bsod stop 0x00000005

My bad, should have explained checking file properties, but it's moot cause ya didn't find the file!!

Doing some more looking around, be back later on tonite likely.

 

Any luck guys? I'm still getting bsod.

 

Hi, timeoutgang.

I think TeMerc meant he wanted you to do the following:

• Click Start > All Programs > Accessories > Windows Explorer
• Navigate to C:\WINDOWS\system32\drivers\usbkbd.sys
• Right-click on the usbkbd.sys filename and select "Properties ".
• Write down the information under the "General ", "Version ", and "Summary" tabs in the "usbkbd.sys Properties" window.
  Under the "Version" tab, you can click on each of the items under "Item Name:" in the "Other version information" section to see additional details about the file.

EDIT: If you still cannot find the C:\WINDOWS\system32\drivers\usbkbd.sys file via the method above, then perhaps posting another DebugWiz crash dump analysis for your latest BSOD(s) (since the time you finished your malware cleaning) will help.

If TeMerc confirms your system still appears to be free of malware, then perhaps starting a new thread in the Windows XP forum with your new BSOD dump information would be more appropriate than posting that info in this thread. (I don't know if Bill Castner frequents the Removing Spyware & Viruses forum and he understands BSOD dump data pretty darn well. )

 

Apologies timeoutgang this one kinda got backtracked.

I have not found anything that would give me any real conclusive info on how to fix this problem.

We can run some more malware related tools to see if anything is lurking to try and rule out infections.

Please download SilentRunners from here

Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

Please post the entire contents of this logfile created back into this thread for me to see.

====================================

Download combofix.exe

• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


==================================

Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.

• Open the folder and double-click on winpfind2.exe to start the program.
• Keep the standard settings and then in the AddOn-Options box click the checkbox for
  • HKCU_IEDesktop.def
  • Policies.def
  to select it.
• Under File Options click Select All
• Under Other Options put a check to both Show All boxes
• Please maximize the window in order to be able to view the Status Bar.
• Now click the Run All Scans button on the toolbar.
• When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.

 

Mailman, thanks for your support. Tried what you suggested, couldn't find the file? I'm going to do what TeMerc suggested next, but, please feel free to add your comments, because I haven't a clue!!!!!!!!

 

Can't post all 3 logs at once. I'll post them all seperately:-
"Silent Runners.vbs ", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = " "C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = " "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = " "nwiz.exe" /installquiet" [ "NVIDIA Corporation"]
"IntelWireless" = " "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" [ "Intel Corporation"]
"Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [empty string]
"Apoint" = " "C:\Program Files\Apoint\Apoint.exe" " [ "Alps Electric Co., Ltd."]
"ISUSPM Startup" = " "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup" [ "InstallShield Software Corporation"]
"ISUSScheduler" = " "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" [ "InstallShield Software Corporation"]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" [ "Sonic Solutions"]
"SunJavaUpdateSched" = " "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" " [ "Sun Microsystems, Inc."]
"Windows Defender" = " "C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"AVG7_CC" = " "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP" [ "GRISOFT, s.r.o."]
"WinPatrol" = "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [ "BillP Studios"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k "
"QuickTime Task" = " "C:\Program Files\QuickTime\qttask.exe" -atboottime" [ "Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
{089FD14D-132B-48FC-8861-0048AE113215}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\SiteAdvisor\4144\SiteAdv.dll" [ "McAfee, Inc."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" [ "Safer Networking Limited"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*[" (unwritable string)
-> {HKLM...CLSID} = "DriveLetterAccess "
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" [ "Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class "
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" [ "Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" [ "Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class "
-> {HKLM...CLSID} = "DesktopContext Class "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" [ "NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper "
-> {HKLM...CLSID} = "NVIDIA CPL Extension "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" [ "NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer "
-> {HKLM...CLSID} = "Desktop Explorer "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" [ "NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" [ "NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu "
-> {HKLM...CLSID} = "nView Desktop Context Menu "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" [ "NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler "
-> {HKLM...CLSID} = "Outlook File Icon Extension "
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu "
-> {HKLM...CLSID} = "Portable Media Devices Menu "
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess "
-> {HKLM...CLSID} = "DriveLetterAccess "
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" [ "Sonic Solutions"]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL "
-> {HKLM...CLSID} = "SmartFTP Shell Extension DLL "
\InProcServer32\(Default) = "C:\Program Files\SmartFTP Client 2.0\smarthook.dll" [file not found]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" [ "GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension "
-> {HKLM...CLSID} = "AVG7 Find Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" [ "GRISOFT, s.r.o."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders "
-> {HKLM...CLSID} = "My Sharing Folders "
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook "
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook "
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> IntelWireless\DLLName = "C:\Program Files\Intel\Wireless\Bin\LgNotify.dll" [ "Intel Corporation"]
<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> application/x-internet-signup\CLSID = "{A173B69A-1F9B-4823-9FDA-412F641E65D6} "
-> {HKLM...CLSID} = "INSMimeFilterPP Class "
\InProcServer32\(Default) = "C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" [ "GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" [ "GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoFolderOptions" = (REG_DWORD) hex:0x00000000
{Removes the Folder Options menu item from the Tools menu}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp "


