Logfile of HijackThis v1.99.1
Scan saved at 3:59:45 PM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\WINDOWS\system32\mrarrr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ed\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.sony.com/vaiopeopleR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\mrarrr.exe reg_run
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: SnipeMonkey - {73B41442-4735-4FF2-9C19-CEA30AE6D7B7} - C:\Program Files\SnipeMonkey\SnipeMonkey.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} -
http://ds1.downloadt...pcpowerscan.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
"WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/11/2005 3:53:55 PMht is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
PEC2 5/25/2002 5:28:42 PM 365056 C:\WINDOWS\Dotest.exe
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe
qoologic 3/14/2005 10:52:28 PM 3859 C:\WINDOWS\ghchhh.dll
urllogic 3/14/2005 10:52:28 PM 3859 C:\WINDOWS\ghchhh.dll
urllogic 3/14/2005 10:52:28 PM 3859 C:\WINDOWS\ghchhh.dll
abetterinternet.com 3/14/2005 10:52:28 PM 3859 C:\WINDOWS\ghchhh.dll
aspack 2/23/2005 9:21:32 PM 9146227 C:\WINDOWS\salm_kyf.dat
PTech 2/23/2005 9:21:32 PM 9146227 C:\WINDOWS\salm_kyf.dat
PECompact2 8/4/2005 2:54:10 PM 15552195 C:\WINDOWS\lpt$vpn.761
qoologic 8/4/2005 2:54:10 PM 15552195 C:\WINDOWS\lpt$vpn.761
SAHAgent 8/4/2005 2:54:10 PM 15552195 C:\WINDOWS\lpt$vpn.761
UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
PECompact2 8/4/2005 2:54:10 PM 15552195 C:\WINDOWS\VPTNFILE.761
qoologic 8/4/2005 2:54:10 PM 15552195 C:\WINDOWS\VPTNFILE.761
SAHAgent 8/4/2005 2:54:10 PM 15552195 C:\WINDOWS\VPTNFILE.761
Checking %System% folder...
qoologic 1/10/2005 9:06:18 AM 7959053 C:\WINDOWS\SYSTEM32\pav.sig
aspack 1/10/2005 9:06:18 AM 7959053 C:\WINDOWS\SYSTEM32\pav.sig
SAHAgent 1/10/2005 9:06:18 AM 7959053 C:\WINDOWS\SYSTEM32\pav.sig
winsync 1/10/2005 9:06:18 AM 7959053 C:\WINDOWS\SYSTEM32\pav.sig
PECompact2 7/6/2005 10:21:30 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 7/6/2005 10:21:30 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
PEC2 8/18/2001 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 10/26/2004 5:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/26/2004 5:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
SAHAgent 2/16/2005 12:59:44 AM 35 C:\WINDOWS\SYSTEM32\70tovmto.ini
winsync 8/18/2001 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
69.59.186.63 8/3/2005 12:42:44 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/3/2005 12:42:44 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/3/2005 12:42:44 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/3/2005 12:42:44 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/3/2005 12:42:44 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/3/2005 12:42:44 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/3/2005 12:42:44 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
KavSvc 8/3/2005 12:42:46 PM 16384 C:\WINDOWS\SYSTEM32\nukuu.dll
69.59.186.63 8/3/2005 12:42:46 PM 16384 C:\WINDOWS\SYSTEM32\nukuu.dll
209.66.67.134 8/3/2005 12:42:46 PM 16384 C:\WINDOWS\SYSTEM32\nukuu.dll
web-nex 8/3/2005 12:42:46 PM 16384 C:\WINDOWS\SYSTEM32\nukuu.dll
yourkey 8/3/2005 12:42:46 PM 16384 C:\WINDOWS\SYSTEM32\nukuu.dll
UPX! 9/7/2001 11:06:18 AM 54784 C:\WINDOWS\SYSTEM32\XpBlock.dll
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
Umonitor 8/4/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 8/4/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 7/11/1997 163384 C:\WINDOWS\SYSTEM32\ODBCJET.HLP
Checking %System%\Drivers folder and sub-folders...
UPX! 7/21/2003 10:46:58 AM 839408 C:\WINDOWS\SYSTEM32\drivers\vsapint.sys
aspack 7/21/2003 10:46:58 AM 839408 C:\WINDOWS\SYSTEM32\drivers\vsapint.sys
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder for system and hidden files within the last 60 days...
