Ok- I searched for the file IR4WRSEL.EXE. It returned 2 results.
Name In Folder
1) IR4WRSEL.EXE - C:\Program Files\Skyrefox
2) IR4WRSEL.EXE-03CB1B49.pf C:\Windows\Prefetch
When I checked C:\Program Files, (even after I changed the setting to display system and hidden files), I was unable to locate it. In fact, when I tried to search again, that particular file did not come up, it only found IR4WRSEL.EXE-03CB1B49.pf. Then, after I rebooted, I searched for it again, and found them both. Not only that, I found the folder Skyrefox under C:\Program Files\Skyrefox. I attempted to delete it, but it gave me an error saying that it was unable to delte because it may be in use or protected. It seems to me that it gets created everytime i restart. However, when I searched C:\Windows\Prefetch, I was able to locate the file. I then uploaded the file to the website and Ive copied the results below.
Service load: 0% 100%
File: IR4WRSEL.EXE-03CB1B49.pf
Status: OK
MD5 c386a373bd8c62a414c344f06536d08f
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
BUT!!!! Let me mention this. I scanned this file twice. Each time I scanned it, the results say its ok, but....I got 3 or 4 pop ups. Weird, wonder if it has anything to do with the popups. As I write this, no popups, I just scanned the file again, and 3 popups, still with the results saying its ok. Hmmm
Ok. Under C:\Documents and Settings these are the folders I see.
Administrator
All Users
Default User
Local Service
NetworkService
Tony
Tony.TonyDELL2
user
Under C:\Documents and Settings\Tony.TonyDELL2 I see the following folders.
Application Data
Cookies
Desktop
Favorites
Local Settings
My Recent Documents
NetHood
PrintHood
SendTo
Start Menu
Templates
UserData
then these are the files located there:
NTUSER.DAT (with a windows media player icon next to it) size is 1280KB
ntuser.dat.LOG (with a notebook icon next to it) size 1KB
ntuser.ini
I made my sure my system and hidden files are visible. I was unable to see any files or folders under the 'nameless' folder.
CleanUp! started on 09/23/05 17:52:46.
...
C:\WINDOWS\temp\CS62922C84-60AC-433E-8632-3E52C4BB5C04.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS63F66084-EFD6-4970-9D7B-241C3AC31CA1.tmp - deleted
C:\WINDOWS\temp\CS653FDD9C-91B0-475E-A15A-CBB33E8CBD7F.tmp - deleted
C:\WINDOWS\temp\CS658C8961-184B-4B66-B3C5-A993478008EF.tmp - deleted
C:\WINDOWS\temp\CS6839F37D-AEB6-494F-8AE5-12E3F244844D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS6991D92F-C2FD-4F90-8AD0-E69BDEC954A5.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS6ACD8060-8C0D-45D2-BFA3-21E9F7FF9FB1.tmp - deleted
C:\WINDOWS\temp\CS6DF89FBD-8ECC-4583-AC1A-B931AAE8DF6E.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS6F00BBD2-F109-45D9-837D-3FD9D296F166.tmp - deleted
C:\WINDOWS\temp\CS705C2109-91EE-4914-949C-C6BF271985F0.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS71C6D7EE-1B83-45B5-A56D-8F724C4CFF9F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS7491C8EB-5E24-4AF7-9180-5B500B35FC08.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS754DD50F-F8A2-4EAB-B843-52B3BF7B1A30.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS782BB2B3-D9DC-4E3F-BE61-8193085071A2.tmp - deleted
C:\WINDOWS\temp\CS7AB0ECF2-1F2A-4035-90DF-7BCB6025F87E.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS7B25AEE3-A0CF-42F9-AEBE-A0DAC44F31DA.tmp - deleted
C:\WINDOWS\temp\CS7D87D8F5-4072-4DE2-A5A1-F48A92A5C458.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS7DCFB458-9301-4EF8-851C-DEFFEB2B8EA2.tmp - deleted
C:\WINDOWS\temp\CS7DE7F20B-C140-473D-8392-C1125AAB7FAA.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS7E79A3E4-19FF-49AA-B804-FFF4DD5376B5.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS80A1B06C-1744-4DC7-8D54-F6064C67B984.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS81F2F799-8356-4C3E-9855-61A29B9C6E8D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS82A77CA3-6EDE-4978-B160-CD10CAAF1182.tmp - deleted