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\avgfwafu.dll [ "GRISOFT, s.r.o."], 01 - 05
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 35
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" = "McAfee SiteAdvisor "
-> {HKLM...CLSID} = "McAfee SiteAdvisor "
\InProcServer32\(Default) = "C:\Program Files\SiteAdvisor\4144\SiteAdv.dll" [ "McAfee, Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console "
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} "
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09 "
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" [ "Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09 "
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" [ "Sun Microsystems, Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8 "
"Exec" = "%windir%\bdoscandel.exe" [null data]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger "
"MenuText" = "Windows Messenger "
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings ")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Firewall, AVGFwSrv, "C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys" [ "GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" [ "GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" [ "GRISOFT, s.r.o."]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" { "C:\WINDOWS\System32\bthserv.dll" [MS]}
EvtEng, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" [ "Intel Corporation"]
NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" [ "Dell Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" [ "NVIDIA Corporation"]
RegSrvc, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" [ "Intel Corporation"]
SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data]
Spectrum24 Event Monitor, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" [ "Intel Corporation "]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [ "Symantec Corporation"]
Windows Defender Service, WinDefend, " "C:\Program Files\Windows Defender\MsMpEng.exe" " [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WLANKEEPER, WLANKEEPER, "C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe" [ "Intel® Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 24 seconds, including 4 seconds for message boxes)

 

Next one:-
Dafydd - 06-11-26 9:51:02.90 Service Pack 2
ComboFix 06.11.26 - Running from: "C:\Documents and Settings\Dafydd\Desktop "

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\paytime.exe
C:\country.exe
C:\kl1.exe
C:\ms1.exe
C:\toolbar.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-26 to 2006-11-26 ))))))))))))))))))))))))))))))))))


2006-11-20 18:50 <DIR> d-------- C:\Program Files\Emission
2006-11-19 03:14 <DIR> d-------- C:\69a471539b98660353ca
2006-11-16 19:14 <DIR> d-------- C:\Program Files\SiteAdvisor
2006-11-16 19:14 <DIR> d-------- C:\Documents and Settings\Dafydd\Application Data\SiteAdvisor
2006-11-16 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2006-11-16 19:09 <DIR> d-------- C:\Documents and Settings\Dafydd\Application Data\WinPatrol
2006-11-16 19:08 <DIR> d-------- C:\Program Files\BillP Studios
2006-11-16 18:38 <DIR> d-------- C:\ie-spyad
2006-11-16 17:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-11-15 17:01 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-11-12 02:33 <DIR> d-------- C:\WINDOWS\system32\XMLEXT
2006-11-12 02:26 <DIR> d--h----- C:\WINDOWS\system32\CTF
2006-11-12 02:20 <DIR> d-------- C:\Program Files\WinZip
2006-11-12 02:04 <DIR> d-------- C:\Program Files\ExpressZIP
2006-11-12 01:49 <DIR> d-------- C:\Program Files\Sync Manager Demo
2006-11-10 10:05 <DIR> d-------- C:\HJT
2006-11-08 00:35 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-08 00:33 <DIR> d-------- C:\Documents and Settings\Dafydd\.housecall6.6
2006-11-06 22:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-05 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-11-04 19:12 197,120 --a------ C:\WINDOWS\patchw32.dll
2006-11-04 19:12 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2006-11-04 19:07 <DIR> d-------- C:\Program Files\Atari
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 22:44 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-02 21:20 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-11-02 21:20 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-11-02 20:53 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2006-11-02 20:37 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-02 20:37 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-02 20:37 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-02 20:37 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-02 20:37 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-02 20:37 <DIR> d-------- C:\Program Files\Grisoft
2006-11-02 20:37 <DIR> d-------- C:\Documents and Settings\Dafydd\Application Data\AVG7
2006-11-02 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-02 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-10-31 19:00 <DIR> d-------- C:\WINDOWS\BDOSCAN8


