C:\resycled\boot.com is not a valid Win32 application

Marks · Oct 31, 2008

I can't open c: when double click on it but pop up a message
"C:\resycled\boot.com is not a valid Win32 application". Please help.
Thanks.

neil · Oct 31, 2008

Empty your recycle bin and try again. Also try right clicking the drive and
select explore.
Neil

Bill Blanton · Oct 31, 2008

Open a cmd prompt. Start > Run... [type in] cmd > Ok
At the prompt, enter the following two commands:

attrib -h -r -s C:\Autorun.inf

del C:\Autorun.inf

Marks · Nov 2, 2008

Thanks for your reply but
Its "resycled" not recycled

Leonard Grey · Nov 2, 2008

Make sure that your anti-malware software is running, then download the
latest signatures and run a full scan.

If you don't have comprehensive anti-malware software, that's like
driving a car without seats belts or air bags. Either way, you're
eventually going to get hammered. Install comprehensive anti-malware
software and learn how to use its features. A 'comprehensive' solution
scans for all types of malicious software in the background, on demand
and on schedule.

For now try scanning your system with /several/ of the better online
scanners, such as:
Kaspersky Antivirus (http://www.kaspersky.com/virusscanner)
Panda ActiveScan (http://www.pandasoftware.com/activescan)

Download HijackThis from www.trendsecure.com. Run it, save a log, and
post the log at one of the many sites that support HJT, such as
spywarewarrior.com, bleepingcomputer.com, and temerc.com -- but not
here. Within a day, sometimes within an hour, you'll have one-on-one
step-by-step advice from a security expert on cleaning up any
infestations—or you'll have a clean bill of health from the volunteer
expert.

Even the best detection and removal software can't fix every malware
infection. If none of the above remove the infection, you may want to
show the computer to a professional.

Marks · Nov 2, 2008

Oh great thanks, problem solved.

Bill Blanton said:
Open a cmd prompt. Start > Run... [type in] cmd > Ok
At the prompt, enter the following two commands:

attrib -h -r -s C:\Autorun.inf

del C:\Autorun.inf

Marks said:

I can't open c: when double click on it but pop up a message
"C:\resycled\boot.com is not a valid Win32 application". Please help.
Thanks.

Click to expand...

Bill Blanton · Nov 2, 2008

Symptom solved.. Something put that file there. Read over
Leonard Grey's post.

Marks said:
Oh great thanks, problem solved.

Bill Blanton said:

Open a cmd prompt. Start > Run... [type in] cmd > Ok
At the prompt, enter the following two commands:

attrib -h -r -s C:\Autorun.inf

del C:\Autorun.inf

Marks said:

I can't open c: when double click on it but pop up a message "C:\resycled\boot.com is not a valid Win32 application". Please
help. Thanks.

Click to expand...

Click to expand...

Marks · Nov 2, 2008

Thanks for your info.

Leonard Grey said:
Make sure that your anti-malware software is running, then download the
latest signatures and run a full scan.

If you don't have comprehensive anti-malware software, that's like driving
a car without seats belts or air bags. Either way, you're eventually going
to get hammered. Install comprehensive anti-malware software and learn how
to use its features. A 'comprehensive' solution scans for all types of
malicious software in the background, on demand and on schedule.

For now try scanning your system with /several/ of the better online
scanners, such as:
Kaspersky Antivirus (http://www.kaspersky.com/virusscanner)
Panda ActiveScan (http://www.pandasoftware.com/activescan)

Download HijackThis from www.trendsecure.com. Run it, save a log, and post
the log at one of the many sites that support HJT, such as
spywarewarrior.com, bleepingcomputer.com, and temerc.com -- but not here.
Within a day, sometimes within an hour, you'll have one-on-one
step-by-step advice from a security expert on cleaning up any
infestations—or you'll have a clean bill of health from the volunteer
expert.

Even the best detection and removal software can't fix every malware
infection. If none of the above remove the infection, you may want to show
the computer to a professional.

Thomas · Nov 10, 2008

i'm having the same problem and i have don the cmd cmded and didnt' do anything
could it be a virus or somesort and if so what do you recom?

Bill Blanton said:
Symptom solved.. Something put that file there. Read over
Leonard Grey's post.

