Hello loophole!!
Thank you very much for trying to help. I am sure we will fix the problem. Anyway, below are the two logs you required, Combofix and WinPFind:
Combofix:
Felipe - Fri 15/09/2006 14:55:57.43 Service Pack 4
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Felipe .GLOBAL\Desktop
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{463B30D1-B6E1-4D67-A0B6-EF98DECFE3DB}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{463B30D1-B6E1-4D67-A0B6-EF98DECFE3DB}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{463B30D1-B6E1-4D67-A0B6-EF98DECFE3DB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{463B30D1-B6E1-4D67-A0B6-EF98DECFE3DB}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{D92EC297-3913-4406-92CF-4426C32B2442}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D92EC297-3913-4406-92CF-4426C32B2442}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D92EC297-3913-4406-92CF-4426C32B2442}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D92EC297-3913-4406-92CF-4426C32B2442}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{A8307608-9367-4171-B41E-B904A38E1111}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A8307608-9367-4171-B41E-B904A38E1111}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A8307608-9367-4171-B41E-B904A38E1111}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A8307608-9367-4171-B41E-B904A38E1111}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{2F217C8E-A26C-46AD-9B37-965B7CEBEBDD}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2F217C8E-A26C-46AD-9B37-965B7CEBEBDD}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2F217C8E-A26C-46AD-9B37-965B7CEBEBDD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2F217C8E-A26C-46AD-9B37-965B7CEBEBDD}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{47207841-3C27-4376-80E8-A8C286D917CA}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47207841-3C27-4376-80E8-A8C286D917CA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47207841-3C27-4376-80E8-A8C286D917CA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47207841-3C27-4376-80E8-A8C286D917CA}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{9B8B8E6E-F885-4BFA-94F8-945D19918B15}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9B8B8E6E-F885-4BFA-94F8-945D19918B15}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9B8B8E6E-F885-4BFA-94F8-945D19918B15}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9B8B8E6E-F885-4BFA-94F8-945D19918B15}\InprocServer32]
@="C:\\WINNT\\system32\\nsdskcc.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{B34434D5-C6FF-425F-8B80-4E4DC6B5C33F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B34434D5-C6FF-425F-8B80-4E4DC6B5C33F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B34434D5-C6FF-425F-8B80-4E4DC6B5C33F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B34434D5-C6FF-425F-8B80-4E4DC6B5C33F}\InprocServer32]
@="C:\\WINNT\\system32\\wnpcore.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{DB22D5B1-1274-40C2-8CD1-C81E749AA4AD}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DB22D5B1-1274-40C2-8CD1-C81E749AA4AD}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DB22D5B1-1274-40C2-8CD1-C81E749AA4AD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DB22D5B1-1274-40C2-8CD1-C81E749AA4AD}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{15331117-471D-458D-9607-C47FE2478710}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{15331117-471D-458D-9607-C47FE2478710}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{15331117-471D-458D-9607-C47FE2478710}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{15331117-471D-458D-9607-C47FE2478710}\InprocServer32]