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-25 00:54 -------- d-------- C:\Program Files\LimeWire
2006-11-20 23:05 -------- d---s---- C:\Documents and Settings\Dafydd\Application Data\Microsoft
2006-11-19 17:38 -------- d-------- C:\Program Files\Adobe
2006-11-19 17:38 -------- d-------- C:\Documents and Settings\Dafydd\Application Data\AdobeUM
2006-11-19 03:11 -------- d-------- C:\Program Files\Internet Explorer
2006-11-18 19:09 -------- d-------- C:\Program Files\MSN Messenger
2006-11-18 19:05 -------- d-------- C:\Program Files\ArtMoney
2006-11-18 15:08 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-18 14:23 -------- d-------- C:\Documents and Settings\Dafydd\Application Data\Lavasoft
2006-11-14 22:10 -------- d-------- C:\Program Files\BitLord
2006-11-14 17:03 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-13 20:21 -------- d-------- C:\Program Files\ShortKeys2
2006-11-12 02:13 139264 --a------ C:\WINDOWS\msfont.exe
2006-11-12 02:12 6408 --a------ C:\WINDOWS\slog.dll
2006-11-12 02:08 285696 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-11 23:56 -------- d-------- C:\Program Files\Accessories
2006-11-10 10:58 -------- d-------- C:\Program Files\tvants
2006-11-09 19:47 -------- d-------- C:\Program Files\McAfee.com
2006-11-09 19:47 -------- d-------- C:\Program Files\McAfee
2006-11-09 19:47 -------- d-------- C:\Program Files\Common Files
2006-11-08 21:04 -------- d-------- C:\Program Files\Windows Defender
2006-11-08 20:59 -------- d-------- C:\Program Files\QuickTime
2006-11-08 20:44 -------- d-------- C:\Program Files\Apoint
2006-11-05 14:53 -------- d-------- C:\Program Files\Dell
2006-11-05 14:49 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-05 14:48 -------- d-------- C:\Program Files\Common Files\aolshare
2006-11-04 20:34 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-04 19:16 -------- d-------- C:\Documents and Settings\Dafydd\Application Data\Atari
2006-10-31 19:57 -------- d-------- C:\Program Files\TND
2006-10-30 10:00 -------- d-------- C:\Program Files\Debugging Tools for Windows
2006-10-28 14:33 -------- d-------- C:\Program Files\Java
2006-10-20 17:58 -------- d-------- C:\Documents and Settings\Dafydd\Application Data\McAfee.com Personal Firewall
2006-10-15 18:42 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-15 18:41 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-15 17:54 -------- d-------- C:\Program Files\Retina-X Studios
2006-10-13 20:51 -------- d-------- C:\Program Files\Spytector
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-10 21:09 -------- d-------- C:\Program Files\Windows Media Player
2006-10-10 21:09 -------- d-------- C:\Program Files\StreamerOne
2006-10-10 21:09 -------- d-------- C:\Program Files\PPLive TV
2006-10-10 21:09 -------- d-------- C:\Program Files\NetMeeting
2006-10-10 21:09 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-07 21:44 20 --a------ C:\WINDOWS\rem.bat
2006-10-02 21:09 -------- d-------- C:\Program Files\IVT Corporation
2006-09-29 21:34 -------- d-------- C:\Program Files\PCS-242
2006-09-26 19:30 163 --a------ C:\obgakx.bat
2006-09-26 19:30 163 --a------ C:\fncbde.bat
2006-09-26 19:29 163 --a------ C:\ixrnbm.bat
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon "= "\ "RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "\ "nwiz.exe\" /installquiet "
"IntelWireless "= "\ "C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless "
"Dell QuickSet "= "C:\\Program Files\\Dell\\QuickSet\\quickset.exe "
"Apoint "= "\ "C:\\Program Files\\Apoint\\Apoint.exe\" "
"ISUSPM Startup "= "\ "C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup "
"ISUSScheduler "= "\ "C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start "
"dla "= "C:\\WINDOWS\\system32\\dla\\tfswctrl.exe "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\" "
"Windows Defender "= "\ "C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide "
"AVG7_CC "= "\ "C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" /STARTUP "
"WinPatrol "= "C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe "
"KernelFaultCheck "=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\system32\\CTFMON.EXE "
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE "

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator "= "Narrator.exe "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\system32\\CTFMON.EXE "
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator "= "Narrator.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "= "Microsoft AntiMalware ShellExecuteHook "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"NoFolderOptions "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061115-210048-608
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20061115-210048-222
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\svchost.exe
backup-20061111-194242-196
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20061111-194242-967
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20061110-104340-985
O20 - Winlogon Notify: explorer - explorer.dll (file missing)
backup-20061110-104340-883
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
backup-20061110-104340-519
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
backup-20061110-104340-786
O4 - HKLM\..\Run: [winlogons.exe] C:\Program Files\Free KGB Key Logger\winlogons.exe
backup-20061110-104340-708
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
backup-20061110-104340-697
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
backup-20061110-104340-790
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
backup-20061110-104340-487
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-26 9:52:51.31
C:\ComboFix.txt ... 06-11-26 09:52

 