Marks said:

Oh great thanks, problem solved.

Bill Blanton said:

Open a cmd prompt. Start > Run... [type in] cmd > Ok
At the prompt, enter the following two commands:

attrib -h -r -s C:\Autorun.inf

del C:\Autorun.inf

I can't open c: when double click on it but pop up a message "C:\resycled\boot.com is not a valid Win32 application". Please
help. Thanks.

Click to expand...

Click to expand...

Bill Blanton · Nov 12, 2008

What do you mean exactly by it "didn't do anything"? Any error messages
at the cmd prompt? The commands have to be typed exactly. Is it the
C: drive? If not, you'd need to substitute the C: with whatever drive (letter)
you are having problems with.

To answer your question, yes, if you are getting the message
"C:\resycled\boot.com is not a valid Win32 application", then you apparently
have some sort of infestation.

Thomas said:
i'm having the same problem and i have don the cmd cmded and didnt' do anything
could it be a virus or somesort and if so what do you recom?

Bill Blanton said:

Symptom solved.. Something put that file there. Read over
Leonard Grey's post.

Marks said:

Oh great thanks, problem solved.

Open a cmd prompt. Start > Run... [type in] cmd > Ok
At the prompt, enter the following two commands:

attrib -h -r -s C:\Autorun.inf

del C:\Autorun.inf

I can't open c: when double click on it but pop up a message "C:\resycled\boot.com is not a valid Win32 application". Please
help. Thanks.

Click to expand...

Click to expand...

ralph rosancrans · Nov 12, 2008

im having the same prob with C:\resycled\boot.com ad all of my drives now i
tryed doin the cmd thing it sed that the attrib -h -r -s C:\Autorun.inf and
c:\Autorun.inf and ether were found i have the OTScanIt can sum 1 help me

ralph rosancrans · Nov 12, 2008

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/paint.ocx\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/swapit.ocx\\.Owner -> {AC2881FD-5760-46DB-83AE-20A5C6432A7E} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/swapit.ocx\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/wwlaunch.ocx\\.Owner -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}
->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded
Program Files/wwlaunch.ocx\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{97438FE9-D361-4279-BA82-98CC0877A717} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{97438FE9-D361-4279-BA82-98CC0877A717} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{97438FE9-D361-4279-BA82-98CC0877A717} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> ->