C:\WINDOWS\temp\CS85938D1D-E505-443F-9222-FFFCF3E832A8.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS8622DF9B-653A-4A59-A526-9C6A06636D26.tmp - deleted
C:\WINDOWS\temp\CS873D7EEE-2428-4FA6-9B7B-D4C48F98D348.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS8A0729C7-2389-4C3E-8441-3E2693C19083.tmp - deleted
C:\WINDOWS\temp\CS8A0A4209-D714-4CD3-B4D8-64BFAE76C886.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS8A2B0F5B-D06A-44F9-91C2-E60B6ADF11AD.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS8D5F13BB-B4EE-4761-8870-5FB5F3F14FDC.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS8EF117A7-7EB2-4EC9-8163-4CFBBA7E0B09.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS8FB52CCC-1838-4649-8432-E321932E20DB.tmp - deleted
C:\WINDOWS\temp\CS8FCD2547-1EA3-413D-B34A-49B7DEB8F6A4.tmp - deleted
C:\WINDOWS\temp\CS90AE140D-0088-4C7F-82D3-99EB7BF7DBDA.tmp - deleted
C:\WINDOWS\temp\CS91EFDCA2-B11E-4C3F-A452-A7042EB7A150.tmp - deleted
C:\WINDOWS\temp\CS92A07C1B-70C3-4D43-8EE8-9ACF5F3CA695.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS93373C9C-A129-4210-9A5A-1932EACA7684.tmp - deleted
C:\WINDOWS\temp\CS94009719-E707-4DE2-B560-3E1649A52B56.tmp - deleted
C:\WINDOWS\temp\CS97F1B305-0BC9-4A05-88C3-3675687B7246.tmp - deleted
C:\WINDOWS\temp\CS9892EDA1-E868-4740-8C67-1F5002F47A24.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS9D7CCEFD-C4AF-4677-9062-D69E0D12C1A4.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS9E9652B4-08ED-49E0-BACB-DFA11FE747AC.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CS9FBB0165-87E6-4A75-ACEE-C71871E18B21.tmp - deleted
C:\WINDOWS\temp\CS9FEEEE77-B5C8-4B60-87FB-4BC4DCE9AA79.tmp - deleted
C:\WINDOWS\temp\CSA5C0A22E-365E-4237-B456-E63AFD73AF1F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSA62BE8C5-D736-4DC8-91EB-3B3C5AD7E273.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSA7066FA2-F477-4FA4-9CBE-8F49C75D6F8B.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSA889464C-F3D0-4560-AD18-7413BD280BE4.tmp - deleted
C:\WINDOWS\temp\CSAC4AF7D0-EEE5-41B0-8DDE-5F97A00B0918.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSAC7CDA78-E70E-411D-BE04-D992E92DC403.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSB01E1E83-B9EA-4724-9769-A7AD73225E35.tmp - deleted
C:\WINDOWS\temp\CSB0BD1D9F-1769-4F2F-9FA8-D2EEECDC06EE.tmp - deleted
C:\WINDOWS\temp\CSB13DC63A-9B8F-4ADA-973B-1B77FF170C72.tmp - deleted
C:\WINDOWS\temp\CSB1C76436-992E-411B-8A27-D701F351AD69.tmp - deleted
C:\WINDOWS\temp\CSB1FFFC96-710F-4BD0-BF8A-59FD1A016F18.tmp - deleted
C:\WINDOWS\temp\CSB2FEC5AB-CC5C-464C-9916-8CC58589CEFB.tmp - deleted
C:\WINDOWS\temp\CSB4FFF465-20B1-4A5F-AEB3-73EE028C7F9A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSB621636E-C6B6-4200-A827-B49A61DCC6E9.tmp - deleted
C:\WINDOWS\temp\CSB73A26B4-CF8F-45A4-8522-AB48E52D693A.tmp - deleted
C:\WINDOWS\temp\CSB8C49567-8753-4B50-A4D5-7E42F910E033.tmp - deleted
C:\WINDOWS\temp\CSB91AD7FB-B201-441C-9EE2-5F00C8B183DF.tmp - deleted
C:\WINDOWS\temp\CSB95BEF26-9CF3-4200-9481-E0E1DA256C2F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSBB9D5E36-68C6-4005-A394-07724CE2B141.tmp - deleted
C:\WINDOWS\temp\CSBBED810D-7109-4034-8BDC-98C73657CD13.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSBD8A7010-B5C4-42EC-BA81-E34DDAE1B2D7.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSC06A3929-E88C-433C-8CA4-82961D32D680.tmp - deleted
C:\WINDOWS\temp\CSC12FC658-2D1C-42DF-8C3F-044435CB3BC8.tmp - deleted
C:\WINDOWS\temp\CSC19CDCB5-42A7-4212-8E58-1A57E8A72ABC.tmp - deleted
C:\WINDOWS\temp\CSC430FCE4-E4FD-4B87-8712-8BC6209ABB26.tmp - deleted
C:\WINDOWS\temp\CSC498CC4C-D9C1-489D-B840-02D1792ABDD6.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSC4D84398-9456-4815-869A-D97523FE69B2.tmp - deleted