Last one is too big. I'll have to use 3 posts for this one:-
Logfile created on: 26/11/2006 10:08:13
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\Dafydd\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< All Processes >
\systemroot\system32\smss.exe - (Microsoft Corporation )
\??\c:\windows\system32\csrss.exe - (Microsoft Corporation )
\??\c:\windows\system32\winlogon.exe - (Microsoft Corporation )
c:\windows\system32\services.exe - (Microsoft Corporation )
c:\windows\system32\lsass.exe - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] - (Microsoft Corporation )
(DcomLaunch) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] - (Microsoft Corporation )
(RpcSs) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
c:\program files\windows defender\msmpeng.exe - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation )
(AppMgmt) C:\WINDOWS\System32\appmgmts.dll - (File not found))
(AudioSrv) C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation )
(BITS) C:\WINDOWS\system32\qmgr.dll - (Microsoft Corporation )
(Browser) C:\WINDOWS\System32\browser.dll - (Microsoft Corporation )
(CryptSvc) C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation )
(Dhcp) C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation )
(dmserver) C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp. )
(ERSvc) C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation )
(EventSystem) C:\WINDOWS\system32\es.dll - (Microsoft Corporation )
(FastUserSwitchingCompatibility) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(helpsvc) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (File not found))
(HidServ) C:\WINDOWS\System32\hidserv.dll - (Microsoft Corporation )
(lanmanserver) C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation )
(lanmanworkstation) C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation )
(Messenger) C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation )
(Netman) C:\WINDOWS\System32\netman.dll - (Microsoft Corporation )
(Nla) C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation )
(NtmsSvc) C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation )
(RasAuto) C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation )
(RasMan) C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation )
(RemoteAccess) C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation )
(Schedule) C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation )
(seclogon) C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation )
(SENS) C:\WINDOWS\system32\sens.dll - (Microsoft Corporation )
(SharedAccess) C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation )
(ShellHWDetection) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(srservice) C:\WINDOWS\system32\srsvc.dll - (Microsoft Corporation )
(TapiSrv) C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation )
(Themes) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(TrkWks) C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation )
(w32time) C:\WINDOWS\system32\w32time.dll - (Microsoft Corporation )
(winmgmt) C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation )
(WmdmPmSN) C:\WINDOWS\system32\MsPMSNSv.dll - (Microsoft Corporation )
(wscsvc) C:\WINDOWS\system32\wscsvc.dll - (Microsoft Corporation )
(wuauserv) C:\WINDOWS\system32\wuauserv.dll - (Microsoft Corporation )
(WZCSVC) C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation )
(xmlprov) C:\WINDOWS\System32\xmlprov.dll - (Microsoft Corporation )
c:\program files\intel\wireless\bin\evteng.exe - (Intel Corporation )
c:\program files\intel\wireless\bin\s24evmon.exe - (Intel Corporation )
c:\program files\intel\wireless\bin\zcfgsvc.exe - (Intel Corporation )
c:\program files\intel\wireless\bin\wlkeeper.exe - (Intel® Corporation )
c:\windows\explorer.exe - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] - (Microsoft Corporation )
(Alerter) C:\WINDOWS\system32\alrsvc.dll - (Microsoft Corporation )
(LmHosts) C:\WINDOWS\System32\lmhsvc.dll - (Microsoft Corporation )
(SSDPSRV) C:\WINDOWS\System32\ssdpsrv.dll - (Microsoft Corporation )
(upnphost) C:\WINDOWS\System32\upnphost.dll - (Microsoft Corporation )
(WebClient) C:\WINDOWS\System32\webclnt.dll - (Microsoft Corporation )
c:\windows\system32\spoolsv.exe - (Microsoft Corporation )
c:\progra~1\grisoft\avg7\avgamsvr.exe - (GRISOFT, s.r.o. )
c:\progra~1\grisoft\avg7\avgupsvc.exe - (GRISOFT, s.r.o. )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K BTHSVCS] - (Microsoft Corporation )
(BthServ) C:\WINDOWS\System32\bthserv.dll - (Microsoft Corporation )
c:\program files\dell\nicconfigsvc\nicconfigsvc.exe - (Dell Inc. )
c:\windows\system32\nvsvc32.exe - (NVIDIA Corporation )
c:\program files\intel\wireless\bin\regsrvc.exe - (Intel Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] - (Microsoft Corporation )
(stisvc) C:\WINDOWS\system32\wiaservc.dll - (Microsoft Corporation )
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe - (Symantec Corporation )
c:\windows\system32\wdfmgr.exe - (Microsoft Corporation )
c:\windows\system32\uaservice7.exe - ( )
c:\progra~1\grisoft\avg7\avgfwsrv.exe - (GRISOFT, s.r.o. )
c:\windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation )
c:\progra~1\intel\wireless\bin\1xconfig.exe - (Intel )
c:\windows\system32\alg.exe - (Microsoft Corporation )
c:\program files\intel\wireless\bin\ifrmewrk.exe - (Intel Corporation )
c:\program files\dell\quickset\quickset.exe - ( )
c:\program files\apoint\apoint.exe - (Alps Electric Co., Ltd. )
c:\program files\common files\installshield\updateservice\issch.exe - (InstallShield Software Corporation )
c:\windows\system32\dla\tfswctrl.exe - (Sonic Solutions )
c:\program files\java\jre1.5.0_09\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\windows defender\msascui.exe - (Microsoft Corporation )
c:\progra~1\grisoft\avg7\avgcc.exe - (GRISOFT, s.r.o. )
c:\program files\billp studios\winpatrol\winpatrol.exe - (BillP Studios )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\program files\apoint\apntex.exe - (Alps Electric Co., Ltd. )
c:\program files\internet explorer\iexplore.exe - (Microsoft Corporation )
c:\program files\siteadvisor\4144\siteadv.exe - (McAfee, Inc. )
c:\windows\system32\wuauclt.exe - (Microsoft Corporation )
c:\program files\windows defender\mpcmdrun.exe - (Microsoft Corporation )
c:\windows\system32\notepad.exe - (Microsoft Corporation )
c:\windows\system32\notepad.exe - (Microsoft Corporation )
c:\documents and settings\dafydd\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.msn.com
HKLM->Main\\Search Page -
HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU->Main\\Local Page - C:\WINDOWS\SYSTEM32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Data - Key not found = Reg Data - Key not found (File not found)
HKCU->Internet Settings\\ProxyEnable - 0

