Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please View My Winpfind Log


  • Please log in to reply
2 replies to this topic

#1 bheki

bheki

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 13 June 2006 - 03:44 AM

Hi all

CAn someone please evaluate my log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 2002/08/29 04:00:00 PM 41397 C:\WINXP\SYSTEM32\dfrg.msc
PECompact2 2005/09/08 09:36:32 PM 1997664 C:\WINXP\SYSTEM32\MRT.exe
aspack 2005/09/08 09:36:32 PM 1997664 C:\WINXP\SYSTEM32\MRT.exe
Umonitor 2002/08/29 04:00:00 PM 631808 C:\WINXP\SYSTEM32\rasdlg.dll
winsync 2002/08/29 04:00:00 PM 1309184 C:\WINXP\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINXP\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2006/05/08 10:12:46 AM S 2048 C:\WINXP\bootstat.dat
2006/05/08 10:12:48 AM S 64 C:\WINXP\CSC\00000001
2006/05/04 02:45:32 PM S 7646 C:\WINXP\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem0.CAT
2006/05/04 02:45:38 PM S 7628 C:\WINXP\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem10.CAT
2006/06/12 08:03:34 PM H 1024 C:\WINXP\system32\config\default.LOG
2006/05/08 10:12:44 AM H 8192 C:\WINXP\system32\config\SAM.LOG
2006/06/13 01:14:06 AM H 1024 C:\WINXP\system32\config\SECURITY.LOG
2006/06/13 10:21:10 AM H 1024 C:\WINXP\system32\config\software.LOG
2006/06/13 04:57:18 AM H 1024 C:\WINXP\system32\config\system.LOG
2006/05/08 08:03:28 PM H 1024 C:\WINXP\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
2006/05/08 10:12:48 AM H 6 C:\WINXP\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 2002/08/29 04:00:00 PM 66048 C:\WINXP\SYSTEM32\access.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 578560 C:\WINXP\SYSTEM32\appwiz.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 129024 C:\WINXP\SYSTEM32\desk.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 150016 C:\WINXP\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 292352 C:\WINXP\SYSTEM32\inetcpl.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 121856 C:\WINXP\SYSTEM32\intl.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 65536 C:\WINXP\SYSTEM32\joy.cpl
Sun Microsystems 2004/02/22 11:44:42 PM 61555 C:\WINXP\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 187904 C:\WINXP\SYSTEM32\main.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 559616 C:\WINXP\SYSTEM32\mmsys.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 35840 C:\WINXP\SYSTEM32\ncpa.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 256000 C:\WINXP\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 2003/07/28 05:19:00 PM 143360 C:\WINXP\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 36864 C:\WINXP\SYSTEM32\nwc.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 36864 C:\WINXP\SYSTEM32\odbccp32.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 109056 C:\WINXP\SYSTEM32\powercfg.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 268288 C:\WINXP\SYSTEM32\sysdm.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 28160 C:\WINXP\SYSTEM32\telephon.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 90112 C:\WINXP\SYSTEM32\timedate.cpl
Microsoft Corporation 2005/05/26 04:31:52 AM 174360 C:\WINXP\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 2004/06/27 02:50:00 AM 55296 C:\WINXP\SYSTEM32\CCM\SMSCFGRC.cpl
Microsoft Corporation 2004/06/27 02:50:00 AM 13312 C:\WINXP\SYSTEM32\CCM\SMSPDM.cpl
Microsoft Corporation 2004/06/27 02:50:00 AM 55808 C:\WINXP\SYSTEM32\CCM\SMSRAP.cpl
Microsoft Corporation 2004/06/27 02:50:00 AM 233472 C:\WINXP\SYSTEM32\CCM\clicomp\RemCtrl\smsrc.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 66048 C:\WINXP\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 578560 C:\WINXP\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 129024 C:\WINXP\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 150016 C:\WINXP\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 292352 C:\WINXP\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 121856 C:\WINXP\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 65536 C:\WINXP\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 187904 C:\WINXP\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 559616 C:\WINXP\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 35840 C:\WINXP\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 256000 C:\WINXP\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 36864 C:\WINXP\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 36864 C:\WINXP\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 109056 C:\WINXP\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 147456 C:\WINXP\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 268288 C:\WINXP\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 28160 C:\WINXP\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 2002/08/29 04:00:00 PM 90112 C:\WINXP\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
2005/10/12 05:37:44 PM 1825 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
2004/03/08 04:23:28 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
2004/06/23 05:10:42 PM 1731 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
2004/03/08 06:08:14 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
2004/03/08 04:23:28 PM HS 84 C:\Documents and Settings\bngcobo\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
2004/03/08 06:08:14 PM HS 62 C:\Documents and Settings\bngcobo\Application Data\desktop.ini
2006/01/24 11:06:48 AM 25648 C:\Documents and Settings\bngcobo\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Toolbar : C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINXP\System32\msdxm.ocx
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINXP\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
ButtonText = @shdoclc.dll,-866 :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
McAfeeUpdaterUI "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
ShStatEXE "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
RightFAX Print-to-Fax Driver C:\Program Files\RightFax\faxctrl.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINXP\System32\ctfmon.exe
NvMediaCenter RUNDLL32.EXE C:\WINXP\System32\NVMCTRAY.DLL,NvTaskbarInit
PlaxoUpdate C:\Documents and Settings\bngcobo\Application Data\Plaxo\2.6.2.7\PlaxoHelper.exe -a

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoSMConfigurePrograms 1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption Cell C IT Policy Disclaimer
legalnoticetext The Cell C (Pty) Ltd network is governed by an Information Technology Policy (the “IT Policy”) dealing with the usage of its computer network,hardware,software,internet,electronic mail facilities and other information technology related systems. By pressing the “OK” button,you accept the terms of the IT Policy and agree to be bound by such terms. Should you wish to view the IT Policy,same can be found at http://cmail.za.cellc.net/pol/it-pol.htm or a copy can be obtained from IT Helpdesk (+27) 11 324-4911.
shutdownwithoutlogon 1
undockwithoutlogon 0
disablecad 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall
1
NoChooseProgramsPage 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINXP\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINXP\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2006/06/13 10:21:16 AM

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,279 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:30 PM

Posted 13 June 2006 - 07:50 AM

Hello bheki

Are you having some type of problem that required you to use WPfind and post a log? This tool is normally used in conjunction with malware removal in the Hijackthis forum and only when requested by a HJT Team member. We do not routinely check these type of logs unless there is a specific reason to do and that's usually after we exhaust other tools in our arsenal.

One thing I see right away is that your log shows your current version of Windows XP is NOT up to date and you are still at a security risk. You should go to Microsoft Windows Update and download all the "critical updates" for Windows or Order Windows XP Service Pack 2 on CD. This will include all Service Packs and the latest version of Internet Explorer. By doing this you will be patching many of the security holes which hackers use to gain access to your computer and adding some enhanced security features.

On October 10, 2006, Microsoft will end all public assisted support for Windows XP Service Pack1 (SP1). After this date, Microsoft will no longer provide any incident support options or security updates for this retired service pack under the policies defined by the Microsoft Support Lifecycle policy.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:06:30 PM

Posted 13 June 2006 - 09:18 AM

Of course, if you have malware installed on your computer then you do not want to update to SP2 just yet. The computer must be clean first. You may consider posting a HJT log.

FIRST
Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

NEXT
Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

FINALLY
If, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users