|
Here are the Posts.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 12/1/2003 4:27:44 PM 26084439 C:\NAV10ESD.exe
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
qoologic 3/26/2005 9:13:14 PM 3888 C:\WINNT\agkhot.dll
urllogic 3/26/2005 9:13:14 PM 3888 C:\WINNT\agkhot.dll
abetterinternet.com 3/26/2005 9:13:14 PM 3888 C:\WINNT\agkhot.dll
PECompact2 11/26/2005 12:51:10 PM 16569719 C:\WINNT\LPT$VPN.969
qoologic 11/26/2005 12:51:10 PM 16569719 C:\WINNT\LPT$VPN.969
SAHAgent 11/26/2005 12:51:10 PM 16569719 C:\WINNT\LPT$VPN.969
aspack 11/25/2005 2:41:00 PM 131977216 C:\WINNT\MEMORY.DMP
SAHAgent 11/25/2005 2:41:00 PM 131977216 C:\WINNT\MEMORY.DMP
KavSvc 11/25/2005 2:41:00 PM 131977216 C:\WINNT\MEMORY.DMP
69.59.186.63 11/25/2005 2:41:00 PM 131977216 C:\WINNT\MEMORY.DMP
209.66.67.134 11/25/2005 2:41:00 PM 131977216 C:\WINNT\MEMORY.DMP
testpopup 11/25/2005 2:41:00 PM 131977216 C:\WINNT\MEMORY.DMP
web-nex 11/25/2005 2:41:00 PM 131977216 C:\WINNT\MEMORY.DMP
yourkey 11/25/2005 2:41:00 PM 131977216 C:\WINNT\MEMORY.DMP
UPX! 11/26/2005 12:51:10 PM 170053 C:\WINNT\tsc.exe
PECompact2 11/26/2005 12:51:10 PM 16569719 C:\WINNT\VPTNFILE.969
qoologic 11/26/2005 12:51:10 PM 16569719 C:\WINNT\VPTNFILE.969
SAHAgent 11/26/2005 12:51:10 PM 16569719 C:\WINNT\VPTNFILE.969
UPX! 11/26/2005 12:51:10 PM 1044560 C:\WINNT\vsapi32.dll
aspack 11/26/2005 12:51:10 PM 1044560 C:\WINNT\vsapi32.dll
Checking %System% folder...
SAHAgent 11/28/2005 7:30:22 PM 3431 C:\WINNT\SYSTEM32\7r9e5u66.ini
PEC2 4/15/2003 7:00:00 AM 41397 C:\WINNT\SYSTEM32\dfrg.msc
SAHAgent 1/5/2004 9:18:06 PM H 30124 C:\WINNT\SYSTEM32\fiz4
SAHAgent 1/8/2004 4:48:22 PM H 30071 C:\WINNT\SYSTEM32\fiz6
PTech 7/12/2005 5:04:22 PM 520456 C:\WINNT\SYSTEM32\LegitCheckControl.dll
UPX! 1/13/2005 9:41:48 PM 11254 C:\WINNT\SYSTEM32\locate.com
FSG! 9/6/2005 5:17:26 PM 398742 C:\WINNT\SYSTEM32\Mgystzk1.xml
PECompact2 11/1/2005 11:34:18 PM 2368864 C:\WINNT\SYSTEM32\MRT.exe
aspack 11/1/2005 11:34:18 PM 2368864 C:\WINNT\SYSTEM32\MRT.exe
PTech 11/24/2005 12:00:22 AM 843265 C:\WINNT\SYSTEM32\NewMgystzu1.xml
aspack 8/4/2004 1:56:36 AM 708096 C:\WINNT\SYSTEM32\ntdll.dll
SAHAgent 8/4/2005 7:32:06 PM 35 C:\WINNT\SYSTEM32\p3mpf034.ini
SAHAgent 8/4/2005 7:32:06 PM 35 C:\WINNT\SYSTEM32\p9fg22ff.ini
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINNT\SYSTEM32\rasdlg.dll
aspack 5/16/2002 4:12:30 PM 117248 C:\WINNT\SYSTEM32\SKCL.dll
UPX! 1/20/2005 1:47:50 PM 175616 C:\WINNT\SYSTEM32\strings.exe
winsync 4/15/2003 7:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
Umonitor 8/29/2002 6:00:00 AM 631808 C:\WINNT\SYSTEM32\_003827_.tmp.dll
Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINNT\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/30/2005 9:03:48 AM S 2048 C:\WINNT\bootstat.dat
11/27/2005 12:51:38 PM H 54156 C:\WINNT\QTFont.qfn
10/5/2005 8:33:38 PM S 12849 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/4/2005 7:17:40 PM S 21737 C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
11/30/2005 9:03:40 AM H 8192 C:\WINNT\system32\config\DEFAULT.LOG
11/30/2005 9:04:04 AM H 1024 C:\WINNT\system32\config\SAM.LOG
11/30/2005 9:03:50 AM H 16384 C:\WINNT\system32\config\SECURITY.LOG
11/30/2005 9:04:18 AM H 90112 C:\WINNT\system32\config\SOFTWARE.LOG
11/30/2005 9:03:54 AM H 970752 C:\WINNT\system32\config\SYSTEM.LOG
11/10/2005 7:08:40 AM H 1024 C:\WINNT\system32\config\systemprofile\NTUSER.DAT.LOG
10/21/2005 8:42:28 PM HS 388 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\User\0ee709f2-7ecf-4fa8-aca4-8260833fdaec
10/21/2005 8:42:28 PM HS 24 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\User\Preferred
11/30/2005 9:02:34 AM H 6 C:\WINNT\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINNT\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINNT\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation 4/15/2003 7:00:00 AM 187904 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 4/15/2003 7:00:00 AM 35840 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINNT\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINNT\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/6/2003 2:16:00 PM 73728 C:\WINNT\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINNT\SYSTEM32\powercfg.cpl
Intel(R) Corporation 3/11/2003 3:15:56 PM 77824 C:\WINNT\SYSTEM32\PRApplet.cpl
RealNetworks, Inc. 9/11/2003 1:05:18 PM 24576 C:\WINNT\SYSTEM32\prefscpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINNT\SYSTEM32\sysdm.cpl
