It works now.I have no ERRORS.
HERE IS THE NEW WITHOUT ERROR AND CLEAN LOG.
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.
Find.bat is running from: C:\TEMP\Find It NT-2K-XP
------- System Files in System32 Directory -------
Volymen i enhet C har ingen etikett.
Volymens serienummer „r A87B-532E
Inneh†ll i katalogen C:\WINDOWS\System32
2005-01-13 14:55 <KAT> dllcache
2005-01-10 19:56 848 KGyGaAvL.sys
2005-01-02 23:11 56 25FCC6DEDD.sys
2005-01-01 20:05 16 AdCache
2004-11-06 13:18 <KAT> Microsoft
3 fil(er) 920 byte
2 katalog(er) 11˙240˙837˙120 byte ledigt
------- Hidden Files in System32 Directory -------
Volymen i enhet C har ingen etikett.
Volymens serienummer „r A87B-532E
Inneh†ll i katalogen C:\WINDOWS\System32
2005-01-13 14:55 <KAT> dllcache
2005-01-10 19:56 848 KGyGaAvL.sys
2005-01-02 23:11 56 25FCC6DEDD.sys
2004-10-27 11:50 <KAT> GroupPolicy
2004-10-25 18:21 4˙212 zllictbl.dat
2004-10-19 08:02 488 WindowsLogon.manifest
2004-10-19 08:02 488 logonui.exe.manifest
2004-10-19 08:02 749 sapi.cpl.manifest
2004-10-19 08:02 749 nwc.cpl.manifest
2004-10-19 08:02 749 wuaucpl.cpl.manifest
2004-10-19 08:02 749 cdplayer.exe.manifest
2004-10-19 08:02 749 ncpa.cpl.manifest
10 fil(er) 9˙837 byte
2 katalog(er) 11˙240˙833˙024 byte ledigt
------------ Files Named "Guard" ---------------
Volymen i enhet C har ingen etikett.
Volymens serienummer „r A87B-532E
Inneh†ll i katalogen C:\WINDOWS\System32
------ Temp Files in System32 Directory ------
Volymen i enhet C har ingen etikett.
Volymens serienummer „r A87B-532E
Inneh†ll i katalogen C:\WINDOWS\System32
2001-08-23 14:00 147˙483 scrrun.dll.tmp
1 fil(er) 147˙483 byte
0 katalog(er) 11˙240˙833˙024 byte ledigt
------------------ User Agent ----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{8ADBD08F-E58E-4378-AA53-2F3FDA85A775}"=""
------------- Keys Under Notify -------------
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lv4o09h3e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
------------- Locate.com Results -------------
C:\WINDOWS\SYSTEM32\
25fcc6~1.sys Sun 2005-01-02 23.11.06 ..SHR 56 0,05 K
adcache Sat 2005-01-01 20.05.52 ..S.R 16 0,02 K
cdplay~1.man Tue 2004-10-19 8.02.04 A..HR 749 0,73 K
kgygaavl.sys Mon 2005-01-10 19.57.00 A.SH. 848 0,83 K
logonu~1.man Tue 2004-10-19 8.02.10 A..HR 488 0,48 K
ncpacp~1.man Tue 2004-10-19 8.02.04 A..HR 749 0,73 K
nwccpl~1.man Tue 2004-10-19 8.02.04 A..HR 749 0,73 K
sapicp~1.man Tue 2004-10-19 8.02.04 A..HR 749 0,73 K
window~1.man Tue 2004-10-19 8.02.10 A..HR 488 0,48 K
wuaucp~1.man Tue 2004-10-19 8.02.04 A..HR 749 0,73 K
zllictbl.dat Mon 2004-10-25 18.21.04 ...H. 4 212 4,11 K
11 items found: 11 files, 0 directories.
Total of file sizes: 9 853 bytes 9,62 K
-------- Strings.exe Qoologic Results --------
--------- Strings.exe Aspack Results ---------
C:\WINDOWS\system32\Incinerator.dll: .aspack
C:\WINDOWS\system32\Incinerator.dll: .aspack
-------------- HKLM Run Key ----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Armor2net"="C:\\Program\\Armor2net\\Armor2net Personal Firewall\\Armor2net.exe"
"avast!"="C:\\Program\\ALWILS~1\\Avast4\\ashDisp.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"