Tech Support banner

Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
Hi,

Please help me. My space will be killed by symantec\subeng folder. This folder is bigger than 16GB now. Thx :pray:

Here is my scan:

Deckard's System Scanner v20071014.68
Run by mike on 2008-04-13 23:42:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; disk is full.


Backed up registry hives.
Performed disk cleanup.

System Drive D: has 0.48 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-13 23:44:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\LTSMMSG.exe
D:\Program Files\Yahoo!\YOP\yop.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Yahoo!\browser\ycommon.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Yahoo!\YOP\SSDK02.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\mike\My Documents\dss.exe
D:\WINDOWS\system32\conime.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R3 - URLSearchHook: Yahoo! ㄣ - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! ㄣ - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [YOP] D:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "D:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "D:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [msnsc] D:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] D:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] D:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] D:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208139166641
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - D:\WINDOWS\system32\YPcservice.exe


--
End of file - 7982 bytes

-- File Associations -----------------------------------------------------------

.txt - txtfile - shell\open\command - D:\WINDOWS\notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 LucentSoftModem (Lucent Technologies Soft Modem) - d:\windows\system32\drivers\ltsm.sys <Not Verified; Lucent Technologies; Lucent SoftModem Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 YPCService - d:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-10 20:48:54 574 --a------ D:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - mike.job