@="C:\\WINNT\\system32\\iGshlpr.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINNT\system32\biowselc.dll
C:\WINNT\system32\hr4205hoe.dll
C:\WINNT\system32\i6240gfqe62e0.dll
C:\WINNT\system32\p6n8lg5u16.dll
C:\WINNT\system32\pch.dll
C:\WINNT\system32\sutupdll.dll
C:\WINNT\system32\trbyuv.dll
C:\WINNT\system32\UWTFS.DLL
Granting sedebugprivilege to Administrators ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\dfndrff_17.exe
C:\dfndrff_18.exe
C:\dfndrff_e.exe
C:\dfndrff_e1.exe
C:\dfndrff_e2.exe
C:\dfndrff_e3.exe
C:\deskbar3.exe
C:\kybrdff_18.exe
C:\Documents and Settings\Felipe .GLOBAL\Local Settings\Temporary Internet Files\Content.IE5\09WLE56N\dfndrff_e[1].exe
C:\WINNT\system32\dwdsregt.exe
C:\WINNT\offun.exe
C:\Program Files\Deskbar
C:\Program Files\Common Files\{3C9CAC2C-072D-1033-1128-030312220002}
((((((((((((((((((((((((((((((( Files Created from 2006-08-15 to 2006-09-15 ))))))))))))))))))))))))))))))))))
2006-09-15 00:53 235,832 -r--s---- C:\WINNT\system32\n8n6li5s18.dll
2006-09-15 00:53 234,174 -r--s---- C:\WINNT\system32\iGshlpr.dll
2006-09-15 00:19 233,826 -r--s---- C:\WINNT\system32\rxched20.dll
2006-09-14 21:05 556,864 -r-hs---- C:\WINNT\akkpsatA.exe
2006-09-14 21:05 430,592 --a------ C:\912_121.exe
2006-09-13 21:15 159,232 --ahs---- C:\WINNT\system32\wgareg.exe
2006-09-13 20:49 194,048 --a------ C:\WINNT\system32\54887_netapi.exe
2006-09-13 20:45 159,232 --ahs---- C:\WINNT\system32\.exe
2006-09-13 20:09 20,480 --a------ C:\mscts.exe
2006-09-13 20:04 20,480 --a------ C:\msct.exe
2006-09-12 21:17 1,386,496 --a------ C:\WINNT\system32\msvbvm60.dll
2006-09-12 20:46 194,048 --a------ C:\WINNT\system32\50531_netapi.exe
2006-09-12 20:23 831,760 --a------ C:\WINNT\system32\mswdat10.dll
2006-09-12 20:23 614,672 --a------ C:\WINNT\system32\mswstr10.dll
2006-09-12 20:23 6,416 -ra------ C:\WINNT\system32\hccoin.dll
2006-09-12 20:23 53,520 --a------ C:\WINNT\system32\msjter40.dll
2006-09-12 20:23 512,272 --a------ C:\WINNT\system32\msexch40.dll
2006-09-12 20:23 422,160 --a------ C:\WINNT\system32\msrd2x40.dll
2006-09-12 20:23 380,957 --a------ C:\WINNT\system32\expsrv.dll
2006-09-12 20:23 315,664 --a------ C:\WINNT\system32\msrd3x40.dll
2006-09-12 20:23 213,264 --a------ C:\WINNT\system32\msltus40.dll
2006-09-12 20:23 151,824 --a------ C:\WINNT\system32\msjint40.dll
2006-09-12 20:22 30,749 --a------ C:\WINNT\system32\vbajet32.dll
2006-09-12 20:02 176,128 --a------ C:\WINNT\system32\nvuaudio.exe
2006-09-12 19:54 6,928 --a------ C:\WINNT\system32\schmupd.exe
2006-09-12 19:29 20,480 --a------ C:\windrv.exe
2006-09-12 02:15 194,048 --a------ C:\MS32.exe
2006-09-12 02:15 0 --a------ C:\WINNT\system32\41221_netapi.exe
2006-09-12 02:07 0 --a------ C:\WINNT\system32\31184_netapi.exe
2006-09-11 19:35 138,862 --a------ C:\vnsbnsb.exe
2006-09-11 19:33 770,048 --a------ C:\ubbns.exe
2006-09-11 19:21 216,064 --------- C:\WINNT\system32\WinzAPI32.exe
2006-09-11 18:21 138,862 --a------ C:\videotron.exe
2006-09-11 18:03 770,048 --a------ C:\ubbn.exe
2006-09-11 18:01 138,862 --a------ C:\videotrom.exe
2006-09-11 18:00 770,048 --a------ C:\lcn.exe
2006-09-11 15:32 770,048 --a------ C:\hgshsgbx.exe
2006-09-11 15:32 138,862 --a------ C:\rayons.exe
2006-09-11 15:29 138,862 --a------ C:\rayon.exe
2006-09-11 15:28 770,048 --a------ C:\nycshook.exe
2006-09-11 14:42 770,048 --a------ C:\nycshos.exe
2006-09-11 14:22 770,048 --a------ C:\nycsho.exe
2006-09-11 13:59 770,048 --a------ C:\nyc.exe
2006-09-11 13:33 770,048 --a------ C:\nbncbc.exe
2006-09-11 13:16 138,862 --a------ C:\fix32ddd.exe
2006-09-11 13:15 770,048 --a------ C:\telekt.exe
2006-09-11 13:06 138,862 --a------ C:\fix32oi.exe
2006-09-11 13:03 770,048 --a------ C:\teleit.exe
