 |  |  |  |  |  |  |  |
yyy65&XBDYUS.htm annoyance!!!!
Thread Solved |
Hi,
Look2Me is still there. I am sorry, i forgot to say about that password. When L2MFix asks for password, please type bye and press Enter.
Also, after the reboot, if the NotePad doesnt open automatically with the log, go to the folder where L2Mfix.bat file is present and you will find the log there.
Please re-run the L2MFix.bat with Option 2 (and password bye) and post back the log file of L2MFix and HijackThis.
PS: The clicking noise is due to this Look2Me infection!!
Look2Me is still there. I am sorry, i forgot to say about that password. When L2MFix asks for password, please type bye and press Enter.
Also, after the reboot, if the NotePad doesnt open automatically with the log, go to the folder where L2Mfix.bat file is present and you will find the log there.
Please re-run the L2MFix.bat with Option 2 (and password bye) and post back the log file of L2MFix and HijackThis.
PS: The clicking noise is due to this Look2Me infection!!
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
i have a problem with the l2mefix
at the top it says password will be entered automatically
it says enter the password ofr l2mefix :
and then 1/20th of a second later it says
Attempting to start D:\WINDOWS\System32\second.bat
1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it
Processing cleanup.
. The system cannot find the file specified
The system cannot find the file specified
A duplicate file name exists, or the file cannot be found
Could Not Find D:\WINDOWS\System32\log.txt
then adds some files and says system is ready to reboot...
The log.txt will be in the l2mfix folder after the reboot if it does not open on its own Please fix the missing file 020 with hijackthis after the reboot
at the top it says password will be entered automatically
it says enter the password ofr l2mefix :
and then 1/20th of a second later it says
Attempting to start D:\WINDOWS\System32\second.bat
1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it
Processing cleanup.
. The system cannot find the file specified
The system cannot find the file specified
A duplicate file name exists, or the file cannot be found
Could Not Find D:\WINDOWS\System32\log.txt
then adds some files and says system is ready to reboot...
The log.txt will be in the l2mfix folder after the reboot if it does not open on its own Please fix the missing file 020 with hijackthis after the reboot
Hi,
Can you post the contents of log.txt present in the L2MFix folder?
Can you post the contents of log.txt present in the L2MFix folder?
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
L2mfix Beta 122705
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
Hi,
Looks like its a new Look2Me, and hence L2MFix is not able to completely remove the files. We will remove them manually now.
Download Process Explorer for Windows Nt/2K/XP (Download link is at the bottom of the page). xtract the Zip file to a folder.
Download KillBox, extract it to your desktop.
Boot in SAFE Mode.
In the Process Explorer folder, run Procexp.exe. Now, in the main screen, click on the process Winlogon.exe to highlight it. Right-click on it and click "Properties". Now, in the Properties window, click the "Threads" tab. Here, under the "Start Address" field, look for the filename n44s0eh7eh4.dll. If you find it, select it and click Kill button and click "Yes" to kill it. There may be more than one n44s0eh7eh4.dll in this list, kill them all.
Now, click "OK" to exit from the "Properties" window. In the main window of Process Explorer, click on the process Explorer.exe. Right-click on it and select "Properties". Now, click the "Threads" tab. Similarly, here also look for n44s0eh7eh4.dll entry and kill it, if you find it. Click "OK" to exit from Properties window.
Similarly, look for these DLL files in Winlogon.exe and Explorer.exe properties in Process Explorer, as described above, and if they are found, kill them.
p68qlgl516q.dll
kmdca.dll
Next, open Killbox.exe. First click on Tools > Delete Temp Files. A box will open with a list of all user profiles.
Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.
Temporary Internet Files
Temp Files
XP Prefetch
If you want to clean your cookies, history, and list of recent files run you may check those boxes as well.
Then, Check on the Button titled "Delete Selected Temp Files". Exit by clicking the Button titled "Exit(Save Settings)". Once back into the main Killbox program.
Check the following box:-
Delete on Reboot
Highlight all the entries in the quote box below and then Copy them.
Then in Killbox click File > Paste from Clipboard.
At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.
Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes".
A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.
After the reboot, Download WinPFind.ZIP and completely extract it to a folder. Then run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here along with a new HijackThis log.
Looks like its a new Look2Me, and hence L2MFix is not able to completely remove the files. We will remove them manually now.
Download Process Explorer for Windows Nt/2K/XP (Download link is at the bottom of the page). xtract the Zip file to a folder.
Download KillBox, extract it to your desktop.
Boot in SAFE Mode.
In the Process Explorer folder, run Procexp.exe. Now, in the main screen, click on the process Winlogon.exe to highlight it. Right-click on it and click "Properties". Now, in the Properties window, click the "Threads" tab. Here, under the "Start Address" field, look for the filename n44s0eh7eh4.dll. If you find it, select it and click Kill button and click "Yes" to kill it. There may be more than one n44s0eh7eh4.dll in this list, kill them all.
Now, click "OK" to exit from the "Properties" window. In the main window of Process Explorer, click on the process Explorer.exe. Right-click on it and select "Properties". Now, click the "Threads" tab. Similarly, here also look for n44s0eh7eh4.dll entry and kill it, if you find it. Click "OK" to exit from Properties window.
Similarly, look for these DLL files in Winlogon.exe and Explorer.exe properties in Process Explorer, as described above, and if they are found, kill them.
p68qlgl516q.dll
kmdca.dll
Next, open Killbox.exe. First click on Tools > Delete Temp Files. A box will open with a list of all user profiles.
Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.
Temporary Internet Files
Temp Files
XP Prefetch
If you want to clean your cookies, history, and list of recent files run you may check those boxes as well.
Then, Check on the Button titled "Delete Selected Temp Files". Exit by clicking the Button titled "Exit(Save Settings)". Once back into the main Killbox program.
Check the following box:-
Delete on Reboot
Highlight all the entries in the quote box below and then Copy them.
•
•
•
•
D:\WINDOWS\SYSTEM32\kmdca.dll
D:\WINDOWS\SYSTEM32\n44s0eh7eh4.dll
D:\WINDOWS\SYSTEM32\p68qlgl516q.dll
D:\WINDOWS\SYSTEM32\guard.tmp
At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.
Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes".
A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.
After the reboot, Download WinPFind.ZIP and completely extract it to a folder. Then run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here along with a new HijackThis log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
ugh, did everything, i can tell you the first part, there where none of those files in the locations given. i ran killbox, and popups persist.
here is the hijackthis log, cftmon is still there.
Logfile of HijackThis v1.99.1
Scan saved at 4:46:23 PM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\navapsvc.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Benincasa\Local Settings\Temp\Temporary Internet Files\Content.IE5\01234567\WinPFind[1]\WinPFind\winpfind.exe
D:\Documents and Settings\Benincasa\My Documents\HijackThis.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126727932050
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137427556375
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: CSCSettings - D:\WINDOWS\system32\n4l80e3ueh.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\navapsvc.exe
O23 - Service: OYJCYAD - Unknown owner - D:\DOCUME~1\BENINC~1\LOCALS~1\Temp\OYJCYAD.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
ill post the WinPFind when it gets done, as it is, it's a white screen that's not responding.
here is the hijackthis log, cftmon is still there.