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-13 23:29:47 0 d-------- D:\Program Files\Common Files\Scanner
2008-04-13 23:29:41 0 d-------- D:\Program Files\CA Yahoo! Anti-Spy
2008-04-13 23:28:26 0 d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-13 22:13:00 0 d-------- D:\WINDOWS\LastGood
2008-04-13 13:14:30 0 dr-h----- D:\Documents and Settings\Administrator\Recent
2008-04-13 13:04:59 0 d--h----- D:\Documents and Settings\Administrator\Templates
2008-04-13 13:04:59 0 dr------- D:\Documents and Settings\Administrator\Start Menu
2008-04-13 13:04:59 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
2008-04-13 13:04:59 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
2008-04-13 13:04:59 524288 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-13 13:04:59 0 d--h----- D:\Documents and Settings\Administrator\NetHood
2008-04-13 13:04:59 0 d-------- D:\Documents and Settings\Administrator\My Documents
2008-04-13 13:04:59 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
2008-04-13 13:04:59 0 d-------- D:\Documents and Settings\Administrator\ff_temp
2008-04-13 13:04:59 0 d-------- D:\Documents and Settings\Administrator\Favorites
2008-04-13 13:04:59 0 d-------- D:\Documents and Settings\Administrator\Desktop
2008-04-13 13:04:59 0 d---s---- D:\Documents and Settings\Administrator\Cookies
2008-04-13 13:04:59 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
2008-04-13 13:04:59 0 d-------- D:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-13 13:04:59 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-13 13:04:59 0 d-------- D:\Documents and Settings\Administrator\7zS1857.tmp
2008-04-13 13:01:51 0 d-------- D:\WINDOWS\pss
2008-04-13 07:06:40 0 d-------- D:\My Music
2008-04-13 05:19:56 0 dr-h----- D:\Documents and Settings\mike\Recent
2008-04-12 22:23:22 0 d-------- D:\Program Files\SinaWeiqi
2008-04-12 22:23:22 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-04-11 17:47:10 0 d-------- D:\WINDOWS\system32\LogFiles
2008-04-11 17:28:57 0 d-------- D:\Documents and Settings\mike\Application Data\Talkback
2008-04-11 17:27:36 0 --a------ D:\WINDOWS\nsreg.dat
2008-04-11 15:05:02 0 d-------- D:\WINDOWS\Sun
2008-04-11 15:05:01 0 d-------- D:\Documents and Settings\mike\Application Data\Sun
2008-04-11 14:58:05 0 d-------- D:\Program Files\Java
2008-04-11 14:58:03 0 d-------- D:\Program Files\Common Files\Java
2008-04-11 11:26:45 0 d-------- D:\Documents and Settings\mike\Application Data\Adobe
2008-04-10 20:53:39 0 d-------- D:\Program Files\SogouInput
2008-04-10 20:53:39 0 d-------- D:\Documents and Settings\mike\Application Data\SogouPY.users
2008-04-10 20:53:31 0 d-------- D:\Documents and Settings\mike\Application Data\SogouPY
2008-04-10 20:51:49 0 d-------- D:\Documents and Settings\mike\Application Data\Yahoo!
2008-04-10 20:40:19 0 d-------- D:\Program Files\Symantec
2008-04-10 20:40:15 0 d-------- D:\Documents and Settings\All Users\Application Data\Symantec
2008-04-10 20:39:56 0 d-------- D:\Program Files\Common Files\Symantec Shared
2008-04-10 20:38:50 0 d-------- D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-10 20:38:38 86016 --a------ D:\WINDOWS\system32\YPcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module>
2008-04-10 20:38:38 131072 --a------ D:\WINDOWS\system32\ypclsp.dll <Not Verified; Yahoo! Inc.; Yahoo! YPCLSP>
2008-04-10 20:38:10 65536 --a------ D:\WINDOWS\system32\YCRWin32.dll <Not Verified; ; YCRWin32 Module>
2008-04-10 20:38:05 344064 --a------ D:\WINDOWS\system32\msvcr70.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2008-04-10 20:38:05 84992 --a------ D:\WINDOWS\system32\ATL70.DLL <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2008-04-10 20:37:49 0 d-------- D:\Program Files\Rogers
2008-04-10 20:30:17 0 d-------- D:\Program Files\Yahoo!
2008-04-10 20:26:47 0 d---s---- D:\Documents and Settings\mike\UserData
2008-04-10 20:23:58 0 d-------- D:\Documents and Settings\mike\Application Data\Macromedia
2008-04-10 20:02:42 57344 -----n--- D:\WINDOWS\system32\ltremove.exe <Not Verified; LT; LTRemove>
2008-04-10 20:02:20 0 d-------- D:\WINDOWS\Options
2008-04-10 19:56:30 32768 --a------ D:\WINDOWS\system32\UnAudio.exe
2008-04-10 19:56:30 35587 --a------ D:\WINDOWS\system32\rmaudio.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-04-10 19:56:23 306688 --a------ D:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield? unInstaller>
2008-04-10 19:54:33 0 d-------- D:\WINDOWS\system32\ReinstallBackups
2008-04-10 19:54:22 0 d-------- D:\Program Files\Common Files\InstallShield
2008-04-10 15:06:13 1519616 --a------ D:\WINDOWS\system32\nwiz.exe
2008-04-10 15:06:13 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
2008-04-10 15:06:13 1662976 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
2008-04-10 15:06:13 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
2008-04-10 15:06:13 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2008-04-10 15:06:13 425984 --a------ D:\WINDOWS\system32\keystone.exe
2008-04-10 15:06:13 0 d-------- D:\WINDOWS\nview
2008-04-10 15:01:58 0 d--hs---- D:\WINDOWS\Installer
2008-04-10 15:01:56 0 dr------- D:\Program Files
2008-04-10 15:01:56 0 d-------- D:\Program Files\Common Files
2008-04-10 15:01:56 0 d-------- D:\Program Files\Common Files\ODBC
2008-04-10 15:01:13 69120 --a------ D:\WINDOWS\NOTEPAD.EXE <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-04-10 15:00:58 0 d--h----- D:\Documents and Settings\Default User\Templates
2008-04-10 15:00:58 0 dr------- D:\Documents and Settings\Default User\Start Menu
2008-04-10 15:00:58 0 dr-h----- D:\Documents and Settings\Default User\SendTo
2008-04-10 15:00:58 0 d--h----- D:\Documents and Settings\Default User\Recent