[Files/Folders - Created Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date =
11/11/2008 9:04:12 PM | Attr = H ]
resycled -> %SystemDrive%\resycled -> [Folder | Created Date = 11/10/2008
7:13:35 AM | Attr = RHS]
_OTScanIt -> %SystemDrive%\_OTScanIt -> [Folder | Created Date = 11/12/2008
6:28:14 AM | Attr = ]
Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date =
11/11/2008 8:41:54 PM | Attr = ]
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size =
6061540 bytes | Created Date = 11/11/2008 8:41:54 PM | Attr = ]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = |
Size = 29988216 bytes | Created Date = 11/11/2008 8:41:54 PM | Attr = ]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = |
Size = 27569 bytes | Created Date = 11/11/2008 8:41:54 PM | Attr = ]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = |
Size = 334743 bytes | Created Date = 11/11/2008 8:41:54 PM | Attr = ]
ndisprot.sys -> %SystemRoot%\System32\drivers\ndisprot.sys -> Windows (R)
Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size
= 27904 bytes | Created Date = 11/10/2008 7:13:38 AM | Attr = ]
RKHit.sys -> %SystemRoot%\System32\drivers\RKHit.sys -> [Ver = 2, 0, 0, 0 |
Size = 30080 bytes | Created Date = 11/10/2008 7:10:03 AM | Attr = ]
AK083E209605E394C.lie -> %SystemRoot%\System32\AK083E209605E394C.lie ->
[Ver = | Size = 42 bytes | Created Date = 11/9/2008 3:40:43 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes |
Created Date = 11/9/2008 2:51:32 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes |
Created Date = 11/9/2008 2:51:32 PM | Attr = H ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified
Date = 11/11/2008 8:31:48 PM | Attr = HS]
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size =
6061540 bytes | Modified Date = 11/11/2008 8:41:54 PM | Attr = ]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = |
Size = 29988216 bytes | Modified Date = 11/11/2008 8:45:51 PM | Attr = ]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = |
Size = 27569 bytes | Modified Date = 11/11/2008 8:45:34 PM | Attr = ]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = |
Size = 334743 bytes | Modified Date = 11/11/2008 8:45:34 PM | Attr = ]
dump_wmimmc.sys -> %SystemRoot%\System32\drivers\dump_wmimmc.sys -> [Ver =
| Size = 153925 bytes | Modified Date = 11/11/2008 5:16:55 PM | Attr = ]
ndisprot.sys -> %SystemRoot%\System32\drivers\ndisprot.sys -> Windows (R)
Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size
= 27904 bytes | Modified Date = 11/10/2008 7:13:38 AM | Attr = ]
AK083E209605E394C.lie -> %SystemRoot%\System32\AK083E209605E394C.lie ->
[Ver = | Size = 42 bytes | Modified Date = 11/9/2008 3:40:43 PM | Attr = ]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size =
205712 bytes | Modified Date = 11/10/2008 7:01:58 AM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size =
41040 bytes | Modified Date = 11/9/2008 2:25:15 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size =
314838 bytes | Modified Date = 11/9/2008 2:25:15 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver
= | Size = 360124 bytes | Modified Date = 11/9/2008 2:25:15 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes |
Modified Date = 11/11/2008 8:03:07 PM | Attr = ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes |
Modified Date = 11/11/2008 8:36:37 PM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes |
Modified Date = 11/10/2008 6:50:45 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes |
Modified Date = 11/9/2008 2:51:32 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes |
Modified Date = 11/11/2008 8:07:23 PM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 271 bytes |
Modified Date = 11/11/2008 8:31:48 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 826 bytes | Modified
Date = 11/11/2008 8:31:48 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified
Date = 11/11/2008 8:36:50 PM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ ->
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->
[Folder | Modified Date = 4/26/2007 7:11:58 AM | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application
Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8134 bytes |
Modified Date = 4/26/2007 7:11:58 AM | Attr = ]
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All
Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified
Date = 4/2/2007 9:43:49 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes |
Modified Date = 11/9/2008 7:56:14 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes |
Modified Date = 11/9/2008 7:56:14 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\
-> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA
-> [Folder | Modified Date = 8/15/2007 9:00:25 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application
Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes |
Modified Date = 8/15/2007 9:00:25 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\ -> C:\Documents
and Settings\DEMON_GRUB\Local Settings\Temp -> [Folder | Modified Date =
11/12/2008 6:26:01 AM | Attr = ]
d2l_Install.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\d2l_Install.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 |
Size = 352256 bytes | Modified Date = 5/9/2001 11:19:26 AM | Attr = ]
d2l_PlayD2.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\d2l_PlayD2.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 |
