JoÆo Barradas - 06-10-19 23:12:17,81    Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Documents and Settings\JoÆo Barradas\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-09-19 to 2006-10-19  ))))))))))))))))))))))))))))))))))
 
 
2006-10-14	23:40	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-14	22:32	50,944	--a------	C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-14	22:32	30,560	--a------	C:\WINDOWS\system32\drivers\ikhfile.sys
2006-09-30	14:10	262,144	--a------	C:\WINDOWS\system32\TomsMoComp_ff.dll
2006-09-30	14:10	112,640	--a------	C:\WINDOWS\system32\libmpeg2_ff.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))	


2006-10-19 23:06	--------	d--------	C:\Program Files\Symantec AntiVirus
2006-10-19 20:40	--------	d--------	C:\Documents and Settings\Joao Barradas\Application Data\Azureus
2006-10-17 17:38	--------	d--------	C:\Program Files\Common Files
2006-10-16 23:19	--------	d--------	C:\Program Files\STOPzilla!
2006-10-16 22:38	--------	d--------	C:\Program Files\Common Files\iS3
2006-10-16 22:27	--------	d--------	C:\Program Files\TuneUp Utilities 2006
2006-10-16 22:18	--------	d--h-----	C:\Program Files\InstallShield Installation Information
2006-10-16 22:18	--------	d--------	C:\Program Files\SoftwareDoctor
2006-10-14 23:39	--------	d--------	C:\Program Files\Grisoft
2006-10-14 23:03	--------	d--------	C:\Program Files\Spyware Doctor
2006-10-13 20:58	--------	d--------	C:\Documents and Settings\Joao Barradas\Application Data\Real
2006-10-13 20:52	--------	d--------	C:\Program Files\Common Files\Real
2006-10-10 19:23	--------	d--------	C:\Documents and Settings\Joao Barradas\Application Data\PC Tools
2006-10-09 21:48	--------	d--------	C:\Documents and Settings\Joao Barradas\Application Data\Lavasoft
2006-10-07 18:54	--------	d--------	C:\Documents and Settings\Joao Barradas\Application Data\Adobe
2006-10-07 16:38	--------	d--------	C:\Documents and Settings\Joao Barradas\Application Data\Apple Computer
2006-10-07 16:10	--------	d--------	C:\Program Files\QuickTime
2006-10-07 16:07	--------	d--------	C:\Program Files\Apple Software Update
2006-10-06 19:49	--------	d--------	C:\Program Files\eMule
2006-10-04 17:38	--------	d--------	C:\Program Files\Gabest
2006-09-30 14:10	--------	d--------	C:\Program Files\Cucusoft
2006-09-28 18:48	--------	d--------	C:\Program Files\Pcsx2
2006-09-27 22:00	--------	d--------	C:\Documents and Settings\Joao Barradas\Application Data\Rock Manager
2006-09-23 22:57	--------	d--------	C:\Documents and Settings\Joao Barradas\Application Data\Skype
2006-09-13 06:01	1084416	--a------	C:\WINDOWS\system32\msxml3.dll
2006-08-30 19:19	--------	d--------	C:\Program Files\Mozilla Firefox
2006-08-27 01:11	223128	--a------	C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-26 23:24	--------	d--------	C:\Documents and Settings\Joao Barradas\Application Data\.BTuga
2006-08-26 22:59	--------	d--------	C:\Program Files\Alcohol Soft
2006-08-26 22:58	223128	--a------	C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-26 22:58	--------	d--------	C:\Program Files\DAEMON Tools
2006-08-26 22:52	96256	--a------	C:\WINDOWS\system32\drivers\sptd4765.sys
2006-08-26 22:52	643072	--a------	C:\WINDOWS\system32\drivers\sptd.sys
2006-08-25 16:45	617472	--a------	C:\WINDOWS\system32\comctl32.dll
2006-08-23 20:16	--------	d--------	C:\Program Files\Azureus
2006-08-21 19:52	--------	d--------	C:\Program Files\Windows Media Player
2006-08-21 13:21	16896	--a------	C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14	23040	--a------	C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14	128896	---------	C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 12:58	100352	--a------	C:\WINDOWS\system32\6to4svc.dll
2006-08-15 19:57	247866	--a------	C:\WINDOWS\Alcohol_Toolbar_Uninstaller_8256.exe
2006-08-02 20:43	16384	--a------	C:\WINDOWS\system32\ac3config.exe
2006-07-27 14:24	679424	--a------	C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24	72704	--a------	C:\WINDOWS\system32\hlink.dll
2006-07-06 16:28	45716	--a------	C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-06 16:26	2176	--a------	C:\Documents and Settings\Joao Barradas\Application Data\HPSU_48BitScanUpdate.log
2006-07-06 16:19	2517	--a------	C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
2006-07-06 16:17	2965	--a------	C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_InstantShareJPG.log
2006-07-06 16:15	3796	--a------	C:\Documents and Settings\Joao Barradas\Application Data\PatchUpdate_IZClosingDiscError.log
2006-07-06 16:12	5868	--a------	C:\Documents and Settings\Joao Barradas\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2006-07-06 16:08	49424	--a------	C:\Documents and Settings\Joao Barradas\Application Data\Update_HP_RedboxHprblog_HPSU.log
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CoolSwitch"="C:\\WINDOWS\\System32\\taskswitch.exe"
"FastUser"="C:\\WINDOWS\\System32\\fast.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AudioDeck"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"mgqmefk.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\mgqmefk.dll,cdwfcsc"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
  00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"msdata"="moose.exe"
"NAV Auto Protect"="navprotect.exe"
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"
"Spyware Doctor"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"msdata"="moose.exe"
"NAV Auto Protect"="navprotect.exe"
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"start extracting"="spoolvs.exe"
"start uploading"="smsss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]	
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AF907913913BEFEF.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-19 23:15:02.64 
C:\ComboFix.txt ... 06-10-19 23:15
C:\ComboFix2.txt ... 06-10-17 21:31
C:\ComboFix3.txt ... 06-10-17 17:38