Lets have an Online Scan at the site below
http://support.f-sec.../home/ols.shtml
Save any results from the Online Scan and then go into Safe Mode and Scan once more with WinPFind!
Post back with both those results!
expdvd.dll
Started by
lauriejk
, Oct 07 2005 03:43 PM
#61
Posted 09 October 2005 - 02:44 AM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
Lets have an Online Scan at the site below
http://support.f-sec.../home/ols.shtml
Save any results from the Online Scan and then go into Safe Mode and Scan once more with WinPFind!
Post back with both those results!
#62
Posted 09 October 2005 - 07:25 AM
lauriejk
- Topic Starter
-
- Member
-
- 87 posts
Member
Finished: 64 viruses found
Scanned files: 58753 Warning: 64 file(s) still infected!
C:\!Submit\expdvd.dll Trojan.Win32.Crypt.o
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05854438 Trojan-Downloader.Win32.IstBar.go
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\058C1831 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\058F422D Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06161D51 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06A76D24 Email-Worm.Win32.Sober.p
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0748231C.exe Trojan-Downloader.Win32.IstBar.gn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07503C8B Trojan-Downloader.Win32.Dyfuca.dp
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07561084 Trojan-Downloader.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07593A80 Trojan-Downloader.Win32.IstBar.go
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\075D647C Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07633875 Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E5425F8 Trojan-Downloader.Win32.Swizzor.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\161533DA Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\195B3E23 Trojan-Downloader.Win32.Agent.bt
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1A1051F0 Trojan-Downloader.Win32.IstBar.er
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1A243AFB Trojan-Dropper.Win32.Small.of
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D25599D Trojan-Downloader.Win32.VB.ez
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\22C13C37 Email-Worm.Win32.Sober.p
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24452B99 Trojan-Downloader.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24EC7A22 Trojan-Downloader.Win32.VB.ez
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28F8697E Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28FB137A Trojan-Downloader.Win32.IstBar.go
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2F6F78AA Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\330D106F Trojan-Downloader.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\334E5D85 Trojan-Downloader.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F1F2742 Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\429F1AC3 Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\456F68F4 Trojan-Downloader.Win32.Dyfuca.dp
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4B5D7990 Trojan-Clicker.Win32.VB.ei
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4C903AF0 Trojan-Downloader.Win32.Agent.bt
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F36617B Trojan-Downloader.Win32.IstBar.fn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55B95A3F Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55BF2E37 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56197EB3 Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562626A5 Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562950A1 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562D7A9D Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56334E96 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\563D4C8B Trojan-Downloader.Win32.IstBar.er
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57866E21 Trojan-Downloader.Win32.Dyfuca.dp
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64317919.exe Trojan-Downloader.Win32.IstBar.gn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6AB45821 Trojan-Downloader.Win32.Dyfuca.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6DBA784B Trojan-Clicker.Win32.VB.ei
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\732918AC Trojan-Downloader.Win32.Swizzor.dt
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A4D4101 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DAA368C.exe Trojan-Downloader.Win32.IstBar.gn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DAD6088.exe Trojan-Downloader.Win32.IstBar.gn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DB75E7D.exe Trojan-Downloader.Win32.IstBar.gn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DBA087A.exe Trojan-Downloader.Win32.IstBar.gn
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044400.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044401.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044402.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044403.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044404.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0046498.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0046499.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0046500.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047584.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047585.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047586.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047587.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047589.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0049611.dll Trojan.Win32.Crypt.o
Up | Down | Top | Bottom
New scan
Close
Step 1
Step 2
Step 3
Step 4
Scanned files: 58753 Warning: 64 file(s) still infected!