Size = 331776 bytes | Modified Date = 5/21/2000 3:46:38 PM | Attr = ]
DXSETUP.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\DXSETUP.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size =
503144 bytes | Modified Date = 7/19/2007 8:00:32 PM | Attr = ]
EXEtender.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\EXEtender.exe -> Exent Technologies Ltd.
[Ver = 06.02.22.00
| Size = 11503440 bytes | Modified Date = 1/11/2008 9:49:35 AM | Attr =
]
matcleanup.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\matcleanup.exe -> [Ver = | Size = 16384 bytes | Modified Date
= 9/28/2007 1:33:00 PM | Attr = ]
messenger_update.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\messenger_update.exe -> [Ver = | Size = 606000 bytes |
Modified Date = 8/29/2007 6:08:19 PM | Attr = ]
mun3.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\mun3.exe -> Microsoft Corporation [Ver = 6.10.0016.1624 | Size
= 32768 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
regincd2.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\regincd2.exe -> [Ver = | Size = 3072 bytes | Modified Date =
4/14/2008 11:04:31 AM | Attr = ]
regtdi.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\regtdi.exe -> [Ver = | Size = 3584 bytes | Modified Date =
4/14/2008 11:04:43 AM | Attr = ]
setup_wm.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 9.00.00.3250 |
Size = 774144 bytes | Modified Date = 8/4/2004 2:56:58 AM | Attr = ]
verizonhelpSupport.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\verizonhelpSupport.exe -> [Ver = | Size = 10153176 bytes |
Modified Date = 1/11/2008 9:51:22 AM | Attr = ]
VISS-6.0.1-21393-Consumer-Setup.exe -> C:\Documents and
Settings\DEMON_GRUB\Local Settings\Temp\VISS-6.0.1-21393-Consumer-Setup.exe
-> Verizon [Ver = 6.0.1.21393 | Size = 36153392 bytes | Modified Date =
1/11/2008 9:52:37 AM | Attr = ]
VZ_Backup_Sharing.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\VZ_Backup_Sharing.exe -> Verizon
[Ver = 1.0.0.8 | Size = 287071 bytes |
Modified Date = 1/11/2008 9:52:34 AM | Attr = ]
VZ_DSL_BookMarks.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\VZ_DSL_BookMarks.exe -> Verizon
[Ver = 1.0.0.7 | Size = 343440 bytes |
Modified Date = 1/11/2008 9:57:17 AM | Attr = ]
VZ_DSL_controls.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\VZ_DSL_controls.exe -> Verizon
[Ver = 6.5.0.17 | Size = 4370224 bytes |
Modified Date = 1/11/2008 9:41:20 AM | Attr = ]
VZ_OEConfig.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\VZ_OEConfig.exe -> Verizon
[Ver = 1.0.0.8 | Size = 375624 bytes | Modified
Date = 1/11/2008 9:49:25 AM | Attr = ]
vz_ServicePoint.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\vz_ServicePoint.exe -> Verizon
[Ver = 1.0.0.8 | Size = 1590640 bytes |
Modified Date = 1/11/2008 9:57:01 AM | Attr = ]
_is1B.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is1B.exe -> Verizon [Ver = 6.0.3.27063 | Size = 476400 bytes |
Modified Date = 2/26/2008 5:14:28 PM | Attr = ]
_is56.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is56.exe -> Verizon [Ver = 6.0.3.27063 | Size = 476400 bytes |
Modified Date = 2/26/2008 5:14:28 PM | Attr = ]
211 C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp files ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267} -> [Folder | Modified
Date = 11/10/2008 7:26:16 AM | Attr = ]
dotnetinstaller.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267}\dotnetinstaller.exe ->
InstallShield Software Corporation [Ver = 12.0.0.49974 | Size = 10672 bytes |
Modified Date = 5/17/2006 10:21:16 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD} -> [Folder | Modified
Date = 11/9/2008 2:38:42 PM | Attr = ]
dotnetinstaller.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD}\dotnetinstaller.exe ->
InstallShield Software Corporation [Ver = 12.0.0.49974 | Size = 10672 bytes |
Modified Date = 5/17/2006 10:21:16 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892} -> [Folder | Modified
Date = 11/9/2008 3:48:49 PM | Attr = ]
dotnetinstaller.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892}\dotnetinstaller.exe ->
InstallShield Software Corporation [Ver = 12.0.0.49974 | Size = 10672 bytes |
Modified Date = 5/17/2006 10:21:16 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67} -> [Folder | Modified
Date = 11/9/2008 3:23:43 PM | Attr = ]
dotnetinstaller.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67}\dotnetinstaller.exe ->
InstallShield Software Corporation [Ver = 12.0.0.49974 | Size = 10672 bytes |
Modified Date = 5/17/2006 10:21:16 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2 -> [Folder
| Modified Date = 4/13/2008 12:01:08 PM | Attr = ]
setup.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\setup.exe -> AVG Technologies CZ, s.r.o. [Ver =
8.0.0.86 | Size = 1748736 bytes | Modified Date = 3/12/2008 12:28:31 PM |
Attr = ]
vcredist_x86.exe -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\vcredist_x86.exe -> Microsoft Corporation [Ver =
6.00.3790.0 (srv03_rtm.030324-2048) | Size = 2723264 bytes | Modified Date =
9/4/2007 9:22:51 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\ -> C:\Documents
and Settings\DEMON_GRUB\Local Settings\Temp -> [Folder | Modified Date =
11/12/2008 6:26:01 AM | Attr = ]
bigmoney.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\bigmoney.dll -> [Ver = | Size = 2150400 bytes | Modified Date