C:\WINDOWS\temp\CSC60D9600-BF5A-436A-BE31-0C375E23D27D.tmp - deleted
C:\WINDOWS\temp\CSC662A879-BC8B-4524-B622-B63EB9B530C4.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSC6B1C3EA-5561-4E22-9E51-CE349864FC0C.tmp - deleted
C:\WINDOWS\temp\CSC7B3862F-24E1-4187-935E-61B554CF0EEB.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSC8A53EC6-C4C0-44A6-8F62-51AE09D0E082.tmp - deleted
C:\WINDOWS\temp\CSC959649C-D503-4D8A-8516-05575D857168.tmp - deleted
C:\WINDOWS\temp\CSCC13FA76-1B0E-4B52-8E32-CAED79CAC49A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSCC26CF99-7447-4A0A-ACB6-B525915C0C8D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSCE750AFF-7736-4ADE-A76D-D9BE18ED8D65.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSCF3C33E8-689D-488E-8101-CA3AF37E3451.tmp - deleted
C:\WINDOWS\temp\CSCFA9AF81-E55B-4C41-93A7-B45B92D69C34.tmp - deleted
C:\WINDOWS\temp\CSD111B065-C084-4E37-B329-7A7B85EA8BF9.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSD2581142-EEC4-4A28-9D79-1ED484E11919.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSD30DA3F3-3D59-43EA-869B-6F5BF01CA573.tmp - deleted
C:\WINDOWS\temp\CSD38D51DD-2531-4533-AA90-C5CEAC3E795B.tmp - deleted
C:\WINDOWS\temp\CSD6878591-A99F-47FF-AFBA-6C57D5D6E624.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSD8A14EFD-6CD4-43E5-9D9F-F92E298A5C09.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSDBCE20D9-81D3-4122-9D35-D8E257331E1F.tmp - deleted
C:\WINDOWS\temp\CSDC3FDE60-973D-4E85-A078-9404FB95024D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSDCBBFE41-7B0C-47B8-8F1B-74227CC3D601.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSDE36ABF8-7D29-45AB-B3C6-502684F146D0.tmp - deleted
C:\WINDOWS\temp\CSDE9256A3-1D25-431A-B7D1-847A65E34A60.tmp - deleted
C:\WINDOWS\temp\CSDEE15696-7FCC-4AC2-9F2E-365B49B93DEF.tmp - deleted
C:\WINDOWS\temp\CSDF31498C-19DF-4CAC-9F4C-DC9F0D4E6B7F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSDFE33BA7-E307-4668-A606-07C6AC028780.tmp - deleted
C:\WINDOWS\temp\CSE0D2C29D-AE5F-4AE2-9A95-BA71A7174A3D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSE3DA7978-A7B6-4704-82BF-18479DB470C5.tmp - deleted
C:\WINDOWS\temp\CSE4BC9349-E3D0-4DCE-B00C-755FF3A23CE2.tmp - deleted
C:\WINDOWS\temp\CSE52C3397-E869-482B-A812-ADF43DAE9748.tmp - deleted
C:\WINDOWS\temp\CSE5AAE5C1-4BF7-4081-B9BB-2FED1672D693.tmp - deleted
C:\WINDOWS\temp\CSE5EE4931-4E61-43F6-B5CF-01920EBC1228.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSE6105E8C-48D9-433D-BDFE-F918A1E402F9.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSE68694D5-88F5-4E60-B504-D49E0558325D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSE6BEF86D-41F3-48F1-B123-9AC514B7BAFF.tmp - deleted
C:\WINDOWS\temp\CSE7AC610A-DD41-4CA2-B454-F1FDC6C7D869.tmp - deleted
C:\WINDOWS\temp\CSE99B49CF-6CBC-440F-844F-7663AEDE1787.tmp - deleted
C:\WINDOWS\temp\CSEA7FA7D2-732F-472B-AB5F-1BD7B4071946.tmp - deleted
C:\WINDOWS\temp\CSEC458696-94E9-4227-9640-AD1024B9EC05.tmp - deleted
C:\WINDOWS\temp\CSED707671-EAB7-4AF2-8E56-8B21DC76855C.tmp - deleted
C:\WINDOWS\temp\CSEE455F39-7587-4E54-94C9-E11893F8E65E.tmp - deleted
C:\WINDOWS\temp\CSEEB4E727-4C07-4690-92D9-AFB5FBB48819.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSEF3CC7F9-B037-4287-A56A-D962B503528D.tmp - deleted
C:\WINDOWS\temp\CSF090135E-640D-425F-9434-497DA5051EA6.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSF14E6C6D-6092-4A21-9BCE-F0060EA2C9F3.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSF3A80B97-4D0A-49F7-A7FC-2BEE7F09607E.tmp - deleted
C:\WINDOWS\temp\CSF3DB087A-4783-4147-BEC9-D3BDEABDAD17.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSF460E602-228F-4E6A-9642-25A2B81876EC.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSF5DB19C3-8109-4565-8CB9-754F41B826E0.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSF6D717B9-2AB7-4FED-A26A-15BCA9DA6D1D.tmp - deleted