Logfile of HijackThis v1.99.1
Scan saved at 4:46:23 PM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\navapsvc.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Benincasa\Local Settings\Temp\Temporary Internet Files\Content.IE5\01234567\WinPFind[1]\WinPFind\winpfind.exe
D:\Documents and Settings\Benincasa\My Documents\HijackThis.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126727932050
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137427556375
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: CSCSettings - D:\WINDOWS\system32\n4l80e3ueh.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\navapsvc.exe
O23 - Service: OYJCYAD - Unknown owner - D:\DOCUME~1\BENINC~1\LOCALS~1\Temp\OYJCYAD.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
ill post the WinPFind when it gets done, as it is, it's a white screen that's not responding.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings
= D:\WINDOWS\system32\n4l80e3ueh.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/24/2006 4:47:15 PM
= D:\WINDOWS\system32\n4l80e3ueh.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/24/2006 4:47:15 PM
disregard previous.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
aspack 3/18/2005 4:19:58 PM 2337488 D:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/6/2004 7:15:42 PM 41397 D:\WINDOWS\SYSTEM32\dfrg.msc
WinShutDown 1/22/2006 6:37:04 PM R S 235348 D:\WINDOWS\SYSTEM32\ir2ml5f11.dll
ad-w-a-r-e.com 1/22/2006 6:37:04 PM R S 235348 D:\WINDOWS\SYSTEM32\ir2ml5f11.dll
WinShutDown 1/24/2006 4:01:46 PM R S 235353 D:\WINDOWS\SYSTEM32\IvagX7.dll
ad-w-a-r-e.com 1/24/2006 4:01:46 PM R S 235353 D:\WINDOWS\SYSTEM32\IvagX7.dll
PTech 7/12/2005 6:04:22 PM 520456 D:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 1/13/2005 9:41:48 PM 11254 D:\WINDOWS\SYSTEM32\locate.com
PECompact2 1/4/2006 7:46:40 PM 2827616 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 7:46:40 PM 2827616 D:\WINDOWS\SYSTEM32\MRT.exe
WinShutDown 1/22/2006 6:41:54 PM R S 234223 D:\WINDOWS\SYSTEM32\myxml3.dll
ad-w-a-r-e.com 1/22/2006 6:41:54 PM R S 234223 D:\WINDOWS\SYSTEM32\myxml3.dll
aspack 8/3/2004 11:56:38 PM 708096 D:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 12/20/2003 6:44:34 PM 8704 D:\WINDOWS\SYSTEM32\ogg.dll
Umonitor 8/3/2004 11:56:46 PM 657920 D:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 1/20/2005 1:47:50 PM 175616 D:\WINDOWS\SYSTEM32\strings.exe
UPX! 10/30/2005 8:49:02 PM 42496 D:\WINDOWS\SYSTEM32\swreg.exe
UPX! 12/20/2003 6:45:26 PM 112128 D:\WINDOWS\SYSTEM32\vorbis.dll
winsync 8/6/2004 7:18:14 PM 1309184 D:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 8/3/2004 11:56:44 PM 3584 D:\WINDOWS\SYSTEM32\webctl.dll
Checking %System%\Drivers folder and sub-folders...
Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/24/2006 4:36:04 PM S 2048 D:\WINDOWS\bootstat.dat
1/24/2006 4:46:32 PM H 24 D:\WINDOWS\p1cxK
12/21/2005 4:06:04 PM RHS 227 D:\WINDOWS\assembly\Desktop.ini
1/8/2006 8:43:22 PM H 10820 D:\WINDOWS\Help\nocontnt.GID
12/25/2005 12:28:28 AM H 10820 D:\WINDOWS\Help\update.GID
1/24/2006 4:36:22 PM R S 236187 D:\WINDOWS\system32\dsserial.dll
1/24/2006 4:36:20 PM R S 234093 D:\WINDOWS\system32\enr6l19s1.dll
1/22/2006 6:37:04 PM R S 235348 D:\WINDOWS\system32\ir2ml5f11.dll
1/24/2006 4:01:46 PM R S 235353 D:\WINDOWS\system32\IvagX7.dll
1/22/2006 6:41:54 PM R S 234223 D:\WINDOWS\system32\myxml3.dll
1/24/2006 4:27:48 PM R S 236187 D:\WINDOWS\system32\n4l80e3ueh.dll
11/30/2005 11:17:10 PM S 21633 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 6:09:36 PM S 11223 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/24/2006 4:38:00 PM H 1024 D:\WINDOWS\system32\config\default.LOG
1/24/2006 4:36:18 PM H 1024 D:\WINDOWS\system32\config\SAM.LOG
1/24/2006 4:38:06 PM H 1024 D:\WINDOWS\system32\config\SECURITY.LOG
1/24/2006 4:46:32 PM H 1024 D:\WINDOWS\system32\config\software.LOG
1/24/2006 4:38:38 PM H 1024 D:\WINDOWS\system32\config\system.LOG
1/16/2006 11:35:44 AM H 1024 D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
11/30/2005 8:23:56 PM H 40613 D:\WINDOWS\system32\spool\drivers\w32x86\3\lxbkma.GID
1/21/2006 4:20:26 PM H 6 D:\WINDOWS\Tasks\SA.DAT
1/24/2006 4:36:26 PM HS 113 D:\WINDOWS\Temp\History\History.IE5\desktop.ini
1/24/2006 4:36:26 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2VYDIX8H\desktop.ini
1/24/2006 4:40:28 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\C7KDBWED\desktop.ini
1/24/2006 4:44:50 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G1470R8J\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\RQ1J653Y\desktop.ini
1/24/2006 4:44:46 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPUNCD2F\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UPKF4FGP\desktop.ini
1/24/2006 4:40:28 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WSWGVFBR\desktop.ini
1/24/2006 4:40:32 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WX6ZO9YF\desktop.ini
1/24/2006 4:44:36 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Y3EMIGNN\desktop.ini
Checking for CPL files...