= 2/1/2008 10:33:29 PM | Attr = ]
binkw32.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\binkw32.dll -> [Ver = | Size = 263168 bytes | Modified Date =
4/5/2000 11:00:00 PM | Attr = ]
bookworm.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\bookworm.dll -> [Ver = 2.0.0.6 | Size = 2220032 bytes |
Modified Date = 2/1/2008 10:42:07 PM | Attr = ]
chuzzle.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\chuzzle.dll -> [Ver = | Size = 2269184 bytes | Modified Date
= 2/1/2008 10:37:01 PM | Attr = ]
DSETUP.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size =
77160 bytes | Modified Date = 7/19/2007 7:55:30 PM | Attr = ]
dsetup32.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size
= 1673576 bytes | Modified Date = 7/19/2007 7:55:16 PM | Attr = ]
InstHelp.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\InstHelp.dll -> [Ver = | Size = 57344 bytes | Modified Date =
10/12/2004 11:14:18 AM | Attr = ]
lingo.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\lingo.dll -> [Ver = | Size = 2048000 bytes | Modified Date =
2/2/2008 11:05:27 AM | Attr = ]
SIntf16.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\SIntf16.dll -> [Ver = | Size = 12305 bytes | Modified Date =
10/15/2007 7:03:33 PM | Attr = ]
SIntf32.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\SIntf32.dll -> [Ver = | Size = 20016 bytes | Modified Date =
10/15/2007 7:03:33 PM | Attr = ]
SIntfNT.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\SIntfNT.dll -> [Ver = | Size = 24744 bytes | Modified Date =
10/15/2007 7:03:33 PM | Attr = ]
swt-awt-win32-3346.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\swt-awt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 |
Size = 32768 bytes | Modified Date = 3/27/2008 11:55:31 PM | Attr = ]
swt-win32-3346.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\swt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size =
307200 bytes | Modified Date = 3/27/2008 11:55:31 PM | Attr = ]
211 C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp files ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and
Settings\DEMON_GRUB\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> [Folder
| Modified Date = 4/6/2007 8:29:50 PM | Attr = ]
5085858.DLL -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\5085858.DLL -> [Ver = | Size = 28160
bytes | Modified Date = 7/19/2002 3:19:34 PM | Attr = R ]
HSAPI.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\HSAPI.dll -> [Ver = | Size = 55808
bytes | Modified Date = 7/19/2002 3:19:34 PM | Attr = R ]
Instaide.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Instaide.dll -> Palm Computing, Inc., a
3Com Company [Ver = 3.0.1 | Size = 195584 bytes | Modified Date = 7/19/2002
3:19:34 PM | Attr = R ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9} -> [Folder | Modified
Date = 11/10/2008 7:26:15 AM | Attr = ]
_Setup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9}\_Setup.dll ->
Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified
Date = 5/17/2006 10:21:06 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031} -> [Folder | Modified
Date = 11/9/2008 3:48:47 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031}\_Setup.dll ->
Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified
Date = 5/17/2006 10:21:06 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0} -> [Folder | Modified
Date = 11/9/2008 3:23:42 PM | Attr = ]
ISSetup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0}\ISSetup.dll ->
Macrovision Corporation [Ver = 12.0.58849 | Size = 492032 bytes | Modified
Date = 1/19/2007 11:05:28 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0}\_Setup.dll ->
Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified
Date = 5/17/2006 10:21:06 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5} -> [Folder | Modified
Date = 11/9/2008 2:38:42 PM | Attr = ]
ISSetup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5}\ISSetup.dll ->
Macrovision Corporation [Ver = 12.0.58849 | Size = 492032 bytes | Modified
Date = 1/19/2007 11:05:28 PM | Attr = ]
_Setup.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5}\_Setup.dll ->
Macrovision Corporation [Ver = 12.0.49974 | Size = 152496 bytes | Modified
Date = 5/17/2006 10:21:06 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\7345671\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\7345671 -> [Folder
| Modified Date = 4/12/2007 12:16:59 AM | Attr = ]
ywiseext.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\7345671\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 3, 7, 1 | Size
= 102400 bytes | Modified Date = 3/7/2007 12:52:18 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2 -> [Folder
| Modified Date = 4/13/2008 12:01:08 PM | Attr = ]
sporder.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\sporder.dll -> Microsoft Corporation [Ver = 5.00.2134.1
| Size = 8464 bytes | Modified Date = 8/7/2007 7:01:31 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RSPSoftware\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RSPSoftware ->
[Folder | Modified Date = 1/26/2008 11:07:00 AM | Attr = ]
rspov2701.dll -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RSPSoftware\rspov2701.dll -> RSP Software -
http://rspsoftware.clic3.net [Ver = 1, 0, 0, 1 | Size = 196608 bytes |
Modified Date = 1/26/2008 11:07:00 AM | Attr = ]