2006-09-11 12:55 770,048 --a------ C:\ewewllllklkpo.exe
2006-09-11 12:47 770,048 --a------ C:\ewewllllklk.exe
2006-09-11 12:31 770,048 --a------ C:\ewewlll.exe
2006-09-11 12:21 770,048 --a------ C:\ewewll.exe
2006-09-11 12:15 138,862 --a------ C:\fix32.exe
2006-09-11 12:13 770,048 --a------ C:\ewew.exe
2006-09-11 12:06 770,048 --a------ C:\kjkj.exe
2006-09-11 12:01 770,048 --a------ C:\plpls.exe
2006-09-11 11:58 0 --a------ C:\WINNT\system32\37481_netapi.exe
2006-09-11 11:54 770,048 --a------ C:\6ruftjh.exe
2006-09-11 11:52 45,083 --a------ C:\WINNT\system32\ondsregl.exe
2006-09-11 11:26 770,048 --a------ C:\
[email protected]2006-09-11 11:17 194,048 --a------ C:\WINNT\system32\83652_netapi.exe
2006-09-11 10:56 770,048 --a------ C:\xpsp2.exe
2006-09-11 10:53 770,048 --a------ C:\
[email protected]2006-09-11 10:48 770,048 --a------ C:\rrrere.exe
2006-09-11 10:48 188,928 --a------ C:\WINNT\system32\45388_netapi.exe
2006-09-11 10:47 836 --a------ C:\WINNT\system32\winpfg32.sys
2006-09-11 10:47 45,056 --a------ C:\TIGEN001.exe
2006-09-11 10:47 32,768 --a------ C:\nwnmff_17.exe
2006-09-11 10:47 168,049 --a------ C:\WINNT\system32\lwinopex.exe
2006-09-11 10:46 770,048 --a------ C:\popopo.exe
2006-09-11 10:19 188,928 --a------ C:\wincomm.exe
2006-09-11 10:15 188,928 --a------ C:\winservnt32.exe
2006-09-11 06:18 188,928 --a------ C:\WINNT\system32\01164_netapi.exe
2006-09-11 00:23 18,192 --a------ C:\WINNT\system32\hid.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-15 14:58 -------- d-a------ C:\Program Files\Common Files
2006-09-15 01:25 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-09-15 00:28 -------- d-a------ C:\Program Files\ewido anti-spyware 4.0
2006-09-13 23:36 -------- d-------- C:\Program Files\Winamp
2006-09-13 23:36 -------- d-------- C:\Program Files\Webshots
2006-09-13 23:36 -------- d-------- C:\Program Files\Internet Explorer
2006-09-13 23:35 -------- d-------- C:\Program Files\PrintView
2006-09-13 23:35 -------- d-------- C:\Program Files\iTunes
2006-09-13 23:24 -------- d-------- C:\Program Files\CleanUp!
2006-09-13 21:15 159232 --ahs---- C:\WINNT\system32\.exe
2006-09-12 21:17 -------- d-------- C:\Program Files\Registry Mechanic
2006-09-12 19:51 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-12 02:19 -------- d-------- C:\Program Files\Last.fm Player
2006-09-11 10:46 33856 --a------ C:\WINNT\system32\drivers\oreans32.sys
2006-09-11 02:01 -------- d-------- C:\Program Files\eMule
2006-09-01 02:10 -------- d-------- C:\Program Files\Easy DVD Player
2006-08-24 17:45 -------- d-a------ C:\Documents and Settings\Felipe .GLOBAL\Application Data\SopCast
2006-08-22 22:44 -------- d-------- C:\Program Files\Java
2006-08-13 23:50 -------- d-------- C:\Program Files\Guild Wars
2006-08-13 13:13 -------- d-------- C:\Program Files\Soulseek-Test
2006-08-08 23:19 -------- d-------- C:\Documents and Settings\Felipe .GLOBAL\Application Data\CyberLink
2006-08-08 17:59 777472 --a------ C:\WINNT\system32\drivers\avg7core.sys
2006-08-08 17:59 27904 --a------ C:\WINNT\system32\drivers\avg7rsxp.sys
2006-08-08 17:59 26912 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2006-08-01 01:39 -------- d-------- C:\Program Files\mIRC
2006-07-26 23:43 -------- d-------- C:\Program Files\EndlessOnline
2006-07-26 17:57 -------- d-------- C:\Program Files\Common Files\xing shared
2006-07-26 17:57 -------- d-------- C:\Program Files\Common Files\Real
2006-07-19 18:52 -------- d-------- C:\Program Files\SopCast
2006-07-18 20:12 122 --a------ C:\Documents and Settings\Felipe .GLOBAL\Application Data\iScrobbler.ini
2006-07-11 23:31 9363 --a------ C:\Documents and Settings\Felipe .GLOBAL\Application Data\Comma Separated Values (Windows).EML
