Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter #1
Logfile of HijackThis v1.99.1
Scan saved at 7.43.34, on 27/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\DU Meter\DUMeter.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Programmi\File comuni\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\checcocasa\Desktop\WinPFind\WinPFind\winpfind.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\checcocasa\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Programmi\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Media Playback Support Dll - {9D9A7350-46C9-4E3C-92EF-382B5740A1C3} - C:\WINDOWS\system32\bvicore.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Programmi\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programmi\RivaTuner v2.0 RC 15.7\RivaTuner.exe" /S
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: ATITool.lnk = C:\Programmi\ATITool\ATITool.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: SpeedFan.lnk = C:\Programmi\SpeedFan\speedfan.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...wn&http://62.3.133.38/IT/24_3d_colour_pop.jsp
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7F8B1F27-AE54-479D-AACF-0A7B2334E7EE} (HTTPUplListX Control) - http://stampafoto.mediaworld.it/HTTPUplList.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.72.237.169/activex/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B77AE8-0065-42AE-B125-2603C9FE308C}: NameServer = 213.205.32.70 213.205.36.70
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe



regard
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Since you already have the WinPfind tool.......please post it's log....

Download WinPFInd http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Download Track qoo http://www.geekstogo.com/downloads/Trackqoo.zip
Save it somewhere you will remember like the Desktop. Unzip the Track qoo.vbs inside to your desktop. DO NOT run it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.!



Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.! Once the Scan is Complete it will make a txt file (log) of what was found.

1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Please post those results in your next post!

REBOOT to normal mode.

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

So I need the following tool logs..

WinPFind.txt log
Track qoo.vbs log
 

·
Registered
Joined
·
3 Posts
ok theese are my log.
Please help me
Thanks in advance
Regards