Microsoft Corporation 4/15/2003 7:00:00 AM 28160 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINNT\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 4/15/2003 7:00:00 AM 187904 C:\WINNT\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 4/15/2003 7:00:00 AM 35840 C:\WINNT\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 4/15/2003 7:00:00 AM 28160 C:\WINNT\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
10/12/2004 9:57:48 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
11/30/2005 9:04:58 AM 227840 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\piwx.exe
Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/12/2004 9:47:14 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
10/12/2004 9:57:48 AM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
10/12/2004 9:47:14 AM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gqsfxk
{16afa246-98cb-42f4-b16c-4c8ea227708b} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gqsfxkmt
{e207beae-5dbc-4308-95be-d56833b4ce1b} = C:\WINNT\system32\glqfw.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINNT\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{DE9C389F-3316-41A7-809B-AA305ED9D922} = AOL Toolbar : C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
CTHelper CTHELPER.EXE
Hot Key Kbd 9910 Daemon SK9910DM.EXE
Gateway Ink Monitor "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
nwiz nwiz.exe /install
ICQ Messenger ICQLite.exe
type32 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
HostManager C:\Program Files\Common Files\AOL\1130542541\ee\AOLSoftware.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
winsync C:\WINNT\system32\ykqwco.exe reg_run
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
ICQ Messenger ICQLite.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ALUAlert C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
SetDefaultMIDI MIDIDef.exe
NvMediaCenter RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
SetDefaultMidi MIDIDEF.EXE
tscuninstall %systemroot%\system32\tscupgrd.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
CDRAutoRun 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINNT\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr
= avldr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/30/2005 9:14:54 AM
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\System32\\NvCpl.dll,NvStartup"
"CTHelper"="CTHELPER.EXE"
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE"
"Gateway Ink Monitor"="\"C:\\Program Files\\Gateway Utilities\\GWInkMonitor.exe\""
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"nwiz"="nwiz.exe /install"
"ICQ Messenger"="ICQLite.exe"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1130542541\\ee\\AOLSoftware.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"winsync"="C:\\WINNT\\system32\\ykqwco.exe reg_run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- gqsfxk
{16afa246-98cb-42f4-b16c-4c8ea227708b}
0
Subkey --- gqsfxkmt
{e207beae-5dbc-4308-95be-d56833b4ce1b}
C:\WINNT\system32\glqfw.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINNT\System32\cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINNT\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINNT\system32\SHELL32.dll
Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton AntiVirus\NavShExt.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINNT\system32\SHELL32.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINNT\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\SHELL32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINNT\system32\SHELL32.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini
piwx.exe
==============================
C:\Documents and Settings\Courtney\Start Menu\Programs\Startup
desktop.ini
piwx.exe
desktop.ini
==============================
C:\WINNT\system32 cpl files
access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
PRApplet.cpl Intel(R) Corporation
prefscpl.cpl RealNetworks, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:57:36 AM, 11/30/2005
+ Report-Checksum: D5C35571
+ Scan result:
No infected objects found.
::Report End
Incident Status Location
Adware:adware/addestroyer Not disinfected C:\Documents and Settings\Courtney\Start Menu\Programs\AdDestroyer
Adware:adware/statblaster Not disinfected C:\PROGRAM FILES\WildArcade
Adware:adware/winad Not disinfected C:\PROGRAM FILES\Winad Client
Adware:adware/midaddle Not disinfected C:\PROGRAM FILES\COMMON FILES\midaddle
Adware:adware/xupiter Not disinfected C:\PROGRAM FILES\COMMON FILES\SQ
Adware:adware/ncase Not disinfected C:\WINNT\SYSTEM32\FLEOK
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Adware:Adware/ClkOptimizer Not disinfected C:\!KillBox\Dc23.exe
|