Menu\desktop.ini"
62 Dec 3 2005 "C:\Documents and Settings\All Users\Application Data\desktop.ini"
133 Mar 16 2006 "C:\Documents and Settings\All Users\Documents\desktop.ini"
294 Dec 3 2005 "C:\Documents and Settings\All Users\Start Menu\desktop.ini"
62 Dec 3 2005 "C:\Documents and Settings\Default User\Application Data\desktop.ini"
62 Dec 3 2005 "C:\Documents and Settings\Default User\Local Settings\desktop.ini"
181 Dec 3 2005 "C:\Documents and Settings\Default User\SendTo\desktop.ini"
62 Dec 3 2005 "C:\Documents and Settings\Default User\Start Menu\desktop.ini"
62 Oct 8 2007 "C:\Documents and Settings\LocalService\Local Settings\desktop.ini"
62 Oct 8 2007 "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini"
62 Dec 3 2005 "C:\Documents and Settings\Tyler\Application Data\desktop.ini"
67 Oct 9 2007 "C:\Documents and Settings\Tyler\Cookies\desktop.ini"
122 Dec 3 2005 "C:\Documents and Settings\Tyler\Favorites\Desktop.ini"
62 Oct 8 2007 "C:\Documents and Settings\Tyler\Local Settings\desktop.ini"
76 Nov 13 2006 "C:\Documents and Settings\Tyler\My Documents\desktop.ini"
181 Dec 3 2005 "C:\Documents and Settings\Tyler\SendTo\desktop.ini"
62 Dec 3 2005 "C:\Documents and Settings\Tyler\Start Menu\desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini"
148 Dec 3 2005 "C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Local Settings\History\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Local Settings\Temporary Internet Files\desktop.ini"
148 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Start Menu\Programs\desktop.ini"
151 Dec 3 2005 "C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini"
150 Dec 3 2005 "C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini"
151 Dec 3 2005 "C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini"
150 Dec 3 2005 "C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\Default User\Local Settings\History\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini"
148 Dec 3 2005 "C:\Documents and Settings\Default User\Start Menu\Programs\desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini"
191 Feb 12 2007 "C:\Documents and Settings\NetworkService\My Documents\My Music\Desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\Tyler\Local Settings\History\desktop.ini"
181 Nov 13 2006 "C:\Documents and Settings\Tyler\My Documents\My Music\Desktop.ini"
183 Nov 13 2006 "C:\Documents and Settings\Tyler\My Documents\My Pictures\Desktop.ini"
182 Dec 5 2005 "C:\Documents and Settings\Tyler\My Documents\My Videos\Desktop.ini"
75 Jan 31 2007 "C:\Documents and Settings\Tyler\NetHood\My Web Sites on MSN\Desktop.ini"
234 Dec 3 2005 "C:\Documents and Settings\Tyler\Start Menu\Programs\desktop.ini"
145 Mar 17 2007 "C:\WINDOWS\Temp\History\History.IE5\desktop.ini"
67 Mar 17 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet

Files\Content.IE5\desktop.ini"
482 Dec 3 2005 "C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini"
84 Dec 3 2005 "C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Local Settings\History\History.IE5\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Local Settings\Temporary Internet

Files\Content.IE5\desktop.ini"
482 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Start Menu\Programs\Accessories\desktop.ini"
84 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Start Menu\Programs\Startup\desktop.ini"
76 Nov 2 2006 "C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\desktop.ini"
347 Jul 15 2006 "C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini"
76 Nov 2 2006 "C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\desktop.ini"
42 Dec 3 2005 "C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini"
255 Jul 11 2007 "C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini"
545 Dec 3 2005 "C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini"
798 Dec 3 2005 "C:\Documents and Settings\All Users\Start Menu\Programs\Games\desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Default User\Local Settings\Temporary Internet

Files\Content.IE5\desktop.ini"
482 Dec 3 2005 "C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\desktop.ini"
84 Dec 3 2005 "C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini"
67 Oct 6 2007 "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet

Files\Content.IE5\desktop.ini"
113 Dec 3 2005 "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet

Files\Content.IE5\desktop.ini"
67 Oct 9 2007 "C:\Documents and Settings\Tyler\Local Settings\History\History.IE5\desktop.ini"
382 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Alan Jackson\desktop.ini"
369 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Clint Black\desktop.ini"
361 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Cyndi Thomson\desktop.ini"
357 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Faith Hill\desktop.ini"
312 Sep 27 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Jamie Walters\desktop.ini"
372 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Kenny Rogers\desktop.ini"
364 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Patty Loveless\desktop.ini"
364 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Restless Heart\desktop.ini"
354 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Soundtrack\desktop.ini"
380 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\The Judds\desktop.ini"
362 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Tom Petty\desktop.ini"
373 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Various Artists\desktop.ini"
542 Dec 3 2005 "C:\Documents and Settings\Tyler\Start Menu\Programs\Accessories\desktop.ini"
62 Jun 8 2006 "C:\Documents and Settings\Tyler\Start Menu\Programs\Administrative Tools\desktop.ini"
70 Jul 27 2000 "C:\Program Files\Microsoft Office\Office12\1033\DataServices\DESKTOP.INI"
62 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini"
62 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini"
181 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini"
62 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini"
67 Mar 17 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4IIVY6IC\desktop.ini"
67 Mar 17 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\C4MBEG9S\desktop.ini"
67 Mar 17 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\N0K9CF3B\desktop.ini"
67 Mar 17 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YOH4PVDN\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet

Files\Content.IE5\096J4HI3\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet

Files\Content.IE5\0HAZSPQJ\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet

Files\Content.IE5\GDQB8XIF\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet

Files\Content.IE5\GPEFC52F\desktop.ini"
348 Dec 3 2005 "C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini"
84 Dec 3 2005 "C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Local Settings\Temporary Internet

Files\Content.IE5\096J4HI3\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Local Settings\Temporary Internet

Files\Content.IE5\0HAZSPQJ\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Local Settings\Temporary Internet

Files\Content.IE5\GDQB8XIF\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Local Settings\Temporary Internet

Files\Content.IE5\GPEFC52F\desktop.ini"
348 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Start

Menu\Programs\Accessories\Accessibility\desktop.ini"
84 Dec 3 2005 "C:\Documents and Settings\Administrator.GORDON\Start

Menu\Programs\Accessories\Entertainment\desktop.ini"
90 Dec 3 2005 "C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\desktop.ini"
516 Dec 3 2005 "C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\desktop.ini"
146 Dec 3 2005 "C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\desktop.ini"
757 Dec 3 2005 "C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Default User\Local Settings\Temporary Internet

Files\Content.IE5\096J4HI3\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Default User\Local Settings\Temporary Internet

Files\Content.IE5\0HAZSPQJ\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Default User\Local Settings\Temporary Internet

Files\Content.IE5\GDQB8XIF\desktop.ini"
67 Dec 3 2005 "C:\Documents and Settings\Default User\Local Settings\Temporary Internet

Files\Content.IE5\GPEFC52F\desktop.ini"
348 Dec 3 2005 "C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\desktop.ini"
84 Dec 3 2005 "C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\desktop.ini"
67 Oct 6 2007 "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet

Files\Content.IE5\5DXKSA01\desktop.ini"
67 Oct 6 2007 "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet

Files\Content.IE5\8EFJ7DF4\desktop.ini"
67 Oct 6 2007 "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet

Files\Content.IE5\B50HK3ED\desktop.ini"
67 Oct 6 2007 "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet

Files\Content.IE5\Y6U4VMPV\desktop.ini"
67 Mar 16 2006 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet

Files\Content.IE5\5SE1LTJU\desktop.ini"
67 Mar 16 2006 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet

Files\Content.IE5\D85ELJ4M\desktop.ini"
67 Mar 16 2006 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet

Files\Content.IE5\HNNJVTDY\desktop.ini"
67 Mar 16 2006 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet

Files\Content.IE5\X7S1BQ0K\desktop.ini"
119 Dec 3 2005 "C:\Documents and Settings\Tyler\Application Data\Microsoft\Internet Explorer\Quick

Launch\desktop.ini"
67 Nov 13 2006 "C:\Documents and Settings\Tyler\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini"
381 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Alan Jackson\Here in the Real

World\desktop.ini"
368 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Clint Black\The Hard Way\desktop.ini"
360 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Cyndi Thomson\My World\desktop.ini"
356 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Faith Hill\Breathe\desktop.ini"
311 Sep 27 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Jamie Walters\Jamie Walters\desktop.ini"
300 Sep 25 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Jamie Walters\Ride\desktop.ini"
371 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Kenny Rogers\With Love [1998]\desktop.ini"
363 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Patty Loveless\Classics\desktop.ini"
363 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Restless Heart\Wheels\desktop.ini"
353 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Soundtrack\The Runaway Bride\desktop.ini"
379 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\The Judds\Greatest Hits, Vol. 2\desktop.ini"
361 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Tom Petty\Wildflowers\desktop.ini"
372 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Various Artists\Drew's Famous Fright