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
"fukr"="C:\\PROGRA~1\\COMMON~1\\fukr\\fukrm.exe"
"Start WingMan Profiler"=""
"stonedrv"="c:\\winnt\\system32\\stonedrv.exe"
"Microsoft Windows Communicator for NT/XP"="11514_netapi.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"LoadQM"="loadqm.exe"
"NeroCheck"="C:\\WINNT\\system32\\\\NeroCheck.exe"
"IntelliType"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"Microsoft Windows Communicator for NT/XP"="11514_netapi.exe"
"{CA-AC-C2-2C-ZN}"="c:\\winnt\\system32\\ondsregl.exe GEN001"
"PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe"
"RegistryMechanic"=""
"akkpsatA"="C:\\WINNT\\akkpsatA.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"stonedrv"="c:\\winnt\\system32\\stonedrv.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000002
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///D:/My%20Pictures/ana%20fotos%202/setembro/101MSDCF/DSC02717.JPG"
"SubscribedURL"="file:///D:/My%20Pictures/ana%20fotos%202/setembro/101MSDCF/DSC02717.JPG"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cc,00,00,00,60,00,00,00,34,03,00,00,00,03,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,50,05,00,00,62,01,00,00,80,02,00,00,e0,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,c8,00,00,00,2f,00,00,00,a8,00,00,00,9e,00,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,c8,00,00,00,ed,00,00,00,a8,00,00,00,9e,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:00000001
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,50,05,00,00,1f,00,00,00,20,01,00,00,23,01,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Windows Communicator for NT/XP"="11514_netapi.exe"
"Ms Java for Windows NT"="MS32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"CDRAutoRun"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Fri 2006-09-15 14:58:27.40
ComboFix.txt
WinPFind:
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 15/09/2006 8:18:04 PM
WinPFind v1.5.0 Folder = C:\WinPFind\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 14/09/2006 9:05:56 PM 430592 C:\912_121.exe ()
UPX! 04/04/2006 10:44:00 PM 691450012 C:\NeroTemp.nrg ()
FSG! 04/04/2006 10:44:00 PM 691450012 C:\NeroTemp.nrg ()
PEC2 04/04/2006 10:44:00 PM 691450012 C:\NeroTemp.nrg ()
WSUD 04/04/2006 10:44:00 PM 691450012 C:\NeroTemp.nrg ()
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
WSUD 12/12/1989 10:10:10 AM RHS 556864 C:\WINNT\akkpsatA.exe (System Service)
aspack 13/03/2005 3:23:18 PM 145408 C:\WINNT\CustoMess_Uninstall.exe (blobz.net)
Checking %System% folder...
aspack 18/03/2005 5:19:58 PM 2337488 C:\WINNT\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
PEC2 09/08/2005 3:14:00 PM 692736 C:\WINNT\SYSTEM32\DivX.dll (DivXNetworks)
PECompact2 09/08/2005 3:14:00 PM 692736 C:\WINNT\SYSTEM32\DivX.dll (DivXNetworks)
WinShutDown 15/09/2006 12:54:00 AM R S 234174 C:\WINNT\SYSTEM32\iGshlpr.dll ()
PTech 12/07/2005 6:04:22 PM 520456 C:\WINNT\SYSTEM32\LegitCheckControl.dll (Microsoft® Corporation)
WSUD 19/06/2003 12:05:04 PM 1011764 C:\WINNT\SYSTEM32\mfc42u.dll (Microsoft Corporation)
PECompact2 06/04/2006 12:48:38 PM 5143456 C:\WINNT\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 06/04/2006 12:48:38 PM 5143456 C:\WINNT\SYSTEM32\MRT.exe (Microsoft Corporation)
WinShutDown 15/09/2006 12:54:00 AM R S 235832 C:\WINNT\SYSTEM32\n8n6li5s18.dll ()
Umonitor 12/01/2005 12:39:46 PM 531216 C:\WINNT\SYSTEM32\RASDLG.DLL (Microsoft Corporation)
WinShutDown 15/09/2006 12:19:08 AM R S 233826 C:\WINNT\SYSTEM32\rxched20.dll ()
winsync 08/05/2001 5:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu ()
Checking %System%\Drivers folder and sub-folders...