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 D:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 549888 D:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 110592 D:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 135168 D:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 80384 D:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 155136 D:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 358400 D:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 129536 D:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 380416 D:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 D:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 D:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/6/2004 7:17:02 PM 187904 D:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 618496 D:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/6/2004 7:17:26 PM 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 25600 D:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/6/2004 7:17:32 PM 36864 D:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 32768 D:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 114688 D:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 6/20/2001 3:34:36 PM 287232 D:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 298496 D:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/6/2004 7:18:04 PM 28160 D:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 94208 D:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 148480 D:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 D:\WINDOWS\SYSTEM32\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
9/13/2005 7:16:08 PM HS 84 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/13/2005 2:45:46 PM HS 62 D:\Documents and Settings\All Users\Application Data\desktop.ini
12/21/2005 4:11:58 PM 2046 D:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
9/13/2005 7:16:08 PM HS 84 D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
9/13/2005 2:45:46 PM HS 62 D:\Documents and Settings\Benincasa\Application Data\desktop.ini
12/29/2005 5:53:22 PM 1850843 D:\Documents and Settings\Benincasa\Application Data\Install.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{8C4786B2-1C31-40F3-A998-2C82BDA648CF} = D:\WINDOWS\system32\imakeng.dll
{73C81572-87F7-48CA-A5A8-ADA82AF73D7C} = D:\WINDOWS\system32\myxml3.dll
{59B492DA-8C3A-4A9E-8FAA-6FF908ADDACD} = D:\WINDOWS\system32\MIC71ESP.DLL
{64EDC752-4460-48E6-8730-B9B18A740C9E} = D:\WINDOWS\system32\IvagX7.dll
{716662EE-0F72-4DF4-9789-72ADFE54FFEC} = D:\WINDOWS\system32\dsserial.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\M2WShlExMenu
{DC6FA7E0-6666-11D5-8CE2-444553540000} = D:\PROGRA~1\ACOUST~1\M2WShlEx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mygksnnt
{47b160de-c8f1-43ee-837b-3fb77a4093cc} = D:\WINDOWS\system32\kmgkq.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : D:\Program Files\AIM\aim.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
&Discuss = shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
QuickTime Task "D:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
Flags
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe D:\WINDOWS\system32\ctfmon.exe
AIM D:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
STOPzilla Local Service 2
SysmonLog 3
Schedule 2
Browser 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup D:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup D:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Benincasa^Start Menu^Programs^Startup^Sound Control.lnk
path D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\Sound Control.lnk
backup D:\WINDOWS\pss\Sound Control.lnkStartup
location Startup
command D:\PROGRA~1\SOUNDC~1\SC.EXE
item Sound Control
path D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\Sound Control.lnk
backup D:\WINDOWS\pss\Sound Control.lnkStartup
location Startup
command D:\PROGRA~1\SOUNDC~1\SC.EXE
item Sound Control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winlog
hkey HKLM
command winlog.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\adtech2006
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adtech2006a
hkey HKLM
command C:\windows\adtech2006a.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adtech2006a
hkey HKLM
command C:\windows\adtech2006a.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command D:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command D:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command D:\WINDOWS\system32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command D:\WINDOWS\system32\ctfmon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fimq
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fimqm
hkey HKCU
command D:\PROGRA~1\COMMON~1\fimq\fimqm.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fimqm
hkey HKCU
command D:\PROGRA~1\COMMON~1\fimq\fimqm.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpcmpmgr
hkey HKLM
command "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpcmpmgr
hkey HKLM
command "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd2
hkey HKLM
command "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd2
hkey HKLM
command "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPDJ Taskbar Utility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb11
hkey HKLM
command D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb11
hkey HKLM
command D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHmon06
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphmon06
hkey HKLM
command D:\WINDOWS\system32\hphmon06.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphmon06
hkey HKLM
command D:\WINDOWS\system32\hphmon06.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHUPD06
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphupd06
hkey HKLM
command D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphupd06
hkey HKLM
command D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark X1100 Series
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbkbmgr
hkey HKLM
command "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbkbmgr
hkey HKLM
command "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lspins
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igps
hkey HKLM
command "D:\WINDOWS\system32\igps.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igps
hkey HKLM
command "D:\WINDOWS\system32\igps.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "D:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "D:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\services32
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-110-12-0000140
hkey HKCU
command D:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-110-12-0000140
hkey HKCU
command D:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command D:\PROGRA~1\SYMNET~1\SNDMon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command D:\PROGRA~1\SYMNET~1\SNDMon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\timessquare
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item timessquare
hkey HKLM
command C:\windows\timessquare.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item timessquare
hkey HKLM
command C:\windows\timessquare.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows installer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winstall
hkey HKCU
command C:\winstall.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winstall
hkey HKCU
command C:\winstall.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsupdater
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsupdater
hkey HKLM
command D:\Program Files\winsupdater\winsupdater.exe /auto
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsupdater
hkey HKLM
command D:\Program Files\winsupdater\winsupdater.exe /auto
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysban
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban
hkey HKLM
command C:\windows\winsysban.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban
hkey HKLM
command C:\windows\winsysban.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysupd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysupd
hkey HKLM
command C:\windows\winsysupd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysupd
hkey HKLM
command C:\windows\winsysupd.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\[01]##############################################################################################################################
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rogue
hkey HKLM
command D:\Program Files\Internet Optimizer\update\rogue.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rogue
hkey HKLM
command D:\Program Files\Internet Optimizer\update\rogue.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
ForceActiveDesktopOn 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = D:\WINDOWS\system32\webctl.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\System32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings
= D:\WINDOWS\system32\n4l80e3ueh.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/24/2006 4:47:15 PM
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
aspack 3/18/2005 4:19:58 PM 2337488 D:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/6/2004 7:15:42 PM 41397 D:\WINDOWS\SYSTEM32\dfrg.msc
WinShutDown 1/22/2006 6:37:04 PM R S 235348 D:\WINDOWS\SYSTEM32\ir2ml5f11.dll
ad-w-a-r-e.com 1/22/2006 6:37:04 PM R S 235348 D:\WINDOWS\SYSTEM32\ir2ml5f11.dll
WinShutDown 1/24/2006 4:01:46 PM R S 235353 D:\WINDOWS\SYSTEM32\IvagX7.dll
ad-w-a-r-e.com 1/24/2006 4:01:46 PM R S 235353 D:\WINDOWS\SYSTEM32\IvagX7.dll
PTech 7/12/2005 6:04:22 PM 520456 D:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 1/13/2005 9:41:48 PM 11254 D:\WINDOWS\SYSTEM32\locate.com
PECompact2 1/4/2006 7:46:40 PM 2827616 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 7:46:40 PM 2827616 D:\WINDOWS\SYSTEM32\MRT.exe
WinShutDown 1/22/2006 6:41:54 PM R S 234223 D:\WINDOWS\SYSTEM32\myxml3.dll
ad-w-a-r-e.com 1/22/2006 6:41:54 PM R S 234223 D:\WINDOWS\SYSTEM32\myxml3.dll
aspack 8/3/2004 11:56:38 PM 708096 D:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 12/20/2003 6:44:34 PM 8704 D:\WINDOWS\SYSTEM32\ogg.dll
Umonitor 8/3/2004 11:56:46 PM 657920 D:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 1/20/2005 1:47:50 PM 175616 D:\WINDOWS\SYSTEM32\strings.exe
UPX! 10/30/2005 8:49:02 PM 42496 D:\WINDOWS\SYSTEM32\swreg.exe
UPX! 12/20/2003 6:45:26 PM 112128 D:\WINDOWS\SYSTEM32\vorbis.dll
winsync 8/6/2004 7:18:14 PM 1309184 D:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 8/3/2004 11:56:44 PM 3584 D:\WINDOWS\SYSTEM32\webctl.dll
Checking %System%\Drivers folder and sub-folders...
Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/24/2006 4:36:04 PM S 2048 D:\WINDOWS\bootstat.dat
1/24/2006 4:46:32 PM H 24 D:\WINDOWS\p1cxK
12/21/2005 4:06:04 PM RHS 227 D:\WINDOWS\assembly\Desktop.ini
1/8/2006 8:43:22 PM H 10820 D:\WINDOWS\Help\nocontnt.GID
12/25/2005 12:28:28 AM H 10820 D:\WINDOWS\Help\update.GID
1/24/2006 4:36:22 PM R S 236187 D:\WINDOWS\system32\dsserial.dll
1/24/2006 4:36:20 PM R S 234093 D:\WINDOWS\system32\enr6l19s1.dll
1/22/2006 6:37:04 PM R S 235348 D:\WINDOWS\system32\ir2ml5f11.dll
1/24/2006 4:01:46 PM R S 235353 D:\WINDOWS\system32\IvagX7.dll
1/22/2006 6:41:54 PM R S 234223 D:\WINDOWS\system32\myxml3.dll
1/24/2006 4:27:48 PM R S 236187 D:\WINDOWS\system32\n4l80e3ueh.dll
11/30/2005 11:17:10 PM S 21633 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 6:09:36 PM S 11223 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/24/2006 4:38:00 PM H 1024 D:\WINDOWS\system32\config\default.LOG
1/24/2006 4:36:18 PM H 1024 D:\WINDOWS\system32\config\SAM.LOG
1/24/2006 4:38:06 PM H 1024 D:\WINDOWS\system32\config\SECURITY.LOG
1/24/2006 4:46:32 PM H 1024 D:\WINDOWS\system32\config\software.LOG
1/24/2006 4:38:38 PM H 1024 D:\WINDOWS\system32\config\system.LOG
1/16/2006 11:35:44 AM H 1024 D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
11/30/2005 8:23:56 PM H 40613 D:\WINDOWS\system32\spool\drivers\w32x86\3\lxbkma.GID
1/21/2006 4:20:26 PM H 6 D:\WINDOWS\Tasks\SA.DAT
1/24/2006 4:36:26 PM HS 113 D:\WINDOWS\Temp\History\History.IE5\desktop.ini
1/24/2006 4:36:26 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2VYDIX8H\desktop.ini
1/24/2006 4:40:28 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\C7KDBWED\desktop.ini
1/24/2006 4:44:50 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G1470R8J\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\RQ1J653Y\desktop.ini
1/24/2006 4:44:46 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPUNCD2F\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UPKF4FGP\desktop.ini
1/24/2006 4:40:28 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WSWGVFBR\desktop.ini
1/24/2006 4:40:32 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WX6ZO9YF\desktop.ini
1/24/2006 4:44:36 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Y3EMIGNN\desktop.ini
Checking for CPL files...
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 D:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 549888 D:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 110592 D:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 135168 D:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 80384 D:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 155136 D:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 358400 D:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 129536 D:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 380416 D:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 D:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 D:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/6/2004 7:17:02 PM 187904 D:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 618496 D:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/6/2004 7:17:26 PM 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 25600 D:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/6/2004 7:17:32 PM 36864 D:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 32768 D:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 114688 D:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 6/20/2001 3:34:36 PM 287232 D:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 298496 D:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/6/2004 7:18:04 PM 28160 D:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 94208 D:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 148480 D:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 D:\WINDOWS\SYSTEM32\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
9/13/2005 7:16:08 PM HS 84 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/13/2005 2:45:46 PM HS 62 D:\Documents and Settings\All Users\Application Data\desktop.ini
12/21/2005 4:11:58 PM 2046 D:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
9/13/2005 7:16:08 PM HS 84 D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
9/13/2005 2:45:46 PM HS 62 D:\Documents and Settings\Benincasa\Application Data\desktop.ini
12/29/2005 5:53:22 PM 1850843 D:\Documents and Settings\Benincasa\Application Data\Install.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{8C4786B2-1C31-40F3-A998-2C82BDA648CF} = D:\WINDOWS\system32\imakeng.dll
{73C81572-87F7-48CA-A5A8-ADA82AF73D7C} = D:\WINDOWS\system32\myxml3.dll
{59B492DA-8C3A-4A9E-8FAA-6FF908ADDACD} = D:\WINDOWS\system32\MIC71ESP.DLL
{64EDC752-4460-48E6-8730-B9B18A740C9E} = D:\WINDOWS\system32\IvagX7.dll
{716662EE-0F72-4DF4-9789-72ADFE54FFEC} = D:\WINDOWS\system32\dsserial.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\M2WShlExMenu
{DC6FA7E0-6666-11D5-8CE2-444553540000} = D:\PROGRA~1\ACOUST~1\M2WShlEx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mygksnnt
{47b160de-c8f1-43ee-837b-3fb77a4093cc} = D:\WINDOWS\system32\kmgkq.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : D:\Program Files\AIM\aim.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
&Discuss = shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
QuickTime Task "D:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
Flags
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe D:\WINDOWS\system32\ctfmon.exe
AIM D:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
STOPzilla Local Service 2
SysmonLog 3
Schedule 2
Browser 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup D:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup D:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Benincasa^Start Menu^Programs^Startup^Sound Control.lnk
path D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\Sound Control.lnk
backup D:\WINDOWS\pss\Sound Control.lnkStartup
location Startup
command D:\PROGRA~1\SOUNDC~1\SC.EXE
item Sound Control
path D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\Sound Control.lnk
backup D:\WINDOWS\pss\Sound Control.lnkStartup
location Startup
command D:\PROGRA~1\SOUNDC~1\SC.EXE
item Sound Control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winlog
hkey HKLM
command winlog.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\adtech2006
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adtech2006a
hkey HKLM
command C:\windows\adtech2006a.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adtech2006a
hkey HKLM
command C:\windows\adtech2006a.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command D:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command D:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command D:\WINDOWS\system32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command D:\WINDOWS\system32\ctfmon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fimq
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fimqm
hkey HKCU
command D:\PROGRA~1\COMMON~1\fimq\fimqm.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fimqm
hkey HKCU
command D:\PROGRA~1\COMMON~1\fimq\fimqm.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpcmpmgr
hkey HKLM
command "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpcmpmgr
hkey HKLM
command "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd2
hkey HKLM
command "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd2
hkey HKLM
command "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPDJ Taskbar Utility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb11
hkey HKLM
command D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb11
hkey HKLM
command D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHmon06
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphmon06
hkey HKLM
command D:\WINDOWS\system32\hphmon06.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphmon06
hkey HKLM
command D:\WINDOWS\system32\hphmon06.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHUPD06
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphupd06
hkey HKLM
command D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphupd06
hkey HKLM
command D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark X1100 Series
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbkbmgr
hkey HKLM
command "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbkbmgr
hkey HKLM
command "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lspins
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igps
hkey HKLM
command "D:\WINDOWS\system32\igps.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igps
hkey HKLM
command "D:\WINDOWS\system32\igps.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "D:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "D:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\services32
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-110-12-0000140
hkey HKCU
command D:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-110-12-0000140
hkey HKCU
command D:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command D:\PROGRA~1\SYMNET~1\SNDMon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command D:\PROGRA~1\SYMNET~1\SNDMon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\timessquare
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item timessquare
hkey HKLM
command C:\windows\timessquare.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item timessquare
hkey HKLM
command C:\windows\timessquare.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows installer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winstall
hkey HKCU
command C:\winstall.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winstall
hkey HKCU
command C:\winstall.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsupdater
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsupdater
hkey HKLM
command D:\Program Files\winsupdater\winsupdater.exe /auto
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsupdater
hkey HKLM
command D:\Program Files\winsupdater\winsupdater.exe /auto
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysban
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban
hkey HKLM
command C:\windows\winsysban.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban
hkey HKLM
command C:\windows\winsysban.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysupd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysupd
hkey HKLM
command C:\windows\winsysupd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysupd
hkey HKLM
command C:\windows\winsysupd.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\[01]##############################################################################################################################
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rogue
hkey HKLM
command D:\Program Files\Internet Optimizer\update\rogue.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rogue
hkey HKLM
command D:\Program Files\Internet Optimizer\update\rogue.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
ForceActiveDesktopOn 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = D:\WINDOWS\system32\webctl.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\System32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings
= D:\WINDOWS\system32\n4l80e3ueh.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/24/2006 4:47:15 PM
Hi,
There are a lot of files to remove!