Flicks\desktop.ini"
350 Sep 21 2007 "C:\Documents and Settings\Tyler\My Documents\My Music\Various Artists\Teen Riot\desktop.ini"
348 Dec 3 2005 "C:\Documents and Settings\Tyler\Start Menu\Programs\Accessories\Accessibility\desktop.ini"
84 Dec 3 2005 "C:\Documents and Settings\Tyler\Start Menu\Programs\Accessories\Entertainment\desktop.ini"
113 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini"
67 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini"
148 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini"
67 Nov 13 2006 "C:\Documents and Settings\Tyler\Local Settings\Application Data\Microsoft\Feeds

Cache\564P5NH3\desktop.ini"
67 Nov 13 2006 "C:\Documents and Settings\Tyler\Local Settings\Application Data\Microsoft\Feeds

Cache\ANULVRE8\desktop.ini"
67 Nov 13 2006 "C:\Documents and Settings\Tyler\Local Settings\Application Data\Microsoft\Feeds

Cache\SO8GILYM\desktop.ini"
67 Nov 13 2006 "C:\Documents and Settings\Tyler\Local Settings\Application Data\Microsoft\Feeds

Cache\ZZX975FV\desktop.ini"
113 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini"
67 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet

Files\Content.IE5\desktop.ini"
482 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini"
84 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini"
67 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet

Files\Content.IE5\2Z46IWSV\desktop.ini"
67 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet

Files\Content.IE5\A88TKTZA\desktop.ini"
67 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet

Files\Content.IE5\CD5G9P7X\desktop.ini"
67 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet

Files\Content.IE5\ZINMXMR5\desktop.ini"
348 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini"
84 Dec 3 2005 "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini"
65 Oct 9 2007 "D:\RECYCLER\S-1-5-21-839522115-776561741-725345543-1003\desktop.ini"
385 Feb 25 2007 "E:\MUSIC\desktop.ini"
125 Jul 21 2003 "E:\My Documents\desktop.ini"
271 Mar 13 2004 "E:\WINNT\desktop.ini"
438 Dec 20 2003 "E:\My Documents\My Pictures\Desktop.ini"
65 Oct 18 2005 "E:\RECYCLER\S-1-5-21-448539723-789336058-1343024091-1000\desktop.ini"
65 Oct 27 2005 "E:\RECYCLER\S-1-5-21-606747145-261903793-839522115-1002\desktop.ini"
65 Dec 1 2005 "E:\RECYCLER\S-1-5-21-436374069-879983540-725345543-1000\desktop.ini"
65 Oct 9 2007 "E:\RECYCLER\S-1-5-21-839522115-776561741-725345543-1003\desktop.ini"
194 Oct 23 2003 "E:\Web Sites\tylersaintpaul\desktop.ini"
271 Mar 13 2004 "E:\WINNT\system32\desktop.ini"
65 Dec 6 1999 "E:\WINNT\Tasks\desktop.ini"
54 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\images\dot_clear.gif"
4137 Nov 30 1998 "C:\Program Files\AnfyTeam\Applet\anfy3d\fire.gif"
4137 Dec 21 1998 "C:\Program Files\AnfyTeam\Applet\spiralstar\fire.gif"
20992 Jan 3 2006 "C:\Documents and Settings\Tyler\Shared\Thumbs.db"
289792 Sep 25 2006 "C:\Documents and Settings\Tyler\My Documents\My Pictures\Thumbs.db"
4096 Jan 20 2007 "C:\Documents and Settings\Tyler\My Documents\My Videos\Thumbs.db"
19456 May 18 2007 "C:\Documents and Settings\Tyler\My Documents\Wella Sebastian\Thumbs.db"
18432 Dec 20 2006 "C:\Music Utilities\Librarians\KCatalogSetup\config\Thumbs.db"
7168 Dec 23 2005 "C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db"
46080 Jan 27 2006 "C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db"
147968 Sep 15 2007 "C:\Documents and Settings\Tyler\My Documents\Digital Camera\Garage Sale 9-15-07\Thumbs.db"
13312 Sep 27 2007 "C:\Documents and Settings\Tyler\My Documents\My Scans\2006-11 (Nov)\Thumbs.db"
178176 Feb 16 2007 "C:\Documents and Settings\Tyler\My Documents\My Pictures\Picture\Thumbs.db"
109056 Apr 27 2006 "C:\Program Files\Creative\MediaSource5\Theme\Default\Thumbs.db"
275456 Nov 6 2006 "C:\Documents and Settings\All Users\Application Data\Creative\ZENcast\Program Guide\Thumbs.db"
19968 Jan 12 2004 "C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\icons\small\Thumbs.db"
18643 Jan 13 2004 "C:\NVIDIA\NetworkAccessManager\frontend\images\main\title.jpg"
4137 Nov 30 1998 "C:\Program Files\AnfyTeam\Applet\anfy3d\fire.gif"
4137 Dec 21 1998 "C:\Program Files\AnfyTeam\Applet\spiralstar\fire.gif"
4137 Nov 30 1998 "C:\Program Files\AnfyTeam\Applet\anfy3d\fire.gif"
4137 Dec 21 1998 "C:\Program Files\AnfyTeam\Applet\spiralstar\fire.gif"
3700 Aug 4 2004 "C:\WINDOWS\system32\oobe\setup\security.htm"
703 Apr 2 2002 "C:\Program Files\Adobe\Photoshop 7.0\Help\images\notes.gif"
1055 Feb 4 2003 "C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Images\notes.gif"
703 Apr 2 2002 "E:\Adobe\Photoshop 7.0\Help\images\notes.gif"
47535 Aug 11 2003 "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2004\EASO\commonImages\cards\11.jpg"
1811779 Jun 14 2007 "E:\My Documents\My Pictures\Engagment Pics\11.JPG"
47230 Aug 11 2003 "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2004\EASO\commonImages\cards\13.jpg"
41748 Aug 11 2003 "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2004\EASO\commonImages\cards\14.jpg"
43135 Aug 11 2003 "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2004\EASO\commonImages\cards\18.jpg"
40683 Aug 11 2003 "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2004\EASO\commonImages\cards\19.jpg"
615242 Jun 15 2007 "E:\My Documents\My Pictures\Engagment Pics\19.JPG"
42002 Aug 11 2003 "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2004\EASO\commonImages\cards\20.jpg"
47011 Aug 11 2003 "C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 2004\EASO\commonImages\cards\22.jpg"
1710 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\HTML_Reference\Media_Embedding\SOUND.HTM"
7702 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\HTML_Reference\INDEX.HTM"
1477 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\System\blurbs\Index.htm"
2911 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Index.htm"
102 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote

Assistance\Escalation\Common\address_book.gif"
81967 Dec 16 2004 "C:\Program Files\HP\Digital Imaging\bin\hpqscimg\Background.jpg"
6729 Oct 10 2000 "C:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Table\images\background.jpg"
3464 Nov 6 2006 "C:\Documents and Settings\Tyler\Application

Data\Sun\Java\Deployment\cache\javapi\v1.0\file\backgrid.jpg-6f3ad750-799a215c.jpg"
6729 Oct 10 2000 "E:\Adobe\Photoshop 7.0\Presets\WebContactSheet\Table\images\background.jpg"
8690 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\HTML_Reference\Lists\MENU.HTM"
7702 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\HTML_Reference\INDEX.HTM"
1477 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\System\blurbs\Index.htm"
2911 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Index.htm"
1110 Jul 6 2006 "C:\Program Files\MEDIC\agentui\snapins\contactus\contactus.htm"
801 Jul 6 2006 "C:\Program Files\MEDIC\agentui\snapins\browser\solutions\contact_support.htm"
276 Jul 6 2006 "C:\Program Files\MEDIC\agentui\snapins\netcheck\solutions\contact_support.htm"
4651 Aug 4 2004 "C:\WINDOWS\Help\Tours\htmlTour\logo.jpg"
181 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\personalizing.gif"
144 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\HTML_Reference\Images\HOME.GIF"
691 Oct 10 2000 "C:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Table\images\home.gif"
257 Apr 18 2006 "C:\Program Files\Logitech\Desktop