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{089FD14D-132B-48FC-8861-0048AE113215} - Reg Data - Value does not exist = C:\Program Files\SiteAdvisor\4144\SiteAdv.dll (McAfee, Inc. )
{53707962-6F74-2D53-2644-206D7942484F} - = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited )
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor = C:\Program Files\SiteAdvisor\4144\SiteAdv.dll (McAfee, Inc. )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found = Reg Data - Key not found (File not found)

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Sun Java Console
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8196 - Reg Data - Key not found
{85d1f590-48f4-11d9-9669-0800200c9a66} - 8197 - Uninstall BitDefender Online Scanner v8
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 - Reg Data - Value does not exist
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 - Windows Messenger
NextId - 8198

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc. )
{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = Reg Data - Key not found (File not found)
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - MenuText: Reg Data - Value does not exist = Reg Data - Key not found (File not found)
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
&Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm594YYGB (File not found)
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 (Microsoft Corporation )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data - Key not found (File not found)
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data - Key not found (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation )
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation )
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation )
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{B8323370-FF27-11D2-97B6-204C4F4F5020} - SmartFTP Shell Extension DLL = C:\Program Files\SmartFTP Client 2.0\smarthook.dll (File not found)
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = Reg Data - Key not found (File not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
Directory\Background - 00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation )
Directory\Background - NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )
Folder - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\Apoint - "C:\Program Files\Apoint\Apoint.exe" (Alps Electric Co., Ltd. )
HKLM->Run\\AVG7_CC - "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP (GRISOFT, s.r.o. )
HKLM->Run\\Dell QuickSet - C:\Program Files\Dell\QuickSet\quickset.exe ( )
HKLM->Run\\dla - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions )
HKLM->Run\\IntelWireless - "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation )
HKLM->Run\\ISUSPM Startup - "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup (InstallShield Software Corporation )
HKLM->Run\\ISUSScheduler - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation )
HKLM->Run\\KernelFaultCheck - %systemroot%\system32\dumprep 0 -k (File not found)
HKLM->Run\\NvCplDaemon - "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (Microsoft Corporation )
HKLM->Run\\nwiz - "nwiz.exe" /installquiet (NVIDIA Corporation )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" (Sun Microsystems, Inc. )
HKLM->Run\\Windows Defender - "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation )
HKLM->Run\\WinPatrol - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\msnmsgr - "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found)

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WIFD1F~1\MpShHook.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]
SV1 -

 

Second one:-
[>> Winlogon <<]
HMLM->AltDefaultDomainName - D67TGY1J
HMLM->AltDefaultUserName - Dafydd
HMLM->AutoAdminLogon - Reg Data - Value does not exist
HMLM->DefaultDomainName - D67TGY1J
HMLM->DefaultUserName - Dafydd
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )
Notify\WRNotifier - WRLogonNTF.dll (File not found)

[>> DNS Name Servers <<]
{0663BC06-F7EA-4012-9E76-0781BADE41B4} - (Broadcom 440x 10/100 Integrated Controller)
{149D67C3-1576-446C-BA92-ECF5934C9B3C} - (Intel(R) PRO/Wireless 2200BG Network Connection)
{216FB4DF-AE69-4E4A-B612-E45099A16A00} - ()
{4AE4B349-379F-45C6-A01A-13D60C022021} - ()
{7777FB44-8BB5-4404-BE57-03AA02E6715E} - (802.11g USB 2.0 adapter)
{9585A398-5F24-4DA5-9BBA-3C206AC9C7A0} - (802.11g USB 2.0 adapter)
{AD186E48-A098-4F96-89C0-D1EBCD8A113E} - (802.11g USB 2.0 adapter)
{CF8A9C19-8551-4141-BB64-220AE7E75585} - (802.11g USB 2.0 adapter)
{E8A40512-7E18-4482-B63D-EE941CA25756} - ()
{E90AC282-5088-4318-81EC-1B32F42BC6A7} - (1394 Net Adapter)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 (Network Location Awareness (NLA) Namespace) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000004 (Bluetooth Namespace) - %SystemRoot%\system32\wshbth.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - CC:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o. )
Protocol_Catalog9\Catalog_Entries\000000000002 - CC:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o. )
Protocol_Catalog9\Catalog_Entries\000000000003 - CC:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o. )
Protocol_Catalog9\Catalog_Entries\000000000004 - CC:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o. )
Protocol_Catalog9\Catalog_Entries\000000000005 - CC:\WINDOWS\system32\avgfwafu.dll (GRISOFT, s.r.o. )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)
siteadvisor - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll (McAfee, Inc. )

[>> Protocol Filters (Non-Microsoft only) <<]
application/x-internet-signup - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ( )