Please download Trojan Hunter (trial) and install it.
Boot in SAFE mode.
Now, run Trojan Hunter. Go to Tools Menu > Process Viewer. This opens up process viewer window, here click on the + symbol beside the process Winlogon.exe. Now, in this expanded list for process Winlogon.exe, look for the filename D:\WINDOWS\system32\n4l80e3ueh.dll, if you find it, right-click on it and select Unload module.
Similarly, expand the process Explorer.exe by clicking the + sign beside it, and look for the same D:\WINDOWS\system32\n4l80e3ueh.dll file and if its found, right-click on it and click Unload module.
Now, close Trojan Hunter.
Uninstall this Software from Add/Remove Programs in Control Panel:-
Internet Optimizer (if found)
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
O20 - Winlogon Notify: CSCSettings - D:\WINDOWS\system32\n4l80e3ueh.dll
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Delete these folders:-
D:\PROGRAM FILES\COMMON FILES\fimq
D:\Program Files\winsupdater
D:\Program Files\Internet Optimizer
Open Killbox.exe. Check the following box:-
Delete on Reboot
Highlight all the entries in the quote box below and then Copy them.
Then in Killbox click File > Paste from Clipboard.
At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.
Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes".
A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.
Once rebooted to Normal mode, please run WinPFind again and post a new log of it.
There are a lot of files to remove!
Please download Trojan Hunter (trial) and install it.
Boot in SAFE mode.
Now, run Trojan Hunter. Go to Tools Menu > Process Viewer. This opens up process viewer window, here click on the + symbol beside the process Winlogon.exe. Now, in this expanded list for process Winlogon.exe, look for the filename D:\WINDOWS\system32\n4l80e3ueh.dll, if you find it, right-click on it and select Unload module.
Similarly, expand the process Explorer.exe by clicking the + sign beside it, and look for the same D:\WINDOWS\system32\n4l80e3ueh.dll file and if its found, right-click on it and click Unload module.
Now, close Trojan Hunter.
Uninstall this Software from Add/Remove Programs in Control Panel:-
Internet Optimizer (if found)
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
O20 - Winlogon Notify: CSCSettings - D:\WINDOWS\system32\n4l80e3ueh.dll
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Delete these folders:-
D:\PROGRAM FILES\COMMON FILES\fimq
D:\Program Files\winsupdater
D:\Program Files\Internet Optimizer
Open Killbox.exe. Check the following box:-
Delete on Reboot
Highlight all the entries in the quote box below and then Copy them.
•
•
•
•
C:\winstall.exe
C:\windows\adtech2006a.exe
C:\windows\timessquare.exe
C:\windows\winsysban.exe
C:\windows\winsysupd.exe
D:\WINDOWS\p1cxK
D:\WINDOWS\system32\igps.exe
D:\WINDOWS\SYSTEM32\ir2ml5f11.dll
D:\WINDOWS\SYSTEM32\IvagX7.dll
D:\WINDOWS\SYSTEM32\myxml3.dll
D:\WINDOWS\SYSTEM32\webctl.dll
D:\WINDOWS\system32\dsserial.dll
D:\WINDOWS\system32\enr6l19s1.dll
D:\WINDOWS\system32\n4l80e3ueh.dll
D:\WINDOWS\system32\imakeng.dll
D:\WINDOWS\system32\MIC71ESP.DLL
D:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\lxbkma.GID
At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.
Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes".
A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.
Once rebooted to Normal mode, please run WinPFind again and post a new log of it.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
did all of the following, the requested n4l180e3ueh.dll isn't found, nor was internet optimizer.
i did have to delete common files on both drives,
as i use both drives after my c was reformatted, and have been trying to switch more to c because it has about 40 gigs free compared to the 3 gigs on d left... so there may be files on one or the other. ewido has about 6 l2me files in quarentine, including guard.tmp yyy65 are still popping up, and a
heres the scan.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
aspack 3/18/2005 4:19:58 PM 2337488 D:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/6/2004 7:15:42 PM 41397 D:\WINDOWS\SYSTEM32\dfrg.msc
PTech 7/12/2005 6:04:22 PM 520456 D:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 1/13/2005 9:41:48 PM 11254 D:\WINDOWS\SYSTEM32\locate.com
PECompact2 1/4/2006 7:46:40 PM 2827616 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 7:46:40 PM 2827616 D:\WINDOWS\SYSTEM32\MRT.exe
WinShutDown 1/25/2006 6:06:22 PM R S 236187 D:\WINDOWS\SYSTEM32\n46q0ej5eho.dll
ad-w-a-r-e.com 1/25/2006 6:06:22 PM R S 236187 D:\WINDOWS\SYSTEM32\n46q0ej5eho.dll
aspack 8/3/2004 11:56:38 PM 708096 D:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 12/20/2003 6:44:34 PM 8704 D:\WINDOWS\SYSTEM32\ogg.dll
Umonitor 8/3/2004 11:56:46 PM 657920 D:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 1/20/2005 1:47:50 PM 175616 D:\WINDOWS\SYSTEM32\strings.exe
UPX! 10/30/2005 8:49:02 PM 42496 D:\WINDOWS\SYSTEM32\swreg.exe
UPX! 12/20/2003 6:45:26 PM 112128 D:\WINDOWS\SYSTEM32\vorbis.dll
winsync 8/6/2004 7:18:14 PM 1309184 D:\WINDOWS\SYSTEM32\wbdbase.deu
WinShutDown 1/26/2006 3:34:08 PM 234093 D:\WINDOWS\SYSTEM32\__delete_on_reboot__rjpcfgex.dll
ad-w-a-r-e.com 1/26/2006 3:34:08 PM 234093 D:\WINDOWS\SYSTEM32\__delete_on_reboot__rjpcfgex.dll
Checking %System%\Drivers folder and sub-folders...
Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/26/2006 3:33:44 PM S 2048 D:\WINDOWS\bootstat.dat
1/26/2006 3:47:38 PM H 24 D:\WINDOWS\p1cxK
12/21/2005 4:06:04 PM RHS 227 D:\WINDOWS\assembly\Desktop.ini
1/8/2006 8:43:22 PM H 10820 D:\WINDOWS\Help\nocontnt.GID
12/25/2005 12:28:28 AM H 10820 D:\WINDOWS\Help\update.GID
1/26/2006 3:38:12 PM H 0 D:\WINDOWS\inf\oem12.inf
1/26/2006 3:38:12 PM H 0 D:\WINDOWS\LastGood\INF\oem12.inf
1/26/2006 3:38:12 PM H 0 D:\WINDOWS\LastGood\INF\oem12.PNF
1/26/2006 3:39:56 PM H 0 D:\WINDOWS\LastGood\INF\oem13.inf
1/26/2006 3:39:56 PM H 0 D:\WINDOWS\LastGood\INF\oem13.PNF
1/25/2006 6:06:22 PM R S 236187 D:\WINDOWS\system32\n46q0ej5eho.dll
1/26/2006 3:16:20 PM R S 234093 D:\WINDOWS\system32\wx2help.dll
11/30/2005 11:17:10 PM S 21633 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 6:09:36 PM S 11223 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/26/2006 3:40:12 PM H 1024 D:\WINDOWS\system32\config\default.LOG
1/26/2006 3:33:56 PM H 1024 D:\WINDOWS\system32\config\SAM.LOG
1/26/2006 3:36:04 PM H 1024 D:\WINDOWS\system32\config\SECURITY.LOG
1/26/2006 3:47:10 PM H 1024 D:\WINDOWS\system32\config\software.LOG
1/26/2006 3:41:28 PM H 1024 D:\WINDOWS\system32\config\system.LOG
1/16/2006 11:35:44 AM H 1024 D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
1/21/2006 4:20:26 PM H 6 D:\WINDOWS\Tasks\SA.DAT
1/24/2006 4:36:26 PM HS 113 D:\WINDOWS\Temp\History\History.IE5\desktop.ini
1/24/2006 4:36:26 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2VYDIX8H\desktop.ini
1/24/2006 4:48:42 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4PCLEN41\desktop.ini
1/24/2006 4:54:24 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6C4MQ38U\desktop.ini
1/24/2006 5:21:42 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B2BANVIS\desktop.ini
1/24/2006 4:40:28 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\C7KDBWED\desktop.ini
1/24/2006 4:52:46 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\E9WFA5AL\desktop.ini
1/24/2006 4:44:50 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G1470R8J\desktop.ini
1/24/2006 4:54:20 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JLD0CZ67\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\RQ1J653Y\desktop.ini
1/24/2006 4:44:46 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPUNCD2F\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UPKF4FGP\desktop.ini
1/24/2006 4:40:28 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WSWGVFBR\desktop.ini
1/24/2006 4:40:32 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WX6ZO9YF\desktop.ini
1/24/2006 4:44:36 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Y3EMIGNN\desktop.ini
1/24/2006 4:48:56 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YFUP0VAV\desktop.ini
1/24/2006 4:48:56 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YVYV2DQB\desktop.ini
Checking for CPL files...
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 D:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 549888 D:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 110592 D:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 135168 D:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 80384 D:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 155136 D:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 358400 D:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 129536 D:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 380416 D:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 D:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 D:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/6/2004 7:17:02 PM 187904 D:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 618496 D:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/6/2004 7:17:26 PM 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 25600 D:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/6/2004 7:17:32 PM 36864 D:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 32768 D:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 114688 D:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 6/20/2001 3:34:36 PM 287232 D:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 298496 D:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/6/2004 7:18:04 PM 28160 D:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 94208 D:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 148480 D:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 D:\WINDOWS\SYSTEM32\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
9/13/2005 7:16:08 PM HS 84 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/13/2005 2:45:46 PM HS 62 D:\Documents and Settings\All Users\Application Data\desktop.ini
12/21/2005 4:11:58 PM 2046 D:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
9/13/2005 7:16:08 PM HS 84 D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
9/13/2005 2:45:46 PM HS 62 D:\Documents and Settings\Benincasa\Application Data\desktop.ini
12/29/2005 5:53:22 PM 1850843 D:\Documents and Settings\Benincasa\Application Data\Install.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{8C4786B2-1C31-40F3-A998-2C82BDA648CF} = D:\WINDOWS\system32\imakeng.dll
{73C81572-87F7-48CA-A5A8-ADA82AF73D7C} = D:\WINDOWS\system32\myxml3.dll
{59B492DA-8C3A-4A9E-8FAA-6FF908ADDACD} = D:\WINDOWS\system32\MIC71ESP.DLL
{64EDC752-4460-48E6-8730-B9B18A740C9E} = D:\WINDOWS\system32\IvagX7.dll
{716662EE-0F72-4DF4-9789-72ADFE54FFEC} = D:\WINDOWS\system32\dsserial.dll
{25942B62-516E-4A7E-B195-A361C2139755} = D:\WINDOWS\system32\wx2help.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\M2WShlExMenu
{DC6FA7E0-6666-11D5-8CE2-444553540000} = D:\PROGRA~1\ACOUST~1\M2WShlEx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mygksnnt
{47b160de-c8f1-43ee-837b-3fb77a4093cc} = D:\WINDOWS\system32\kmgkq.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = D:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = D:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = D:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : D:\Program Files\AIM\aim.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
&Discuss = shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
QuickTime Task "D:\Program Files\QuickTime\qttask.exe" -atboottime
THGuard "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
Flags
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe D:\WINDOWS\system32\ctfmon.exe
AIM D:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
STOPzilla Local Service 2
SysmonLog 3
Schedule 2
Browser 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup D:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup D:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Benincasa^Start Menu^Programs^Startup^Sound Control.lnk
path D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\Sound Control.lnk
backup D:\WINDOWS\pss\Sound Control.lnkStartup
location Startup
command D:\PROGRA~1\SOUNDC~1\SC.EXE
item Sound Control
path D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\Sound Control.lnk
backup D:\WINDOWS\pss\Sound Control.lnkStartup
location Startup
command D:\PROGRA~1\SOUNDC~1\SC.EXE
item Sound Control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winlog
hkey HKLM
command winlog.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\adtech2006
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adtech2006a
hkey HKLM
command C:\windows\adtech2006a.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adtech2006a
hkey HKLM
command C:\windows\adtech2006a.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command D:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command D:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command D:\WINDOWS\system32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command D:\WINDOWS\system32\ctfmon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fimq
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fimqm
hkey HKCU
command D:\PROGRA~1\COMMON~1\fimq\fimqm.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fimqm
hkey HKCU
command D:\PROGRA~1\COMMON~1\fimq\fimqm.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpcmpmgr
hkey HKLM
command "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpcmpmgr
hkey HKLM
command "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd2
hkey HKLM
command "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd2
hkey HKLM
command "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPDJ Taskbar Utility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb11
hkey HKLM
command D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb11