C:\WINDOWS\temp\CSF8244139-5BB8-4441-8D01-97AE9D7E6E95.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSF8A865EA-67B5-4099-8206-C99D4D83493E.tmp - deleted
C:\WINDOWS\temp\CSF8D448DD-BE61-4182-96A7-6862C3C10166.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSF9734984-C54B-4114-B4C1-13322113DEF3.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSFC9152F1-9B2E-4BF4-BD9F-052C9F459A74.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSFCACAE0D-FB45-4F92-892B-661492D3B9F7.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSFDDBB2C9-40EE-4632-A7FA-37373AD6431E.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSFEAF9C60-CC6B-4DD2-8A5D-06B51572A8D4.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\CSFFA2CE5C-2E6B-4097-A594-3BD5FC31EF86.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\FDB0BA1E.TMP - deleted
C:\WINDOWS\temp\Perflib_Perfdata_714.dat - deleted
C:\WINDOWS\temp\Perflib_Perfdata_72c.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\Perflib_Perfdata_cb8.dat - deleted
C:\WINDOWS\temp\T30DebugLogFile.txt - deleted
C:\WINDOWS\temp\tmp0000251f\tmp00000000 currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Local Settings\History\History.IE5\MSHist012005092320050924\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Local Settings\Temp\~DFC56E.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat - deleted
C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\
[email protected][1].txt - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Application Data\Webroot\Spy Sweeper\Data\alwayskr.tmp - deleted
C:\Documents and Settings\Tony.TONYDELL2\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Local Settings\History\History.IE5\MSHist012005092320050924\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Local Settings\Temp\~DFC56E.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Local Settings\Temp\~DFC56E.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Tony.TONYDELL2\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Program Files\Common Files\Symantec Shared\IDS\IDSSettg.BAK - deleted
C:\WINDOWS\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat.bak - deleted
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
C:\WINDOWS\Temp\CS00DBF7E3-0F75-4CA7-A4A2-E00516CBD581.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS03743C4B-51C0-46AE-B6D9-5C57ADCD93E0.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS07509A91-B823-4285-B9C3-09CFEA6F507B.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS08C12E7D-E6F7-4B69-AC4A-C171B768AFB5.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0ADBAACF-4338-4217-8338-80BE5D179BBE.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0B11D44F-D170-4AC1-8969-F9B6244AB7C9.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS0C34CFBD-069D-46A1-A64B-A8DC5628C178.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS12BC8624-0460-4D71-962E-7379CE811667.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS1340D94C-AF43-4012-906E-EDEAD86E1A08.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS15B9525B-50F5-4002-9D8D-60B2F0312BCA.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS19C634CB-4EA8-49B0-9D9C-F7AAD989E6D7.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS1A46BD11-EA24-4157-A2AD-4F395AE17C5B.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS1AEAD938-96FB-4995-9910-A28BDF4DD7D2.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS1C6FA480-DE91-4440-92B2-E1A16966E0DD.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS232DC997-2181-41CB-8707-629616905E39.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS2CF8B0A2-7B78-4457-8EEF-3ADF280C4F32.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS2DB32378-71D9-4AAC-B44C-01A7A620AEBD.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS2F40C46D-F204-4B26-A61A-7C5E9F61CA73.