2008-04-10 15:00:58 0 d--h----- D:\Documents and Settings\Default User\PrintHood
2008-04-10 15:00:58 0 d--h----- D:\Documents and Settings\Default User\NetHood
2008-04-10 15:00:58 0 d-------- D:\Documents and Settings\Default User\My Documents
2008-04-10 15:00:58 0 dr-h----- D:\Documents and Settings\Default User\Local Settings
2008-04-10 15:00:58 0 d-------- D:\Documents and Settings\Default User\Favorites
2008-04-10 15:00:58 0 d-------- D:\Documents and Settings\Default User\Desktop
2008-04-10 15:00:58 0 d---s---- D:\Documents and Settings\Default User\Cookies
2008-04-10 15:00:58 0 d--h----- D:\Documents and Settings\All Users\Templates
2008-04-10 15:00:58 0 dr------- D:\Documents and Settings\All Users\Start Menu
2008-04-10 15:00:58 0 d-------- D:\Documents and Settings\All Users\Favorites
2008-04-10 15:00:58 0 dr------- D:\Documents and Settings\All Users\Documents
2008-04-10 15:00:58 0 d-------- D:\Documents and Settings\All Users\Desktop
2008-04-10 14:59:49 0 d-------- D:\WINDOWS\system32\CatRoot2
2008-04-10 14:59:49 0 d-------- D:\WINDOWS\system32\CatRoot
2008-04-10 14:59:43 0 dr-h----- D:\Documents and Settings\Default User\Application Data
2008-04-10 14:59:43 0 d---s---- D:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-10 14:59:42 0 dr-h----- D:\Documents and Settings\All Users\Application Data
2008-04-10 14:59:42 0 d---s---- D:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-10 14:54:01 0 d-------- D:\Documents and Settings
2008-04-10 14:50:54 0 d-------- D:\D
2008-04-10 14:49:15 0 d-------- D:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-10 14:45:23 0 d--hs---- D:\System Volume Information
2008-04-10 14:43:21 0 d-------- D:\Program Files\Microsoft ActiveSync
2008-04-10 14:43:04 0 d-------- D:\WINDOWS\SHELLNEW
2008-04-10 14:41:23 0 d-------- D:\Documents and Settings\mike\ff_temp
2008-04-10 14:41:23 0 dr------- D:\Documents and Settings\mike\Favorites
2008-04-10 14:41:23 0 d-------- D:\Documents and Settings\mike\Desktop
2008-04-10 14:41:23 0 d---s---- D:\Documents and Settings\mike\Cookies
2008-04-10 14:41:23 0 dr-h----- D:\Documents and Settings\mike\Application Data
2008-04-10 14:41:23 0 d-------- D:\Documents and Settings\mike\Application Data\Mozilla
2008-04-10 14:41:23 0 d-------- D:\Documents and Settings\mike\7zS1857.tmp
2008-04-10 14:41:22 0 d--h----- D:\Documents and Settings\mike\Templates
2008-04-10 14:41:22 0 dr------- D:\Documents and Settings\mike\Start Menu
2008-04-10 14:41:22 0 dr-h----- D:\Documents and Settings\mike\SendTo
2008-04-10 14:41:22 0 d--h----- D:\Documents and Settings\mike\PrintHood
2008-04-10 14:41:22 1572864 --ah----- D:\Documents and Settings\mike\NTUSER.DAT
2008-04-10 14:41:22 0 d--h----- D:\Documents and Settings\mike\NetHood
2008-04-10 14:41:22 0 dr------- D:\Documents and Settings\mike\My Documents
2008-04-10 14:41:22 0 d--h----- D:\Documents and Settings\mike\Local Settings
2008-04-10 14:32:30 0 d-------- D:\WINDOWS\Prefetch
2008-04-10 14:32:27 0 d---s---- D:\WINDOWS\system32\Microsoft
2008-04-10 14:32:19 262144 --ah----- D:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-10 14:32:19 0 d--h----- D:\Documents and Settings\LocalService\Local Settings
2008-04-10 14:32:19 0 d---s---- D:\Documents and Settings\LocalService\Cookies
2008-04-10 14:32:19 0 d-------- D:\Documents and Settings\LocalService\Application Data
2008-04-10 14:32:19 0 d---s---- D:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-10 14:32:12 0 d-------- D:\WINDOWS
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\WinSxS
2008-04-10 14:32:12 0 dr------- D:\WINDOWS\Web
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\twain_32
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\wins
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\wbem
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\usmt
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\spool
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\ShellExt
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\Setup
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\ras
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\PreInstall
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\oobe
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\npp
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\mui
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\inetsrv
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\IME
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\icsxml
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\ias
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\export
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\drivers
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\drivers\etc
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\drivers\disdn
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\dhcp
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\config
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\3com_dmi
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\3076
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\2052
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\1054
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\1042
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\1041
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\1037
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\1033
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\1031
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\1028
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system32\1025
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\system
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\SoftwareDistribution