8/11/2005 3:42:24 PM 21471 C:\WINDOWS\system32\FFASTLOG.TXT
7/21/2005 10:00:16 AM 401408 C:\WINDOWS\system32\??xplore.exe
8/11/2005 3:44:48 PM 1024 C:\WINDOWS\system32\config\system.LOG
8/11/2005 3:50:32 PM 20480 C:\WINDOWS\system32\config\software.LOG
8/11/2005 3:44:48 PM 1024 C:\WINDOWS\system32\config\default.LOG
8/11/2005 3:42:18 PM 1024 C:\WINDOWS\system32\config\SAM.LOG
8/11/2005 3:44:48 PM 1024 C:\WINDOWS\system32\config\SECURITY.LOG
8/4/2005 10:19:58 PM 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
7/12/2005 9:47:06 PM 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/12/2005 9:47:06 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2936471d-a889-4429-96ee-681b60328b03
7/1/2005 8:43:32 AM 0 C:\WINDOWS\inf\oem36.inf
8/4/2005 9:13:14 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
8/9/2005 1:49:48 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\F9CR31PI\desktop.ini
8/9/2005 1:49:48 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Q5G38ZGJ\desktop.ini
8/9/2005 1:49:48 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GWR4T078\desktop.ini
8/9/2005 1:49:48 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IV5X7ZI7\desktop.ini
7/15/2005 9:48:12 AM 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
8/11/2005 3:42:18 PM 6 C:\WINDOWS\Tasks\SA.DAT
8/11/2005 3:42:22 PM 192 C:\WINDOWS\Tasks\RUTASK.job
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/8/2005 4:38:56 PM 665 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
7/11/2005 11:43:52 AM 877 C:\Documents and Settings\ed corfini\Application Data\AdobeDLM.log
7/11/2005 11:43:52 AM 0 C:\Documents and Settings\ed corfini\Application Data\dm.ini
2/23/2005 9:21:52 PM 263968 C:\Documents and Settings\ed corfini\Application Data\Sskknwrd.dll
2/23/2005 9:34:22 PM 34 C:\Documents and Settings\ed corfini\Application Data\Sskuknwrd.dll
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRA~1\INCRED~1\bin\ImShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\moveonboot_delete
{12B23346-6BD8-4812-BF8C-75E7C386ACB8} = C:\Program Files\GiPo@Utilities\GiPo@MoveOnBoot\mboot.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\qfyfff
{032e7bfa-2fd6-495f-99a2-45dd81cde4ee} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\qfyfffyk
{7a26f576-7634-40d7-91f1-78111ebf1af5} = C:\WINDOWS\system32\nukuu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
http://www.sony.com/vaiopeople = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{73B41442-4735-4FF2-9C19-CEA30AE6D7B7}
ButtonText = SnipeMonkey : C:\Program Files\SnipeMonkey\SnipeMonkey.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{82315A18-6CFB-44A7-BDFD-90E36537C252} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
utipro C:\WINDOWS\system32\utipro.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
DisableRegedit 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.9 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/11/2005 3:53:55 PM
Trackqoo log:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"Pop3trap.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2000\\Pop3trap.exe\""
"KavSvc"="C:\\WINDOWS\\system32\\mrarrr.exe reg_run"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll
Subkey --- IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4}
C:\PROGRA~1\INCRED~1\bin\ImShExt.dll
Subkey --- moveonboot_delete
{12B23346-6BD8-4812-BF8C-75E7C386ACB8}
C:\Program Files\GiPo@Utilities\GiPo@MoveOnBoot\mboot.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- qfyfff
{032e7bfa-2fd6-495f-99a2-45dd81cde4ee}
Subkey --- qfyfffyk
{7a26f576-7634-40d7-91f1-78111ebf1af5}
C:\WINDOWS\system32\nukuu.dll
Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll
Subkey --- {48F45200-91E6-11CE-8A4F-0080C81A28D4}
C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini
Microsoft Find Fast.lnk
tnan.exe
==============================
C:\Documents and Settings\ed corfini\Start Menu\Programs\Startup
desktop.ini
Microsoft Find Fast.lnk
tnan.exe
desktop.ini
==============================
C:\WINDOWS\system32 cpl files
desk.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
access.cpl Microsoft Corporation
igfxcpl.cpl Intel Corporation
hdwwiz.cpl Microsoft Corporation
UILib.cpl Sony Corporation
VASetup.cpl Sony Corporation
QuickTime.cpl Apple Computer, Inc.
ADPanel.cpl Iomega Corporation
powercfg.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
MLCFG32.CPL Microsoft Corporation
FINDFAST.CPL Microsoft Corporation