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS30D0A5E5-AC55-4965-BCF2-76F28B8078A2.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS32038BF7-7931-45F0-B205-C032EDC0C1B6.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS34548251-0909-4670-9F3F-CECB29539DFB.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS357E9C13-A246-430F-9B11-654B547841DA.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS365207BC-997F-4943-A82C-EFCD3C54B2CE.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS3CAB9A0F-FA8A-4709-B31E-5E332FF4F385.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS3DC18B32-CA38-4FEB-BDE7-4DBFBD91056F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS4247FCCF-E09F-405B-BB13-84EF7FAE9D17.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS42B764A0-ED88-4098-9956-DDFE5D30BA57.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS465D5CC5-6B16-4AE0-82B2-03A0619FDC5F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS4E2ECF85-05EF-4139-AB78-3780F060E03E.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS50D9B732-3A6A-42FD-BAE9-C27952BB7DF1.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS53E7CE4C-FC3B-4C29-92A3-C4E119666EC2.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS56A97B17-1C0F-4C20-9348-7800CE227BA8.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS5ADC5366-F7E1-418D-BB85-3CCCD347F46C.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS5D023816-C382-4A9D-B376-E3EA779664A1.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS5E3D119D-69F1-4DA5-B674-C5A7AB5DC4EE.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS61236F8F-CCBD-460F-BC82-86A9C08942E1.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS628CC085-2DD6-4EE6-860A-D6D88478CD15.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS62922C84-60AC-433E-8632-3E52C4BB5C04.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS6839F37D-AEB6-494F-8AE5-12E3F244844D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS6991D92F-C2FD-4F90-8AD0-E69BDEC954A5.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS6DF89FBD-8ECC-4583-AC1A-B931AAE8DF6E.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS705C2109-91EE-4914-949C-C6BF271985F0.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS71C6D7EE-1B83-45B5-A56D-8F724C4CFF9F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS7491C8EB-5E24-4AF7-9180-5B500B35FC08.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS754DD50F-F8A2-4EAB-B843-52B3BF7B1A30.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS7AB0ECF2-1F2A-4035-90DF-7BCB6025F87E.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS7D87D8F5-4072-4DE2-A5A1-F48A92A5C458.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS7DE7F20B-C140-473D-8392-C1125AAB7FAA.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS7E79A3E4-19FF-49AA-B804-FFF4DD5376B5.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS80A1B06C-1744-4DC7-8D54-F6064C67B984.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS81F2F799-8356-4C3E-9855-61A29B9C6E8D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS85938D1D-E505-443F-9222-FFFCF3E832A8.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS873D7EEE-2428-4FA6-9B7B-D4C48F98D348.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS8A0A4209-D714-4CD3-B4D8-64BFAE76C886.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS8A2B0F5B-D06A-44F9-91C2-E60B6ADF11AD.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS8D5F13BB-B4EE-4761-8870-5FB5F3F14FDC.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS8EF117A7-7EB2-4EC9-8163-4CFBBA7E0B09.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS92A07C1B-70C3-4D43-8EE8-9ACF5F3CA695.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS9892EDA1-E868-4740-8C67-1F5002F47A24.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS9D7CCEFD-C4AF-4677-9062-D69E0D12C1A4.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CS9E9652B4-08ED-49E0-BACB-DFA11FE747AC.