Messenger\8876480\7.2.0.157-8876480SL\Program\EN\PortalUI\SubmissionMgr\help\home.gif"
691 Oct 10 2000 "E:\Adobe\Photoshop 7.0\Presets\WebContactSheet\Table\images\home.gif"
3524 Feb 15 2001 "C:\Program Files\Topo USA 3.0\cache\images\logo.gif"
926 Jan 3 2006 "C:\Documents and Settings\Tyler\.limewire\themes\black_theme\logo.gif"
2529 Jan 3 2006 "C:\Documents and Settings\Tyler\.limewire\themes\classic_theme\logo.gif"
1688 Jan 3 2006 "C:\Documents and Settings\Tyler\.limewire\themes\limewire_theme\logo.gif"
3362 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\HTML_Reference\Images\LOGO.GIF"
677 Feb 26 1998 "C:\Program Files\Belarc\Advisor\System\local\images\Logo.gif"
533 Nov 24 2006 "C:\Music Utilities\Librarians\KCatalogSetup\config\Search.gif"
209 Jan 3 2006 "C:\Documents and Settings\Tyler\.limewire\themes\classic_theme\search.gif"
838 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\images\mouseovers\search.gif"
462 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\images\navwidgets\search.gif"
49 Dec 21 2005 "C:\Program Files\LimeWire\spacer.gif"
43 Apr 4 2005 "C:\Program Files\Morpheus\SkinData\default\spacer.gif"
43 Jul 6 2005 "C:\Program Files\Morpheus\SkinData\happy\spacer.gif"
51 Apr 8 2004 "C:\Program Files\TechSmith\SnagIt 7\html_content\spacer.gif"
43 Aug 4 2004 "C:\WINDOWS\Help\Tours\htmlTour\spacer.gif"
43 Jan 30 2007 "C:\Program Files\Real\RealPlayer\DataCache\Devices\spacer.gif"
43 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\spacer.gif"
85 Nov 15 2005 "C:\Program Files\Morpheus\SkinData\default\mobile\images\spacer.gif"
43 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\spacer.gif"
43 Jun 10 2003 "C:\Program Files\HP\Digital Imaging\Skins\oov1\sc\img\spacer.gif"
49 Sep 4 2003 "C:\Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\GRAPHICS\SPACER.GIF"
43 Aug 28 2006 "C:\Documents and Settings\Tyler\Local Settings\Application Data\Trend

Micro\HCMS\checkup\en-US\resource\images\spacer.gif"
43 Jan 30 2007 "C:\Program Files\Real\RealPlayer\DataCache\Devices\clear.gif"
43 Jan 30 2007 "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\images\clear.gif"
43 Jan 30 2007 "C:\Program Files\Real\RealPlayer\DataCache\Login\images\clear.gif"
7702 Apr 8 1999 "C:\Program Files\Allaire\HomeSite4\Help\HTML_Reference\INDEX.HTM"
1477 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\System\blurbs\Index.htm"
2911 Dec 3 2005 "C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Index.htm"
703 Apr 2 2002 "C:\Program Files\Adobe\Photoshop 7.0\Help\images\notes.gif"
1055 Feb 4 2003 "C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Images\notes.gif"


end of report

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:13 AM

Posted 09 October 2007 - 09:25 PM

Hi silverado2,

I have done many of these, I am sorry to say I have have doubt if this will work. :thumbsup:
There were only three BAK\ folders in the list you gave me, so I will use those; however there must be more BAK\ folders on his drive.
Here is a sample of one.
C:\Program Files\iTunes\bak\iTunesHelper.exe

This files all have the work BAK somewhere in the line, but not the \BAK\ folder
"C:\BACK\GREG'S STUFF\Sites\dj.bak"
"C:\BACK\GREG'S STUFF\Sites\Kuthumi Hands BAK\index.htm

All of these BAK folders should be in the listing at the bottom of the report, but they are missing from the one you gave me. :blink:

Directory of C:\PROGRA~1\CREATIVE\SYNCMA~1\BAK

08/07/2006 10:06 AM 700,416 CTSyncU.exe
1 File(s) 700,416 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

09/14/2007 07:00 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MEDIC\BIN\BAK

07/06/2006 09:45 AM 192,512 sprtcmd.exe
1 File(s) 192,512 bytes

Directory of C:\PROGRA~1\PCSECU~1\SHIELD~1\BAK

01/18/2006 06:07 PM 249,916 vrmonnt.exe
03/11/2004 01:00 PM 266,304 Vrres.exe
2 File(s) 516,220 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK


that said, we will work with the three BAK folders until you can get the report to show the rest.


Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 silverado2

silverado2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 October 2007 - 11:38 PM

Hi Sifumike,
With the info you gave me I did a search for \bak\ on the "whole" (3.5 meg) awf.txt file and found a bunch more. They were in the first 25 entries of the "duplicate files" section of the scan. Each had a corresponding path identical to these but without the "\bak\" listed in the path (the infected file?). Should I include those in the instructions you gave me? Here's everything I found:

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Microsoft Location Finder\bak\LocationFinder.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
"C:\Program Files\Creative\Sync Manager Unicode\bak\CTSyncU.exe"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\MEDIC\bin\bak\sprtcmd.exe"
"C:\Program Files\PCSecurityShield\ShieldAntivirus\bak\vrmonnt.exe"
"C:\Program Files\PCSecurityShield\ShieldAntivirus\bak\Vrres.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"

Thanks in advance for the advice and help!

#15 silverado2

silverado2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 October 2007 - 11:42 PM

Hey guy,
One last question. When a new scan is done should I go through the file and delete anthing on the "E" drive? It appears that everything on the list is in the "C:\Program Files" directory.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users