< All Services >
Application Layer Gateway Service (ALG) - C:\WINDOWS\System32\alg.exe (Microsoft Corporation ) [On Demand - Running - Win32, running in it's own process]
Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
AVG7 Alert Manager Server (Avg7Alrt) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG7 Update Service (Avg7UpdSvc) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG Firewall (AVGFwSrv) - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
Background Intelligent Transfer Service (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Computer Browser (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Bluetooth Support Service (BthServ) - C:\WINDOWS\system32\svchost.exe -k bthsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DHCP Client (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Event Log (Eventlog) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
COM+ Event System (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
EvtEng (EvtEng) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation ) [Automatic - Running - Win32, running in it's own process]
Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
HID Input Service (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Server (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Workstation (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
NICCONFIGSVC (NICCONFIGSVC) - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc. ) [Automatic - Running - Win32, running in it's own process]
Network Location Awareness (NLA) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation ) [Automatic - Running - Win32, running in it's own process]
Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
IPSEC Services (PolicyAgent) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Access Connection Manager (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
RegSrvc (RegSrvc) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation ) [Automatic - Running - Win32, running in it's own process]
Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Spectrum24 Event Monitor (S24EventMonitor) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) [Automatic - Running - Win32, running in it's own process]
Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
System Restore Service (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Symantec Core LC (Symantec Core LC) - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Themes (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
SecuROM User Access Service (V7) (UserAccess7) - C:\WINDOWS\system32\UAService7.exe ( ) [Automatic - Running - Win32, running in it's own process]
WebClient (WebClient) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows Defender Service (WinDefend) - "C:\Program Files\Windows Defender\MsMpEng.exe" (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
WLANKEEPER (WLANKEEPER) - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation ) [Automatic - Running - Win32, running in it's own process]
Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]

< Files >

%SystemDrive%

%ProgramFilesDir%

%WinDir%

%System%
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL - PTech (Microsoft Corporation [Ver = 1.5.0708.0 | Size = 1484592 bytes | Date = 07/08/2006 08:50:22 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.22.1632.0 | Size = 10474920 bytes | Date = 16/11/2006 05:20:40 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.22.1632.0 | Size = 10474920 bytes | Date = 16/11/2006 05:20:40 | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nvoglnt.dll - WSUD (NVIDIA Corporation [Ver = 6.14.10.7811 | Size = 5140480 bytes | Date = 07/07/2005 00:52:00 | Attr = ])
C:\WINDOWS\SYSTEM32\qutils.dll - UPX! ( [Ver = | Size = 14336 bytes | Date = 25/11/2005 13:45:42 | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\RRUUNN.002 - PEC2 ( [Ver = | Size = 670871 bytes | Date = 21/04/2006 13:04:30 | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 19/06/2006 15:19:26 | Attr = ])

%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - UPX! (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 02/11/2006 20:37:24 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - FSG! (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 02/11/2006 20:37:24 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - PEC2 (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 02/11/2006 20:37:24 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - aspack (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 02/11/2006 20:37:24 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys - PEC2 (IVT Corporation [Ver = 2.20 | Size = 82148 bytes | Date = 05/11/2004 10:39:08 | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 26/11/2006 09:33:14 | Attr = S])
C:\WINDOWS\system\actualspy.lnk - ( [Ver = | Size = 766 bytes | Date = 12/11/2006 01:47:20 | Attr = HS])
C:\WINDOWS\system32\23metsys.dat - ( [Ver = | Size = 8310 bytes | Date = 29/09/2006 22:39:42 | Attr = HS])
C:\WINDOWS\system32\access.ctl - ( [Ver = | Size = 6144 bytes | Date = 12/11/2006 02:04:44 | Attr = HS])
C:\WINDOWS\system32\sorP reggiR eciD.dat - ( [Ver = | Size = 2199 bytes | Date = 08/10/2006 19:42:42 | Attr = HS])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920213.cat - ( [Ver = | Size = 10965 bytes | Date = 16/10/2006 15:35:46 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923980.cat - ( [Ver = | Size = 10965 bytes | Date = 13/10/2006 12:55:52 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924270.cat - ( [Ver = | Size = 10259 bytes | Date = 13/10/2006 13:33:10 | Attr = S])
C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 26/11/2006 09:53:04 | Attr = H ])
C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 26/11/2006 09:33:18 | Attr = H ])
C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 26/11/2006 09:43:38 | Attr = H ])
C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 26/11/2006 09:57:38 | Attr = H ])
C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 26/11/2006 09:53:04 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG - ( [Ver = | Size = 1024 bytes | Date = 19/11/2006 03:13:34 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 - ( [Ver = | Size = 18 bytes | Date = 05/11/2006 15:22:02 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 - ( [Ver = | Size = 341 bytes | Date = 18/11/2006 19:09:42 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 - ( [Ver = | Size = 413 bytes | Date = 18/11/2006 19:09:42 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 - ( [Ver = | Size = 574 bytes | Date = 18/11/2006 19:09:40 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 - ( [Ver = | Size = 21083 bytes | Date = 05/11/2006 15:22:02 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD - ( [Ver = | Size = 558 bytes | Date = 19/11/2006 03:14:30 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 - ( [Ver = | Size = 216 bytes | Date = 05/11/2006 15:22:02 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 - ( [Ver = | Size = 126 bytes | Date = 18/11/2006 19:09:42 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 - ( [Ver = | Size = 98 bytes | Date = 18/11/2006 19:09:42 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 - ( [Ver = | Size = 136 bytes | Date = 18/11/2006 19:09:40 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 - ( [Ver = | Size = 216 bytes | Date = 05/11/2006 15:22:02 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD - ( [Ver = | Size = 146 bytes | Date = 19/11/2006 03:14:30 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - ( [Ver = | Size = 1024 bytes | Date = 26/11/2006 09:55:10 | Attr = H ])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\79cd8aa3-a115-48fa-b33e-42d89b93865a - ( [Ver = | Size = 388 bytes | Date = 02/11/2006 19:00:56 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 02/11/2006 19:00:56 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4f32a04c-9693-41cb-958e-20e1ae772696 - ( [Ver = | Size = 388 bytes | Date = 25/11/2006 19:10:28 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred - ( [Ver = | Size = 24 bytes | Date = 25/11/2006 19:10:28 | Attr = HS])
C:\WINDOWS\Tasks\MP Scheduled Scan.job - ( [Ver = | Size = 330 bytes | Date = 26/11/2006 09:55:04 | Attr = H ])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 26/11/2006 09:33:20 | Attr = H ])