ralph rosancrans · Nov 12, 2008

C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\ -> C:\Documents and
Settings\DEMON_GRUB\Local Settings\Temp -> [Folder | Modified Date =
11/12/2008 6:26:01 AM | Attr = ]
Perflib_Perfdata_a7c.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\Perflib_Perfdata_a7c.dat -> [Ver = | Size = 16384 bytes |
Modified Date = 12/14/2007 1:30:06 PM | Attr = ]
Perflib_Perfdata_abc.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\Perflib_Perfdata_abc.dat -> [Ver = | Size = 16384 bytes |
Modified Date = 3/5/2008 1:15:30 PM | Attr = ]
Perflib_Perfdata_d6c.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\Perflib_Perfdata_d6c.dat -> [Ver = | Size = 16384 bytes |
Modified Date = 12/24/2007 1:43:08 PM | Attr = ]
Perflib_Perfdata_d78.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\Perflib_Perfdata_d78.dat -> [Ver = | Size = 16384 bytes |
Modified Date = 12/3/2007 1:27:55 AM | Attr = ]
211 C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp files ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\RarSFX2 -> [Folder
| Modified Date = 4/13/2008 12:01:08 PM | Attr = ]
afuinst64.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\afuinst64.dat -> [Ver = 7, 1, 0, 377 | Size = 317440
bytes | Modified Date = 7/3/2007 12:14:31 PM | Attr = ]
avgfinst.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\avgfinst.dat -> AVG Technologies CZ, s.r.o. [Ver =
8.0.0.86 | Size = 189952 bytes | Modified Date = 3/12/2008 12:28:29 PM | Attr
= ]
BUYLNK.DAT -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\BUYLNK.DAT -> [Ver = | Size = 47 bytes | Modified
Date = 3/27/2008 1:26:29 PM | Attr = ]
files.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\files.dat -> [Ver = | Size = 105571682 bytes |
Modified Date = 3/12/2008 12:29:00 PM | Attr = ]
setup.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\setup.dat -> [Ver = | Size = 836669 bytes | Modified
Date = 3/12/2008 12:28:28 PM | Attr = ]
trialkey.dat -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RarSFX2\trialkey.dat -> [Ver = | Size = 67 bytes | Modified
Date = 3/26/2008 11:26:07 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\ -> C:\Documents
and Settings\DEMON_GRUB\Local Settings\Temp -> [Folder | Modified Date =
11/12/2008 6:26:01 AM | Attr = ]
RunTime.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\RunTime.ini -> [Ver = | Size = 578 bytes | Modified Date =
12/10/2007 4:43:41 PM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> [Ver = | Size =
761 bytes | Modified Date = 3/31/2008 9:09:30 PM | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size =
578 bytes | Modified Date = 3/31/2008 9:10:06 PM | Attr = ]
211 C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp files ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\_is8D\ ->
C:\Documents and Settings\DEMON_GRUB\Local Settings\Temp\_is8D -> [Folder |
Modified Date = 4/2/2007 11:42:42 PM | Attr = ]
0x0404.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0404.ini -> [Ver = | Size = 3261 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
0x0406.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0406.ini -> [Ver = | Size = 4855 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
0x0407.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0407.ini -> [Ver = | Size = 5140 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0409.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0409.ini -> [Ver = | Size = 4632 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
0x040a.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x040a.ini -> [Ver = | Size = 5275 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x040b.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x040b.ini -> [Ver = | Size = 4734 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
0x040c.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x040c.ini -> [Ver = | Size = 5406 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0410.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0410.ini -> [Ver = | Size = 5130 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0411.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0411.ini -> [Ver = | Size = 5014 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0412.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0412.ini -> [Ver = | Size = 4303 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0413.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0413.ini -> [Ver = | Size = 5118 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
0x0414.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0414.ini -> [Ver = | Size = 4810 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x041d.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x041d.ini -> [Ver = | Size = 4636 bytes | Modified
Date = 4/2/2007 11:41:30 PM | Attr = ]
0x0804.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\0x0804.ini -> [Ver = | Size = 3326 bytes | Modified
Date = 4/2/2007 11:41:29 PM | Attr = ]