C:\!Submit\expdvd.dll Trojan.Win32.Crypt.o
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05854438 Trojan-Downloader.Win32.IstBar.go
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\058C1831 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\058F422D Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06161D51 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06A76D24 Email-Worm.Win32.Sober.p
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0748231C.exe Trojan-Downloader.Win32.IstBar.gn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07503C8B Trojan-Downloader.Win32.Dyfuca.dp
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07561084 Trojan-Downloader.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07593A80 Trojan-Downloader.Win32.IstBar.go
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\075D647C Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07633875 Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E5425F8 Trojan-Downloader.Win32.Swizzor.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\161533DA Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\195B3E23 Trojan-Downloader.Win32.Agent.bt
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1A1051F0 Trojan-Downloader.Win32.IstBar.er
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1A243AFB Trojan-Dropper.Win32.Small.of
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D25599D Trojan-Downloader.Win32.VB.ez
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\22C13C37 Email-Worm.Win32.Sober.p
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24452B99 Trojan-Downloader.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24EC7A22 Trojan-Downloader.Win32.VB.ez
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28F8697E Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28FB137A Trojan-Downloader.Win32.IstBar.go
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2F6F78AA Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\330D106F Trojan-Downloader.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\334E5D85 Trojan-Downloader.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F1F2742 Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\429F1AC3 Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\456F68F4 Trojan-Downloader.Win32.Dyfuca.dp
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4B5D7990 Trojan-Clicker.Win32.VB.ei
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4C903AF0 Trojan-Downloader.Win32.Agent.bt
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F36617B Trojan-Downloader.Win32.IstBar.fn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55B95A3F Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55BF2E37 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56197EB3 Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562626A5 Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562950A1 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562D7A9D Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56334E96 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\563D4C8B Trojan-Downloader.Win32.IstBar.er
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57866E21 Trojan-Downloader.Win32.Dyfuca.dp
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64317919.exe Trojan-Downloader.Win32.IstBar.gn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6AB45821 Trojan-Downloader.Win32.Dyfuca.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6DBA784B Trojan-Clicker.Win32.VB.ei
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\732918AC Trojan-Downloader.Win32.Swizzor.dt
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A4D4101 Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DAA368C.exe Trojan-Downloader.Win32.IstBar.gn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DAD6088.exe Trojan-Downloader.Win32.IstBar.gn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DB75E7D.exe Trojan-Downloader.Win32.IstBar.gn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DBA087A.exe Trojan-Downloader.Win32.IstBar.gn
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044400.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044401.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044402.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044403.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044404.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0046498.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0046499.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0046500.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047584.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047585.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047586.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047587.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047589.dll Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0049611.dll Trojan.Win32.Crypt.o
Up | Down | Top | Bottom
New scan
Close
Step 1
Step 2
Step 3
Step 4
#63
Posted 09 October 2005 - 07:44 AM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
OK,all those are easily fixed!
Click the Norton Antivirus Icon by the clock-> Click Reports-> Next to Quaratined Items-> Click View Reports
If you get a prompt to repair or clean anything Select NO!
Select everything in the list and click the Delete tab!
You can delete C:\!Submit<- Folder from Killbox!
Please Install these 2 to add to the Security of the PC!
SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!
WinHelp2002 Hosts File
http://www.mvps.org/...p2002/hosts.htm
or
http://www.mvps.org/...2002/hosts2.htm
Disable System Restore
http://service1.syma...src=sec_doc_nam
Go ahead and Reconfigure Msconfig the way you like the PC to Startup!
Post back with the log from WinPFind and a fresh HijackThis log!
Click the Norton Antivirus Icon by the clock-> Click Reports-> Next to Quaratined Items-> Click View Reports
If you get a prompt to repair or clean anything Select NO!
Select everything in the list and click the Delete tab!
You can delete C:\!Submit<- Folder from Killbox!
Please Install these 2 to add to the Security of the PC!
SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!
WinHelp2002 Hosts File
http://www.mvps.org/...p2002/hosts.htm
or
http://www.mvps.org/...2002/hosts2.htm
Disable System Restore
http://service1.syma...src=sec_doc_nam
Go ahead and Reconfigure Msconfig the way you like the PC to Startup!
Post back with the log from WinPFind and a fresh HijackThis log!