 

Last one (I hope!):-

CPL files
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\BACSCPL.cpl - ( [Ver = 7, 6, 10, 0 | Size = 24576 bytes | Date = 18/08/2004 12:28:00 | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\ISUSPM.cpl - (InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 73728 bytes | Date = 27/07/2004 16:50:48 | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49265 bytes | Date = 12/10/2006 02:10:54 | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\NicConfigSvc.Cpl - (Dell Inc. [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Date = 10/11/2004 12:51:26 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nvtuicpl.cpl - (NVIDIA Corporation [Ver = 6.14.10.10528 | Size = 73728 bytes | Date = 07/07/2005 00:52:00 | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\STAC97.cpl - (SigmaTel Inc. [Ver = 1, 0, 0, 12 | Size = 102481 bytes | Date = 20/07/2004 15:14:06 | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 26/05/2005 04:16:30 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl - (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp_sp2_rtm.040803-2158) | Size = 155648 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 04/08/2004 05:00:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 26/05/2005 04:16:30 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl - (Socket Communications Inc. [Ver = 1, 0, 1, 7 | Size = 73728 bytes | Date = 20/01/2005 02:11:46 | Attr = R ])

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 10/08/2004 13:04:12 | Attr = HS])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Dafydd\Start Menu\Programs\Startup
C:\Documents and Settings\Dafydd\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 10/08/2004 13:04:12 | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 2 - [Rename]
Wininit.ini: Line 3 - NUL=
Wininit.ini: Line 4 - NUL=
Wininit.ini: Line 5 - NUL=
Wininit.ini: Line 6 - NUL=
Wininit.ini: Line 7 - NUL=
Wininit.ini: Line 8 - NUL=
Wininit.ini: Line 9 - NUL=
Wininit.ini: Line 10 - NUL=
Wininit.ini: Line 11 - NUL=
Wininit.ini: Line 12 - NUL=
Wininit.ini: Line 13 - NUL=
Wininit.ini: Line 14 - NUL=
Wininit.ini: Line 15 - NUL=
Wininit.ini: Line 16 - NUL=
Wininit.ini: Line 17 - NUL=
Wininit.ini: Line 18 - NUL=
Wininit.ini: Line 19 - NUL=
Wininit.ini: Line 20 - NUL=
Wininit.ini: Line 21 - NUL=
Wininit.ini: Line 22 - NUL=
Wininit.ini: Line 23 - NUL=
Wininit.ini: Line 24 - NUL=
Wininit.ini: Line 25 - NUL=
Wininit.ini: Line 26 - NUL=
Wininit.ini: Line 27 - NUL=
Wininit.ini: Line 28 - NUL=
Wininit.ini: Line 29 - NUL=
Wininit.ini: Line 30 - NUL=
Wininit.ini: Line 31 - NUL=
Wininit.ini: Line 32 - NUL=
Wininit.ini: Line 33 - NUL=
Wininit.ini: Line 34 - NUL=
Wininit.ini: Line 35 - NUL=
Wininit.ini: Line 36 - NUL=
Wininit.ini: Line 37 - NUL=
Wininit.ini: Line 38 - NUL=
Wininit.ini: Line 39 - NUL=
Wininit.ini: Line 40 - NUL=
Wininit.ini: Line 41 - NUL=
Wininit.ini: Line 42 - NUL=
Wininit.ini: Line 43 - NUL=
Wininit.ini: Line 44 - NUL=
Wininit.ini: Line 45 - NUL=C:\DOCUME~1\Dafydd\LOCALS~1\Temp\VIES3170
Config.nt: Line 54 - dos=high, umb
Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys
Config.nt: Line 56 - files=40
AutoExec.nt: Line 1 - @echo off
AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe
AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir
AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx
AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 10/08/2004 12:57:42 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare - ( [Ver = | Size = 4 bytes | Date = 21/11/2005 14:44:38 | Attr = H ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Dafydd\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 10/08/2004 12:57:42 | Attr = HS])
C:\Documents and Settings\Dafydd\Application Data\MIDIMAST.INI - ( [Ver = | Size = 333 bytes | Date = 14/03/2006 22:22:36 | Attr = ])