Setup.INI -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\Setup.INI -> [Ver = | Size = 1440 bytes | Modified Date
= 4/2/2007 11:41:29 PM | Attr = ]
_ISMSIDEL.INI -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\_is8D\_ISMSIDEL.INI -> [Ver = | Size = 1203 bytes | Modified
Date = 4/2/2007 11:42:43 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9} -> [Folder | Modified
Date = 11/10/2008 7:26:15 AM | Attr = ]
setup.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{036FD8FD-01B8-4B4F-9C74-8CE7476ACEA9}\setup.ini -> [Ver = |
Size = 530 bytes | Modified Date = 11/10/2008 7:26:15 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267} -> [Folder | Modified
Date = 11/10/2008 7:26:16 AM | Attr = ]
corecomp.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{10FA3AC0-F365-45AA-91F8-15062AB71267}\corecomp.ini -> [Ver =
| Size = 65503 bytes | Modified Date = 5/16/2006 10:58:14 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031} -> [Folder | Modified
Date = 11/9/2008 3:48:47 PM | Attr = ]
setup.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{1A4BC773-4C8E-401A-83BC-4CBD98989031}\setup.ini -> [Ver = |
Size = 530 bytes | Modified Date = 11/9/2008 3:48:46 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0} -> [Folder | Modified
Date = 11/9/2008 3:23:42 PM | Attr = ]
setup.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{55635896-3D3A-4C83-835D-4928834B2DB0}\setup.ini -> [Ver = |
Size = 530 bytes | Modified Date = 11/9/2008 3:23:41 PM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD} -> [Folder | Modified
Date = 11/9/2008 2:38:42 PM | Attr = ]
corecomp.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F657DB93-03AE-48DC-BFD7-E0B839AF9FBD}\corecomp.ini -> [Ver =
| Size = 65503 bytes | Modified Date = 5/16/2006 10:58:14 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892} -> [Folder | Modified
Date = 11/9/2008 3:48:49 PM | Attr = ]
corecomp.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F6EF2C8D-BDFF-41E3-A552-6DD8D7D73892}\corecomp.ini -> [Ver =
| Size = 65503 bytes | Modified Date = 5/16/2006 10:58:14 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67} -> [Folder | Modified
Date = 11/9/2008 3:23:43 PM | Attr = ]
corecomp.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{F92532F9-CFE5-442D-8454-2B54EAA23C67}\corecomp.ini -> [Ver =
| Size = 65503 bytes | Modified Date = 5/16/2006 10:58:14 AM | Attr = ]
C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5}\ -> C:\Documents and
Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5} -> [Folder | Modified
Date = 11/9/2008 2:38:42 PM | Attr = ]
setup.ini -> C:\Documents and Settings\DEMON_GRUB\Local
Settings\Temp\{FC7E1921-97C8-4110-8AF5-ABBBBEFB3BA5}\setup.ini -> [Ver = |
Size = 530 bytes | Modified Date = 11/9/2008 2:38:41 PM | Attr = ]
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified
Date = 4/6/2007 7:29:02 PM | Attr = HS]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384
bytes | Modified Date = 1/9/2008 9:56:01 PM | Attr = ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\
-> [Folder | Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = |
Size = 32768 bytes | Modified Date = 1/9/2008 9:56:01 PM | Attr = ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified
Date = 4/6/2007 7:29:02 PM | Attr = HS]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
-> [Ver = | Size = 32768 bytes | Modified Date = 1/9/2008 9:56:01 PM | Attr
= ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\
-> [Folder | Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = |
Size = 113 bytes | Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified
Date = 4/6/2007 7:29:02 PM | Attr = HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet
Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date =
4/6/2007 7:29:02 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CHA3Q7WL\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CHA3Q7WL -> [Folder |
Modified Date = 1/9/2008 9:56:06 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet
Files\Content.IE5\CHA3Q7WL\desktop.ini -> [Ver = | Size = 67 bytes |
Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CXY30ZIX\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CXY30ZIX -> [Folder |
Modified Date = 1/9/2008 9:56:08 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet
Files\Content.IE5\CXY30ZIX\desktop.ini -> [Ver = | Size = 67 bytes |
Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KLUB85QL\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KLUB85QL -> [Folder |
Modified Date = 1/9/2008 9:56:08 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet
Files\Content.IE5\KLUB85QL\desktop.ini -> [Ver = | Size = 67 bytes |
Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YB8PIJAL\ ->
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YB8PIJAL -> [Folder |
Modified Date = 1/9/2008 9:56:07 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet
Files\Content.IE5\YB8PIJAL\desktop.ini -> [Ver = | Size = 67 bytes |
Modified Date = 4/6/2007 7:29:02 PM | Attr = HS]