hkey HKLM
command D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHmon06
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphmon06
hkey HKLM
command D:\WINDOWS\system32\hphmon06.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphmon06
hkey HKLM
command D:\WINDOWS\system32\hphmon06.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHUPD06
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphupd06
hkey HKLM
command D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphupd06
hkey HKLM
command D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark X1100 Series
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbkbmgr
hkey HKLM
command "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbkbmgr
hkey HKLM
command "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lspins
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igps
hkey HKLM
command "D:\WINDOWS\system32\igps.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igps
hkey HKLM
command "D:\WINDOWS\system32\igps.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "D:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "D:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\services32
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-110-12-0000140
hkey HKCU
command D:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-110-12-0000140
hkey HKCU
command D:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command D:\PROGRA~1\SYMNET~1\SNDMon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command D:\PROGRA~1\SYMNET~1\SNDMon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\timessquare
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item timessquare
hkey HKLM
command C:\windows\timessquare.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item timessquare
hkey HKLM
command C:\windows\timessquare.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows installer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winstall
hkey HKCU
command C:\winstall.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winstall
hkey HKCU
command C:\winstall.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsupdater
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsupdater
hkey HKLM
command D:\Program Files\winsupdater\winsupdater.exe /auto
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsupdater
hkey HKLM
command D:\Program Files\winsupdater\winsupdater.exe /auto
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysban
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban
hkey HKLM
command C:\windows\winsysban.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban
hkey HKLM
command C:\windows\winsysban.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysupd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysupd
hkey HKLM
command C:\windows\winsysupd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysupd
hkey HKLM
command C:\windows\winsysupd.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\[01]##############################################################################################################################
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rogue
hkey HKLM
command D:\Program Files\Internet Optimizer\update\rogue.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rogue
hkey HKLM
command D:\Program Files\Internet Optimizer\update\rogue.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
ForceActiveDesktopOn 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = D:\WINDOWS\system32\webctl.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\System32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation
= D:\WINDOWS\system32\wx2help.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellCompatibility
= D:\WINDOWS\system32\enr6l19s1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/26/2006 3:48:42 PM
i did have to delete common files on both drives,
as i use both drives after my c was reformatted, and have been trying to switch more to c because it has about 40 gigs free compared to the 3 gigs on d left... so there may be files on one or the other. ewido has about 6 l2me files in quarentine, including guard.tmp yyy65 are still popping up, and a
heres the scan.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
aspack 3/18/2005 4:19:58 PM 2337488 D:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/6/2004 7:15:42 PM 41397 D:\WINDOWS\SYSTEM32\dfrg.msc
PTech 7/12/2005 6:04:22 PM 520456 D:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 1/13/2005 9:41:48 PM 11254 D:\WINDOWS\SYSTEM32\locate.com
PECompact2 1/4/2006 7:46:40 PM 2827616 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 7:46:40 PM 2827616 D:\WINDOWS\SYSTEM32\MRT.exe
WinShutDown 1/25/2006 6:06:22 PM R S 236187 D:\WINDOWS\SYSTEM32\n46q0ej5eho.dll
ad-w-a-r-e.com 1/25/2006 6:06:22 PM R S 236187 D:\WINDOWS\SYSTEM32\n46q0ej5eho.dll
aspack 8/3/2004 11:56:38 PM 708096 D:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 12/20/2003 6:44:34 PM 8704 D:\WINDOWS\SYSTEM32\ogg.dll
Umonitor 8/3/2004 11:56:46 PM 657920 D:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 1/20/2005 1:47:50 PM 175616 D:\WINDOWS\SYSTEM32\strings.exe
UPX! 10/30/2005 8:49:02 PM 42496 D:\WINDOWS\SYSTEM32\swreg.exe
UPX! 12/20/2003 6:45:26 PM 112128 D:\WINDOWS\SYSTEM32\vorbis.dll
winsync 8/6/2004 7:18:14 PM 1309184 D:\WINDOWS\SYSTEM32\wbdbase.deu
WinShutDown 1/26/2006 3:34:08 PM 234093 D:\WINDOWS\SYSTEM32\__delete_on_reboot__rjpcfgex.dll
ad-w-a-r-e.com 1/26/2006 3:34:08 PM 234093 D:\WINDOWS\SYSTEM32\__delete_on_reboot__rjpcfgex.dll
Checking %System%\Drivers folder and sub-folders...
Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/26/2006 3:33:44 PM S 2048 D:\WINDOWS\bootstat.dat
1/26/2006 3:47:38 PM H 24 D:\WINDOWS\p1cxK
12/21/2005 4:06:04 PM RHS 227 D:\WINDOWS\assembly\Desktop.ini
1/8/2006 8:43:22 PM H 10820 D:\WINDOWS\Help\nocontnt.GID
12/25/2005 12:28:28 AM H 10820 D:\WINDOWS\Help\update.GID
1/26/2006 3:38:12 PM H 0 D:\WINDOWS\inf\oem12.inf
1/26/2006 3:38:12 PM H 0 D:\WINDOWS\LastGood\INF\oem12.inf
1/26/2006 3:38:12 PM H 0 D:\WINDOWS\LastGood\INF\oem12.PNF
1/26/2006 3:39:56 PM H 0 D:\WINDOWS\LastGood\INF\oem13.inf
1/26/2006 3:39:56 PM H 0 D:\WINDOWS\LastGood\INF\oem13.PNF
1/25/2006 6:06:22 PM R S 236187 D:\WINDOWS\system32\n46q0ej5eho.dll
1/26/2006 3:16:20 PM R S 234093 D:\WINDOWS\system32\wx2help.dll
11/30/2005 11:17:10 PM S 21633 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 6:09:36 PM S 11223 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/26/2006 3:40:12 PM H 1024 D:\WINDOWS\system32\config\default.LOG
1/26/2006 3:33:56 PM H 1024 D:\WINDOWS\system32\config\SAM.LOG
1/26/2006 3:36:04 PM H 1024 D:\WINDOWS\system32\config\SECURITY.LOG
1/26/2006 3:47:10 PM H 1024 D:\WINDOWS\system32\config\software.LOG
1/26/2006 3:41:28 PM H 1024 D:\WINDOWS\system32\config\system.LOG
1/16/2006 11:35:44 AM H 1024 D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
1/21/2006 4:20:26 PM H 6 D:\WINDOWS\Tasks\SA.DAT
1/24/2006 4:36:26 PM HS 113 D:\WINDOWS\Temp\History\History.IE5\desktop.ini
1/24/2006 4:36:26 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2VYDIX8H\desktop.ini
1/24/2006 4:48:42 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4PCLEN41\desktop.ini
1/24/2006 4:54:24 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6C4MQ38U\desktop.ini
1/24/2006 5:21:42 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B2BANVIS\desktop.ini
1/24/2006 4:40:28 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\C7KDBWED\desktop.ini
1/24/2006 4:52:46 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\E9WFA5AL\desktop.ini
1/24/2006 4:44:50 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G1470R8J\desktop.ini
1/24/2006 4:54:20 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JLD0CZ67\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\RQ1J653Y\desktop.ini
1/24/2006 4:44:46 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SPUNCD2F\desktop.ini
1/24/2006 4:44:44 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UPKF4FGP\desktop.ini
1/24/2006 4:40:28 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WSWGVFBR\desktop.ini
1/24/2006 4:40:32 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WX6ZO9YF\desktop.ini
1/24/2006 4:44:36 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Y3EMIGNN\desktop.ini
1/24/2006 4:48:56 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YFUP0VAV\desktop.ini
1/24/2006 4:48:56 PM HS 67 D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YVYV2DQB\desktop.ini
Checking for CPL files...