Program Files Folder

Common Files Folder
C:\Program Files\Common Files\FDEUnInstaller.exe - ( [Ver = 1, 0, 0, 1 | Size = 278528 bytes | Date = 25/12/2005 19:15:46 | Attr = ])

DPF files
{01010E00-5E80-11D8-9E86-0007E96C65AE} - SupportSoft SmartIssue - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
{01012101-5E80-11D8-9E86-0007E96C65AE} - SupportSoft Script Runner Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
{01A88BB1-1174-41EC-ACCB-963509EAE56B} - SysProWmi Class - CodeBase = http://support.euro.dell.com/systemprofiler/SysPro.CAB
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?LinkID=39204
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} - LSSupCtl Class - CodeBase = https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
{233C1507-6A77-46A4-9443-F871F945D258} - Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
{2917297F-F02B-4B9D-81DF-494B6333150B} - Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{4B48D5DF-9021-45F7-A240-60304302A215} - Malicious Software Removal Tool - CodeBase = http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://jemmaconners.spaces.live.com//PhotoUpload/MsnPUpld.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139423841203
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - VideoEgg ActiveX Loader - CodeBase = http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - - CodeBase = http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
{C4847596-972C-11D0-9567-00A0C9273C2A} - Crystal Report Viewer Control - CodeBase = https://online.eversheds.com/viewer/activeXViewer/activexviewer.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - ActiveDataInfo Class - CodeBase = https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4825/mcfscan.cab

Hosts file = 732 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright (c) 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 1
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 CC 00 00 00 00 00 00 00 34 03 00 00 E2 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %SystemRoot%\web\wallpaper\Bliss.bmp
Desktop\General\\WallpaperFileTime - 00 21 7D 60 DA 7E C4 01
Desktop\General\\WallpaperLocalFileTime - 00 89 41 C2 E2 7E C4 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %SystemRoot%\web\wallpaper\Bliss.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\Components -
Desktop\SafeMode\Components\\DeskHtmlVersion - 272
Desktop\SafeMode\Components\\DeskHtmlMinorVersion - 5
Desktop\SafeMode\Components\\Settings - 1
Desktop\SafeMode\Components\\GeneralFlags - 0
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Attachments -
policies\Attachments\\ScanWithAntiVirus - 2
policies\explorer -
policies\explorer\run -
policies\Ext -
policies\Ext\CLSID -
policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Associations -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\Explorer\\NoFolderOptions - 0
policies\Explorer\Run -
policies\System -

KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

< End of report >

 

Don't know if it's related to this problem, however, when I try to open Adware se & Spybot SD, I get the following error window appearing.
"Entry point not found. The procedure entry point RichEdit10ANSIWndProc could not be located in the dynamic link library RICHED20.dll "
When I click on OK, spybot runs, but Adware doesn't?

 

Well it looks as tho ComboFix grabbed a few files and deleted them. I have some questions on a few others, to see if you know what they are:
C:\Program Files\Emission<<<--some sort of program?
C:\Program Files\TND<<<--some sort of program?

And I'd like you to delete the following:
C:\WINDOWS\msfont.exe<<<--this file
C:\obgakx.bat<<<--this file
C:\fncbde.bat<<<--this file
C:\ixrnbm.bat<<<--this file

Let me know about the others please.

 

Deleted the files requested. The emission program is a music mix program. I don't need it, shall i delete?
The TND is Adamax Keylogger. Don't know where this has come from. Shall i delete this also?

 

Yes, delete both. They may still be in Add\Remove, so check there first.

A key logger??

 

Sorry TeMerc, it wasn't a keylogger, it was a help file for a keylogger. Both deleted. What next?

 

I probably already know the answer, but.....any more BSODs?

 

Nothing so far, unfortunately, my PC is playing up a bit, AVG keeps detecting a trojan horse "PSW.GENERIC.WPP ". The whole message is "While opening file C:\system volume information\_restore{8c54791b-6a7a-4b37-9dac-bscc02942ef0}\rp864\a0067365.exe ". From what I can gather by reading other posts this is not a threat as it is in the restore file, but it is quite annoying. Shall I start another thread?

Excellent work, many, many thanks for your help.

 

Turn off sys restore, reboot, turn sys resotre back on, no more alerts from AVG.

 

Done! Marvellous! Two more things, in my windows folder i have many files named $uninstallKB, followed by some numbers. I have never seen these before. What are they & can I delete them? Finally, what's the best way to clean up my system & get rid of files, folders etc, that are no longer used\needed?

 

Those are all the uninstallers for all the updates. See here. Btw, these may now be viewable because we changed hidden files settings, tho I'm not 100% sure, cuz I never noticed if they revert, all my hidden files are still viewable.

For actual folders and the like, the best thing is to go thru them manually and delete them. Just be sure you really don't need them. To clean up your registry try an app like Reg Seeker. I have been using it for years with never a problem once. Just be sure the 'back up before deletion' box is ticked in the lower left hand side of the app, which it usually is by default.