#64
Posted 09 October 2005 - 07:51 AM
lauriejk
- Topic Starter
-
- Member
-
- 87 posts
Member
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 1/8/2005 5:30:04 PM 162885 C:\WINDOWS\tsc.exe
PECompact2 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
qoologic 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
SAHAgent 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
UPX! 1/8/2005 5:30:04 PM 1036800 C:\WINDOWS\vsapi32.dll
aspack 1/8/2005 5:30:04 PM 1036800 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
UPX! 3/10/2005 10:48:10 AM 269312 C:\WINDOWS\SYSTEM32\devil.dll
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 9/8/2005 9:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 9:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/9/2005 8:29:40 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
10/9/2005 8:29:28 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
10/9/2005 8:30:04 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
10/9/2005 8:29:42 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
10/9/2005 8:30:54 AM H 61440 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
10/9/2005 8:29:40 AM H 909312 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
10/2/2005 10:30:46 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
9/25/2005 9:23:06 PM S 558 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
9/25/2005 9:23:06 PM S 144 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XUJ45QJ\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JWM5LXBL\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SPMZ41QB\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WTU7K167\desktop.ini
9/27/2005 1:49:14 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\2003e0b3-decd-4738-99f9-a4d8ea285ec9
9/27/2005 1:49:14 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
10/9/2005 8:00:02 AM H 248 C:\WINDOWS\Tasks\AF392B239196A2CB.job
10/9/2005 8:26:48 AM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/8/2003 8:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
9/18/2003 4:18:00 AM R 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 1/23/2005 10:33:44 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 3/17/2004 7:39:38 AM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 3/12/2004 4:53:44 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 2/10/2004 11:53:24 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
1/8/2005 3:58:44 PM 715 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
5/23/2005 3:07:38 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
Checking files in %USERPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\Laurie Eckerty\Start Menu\Programs\Startup\DESKTOP.INI
2/23/2005 3:13:22 PM 676 C:\Documents and Settings\Laurie Eckerty\Start Menu\Programs\Startup\Webshots.lnk
Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\Laurie Eckerty\Application Data\DESKTOP.INI
3/28/2004 5:50:28 PM 0 C:\Documents and Settings\Laurie Eckerty\Application Data\dm.ini
11/19/2004 8:10:10 PM 59448 C:\Documents and Settings\Laurie Eckerty\Application Data\GDIPFONTCACHEV1.DAT
10/5/2005 10:24:58 AM 29248 C:\Documents and Settings\Laurie Eckerty\Application Data\wklnhst.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{321354B2-DABE-4FA1-A3C2-FAADF1BF837E} = C:\WINDOWS\system32\AJAAMON.DLL
=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\WINDOWS\Downloaded Program Files\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Web assistant : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
IntelMeM C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Dell AIO Printer A940 "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/9/2005 8:36:29 AM
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 1/8/2005 5:30:04 PM 162885 C:\WINDOWS\tsc.exe
PECompact2 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
qoologic 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
SAHAgent 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
UPX! 1/8/2005 5:30:04 PM 1036800 C:\WINDOWS\vsapi32.dll
aspack 1/8/2005 5:30:04 PM 1036800 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
UPX! 3/10/2005 10:48:10 AM 269312 C:\WINDOWS\SYSTEM32\devil.dll
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 9/8/2005 9:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 9:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/9/2005 8:29:40 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
10/9/2005 8:29:28 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
10/9/2005 8:30:04 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
10/9/2005 8:29:42 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
10/9/2005 8:30:54 AM H 61440 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
10/9/2005 8:29:40 AM H 909312 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
10/2/2005 10:30:46 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
9/25/2005 9:23:06 PM S 558 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
9/25/2005 9:23:06 PM S 144 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XUJ45QJ\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JWM5LXBL\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SPMZ41QB\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WTU7K167\desktop.ini
9/27/2005 1:49:14 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\2003e0b3-decd-4738-99f9-a4d8ea285ec9
9/27/2005 1:49:14 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
10/9/2005 8:00:02 AM H 248 C:\WINDOWS\Tasks\AF392B239196A2CB.job
10/9/2005 8:26:48 AM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/8/2003 8:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
9/18/2003 4:18:00 AM R 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 1/23/2005 10:33:44 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 3/17/2004 7:39:38 AM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 3/12/2004 4:53:44 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 2/10/2004 11:53:24 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
1/8/2005 3:58:44 PM 715 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
5/23/2005 3:07:38 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
Checking files in %USERPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\Laurie Eckerty\Start Menu\Programs\Startup\DESKTOP.INI
2/23/2005 3:13:22 PM 676 C:\Documents and Settings\Laurie Eckerty\Start Menu\Programs\Startup\Webshots.lnk
Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\Laurie Eckerty\Application Data\DESKTOP.INI
3/28/2004 5:50:28 PM 0 C:\Documents and Settings\Laurie Eckerty\Application Data\dm.ini
11/19/2004 8:10:10 PM 59448 C:\Documents and Settings\Laurie Eckerty\Application Data\GDIPFONTCACHEV1.DAT
10/5/2005 10:24:58 AM 29248 C:\Documents and Settings\Laurie Eckerty\Application Data\wklnhst.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{321354B2-DABE-4FA1-A3C2-FAADF1BF837E} = C:\WINDOWS\system32\AJAAMON.DLL
=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\WINDOWS\Downloaded Program Files\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Web assistant : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
IntelMeM C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Dell AIO Printer A940 "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/9/2005 8:36:29 AM
#65
Posted 09 October 2005 - 07:52 AM
lauriejk
- Topic Starter
-
- Member
-
- 87 posts
Member
I'm going to get ready for church. I will try the fix as soon as I get home.
#66
Posted 09 October 2005 - 07:55 AM
lauriejk
- Topic Starter
-
- Member
-
- 87 posts
Member
nothing i quarantined, but there are 82 back up items. do you want me to delete all those?