Please post the logs in the threads..and NOT as attachments.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 22/08/2004 17.04.56 69120 C:\WINDOWS\daemon.dll
UPX! 12/12/2003 1.52.36 278668 C:\WINDOWS\epsuninst.exe
PECompact2 08/12/2004 12.54.02 10813492 C:\WINDOWS\LPT$VPN.285
qoologic 08/12/2004 12.54.02 10813492 C:\WINDOWS\LPT$VPN.285
UPX! 08/12/2004 18.54.34 162885 C:\WINDOWS\tsc.exe
PECompact2 08/12/2004 12.54.02 10813492 C:\WINDOWS\VPTNFILE.285
qoologic 08/12/2004 12.54.02 10813492 C:\WINDOWS\VPTNFILE.285
UPX! 08/12/2004 12.54.02 1036800 C:\WINDOWS\vsapi32.dll
aspack 08/12/2004 12.54.02 1036800 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
SAHAgent 28/02/2003 18.26.36 69027 C:\WINDOWS\SYSTEM32\clsid.log
PEC2 31/08/2001 12.00.00 41144 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 05/10/2005 4.09.28 2298208 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05/10/2005 4.09.28 2298208 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 19/08/2004 15.38.58 729600 C:\WINDOWS\SYSTEM32\ntdll.dll
qoologic 08/12/2004 19.11.48 7443274 C:\WINDOWS\SYSTEM32\pav.sig
aspack 08/12/2004 19.11.48 7443274 C:\WINDOWS\SYSTEM32\pav.sig
SAHAgent 08/12/2004 19.11.48 7443274 C:\WINDOWS\SYSTEM32\pav.sig
winsync 08/12/2004 19.11.48 7443274 C:\WINDOWS\SYSTEM32\pav.sig
Umonitor 19/08/2004 15.39.26 674816 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 23/07/2001 6.29.32 552960 C:\WINDOWS\SYSTEM32\saxzip.ocx
winsync 31/08/2001 12.00.00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 03/08/2004 22.41.38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
27/10/2005 21.50.06 S 2048 C:\WINDOWS\bootstat.dat
12/10/2005 22.39.50 H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0b854bd853b294c006ece5317f50a3a5\BIT7.tmp
05/10/2005 3.17.34 S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
28/09/2005 11.53.22 S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
09/09/2005 19.15.00 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
29/08/2005 21.25.38 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904706.cat
17/10/2005 2.11.14 S 22087 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem33.CAT
27/10/2005 21.49.56 H 8192 C:\WINDOWS\system32\config\default.LOG
27/10/2005 21.50.14 H 1024 C:\WINDOWS\system32\config\SAM.LOG
27/10/2005 21.50.06 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
27/10/2005 21.50.16 H 65536 C:\WINDOWS\system32\config\software.LOG
27/10/2005 21.50.16 H 1228800 C:\WINDOWS\system32\config\system.LOG
16/10/2005 1.38.38 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
14/10/2005 1.46.22 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e81d370a-6004-43c0-8190-32d7412287b7
14/10/2005 1.46.22 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
27/10/2005 0.43.14 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
19/08/2003 9.20.04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 19/08/2004 15.39.48 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 19/08/2004 15.39.48 553472 C:\WINDOWS\SYSTEM32\appwiz.cpl
Creative Technology Ltd. 28/05/2001 13.47.00 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
Microsoft Corporation 19/08/2004 15.39.48 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 19/08/2004 15.39.48 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 19/08/2004 15.39.48 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 19/08/2004 15.39.48 156160 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 22/07/2003 17.29.22 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 19/08/2004 15.39.48 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 19/08/2004 15.39.48 132608 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 19/08/2004 15.39.48 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 19/08/2004 15.39.48 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 31/08/2001 12.00.00 188928 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 19/08/2004 15.39.48 623616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 31/08/2001 12.00.00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 19/08/2004 15.39.48 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 19/08/2004 15.39.48 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
10/10/2005 21.49.00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 31/08/2001 12.00.00 37376 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 19/08/2004 15.39.48 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 19/08/2004 15.39.48 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 19/08/2004 15.39.48 301568 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 31/08/2001 12.00.00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 19/08/2004 15.39.48 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
28/09/2004 2.00.00 6151 C:\WINDOWS\SYSTEM32\txp4.cpl
Microsoft Corporation 19/08/2004 15.39.48 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 4.16.32 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 31/08/2001 12.00.00 188928 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 31/08/2001 12.00.00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 31/08/2001 12.00.00 37376 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 31/08/2001 12.00.00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26/05/2005 4.16.32 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
27/10/2005 0.45.28 656 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ATITool.lnk
06/07/2004 21.06.14 HS 84 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
06/07/2004 21.18.48 808 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DSLMON.lnk
16/10/2005 1.23.22 654 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\SpeedFan.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
06/07/2004 21.54.18 HS 62 C:\Documents and Settings\All Users\Dati applicazioni\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
06/07/2004 21.06.14 HS 84 C:\Documents and Settings\checcocasa\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
13/10/2005 21.30.08 2508 C:\Documents and Settings\checcocasa\Dati applicazioni\$_hpcst$.hpc
06/07/2004 21.54.18 HS 62 C:\Documents and Settings\checcocasa\Dati applicazioni\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RExpCtxU
{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Programmi\Resco\Pocket Encryption\RExpCtxU.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Blocco menu Start = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RExpCtxU
{D9F81151-62CA-4858-B45E-82B3EC41A549} = C:\Programmi\Resco\Pocket Encryption\RExpCtxU.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CF0B8EE-6596-11D5-A98E-0003470BB48E}
CCHelper Class = C:\Programmi\Panicware\Pop-Up Stopper Pro\CCHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
eBay Toolbar Helper = C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\programmi\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Programmi\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Suggerimenti = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}
&Organizzatore ricerche = C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} = Pa&nicware Pop-Up Stopper Pro : C:\Programmi\Panicware\Pop-Up Stopper Pro\popuppro.dll
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} = eBay Toolbar : C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programmi\google\googletoolbar2.dll
{BA52B914-B692-46c4-B683-905236F6F655} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programmi\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText = Create Mobile Favorite :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText = Create Mobile Favorite... : C:\PROGRA~1\MI3AA1~1\INetRepl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Ricerche :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9455301C-CF6B-11D3-A266-00C04F689C50}
ButtonText = Organizzatore ricerche :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programmi\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
SearchBand = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Barra di Explorer per la ricerca file = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Indirizzo : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programmi\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programmi\google\googletoolbar2.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Indirizzo : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = Co&llegamenti : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programmi\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programmi\Norton AntiVirus\NavShExt.dll
{E6AE90A4-1B01-47F0-AA78-E6B122E145E9} = :
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = :
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WINDVDPatch CTHELPER.EXE
UpdReg C:\WINDOWS\UpdReg.EXE
Jet Detection C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
DU Meter C:\Programmi\DU Meter\DUMeter.exe
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
ATIPTA C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
RivaTunerStartupDaemon "C:\Programmi\RivaTuner v2.0 RC 15.7\RivaTuner.exe" /S
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
ccApp "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
H/PC Connection Agent "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
MsnMsgr "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
AlturionAU

