|
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.
------- System Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 3CBB-8567
Directory of C:\WINNT\System32
12/22/2004 04:20a 225,240 kydda.dll
12/22/2004 04:20a 222,985 irnql5551.dll
12/22/2004 04:05a 225,240 fpj2031oe.dll
12/20/2004 09:18a 225,240 dasynth.dll
12/18/2004 01:30p 225,177 pexdll.dll
12/18/2004 01:08p 225,240 chnfmsp.dll
12/17/2004 02:49a <DIR> dllcache
6 File(s) 1,349,122 bytes
1 Dir(s) 1,340,321,792 bytes free
------- Hidden Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 3CBB-8567
Directory of C:\WINNT\System32
12/17/2004 02:49a <DIR> dllcache
12/17/2004 02:49a <DIR> GroupPolicy
12/17/2004 02:10a 21,692 folder.htt
12/17/2004 02:10a 271 desktop.ini
2 File(s) 21,963 bytes
2 Dir(s) 1,340,321,792 bytes free
---------- Files Named "Guard" -------------
Volume in drive C has no label.
Volume Serial Number is 3CBB-8567
Directory of C:\WINNT\System32
--------- Temp Files in System32 Directory --------
Volume in drive C has no label.
Volume Serial Number is 3CBB-8567
Directory of C:\WINNT\System32
12/07/1999 04:00a 2,577 CONFIG.TMP
1 File(s) 2,577 bytes
0 Dir(s) 1,340,321,792 bytes free
---------------- User Agent ------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
"{627CC131-24DE-4CA1-B37F-89C0CA9682AF}"=""
------------ Keys Under Notify ------------
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c, 00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c, 6c,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NetCache]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\fpj2031oe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c, 6c,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
---------------- Xfind Results -----------------
'Xfind' is not recognized as an internal or external command,
operable program or batch file.
-------------- Locate.com Results ---------------
�
__________________________________________________ _____
chnfmsp.dll 220kb
pexdll.dll 220kb
dasynth.dll 220kb
fpj2031oe.dll 220kb
irnql5551.dll 218kb
kydda.dll 220kb
|