#67
Posted 09 October 2005 - 08:00 AM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
See if you can locate this file
C:\WINDOWS\system32\AJAAMON.DLL
If you find it-> Right Click and Select properties!
See if by clicking on all the tabs in the properties box,you can associate this with something on the PC!
Next,get the file scanned here
http://virusscan.jotti.org/
and
http://www.virustota...h/index_en.html
Let me know the results and try not to restart the PC since the CLSID numbers are changing in the registry!
C:\WINDOWS\system32\AJAAMON.DLL
If you find it-> Right Click and Select properties!
See if by clicking on all the tabs in the properties box,you can associate this with something on the PC!
Next,get the file scanned here
http://virusscan.jotti.org/
and
http://www.virustota...h/index_en.html
Let me know the results and try not to restart the PC since the CLSID numbers are changing in the registry!
#68
Posted 09 October 2005 - 08:01 AM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
Sorry,missed you last post!
Yes delete all the backups,they are all infected and doing you no good!
Yes delete all the backups,they are all infected and doing you no good!
#69
Posted 09 October 2005 - 11:33 AM
lauriejk
- Topic Starter
-
- Member
-
- 87 posts
Member
which program should i use to open winhelp2002 host file? the default is acrobat, but it won't open it.
#70
Posted 09 October 2005 - 11:35 AM
lauriejk
- Topic Starter
-
- Member
-
- 87 posts
Member
on spyware blaster, explorer and files aren't enables, what specific setting do you recomend?
#71
Posted 09 October 2005 - 11:52 AM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
Hmmm,I usually just use the default settings with Spyware Blaster,update it and click on enable all protection
Unless a brand new version has been released!
Ill check it out!
As for the Hosts File,use this link
http://www.mvps.org/...2002/hosts2.htm
1.Click on hosts.zip and download the Zip to your desktop!
2.Right Click the Zip folder and Select "Extract All"
3.Look inside the newly Unzipped folder and Right Click HOST
and Select Copy
4.Navigate to C:\WINDOWS\SYSTEM32\DRIVERS\ETC and open the ETC folder
5.Right Click once inside the ETC folder and Select Paste
6.Confirm you want to replace the existing hosts file
7.Close out all windows and get rid of the host folder on you desktop
How bout that file I asked you about?
Unless a brand new version has been released!
Ill check it out!
As for the Hosts File,use this link
http://www.mvps.org/...2002/hosts2.htm
1.Click on hosts.zip and download the Zip to your desktop!
2.Right Click the Zip folder and Select "Extract All"
3.Look inside the newly Unzipped folder and Right Click HOST
and Select Copy
4.Navigate to C:\WINDOWS\SYSTEM32\DRIVERS\ETC and open the ETC folder
5.Right Click once inside the ETC folder and Select Paste
6.Confirm you want to replace the existing hosts file
7.Close out all windows and get rid of the host folder on you desktop
How bout that file I asked you about?
#72
Posted 09 October 2005 - 12:22 PM
lauriejk
- Topic Starter
-
- Member
-
- 87 posts
Member
ok, hold on a minute. i delted c:\!submit from killbox, but when searching on c for ajaamon.dll i saw it, so deleted there.
installed spywareblaster, but have not enabled.
sucessfully (hopefully) put winhelp host file in folder, delted from desktop.
i disables system restore.
couldn't find ajaamon.dll
will look again.
do i need to restart computer after system restore?
installed spywareblaster, but have not enabled.
sucessfully (hopefully) put winhelp host file in folder, delted from desktop.
i disables system restore.
couldn't find ajaamon.dll
will look again.
do i need to restart computer after system restore?
#73
Posted 09 October 2005 - 12:26 PM
lauriejk
- Topic Starter
-
- Member
-
- 87 posts
Member
found a file in c windows system 32 called aaaamon.dll, but none that say ajaamon.dll
#74
Posted 09 October 2005 - 12:30 PM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
Dont Restart just yet!
Copy the text below to a blank notepad page and save it to the desktop as Find.bat
Double Click Find.bat and wait for the Notepad page to pop up
Post the contents of that notepad page back here
Copy the text below to a blank notepad page and save it to the desktop as Find.bat
dir \AJAAMON.DLL /a h /s > File.txt
Double Click Find.bat and wait for the Notepad page to pop up
Post the contents of that notepad page back here
#75
Posted 09 October 2005 - 12:33 PM
lauriejk
- Topic Starter
-
- Member
-
- 87 posts
Member
dir \AJAAMON.DLL /a h /s > File.txt
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
