WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 6/28/2005 5:13:16 PM 19456 C:\b.exe
UPX! 7/19/2005 7:32:00 PM 45056 C:\dhjs.exe
UPX! 7/19/2005 4:24:30 PM 45056 C:\dkss.exe
UPX! 7/19/2005 1:45:14 AM 22016 C:\kk.exe
UPX! 7/19/2005 3:53:24 AM 45056 C:\sia.exe
UPX! 7/21/2005 4:14:26 PM 95232 C:\w65.exe
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
SAHAgent 7/21/2005 3:13:32 PM 52224 C:\WINDOWS\0grr7apo.exe
aspack 7/28/2003 8:54:54 PM 535040 C:\WINDOWS\flashax.exe
SAHAgent 5/15/2005 10:33:20 AM 42940 C:\WINDOWS\KB839643-DirectX9Uninst.log
PTech 6/4/2004 9:34:50 AM 20522 C:\WINDOWS\landing.html
UPX! 5/8/2005 4:15:06 PM RHS 59392 C:\WINDOWS\svcmgr32.exe
UPX! 8/3/2005 4:55:22 AM 86016 C:\WINDOWS\untokuoitu.exe
UPX! 7/21/2005 4:21:00 PM RHS 57344 C:\WINDOWS\USBSubsystem
Checking %System% folder...
SAHAgent 9/5/2005 9:20:14 PM 35 C:\WINDOWS\SYSTEM32\0grr7apo.ini
SAHAgent 9/5/2005 9:20:14 PM 35 C:\WINDOWS\SYSTEM32\14musgrj.ini
SAHAgent 7/22/2005 2:22:16 PM 230400 C:\WINDOWS\SYSTEM32\1rugpb2a.exe
SAHAgent 9/12/2005 6:45:02 PM 2927 C:\WINDOWS\SYSTEM32\1rugpb2a.ini
SAHAgent 7/23/2005 11:25:26 PM 35 C:\WINDOWS\SYSTEM32\2quqsams.ini
SAHAgent 5/14/2005 8:25:26 PM 35 C:\WINDOWS\SYSTEM32\7qhd623h.ini
SAHAgent 6/20/2005 7:23:08 PM 35 C:\WINDOWS\SYSTEM32\8j3gt3ts.ini
SAHAgent 7/22/2005 3:08:44 AM 35 C:\WINDOWS\SYSTEM32\8r12iqba.ini
SAHAgent 7/23/2005 11:25:26 PM 35 C:\WINDOWS\SYSTEM32\a76kmsnh.ini
SAHAgent 7/22/2005 6:16:38 PM 3076 C:\WINDOWS\SYSTEM32\arqs5c5t.ini
PEC2 8/23/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
SAHAgent 6/20/2005 7:23:08 PM 35 C:\WINDOWS\SYSTEM32\flkjgpht.ini
69.59.186.63 9/13/2005 9:52:10 PM 10240 C:\WINDOWS\SYSTEM32\jjbrb.dll
209.66.67.134 9/13/2005 9:52:10 PM 10240 C:\WINDOWS\SYSTEM32\jjbrb.dll
web-nex 9/13/2005 9:52:10 PM 10240 C:\WINDOWS\SYSTEM32\jjbrb.dll
winsync 9/13/2005 9:52:10 PM 10240 C:\WINDOWS\SYSTEM32\jjbrb.dll
SAHAgent 7/27/2005 1:07:54 PM 3602 C:\WINDOWS\SYSTEM32\jpkf5237.ini
SAHAgent 7/22/2005 3:08:44 AM 35 C:\WINDOWS\SYSTEM32\krm4cbo9.ini
SAHAgent 6/25/2005 11:17:40 PM 1370 C:\WINDOWS\SYSTEM32\l2tjelcl.ini
UPX! 9/5/2005 9:25:24 PM 121433 C:\WINDOWS\SYSTEM32\mc-58-12-0000120.exe
UPX! 12/2/2003 5:50:46 PM 6656 C:\WINDOWS\SYSTEM32\nhbgwp.exe
SAHAgent 6/25/2005 11:16:38 PM 35 C:\WINDOWS\SYSTEM32\onhjf5gs.ini
SAHAgent 7/15/2005 1:20:22 AM 3985 C:\WINDOWS\SYSTEM32\r1akq8ak.ini
Umonitor 8/29/2002 6:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
SAHAgent 6/4/2005 11:51:16 AM 3568 C:\WINDOWS\SYSTEM32\sn3qn95a.ini
69.59.186.63 9/13/2005 9:52:10 PM 46080 C:\WINDOWS\SYSTEM32\ssgfgjs.dll
209.66.67.134 9/13/2005 9:52:10 PM 46080 C:\WINDOWS\SYSTEM32\ssgfgjs.dll
web-nex 9/13/2005 9:52:10 PM 46080 C:\WINDOWS\SYSTEM32\ssgfgjs.dll
winsync 9/13/2005 9:52:10 PM 46080 C:\WINDOWS\SYSTEM32\ssgfgjs.dll
SAHAgent 5/14/2005 8:25:26 PM 35 C:\WINDOWS\SYSTEM32\v9m2opo1.ini
winsync 8/23/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
69.59.186.63 9/5/2005 9:41:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
209.66.67.134 9/5/2005 9:41:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.97 9/5/2005 9:41:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.77 9/5/2005 9:41:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
web-nex 9/5/2005 9:41:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
winsync 9/5/2005 9:41:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
rec2_run 9/5/2005 9:41:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/14/2005 5:17:14 PM S 2048 C:\WINDOWS\bootstat.dat
9/14/2005 5:15:56 PM H 24 C:\WINDOWS\pvcxe
9/13/2005 9:52:10 PM H 54156 C:\WINDOWS\QTFont.qfn
7/20/2005 4:37:30 PM RHS 58791 C:\WINDOWS\USBBay.exe
7/21/2005 4:21:00 PM RHS 57344 C:\WINDOWS\USBSubsystem
9/12/2005 7:17:22 PM S 64 C:\WINDOWS\CSC\00000001
8/11/2005 12:30:00 PM S 64 C:\WINDOWS\CSC\00000002
8/27/2005 11:07:10 PM H 10820 C:\WINDOWS\Help\nocontnt.GID
8/14/2005 11:36:28 PM H 0 C:\WINDOWS\inf\oem19.inf
9/14/2005 5:17:04 PM H 8192 C:\WINDOWS\system32\config\default.LOG
9/14/2005 5:17:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/14/2005 5:17:16 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
9/14/2005 5:18:36 PM H 81920 C:\WINDOWS\system32\config\software.LOG
9/14/2005 5:17:18 PM H 950272 C:\WINDOWS\system32\config\system.LOG