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSA5C0A22E-365E-4237-B456-E63AFD73AF1F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSA62BE8C5-D736-4DC8-91EB-3B3C5AD7E273.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSA7066FA2-F477-4FA4-9CBE-8F49C75D6F8B.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSAC4AF7D0-EEE5-41B0-8DDE-5F97A00B0918.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSAC7CDA78-E70E-411D-BE04-D992E92DC403.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSB4FFF465-20B1-4A5F-AEB3-73EE028C7F9A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSB95BEF26-9CF3-4200-9481-E0E1DA256C2F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSBBED810D-7109-4034-8BDC-98C73657CD13.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSBD8A7010-B5C4-42EC-BA81-E34DDAE1B2D7.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSC498CC4C-D9C1-489D-B840-02D1792ABDD6.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSC662A879-BC8B-4524-B622-B63EB9B530C4.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSC7B3862F-24E1-4187-935E-61B554CF0EEB.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSCC13FA76-1B0E-4B52-8E32-CAED79CAC49A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSCC26CF99-7447-4A0A-ACB6-B525915C0C8D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSCE750AFF-7736-4ADE-A76D-D9BE18ED8D65.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSD111B065-C084-4E37-B329-7A7B85EA8BF9.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSD2581142-EEC4-4A28-9D79-1ED484E11919.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSD6878591-A99F-47FF-AFBA-6C57D5D6E624.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSD8A14EFD-6CD4-43E5-9D9F-F92E298A5C09.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSDC3FDE60-973D-4E85-A078-9404FB95024D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSDCBBFE41-7B0C-47B8-8F1B-74227CC3D601.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSDF31498C-19DF-4CAC-9F4C-DC9F0D4E6B7F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSE0D2C29D-AE5F-4AE2-9A95-BA71A7174A3D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSE5EE4931-4E61-43F6-B5CF-01920EBC1228.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSE6105E8C-48D9-433D-BDFE-F918A1E402F9.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSE68694D5-88F5-4E60-B504-D49E0558325D.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSEEB4E727-4C07-4690-92D9-AFB5FBB48819.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF090135E-640D-425F-9434-497DA5051EA6.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF14E6C6D-6092-4A21-9BCE-F0060EA2C9F3.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF3DB087A-4783-4147-BEC9-D3BDEABDAD17.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF460E602-228F-4E6A-9642-25A2B81876EC.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF5DB19C3-8109-4565-8CB9-754F41B826E0.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF8244139-5BB8-4441-8D01-97AE9D7E6E95.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF8D448DD-BE61-4182-96A7-6862C3C10166.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSF9734984-C54B-4114-B4C1-13322113DEF3.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSFC9152F1-9B2E-4BF4-BD9F-052C9F459A74.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSFCACAE0D-FB45-4F92-892B-661492D3B9F7.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSFDDBB2C9-40EE-4632-A7FA-37373AD6431E.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSFEAF9C60-CC6B-4DD2-8A5D-06B51572A8D4.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Temp\CSFFA2CE5C-2E6B-4097-A594-3BD5FC31EF86.tmp currently in use. Will be deleted when Windows is restarted.
'Run MRU' list - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 15.8 MB of disk space from 1036 files.
CleanUp! finished on 09/23/05 17:53:15.