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk
path C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk
backup C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
location Common Startup
command C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
item Adobe Acrobat Speed Launcher
path C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk
backup C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
location Common Startup
command C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
item Adobe Acrobat Speed Launcher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk
path C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\FILECO~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader
path C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\FILECO~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^PCSuiteperNokia6600 Detect.lnk
path C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PCSuiteperNokia6600 Detect.lnk
backup C:\WINDOWS\pss\PCSuiteperNokia6600 Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteperNokia6600 Detect
path C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PCSuiteperNokia6600 Detect.lnk
backup C:\WINDOWS\pss\PCSuiteperNokia6600 Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteperNokia6600 Detect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^PCSuiteperNokia6600 TS.lnk
path C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PCSuiteperNokia6600 TS.lnk
backup C:\WINDOWS\pss\PCSuiteperNokia6600 TS.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteperNokia6600 TS
path C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PCSuiteperNokia6600 TS.lnk
backup C:\WINDOWS\pss\PCSuiteperNokia6600 TS.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteperNokia6600 TS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^SideWindow.lnk
path C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\SideWindow.lnk
backup C:\WINDOWS\pss\SideWindow.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Innobec\SIDEWI~1\Bin\SIDEWI~1.EXE
item SideWindow
path C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\SideWindow.lnk
backup C:\WINDOWS\pss\SideWindow.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Innobec\SIDEWI~1\Bin\SIDEWI~1.EXE
item SideWindow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 7.0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Acrotray
hkey HKLM
command "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Acrotray
hkey HKLM
command "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlturionAU
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Anti-Blaxx Manager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Anti-Blaxx
hkey HKLM
command C:\Programmi\Anti-Blaxx\Anti-Blaxx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Anti-Blaxx
hkey HKLM
command C:\Programmi\Anti-Blaxx\Anti-Blaxx.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ares
hkey HKCU
command "C:\Programmi\Ares\Ares.exe" -h
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ares
hkey HKCU
command "C:\Programmi\Ares\Ares.exe" -h
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Translator
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Babylon
hkey HKCU
command C:\Programmi\Babylon\Babylon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Babylon
hkey HKCU
command C:\Programmi\Babylon\Babylon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "C:\Programmi\D-Tools\daemon.exe" -lang 1033
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "C:\Programmi\D-Tools\daemon.exe" -lang 1033
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eBayToolbar
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item eBayTBDaemon
hkey HKLM
command C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item eBayTBDaemon
hkey HKLM
command C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gainward
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TBPanel
hkey HKLM
command C:\WINDOWS\TBPanel.exe /A
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TBPanel
hkey HKLM
command C:\WINDOWS\TBPanel.exe /A
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nokia Tray Application
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NclTray
hkey HKLM
command C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NclTray
hkey HKLM
command C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerStrip
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pstrip
hkey HKLM
command c:\programmi\powerstrip\pstrip.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pstrip
hkey HKLM
command c:\programmi\powerstrip\pstrip.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ServiceLayer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ServiceLayer
hkey HKLM
command C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ServiceLayer
hkey HKLM
command C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Steam
hkey HKCU
command C:\Programmi\Valve\Steam\\Steam.exe -silent
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Steam
hkey HKCU
command C:\Programmi\Valve\Steam\\Steam.exe -silent
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TorrentSearch
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TSx
hkey HKLM
command C:\Programmi\TSx\TSx.exe minimized
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TSx
hkey HKLM
command C:\Programmi\TSx\TSx.exe minimized
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinFoxV2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WF2K
hkey HKLM
command C:\WINDOWS\system32\WF2K.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WF2K
hkey HKLM
command C:\WINDOWS\system32\WF2K.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
ClearRecentDocsOnExit 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 27/10/2005 21.57.46

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="C:\\Programmi\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe"
"DU Meter"="C:\\Programmi\\DU Meter\\DUMeter.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATIPTA"="C:\\Programmi\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"RivaTunerStartupDaemon"="\"C:\\Programmi\\RivaTuner v2.0 RC 15.7\\RivaTuner.exe\" /S"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ccApp"="\"C:\\Programmi\\File comuni\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- RExpCtxU
{D9F81151-62CA-4858-B45E-82B3EC41A549}
C:\Programmi\Resco\Pocket Encryption\RExpCtxU.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Programmi\Norton AntiVirus\NavShExt.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Programmi\WinRAR\rarext.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Blocco menu Start
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Programmi\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica

ATITool.lnk
desktop.ini
DSLMON.lnk
SpeedFan.lnk
==============================
C:\Documents and Settings\checcocasa\Menu Avvio\Programmi\Esecuzione automatica

ATITool.lnk
desktop.ini
DSLMON.lnk
SpeedFan.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


ac3filter.cpl
access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
AudioHQU.cpl Creative Technology Ltd.
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
ImageDrive.cpl Ahead Software AG
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
txp4.cpl
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
 

Attachments

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Please visit this website - http://virusscan.jotti.org/
Submit these file(s) for a comprehensive scan & then post the results back here

C:\WINDOWS\epsuninst.exe
Cr-pis12.exe

Is this your only issue...not being able to delete this file? Your logs are clean..and that file is not set up to be running in any entrys. What directory is it in?
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top