UPX! 08/08/2006 5:59:30 PM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 08/08/2006 5:59:30 PM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 08/08/2006 5:59:30 PM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 08/08/2006 5:59:30 PM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
15/09/2006 3:01:40 PM H 464472 C:\WINNT\ShellIconCache ()
15/09/2006 8:12:54 PM S 64 C:\WINNT\CSC\00000001 ()
12/09/2006 12:15:46 AM S 64 C:\WINNT\CSC\00000002 ()
11/09/2006 7:09:04 PM S 64 C:\WINNT\CSC\csc1.tmp ()
13/09/2006 9:15:32 PM HS 159232 C:\WINNT\system32\.exe ()
15/09/2006 12:54:00 AM R S 234174 C:\WINNT\system32\iGshlpr.dll ()
15/09/2006 12:54:00 AM R S 235832 C:\WINNT\system32\n8n6li5s18.dll ()
15/09/2006 12:19:08 AM R S 233826 C:\WINNT\system32\rxched20.dll ()
13/09/2006 9:15:32 PM HS 159232 C:\WINNT\system32\wgareg.exe ()
15/09/2006 8:08:06 PM H 1024 C:\WINNT\system32\config\default.LOG ()
15/09/2006 8:15:08 PM H 1024 C:\WINNT\system32\config\SAM.LOG ()
15/09/2006 8:13:14 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG ()
15/09/2006 8:36:10 PM H 1024 C:\WINNT\system32\config\software.LOG ()
15/09/2006 2:39:10 PM RHS 21500 C:\WINNT\system32\dllcache\msvps.exe ()
11/09/2006 12:19:00 PM RHS 25664 C:\WINNT\system32\dllcache\mswincom32.exe ()
15/09/2006 8:12:56 PM H 6 C:\WINNT\Tasks\SA.DAT ()
Checking for CPL files...
08/05/2001 5:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl (Microsoft Corporation)
19/06/2003 12:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl (Microsoft Corporation)
19/06/2003 12:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL (Microsoft Corporation)
08/05/2001 5:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
29/08/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
08/05/2001 5:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl (Microsoft Corporation)
08/05/2001 5:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl (Microsoft Corporation)
30/10/2001 8:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl (Microsoft Corporation)
26/07/2006 3:03:14 AM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
08/05/2001 5:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl (Microsoft Corporation)
08/05/2001 5:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl (Microsoft Corporation)
08/05/2001 5:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl (Microsoft Corporation)
08/05/2001 5:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl (Microsoft Corporation)
27/03/2001 12:14:00 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
19/06/2003 12:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl (Microsoft Corporation)
19/06/2003 12:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl (Microsoft Corporation)
19/06/2003 12:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL (Microsoft Corporation)
08/05/2001 5:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl (Microsoft Corporation)
08/05/2001 5:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl (Microsoft Corporation)
26/05/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
29/08/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
23/09/1999 6:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl (IBM Corporation)
08/05/2001 5:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
27/03/2001 12:14:00 PM 41232 C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
26/05/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{02BCC737-B171-4746-94C9-0D8A0B2C0089} - Microsoft Office Template and Media Control - CodeBase =
http://office.micros...tes/ieawsdc.cab{0D62A517-E7C6-4E1F-A577-07D4AC549A48} - Progetto1.int_ver32 - CodeBase =
http://advnt01.com/d.../int_ver32n.CAB{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase =
http://spaces.msn.co...ad/MsnPUpld.cab{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase =
http://update.micros...b?1127002788515{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_08 - CodeBase =
http://java.sun.com/...indows-i586.cab{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase =
http://acs.pandasoft...free/asinst.cab{9F1C11AA-197B-4942-BA54-47A8489BB47F} - Update Class - CodeBase =
http://v4.windowsupd...8972.8273032407{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase =
http://messenger.msn...pDownloader.cab{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - Java Plug-in 1.5.0_01 - CodeBase =
http://java.sun.com/...indows-i586.cab{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase =
http://java.sun.com/...indows-i586.cab{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase =
http://java.sun.com/...indows-i586.cab{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase =
http://java.sun.com/...indows-i586.cab{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase =
http://fpdownload.ma...ash/swflash.cabDirectAnimation Java Classes - - CodeBase = file://C:\WINNT\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINNT\Java\classes\xmldso.cab
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
15/04/2006 5:10:02 PM 799 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ()
15/04/2006 5:10:02 PM 1568 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
01/04/2006 3:56:56 PM 1359 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()
Checking files in %USERPROFILE%\Startup folder...