This is the log from SilentRunner:
"Silent Runners.vbs", revision 40.1,
http://www.silentrunners.org/Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"googletalk" = ""C:\Program Files\Google\Google Talk\googletalk.exe" /autostart" ["Google"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"FolderShare" = ""C:\Program Files\FolderShare\FolderShare.exe" /background" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"PicasaNet" = ""C:\Program Files\Hello\Hello.exe" -b" [file not found]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"AVGCtrl" = ""C:\Program Files\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"BCMSMMSG" = "BCMSMMSG.exe" ["Broadcom Corporation"]
"THGuard" = ""C:\Program Files\TrojanHunter 4.2\THGuard.exe"" ["Mischel Internet Security"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"(Default)" = (empty string)
"Norton Ghost 9.0" = "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"MSKDetectorExe" = "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall" ["McAfee, Inc."]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]
"LapLink Server Proxy" = ""C:\Program Files\LapLink Gold\WProxy.exe" -l" [null data]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{0F9CECE1-0306-4BB0-8BEF-C9EA3841E38A}\(Default) = "VizController Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Vyooh\DiskView\VizBHO.dll" ["Vyooh"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{BC9A4428-196B-4822-B0FA-2B44C29D2A26}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [file not found]
"{38656425-8C6B-49C6-9C6A-EBE255812C47}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\skriptpw.dll" [file not found]
"{D4A3CA1A-B7BE-44D4-A6C0-7C340A98B0F4}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nirspt.dll" [file not found]
"{B9867D94-6628-4AD2-92FC-71DC068AC9A6}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shcbase.dll" [file not found]
"{72C1D182-8C33-4E40-9309-455B04D098BE}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\umrlbva.dll" [file not found]
"{7ED281E3-8895-484F-BE6E-403F8FACE3FA}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\umrlbva.dll" [file not found]
"{0B8BC491-0C14-4A93-97BF-3DA153CD7F5C}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wN2topl.dll" [file not found]
"{4248DA01-4070-4F4D-A24C-608481027C35}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\vnpodbc.dll" [file not found]
"{AA15A8B2-6D20-4D31-8578-840B2997D1AB}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wN2topl.dll" [file not found]
"{9356CE9B-C935-41AB-AFDC-013A250DF8A9}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\bhpanui.dll" [file not found]
"{EAC6589B-9167-4ECF-BEE9-22120131AA70}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\bhpanui.dll" [file not found]
"{FABA588C-52C9-466C-B9A6-D593EB2F3D88}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ciutil.dll" [file not found]
"{FCB82B37-5FAC-459F-B66E-5CDCFDA64438}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\vormux.dll" [file not found]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Documents and Settings\user\Desktop\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "Userinit" = "C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe,"c:\windows\tsi32\tsiuser.exe"" [MS], ["Laplink Software, Inc."], ["Laplink Software, Inc."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! PCANotify\DLLName = "PCANotify.dll" ["Symantec Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Documents and Settings\user\Desktop\security suite\context.dll" ["ewido networks"]
mqgmnmky\(Default) = "{0de3fd9f-b847-4360-9027-a7db0bb1cbdf}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\inriw.dll" [file not found]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Documents and Settings\user\Desktop\security suite\context.dll" ["ewido networks"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "Tony" & "All Users" startup folders:
------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"SoonR Desktop Client" -> shortcut to: "C:\Program Files\SoonR\SoonR Desktop Client\SoonrClient.exe" ["SoonR Inc."]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scan my computer - Tony" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~3\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE /AUTO" ["Symantec Corporation"]
"Symantec Drmc" -> launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll [null data], 01 - 02, 08
%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 09 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{6A882320-BDD0-4FF4-BE3A-D8BAF82668E9}" = "DiskView"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Vyooh\DiskView\VizBar.dll" ["Vyooh"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{B723B1B8-9788-4684-ADA7-D1DB02E1D516}\
"ButtonText" = "Noble Poker"
"MenuText" = "Noble Poker"
"Exec" = "C:\Program Files\Noble Poker\casino.exe" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Service, AntiVirService, ""C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
ewido security suite control, ewido security suite control, "C:\Documents and Settings\user\Desktop\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Documents and Settings\user\Desktop\security suite\ewidoguard.exe" ["ewido networks"]
GEARSecurity, GEARSecurity, "C:\WINDOWS\System32\GEARSec.exe" ["GEAR Software"]
LapLink, LapLink, ""C:\Program Files\LapLink Gold\laplink.exe"" ["Laplink Software, Inc."]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Norton Ghost, Norton Ghost, "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
pcAnywhere Host Service, awhost32, "C:\Program Files\Symantec\pcAnywhere\awhost32.exe" ["Symantec Corporation"]
RIP Listener, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}
Simple TCP/IP Services, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
TSI Remote Control Service, TSIRCSRV, "C:\WINDOWS\System32\TSIRCSRV.EXE" ["Laplink Software, Inc."]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Keyboard Driver Filters:
------------------------
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "aw_host" [file not found], INFECTION WARNING! "tsikbf5" ["Laplink Software, Inc."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 204 seconds, including 18 seconds for message boxes)
Sign In
Create Account