< End of report >

Bill Blanton · Nov 13, 2008

Open a cmd prompt. Start > Run... [type in] cmd > Ok
At the prompt, enter the following commands:

attrib -h -r -s C:\Autorun.inf

del C:\Autorun.inf

attrib -h -r -s D:\Autorun.inf

del D:\Autorun.inf

etc.

(do this for every drive letter (C: D: E: etc) and do NOT open any drives with
Explorer until you're completed)

Here are a couple of useful links previously posted in this thread

Kaspersky Antivirus (http://www.kaspersky.com/virusscanner)
Panda ActiveScan (http://www.pandasoftware.com/activescan)

Bill Blanton · Nov 13, 2008

This "forum" doesn't generally accept scanner logs. See my previous reply.

dvdenglr · Nov 16, 2008

I have the same problem exept C: works fine, Its all my other hard drives
that this is happening to.

Richard · Nov 26, 2008

Marks said:
I can't open c: when double click on it but pop up a message
"C:\resycled\boot.com is not a valid Win32 application". Please help.
not only c drive almost all the drives. Thanks.

The Real Truth MVP · Nov 30, 2008

Your system is infected with the Zlob DNS Changer see here
http://www.google.com/search?hl=en&...um=0&ct=result&cd=1&q=Zlob.DNSChanger&spell=1

Iceman · Dec 6, 2008

I can't open c: , e: ,d: when double click on it but pop up a message
"C:\resycled\boot.com is not a valid Win32 application".
i try to scan with panda internet security,and malware when i double
click c: there is no a message C:\resycled\boot.com is not a valid Win32
application
but when i double click d: and e: pop up a message
"C:\resycled\boot.com is not a valid Win32 application".
what should i do?
thx

It's a virus, all right (as you might have suspected due to the misspelling
of "recycled").

Start Windows in safe mode, then click Start -> Run. Type in regedit and
click okay.

Now at the top of the registry editor, click Edit -> Find. Type boot.com
and click Find Next. Every time it finds a new boot.com, press the delete
key and then enter. It should find a dozen or so copies.

Now, plug in any external drives or flash drives you have used with this
computer. Open My Computer. Click Tools -> Folder Options -> View and
select "Show Hidden Files and Folders" and click okay.

For each drive, open it and delete the "resycled" folder and autorun.inf.
Back up each autorun.inf before deleting them off external drives, because
they might be important.

Restart the computer and the problem should be gone.

Elmo · Jan 20, 2009

holder88 said:
Hi, on my laptop I can't get any .exe files to open; I just get the
(gamename).exe is not a valid Win32 application error message. I tried
the above methods but not helping. I can't install or run files from any
CD, or downloaded files; hope someone can help.
Thanks, Chris

You hijacked someone's post that was concerned with the C:\Resycled
folder. Do you have this malady?

Try fixing the .exe and .lnk associations:

Fix File Associations.
http://dougknox.com/xp/file_assoc.htm

C:\resycled\boot.com is not a valid Win32 application

Marks

neil

Bill Blanton

Marks

Leonard Grey

Marks

Bill Blanton

Marks

Thomas

Bill Blanton

ralph rosancrans

ralph rosancrans

ralph rosancrans

Bill Blanton

Bill Blanton

dvdenglr

Richard

The Real Truth MVP

Iceman

Elmo