15/09/2006 2:33:50 PM 509 C:\Documents and Settings\Felipe .GLOBAL\Start Menu\Programs\Startup\TA_Start.lnk ()
15/09/2006 8:06:46 PM 551 C:\Documents and Settings\Felipe .GLOBAL\Start Menu\Programs\Startup\Think-Adz.lnk ()
15/09/2006 8:07:42 PM 551 C:\Documents and Settings\Felipe .GLOBAL\Start Menu\Programs\Startup\Webshots.lnk ()
Checking files in %USERPROFILE%\Application Data folder...
11/07/2006 11:31:58 PM 9363 C:\Documents and Settings\Felipe .GLOBAL\Application Data\Comma Separated Values (Windows).EML ()
18/07/2006 8:12:34 PM 122 C:\Documents and Settings\Felipe .GLOBAL\Application Data\iScrobbler.ini ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://www.microsoft...p...ER}&ar=home \\Search Page -
http://searchbar.fin...siteyouneed.com \\Default_Page_URL -
http://www.microsoft...p...&ar=msnhome \\Default_Search_URL -
http://www.microsoft...amp;ar=iesearch \\Local Page - %SystemRoot%\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://www.findthewebsiteyouneed.com \\Search Bar -
http://searchbar.fin...siteyouneed.com \\Search Page -
http://searchbar.fin...siteyouneed.com \\Default_Search_URL -
http://searchbar.fin...siteyouneed.com \\Local Page - C:\WINNT\System32\blank.htm
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch -
http://ie.search.msn...st/srchcust.htm \\SearchAssistant -
http://searchbar.fin...siteyouneed.com[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{2E608F70-C430-4BC5-96F6-608E02EBA5B2} - = ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8195
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINNT\System32\hticons.dll (Hilgraeve, Inc.)
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL ()
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager - C:\WINNT\SYSTEM32\mobsync.exe (Microsoft Corporation)
LoadQM - C:\WINNT\loadqm.exe (Microsoft Corporation)
NeroCheck - C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
IntelliType - C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
ATIModeChange - C:\WINNT\SYSTEM32\Ati2mdxx.exe (ATI Technologies, Inc.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe (Sun Microsystems, Inc.)
Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
WinampAgent - C:\Program Files\Winamp\winampa.exe ()
RemoteControl - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
Microsoft Windows Communicator for NT/XP - 11514_netapi.exe ()
{CA-AC-C2-2C-ZN} - C:\winnt\system32\ondsregl.exe ()
PVModule - C:\PROGRA~1\PRINTV~1\pvmodule.exe ()
RegistryMechanic - Reg Data missing or invalid ()
akkpsatA - C:\WINNT\akkpsatA.exe (System Service)
!ewido - C:\Program Files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)
ExploreUpdSched - C:\WINNT\system32\lwinopex.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
stonedrv - c:\winnt\system32\stonedrv.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
internat.exe - C:\WINNT\SYSTEM32\internat.exe (Microsoft Corporation)
fukr - C:\PROGRA~1\COMMON~1\fukr\fukrm.exe ()
Start WingMan Profiler - Reg Data missing or invalid ()
stonedrv - c:\winnt\system32\stonedrv.exe ()
Microsoft Windows Communicator for NT/XP - 11514_netapi.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Felipe .GLOBAL\Start Menu\Programs\Startup\TA_Start.lnk - C:\WINNT\system32\dwdsregt.exe ()
C:\Documents and Settings\Felipe .GLOBAL\Start Menu\Programs\Startup\Think-Adz.lnk - C:\WINNT\system32\lwinopex.exe ()
C:\Documents and Settings\Felipe .GLOBAL\Start Menu\Programs\Startup\Webshots.lnk - C:\Program Files\Webshots\Launcher.exe ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL = ()
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINNT\system32\userinit.exe,11514_netapi.exe
\\Shell = explorer.exe
\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\wzcnotif - wzcdlg.dll = (Microsoft Corporation)
>>> DNS Name Servers <<<
{C6984616-148F-4080-89D7-92BF5CD7B627} - (NVIDIA nForce MCP Networking Controller)
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\rnr20.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
\vnd.ms.radio - C:\WINNT\System32\msdxm.ocx ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
>>> Selected AddOn's <<<
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Thnaks again!
Cheers
Felipe