9/6/2005 3:45:36 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
9/12/2005 7:18:56 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BZ32EAKY\desktop.ini
9/12/2005 7:18:56 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RFYRX2HQ\desktop.ini
9/12/2005 7:18:56 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YN1WLTYS\desktop.ini
9/12/2005 7:18:56 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZX45KO6A\desktop.ini
9/14/2005 5:16:18 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/23/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 5/30/2003 4:17:20 PM 579584 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 12/6/2004 9:31:48 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 6/4/2003 12:55:26 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Apple Computer, Inc. 7/27/2003 10:05:54 AM 295936 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
9/5/2005 10:01:38 PM 31744 C:\WINDOWS\SYSTEM32\vgactl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
2/21/2003 5:46:20 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
9/12/2005 7:01:38 PM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nntu.exe
Checking files in %ALLUSERSPROFILE%\Application Data folder...
2/21/2003 12:35:24 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
7/14/2005 12:34:12 AM 6 C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
Checking files in %USERPROFILE%\Startup folder...
2/21/2003 5:46:20 PM HS 84 C:\Documents and Settings\Lauren\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
2/21/2003 12:35:24 PM HS 62 C:\Documents and Settings\Lauren\Application Data\desktop.ini
8/10/2003 11:55:52 PM 0 C:\Documents and Settings\Lauren\Application Data\dm.ini
6/23/2005 10:44:16 PM 19552 C:\Documents and Settings\Lauren\Application Data\GDIPFONTCACHEV1.DAT
9/12/2005 7:20:48 PM 453321 C:\Documents and Settings\Lauren\Application Data\Sskknwrd.dll
9/12/2005 7:27:42 PM 41 C:\Documents and Settings\Lauren\Application Data\Sskuknwrd.dll
1/1/2005 5:10:04 PM 230187 C:\Documents and Settings\Lauren\Application Data\tvmknwrd.dll
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
iebar =
acc=ventura5 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ffqsqnxy
{e1dee5f6-a09e-4e0e-9bdb-c8e75e9a016c} = C:\WINDOWS\System32\jjbrb.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{3EA5C408-2437-4c40-ADAC-DFDA9AEEEA96}
ActiveShopper SideBar = SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
&Discuss = shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{71ED4FBA-4024-4BBE-91DC-9704C93F453E} = :
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : C:\Program Files\AIM Toolbar\AIMBar.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} = COMMUNICATOR : C:\WINDOWS\system32\communicator.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
QuickTime Task "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
winsync C:\WINDOWS\System32\lldxdg.exe reg_run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
LowRiskFileTypes .zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun ‘
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
xfvsk.exe C:\WINDOWS\system\xfvsk.exe
nwafmdewg.exe C:\WINDOWS\system\nwafmdewg.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
DisableRegistryTools 0
NoAdminPage 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/14/2005 5:24:55 PM
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.2\\THGuard.exe\""
"QuickTime Task"="\"C:\\PROGRA~1\\QUICKT~1\\qttask.exe\" -atboottime"
"winsync"="C:\\WINDOWS\\System32\\lldxdg.exe reg_run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll
Subkey --- ffqsqnxy
{e1dee5f6-a09e-4e0e-9bdb-c8e75e9a016c}
C:\WINDOWS\System32\jjbrb.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}
C:\PROGRA~1\TROJAN~1.2\contmenu.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini
==============================
C:\Documents and Settings\Lauren\Start Menu\Programs\Startup
desktop.ini
desktop.ini
==============================
C:\WINDOWS\system32 cpl files
access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
prefscpl.cpl RealNetworks, Inc.
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
vgactl.cpl
wuaucpl.cpl Microsoft Corporation
Edited by bubble00, 14 September 2005 - 04:19 PM.