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 D:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 549888 D:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 110592 D:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 135168 D:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 80384 D:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 155136 D:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 358400 D:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 129536 D:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 380416 D:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 D:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 D:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/6/2004 7:17:02 PM 187904 D:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 618496 D:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/6/2004 7:17:26 PM 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 25600 D:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/6/2004 7:17:32 PM 36864 D:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 32768 D:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 114688 D:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 6/20/2001 3:34:36 PM 287232 D:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 298496 D:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/6/2004 7:18:04 PM 28160 D:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 94208 D:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 148480 D:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 D:\WINDOWS\SYSTEM32\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
9/13/2005 7:16:08 PM HS 84 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/13/2005 2:45:46 PM HS 62 D:\Documents and Settings\All Users\Application Data\desktop.ini
12/21/2005 4:11:58 PM 2046 D:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
9/13/2005 7:16:08 PM HS 84 D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
9/13/2005 2:45:46 PM HS 62 D:\Documents and Settings\Benincasa\Application Data\desktop.ini
12/29/2005 5:53:22 PM 1850843 D:\Documents and Settings\Benincasa\Application Data\Install.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{8C4786B2-1C31-40F3-A998-2C82BDA648CF} = D:\WINDOWS\system32\imakeng.dll
{73C81572-87F7-48CA-A5A8-ADA82AF73D7C} = D:\WINDOWS\system32\myxml3.dll
{59B492DA-8C3A-4A9E-8FAA-6FF908ADDACD} = D:\WINDOWS\system32\MIC71ESP.DLL
{64EDC752-4460-48E6-8730-B9B18A740C9E} = D:\WINDOWS\system32\IvagX7.dll
{716662EE-0F72-4DF4-9789-72ADFE54FFEC} = D:\WINDOWS\system32\dsserial.dll
{25942B62-516E-4A7E-B195-A361C2139755} = D:\WINDOWS\system32\wx2help.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\M2WShlExMenu
{DC6FA7E0-6666-11D5-8CE2-444553540000} = D:\PROGRA~1\ACOUST~1\M2WShlEx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mygksnnt
{47b160de-c8f1-43ee-837b-3fb77a4093cc} = D:\WINDOWS\system32\kmgkq.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = D:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = D:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = D:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : D:\Program Files\AIM\aim.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
&Discuss = shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
QuickTime Task "D:\Program Files\QuickTime\qttask.exe" -atboottime
THGuard "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
Flags
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe D:\WINDOWS\system32\ctfmon.exe
AIM D:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
STOPzilla Local Service 2
SysmonLog 3
Schedule 2
Browser 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
item HP Digital Imaging Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup D:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup D:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
item HP Image Zone Fast Start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
path D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Benincasa^Start Menu^Programs^Startup^Sound Control.lnk
path D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\Sound Control.lnk
backup D:\WINDOWS\pss\Sound Control.lnkStartup
location Startup
command D:\PROGRA~1\SOUNDC~1\SC.EXE
item Sound Control
path D:\Documents and Settings\Benincasa\Start Menu\Programs\Startup\Sound Control.lnk
backup D:\WINDOWS\pss\Sound Control.lnkStartup
location Startup
command D:\PROGRA~1\SOUNDC~1\SC.EXE
item Sound Control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winlog
hkey HKLM
command winlog.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\adtech2006
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adtech2006a
hkey HKLM
command C:\windows\adtech2006a.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adtech2006a
hkey HKLM
command C:\windows\adtech2006a.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command D:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command D:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command D:\WINDOWS\system32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command D:\WINDOWS\system32\ctfmon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fimq
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fimqm
hkey HKCU
command D:\PROGRA~1\COMMON~1\fimq\fimqm.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fimqm
hkey HKCU
command D:\PROGRA~1\COMMON~1\fimq\fimqm.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpcmpmgr
hkey HKLM
command "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpcmpmgr
hkey HKLM
command "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd2
hkey HKLM
command "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd2
hkey HKLM
command "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPDJ Taskbar Utility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb11
hkey HKLM
command D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpztsb11
hkey HKLM
command D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHmon06
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphmon06
hkey HKLM
command D:\WINDOWS\system32\hphmon06.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphmon06
hkey HKLM
command D:\WINDOWS\system32\hphmon06.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHUPD06
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphupd06
hkey HKLM
command D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphupd06
hkey HKLM
command D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark X1100 Series
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbkbmgr
hkey HKLM
command "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbkbmgr
hkey HKLM
command "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lspins
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igps
hkey HKLM
command "D:\WINDOWS\system32\igps.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igps
hkey HKLM
command "D:\WINDOWS\system32\igps.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "D:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "D:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\services32
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-110-12-0000140
hkey HKCU
command D:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-110-12-0000140
hkey HKCU
command D:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command D:\PROGRA~1\SYMNET~1\SNDMon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command D:\PROGRA~1\SYMNET~1\SNDMon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\timessquare
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item timessquare
hkey HKLM
command C:\windows\timessquare.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item timessquare
hkey HKLM
command C:\windows\timessquare.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows installer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winstall
hkey HKCU
command C:\winstall.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winstall
hkey HKCU
command C:\winstall.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsupdater
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsupdater
hkey HKLM
command D:\Program Files\winsupdater\winsupdater.exe /auto
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsupdater
hkey HKLM
command D:\Program Files\winsupdater\winsupdater.exe /auto
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysban
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban
hkey HKLM
command C:\windows\winsysban.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysban
hkey HKLM
command C:\windows\winsysban.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsysupd
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysupd
hkey HKLM
command C:\windows\winsysupd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winsysupd
hkey HKLM
command C:\windows\winsysupd.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\[01]##############################################################################################################################
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rogue
hkey HKLM
command D:\Program Files\Internet Optimizer\update\rogue.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rogue
hkey HKLM
command D:\Program Files\Internet Optimizer\update\rogue.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
ForceActiveDesktopOn 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = D:\WINDOWS\system32\webctl.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\System32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation
= D:\WINDOWS\system32\wx2help.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellCompatibility
= D:\WINDOWS\system32\enr6l19s1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/26/2006 3:48:42 PM
 |
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: popup windows+w32IRCbot
- Next Thread: pop ups and trojans (hijackthis log)
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec threat trojan unwanted update usa virus viruses vista volume warning windows worm yahoo zero-day