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\security
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\Resources
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\repair
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\Provisioning
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\PeerNet
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\pchealth
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\mui
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\msapps
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\msagent
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\Media
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\java
2008-04-10 14:32:12 0 d--h----- D:\WINDOWS\inf
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\ime
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\Help
2008-04-10 14:32:12 0 dr--s---- D:\WINDOWS\Fonts
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\ehome
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\Driver Cache
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\Debug
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\Cursors
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\Connection Wizard
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\Config
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\AppPatch
2008-04-10 14:32:12 0 d-------- D:\WINDOWS\addins
2008-04-10 14:31:11 0 d--h----- D:\Documents and Settings\NetworkService\Local Settings
2008-04-10 14:31:11 0 d---s---- D:\Documents and Settings\NetworkService\Cookies
2008-04-10 14:31:11 0 d-------- D:\Documents and Settings\NetworkService\Application Data
2008-04-10 14:31:11 0 d---s---- D:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-10 14:31:10 262144 --ah----- D:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-10 14:28:50 262144 ---h----- D:\Documents and Settings\Default User\NTUSER.DAT
2008-04-10 14:28:37 0 d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-10 14:28:26 0 d-------- D:\Program Files\QuickTime Alternative
2008-04-10 14:28:25 107132 --a------ D:\WINDOWS\UninstallFirefox.exe
2008-04-10 14:28:18 2806 --a------ D:\WINDOWS\mozver.dat
2008-04-10 14:28:16 0 d-------- D:\Documents and Settings\Default User\Application Data\Mozilla
2008-04-10 14:28:10 0 d-------- D:\Documents and Settings\Default User\ff_temp
2008-04-10 14:28:02 0 d-------- D:\Documents and Settings\Default User\7zS1857.tmp
2008-04-10 14:27:33 0 d-------- D:\Program Files\Common Files\Adobe
2008-04-10 14:27:33 0 d-------- D:\Documents and Settings\All Users\Application Data\Adobe
2008-04-10 14:25:14 0 d--hs---- D:\Documents and Settings\All Users\DRM
2008-04-10 14:24:52 0 dr------- D:\WINDOWS\Offline Web Pages
2008-04-10 14:24:51 0 d---s---- D:\WINDOWS\Downloaded Program Files
2008-04-10 14:24:27 0 d--h----- D:\Program Files\WindowsUpdate
2008-04-10 14:24:18 0 d-------- D:\Program Files\Online Services
2008-04-10 14:23:33 0 d-------- D:\WINDOWS\system32\DirectX
2008-04-10 14:22:20 0 d---s---- D:\WINDOWS\Tasks
2008-04-10 14:22:18 0 d-------- D:\Program Files\Common Files\MSSoap
2008-04-10 14:22:04 0 d-------- D:\WINDOWS\srchasst
2008-04-10 14:22:00 0 d-------- D:\WINDOWS\system32\Macromed
2008-04-10 14:21:26 0 d-------- D:\Program Files\Movie Maker
2008-04-10 14:21:00 0 d-------- D:\WINDOWS\system32\Restore
2008-04-10 14:19:36 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-04-10 14:19:07 0 d-------- D:\WINDOWS\Registration
2008-04-10 14:12:10 0 d-------- D:\Program Files\MSN Messenger
2008-04-10 14:11:26 956688 --a------ D:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft? Calculator Plus>
2008-04-10 14:10:57 0 d-------- D:\Program Files\Windows NT
2008-04-10 14:10:56 342528 --a------ D:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-04-10 14:10:51 753664 --a------ D:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-04-10 14:10:50 420352 --a------ D:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-04-10 14:10:45 0 d-------- D:\WINDOWS\system32\MsDtc
2008-04-10 14:10:40 0 d-------- D:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-04-10 15:00:58 62 --ahs---- D:\Documents and Settings\mike\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [11/11/2005 08:47 AM D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [11/11/2005 08:47 AM]
"LTSMMSG"="LTSMMSG.exe" [02/27/2002 05:17 AM D:\WINDOWS\LTSMMSG.exe]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [01/12/2006 09:16 PM]
"MSPY2002"="D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [01/12/2006 09:12 PM]
"YOP"="D:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 10:42 AM]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="D:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 03:11 AM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [12/14/2005 07:13 AM]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [01/12/2006 09:13 PM]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" []
"SHS"="D:\Program Files\Rogers\SelfHealing\SHS.exe" [10/12/2007 04:30 PM]
"Update Manager"="D:\Program Files\Rogers\Update Manager\UpdateManager.exe" [10/12/2007 04:30 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnsc"=D:\WINDOWS\system32\msnsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"=0 (0x0)
"ClearRecentDocsOnExit"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoSaveSettings"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"=0 (0x0)
"ClearRecentDocsOnExit"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoSaveSettings"=0 (0x0)

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-13 23:47:07 ------------
 

Attachments

1 - 1 of 1 Posts
Status
Not open for further replies.
Top