regedit.sys, Win32.confi?

View previous topic View next topic Go down

regedit.sys, Win32.confi?

Post by matt_me_do on Tue Aug 23, 2011 5:51 pm

Hi there. Having problems with a slow PC that won't run taskmanager, comes up with the following error with ctrl+alt+del: Can not find script file "C:\WINDOWS\system32\regedit.sys".

I only have access to the PC for a short time before the boat it's on goes out to work so urgent help would be massively appreciated, if at all possible.

Log files follow...

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-23 18:00:31
-----------------------------
18:00:31.968 OS Version: Windows 5.1.2600 Service Pack 3
18:00:31.968 Number of processors: 4 586 0x2502
18:00:31.968 ComputerName: SC614_PROCESSIN UserName: EGSi
18:00:33.234 Initialize success
18:00:33.281 AVAST engine defs: 11082300
18:00:47.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:00:47.953 Disk 0 Vendor: HDT722520DLA380 V44OA9BA Size: 190782MB BusType: 3
18:00:49.968 Disk 0 MBR read successfully
18:00:49.968 Disk 0 MBR scan
18:00:49.968 Disk 0 Windows XP default MBR code
18:00:49.968 Disk 0 scanning sectors +390716865
18:00:50.015 Disk 0 scanning C:\WINDOWS\system32\drivers
18:00:58.468 Service scanning
18:00:59.375 Modules scanning
18:01:04.734 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
18:01:04.734 Disk 0 trace - called modules:
18:01:04.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:01:04.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adf7030]
18:01:04.750 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000081[0x8ae07f18]
18:01:04.750 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae02940]
18:01:05.687 AVAST engine scan C:\WINDOWS
18:01:08.968 AVAST engine scan C:\WINDOWS\system32
18:02:19.734 AVAST engine scan C:\WINDOWS\system32\drivers
18:02:31.453 AVAST engine scan C:\Documents and Settings\EGSi
18:04:08.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\EGSi\Desktop\MBR.dat"
18:04:08.046 The log file has been saved successfully to "C:\Documents and Settings\EGSi\Desktop\aswMBR_sc614.txt"


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-23 18:05:01
-----------------------------
18:05:01.062 OS Version: Windows 5.1.2600 Service Pack 3
18:05:01.062 Number of processors: 4 586 0x2502
18:05:01.062 ComputerName: SC614_PROCESSIN UserName: EGSi
18:05:01.703 Initialize success
18:05:01.750 AVAST engine defs: 11082300
18:05:04.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:05:04.218 Disk 0 Vendor: HDT722520DLA380 V44OA9BA Size: 190782MB BusType: 3
18:05:06.250 Disk 0 MBR read successfully
18:05:06.250 Disk 0 MBR scan
18:05:06.250 Disk 0 Windows XP default MBR code
18:05:06.296 Disk 0 scanning sectors +390716865
18:05:06.468 Disk 0 scanning C:\WINDOWS\system32\drivers
18:05:17.812 Service scanning
18:05:18.718 Modules scanning
18:05:27.234 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
18:05:27.234 Disk 0 trace - called modules:
18:05:27.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:05:27.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adf7030]
18:05:27.234 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000081[0x8ae07f18]
18:05:27.250 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae02940]
18:05:28.375 AVAST engine scan C:\WINDOWS
18:05:36.781 AVAST engine scan C:\WINDOWS\system32
18:07:24.093 AVAST engine scan C:\WINDOWS\system32\drivers
18:07:57.140 AVAST engine scan C:\Documents and Settings\EGSi
18:16:42.906 AVAST engine scan C:\Documents and Settings\All Users
18:19:17.406 Scan finished successfully
18:25:51.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\EGSi\Desktop\MBR.dat"
18:25:51.015 The log file has been saved successfully to "C:\Documents and Settings\EGSi\Desktop\aswMBR_sc614.txt"


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Acronis OnlineBackupStandalone TrueImageMonitor.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````



Huge thanks in advance!
Matt


matt_me_do
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-08-15
OS : XP

View user profile

Back to top Go down

Re: regedit.sys, Win32.confi?

Post by matt_me_do on Tue Aug 23, 2011 5:51 pm

OTL Extras logfile created on: 23/08/2011 17:41:43 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\EGSi\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 80.60% Memory free
4.83 Gb Paging File | 4.44 Gb Available in Paging File | 91.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 76.80 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
Drive E: | 8.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive V: | 186.31 Gb Total Space | 103.05 Gb Free Space | 55.31% Space Free | Partition Type: NTFS
Drive W: | 202.36 Gb Total Space | 129.74 Gb Free Space | 64.11% Space Free | Partition Type: NTFS
Drive X: | 1863.01 Gb Total Space | 972.96 Gb Free Space | 52.22% Space Free | Partition Type: NTFS
Drive Y: | 1863.01 Gb Total Space | 1830.36 Gb Free Space | 98.25% Space Free | Partition Type: NTFS

Computer Name: SC614_PROCESSIN | User Name: EGSi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\Program Files\TextPad 5\TextPad.exe (Helios Software Solutions)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Rename with Métamorphose] -- C:\Program Files\metamorphose\metamorphose.exe %L (Ianaré Sévi)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\C-Nav\C-Setup\C-Setup.exe" = C:\Program Files\C-Nav\C-Setup\C-Setup.exe:*:Enabled:C-Setup -- ()
"C:\Program Files\Kongsberg Maritime\SIS\bin\licserver.exe" = C:\Program Files\Kongsberg Maritime\SIS\bin\licserver.exe:*:Enabled:licserver -- ()
"C:\Program Files\Kongsberg Maritime\SIS\bin\Helm.exe" = C:\Program Files\Kongsberg Maritime\SIS\bin\Helm.exe:*:Enabled:Helmsman -- (Kongsberg Maritime AS)
"C:\Program Files\Kongsberg Maritime\SIS\bin\RStoUDP.exe" = C:\Program Files\Kongsberg Maritime\SIS\bin\RStoUDP.exe:*:Enabled:RStoUDP -- ()
"C:\Program Files\Kongsberg Maritime\SIS\bin\ATH.exe" = C:\Program Files\Kongsberg Maritime\SIS\bin\ATH.exe:*:Enabled:ATH -- ()
"C:\Program Files\Kongsberg Maritime\SIS\bin\SSV.exe" = C:\Program Files\Kongsberg Maritime\SIS\bin\SSV.exe:*:Enabled:SSV -- ()
"C:\Program Files\Kongsberg Maritime\SIS\bin\CCU.exe" = C:\Program Files\Kongsberg Maritime\SIS\bin\CCU.exe:*:Enabled:CCU -- ()
"C:\Program Files\Kongsberg Maritime\SIS\bin\SIS.exe" = C:\Program Files\Kongsberg Maritime\SIS\bin\SIS.exe:*:Enabled:Seafloor Information System -- (Kongsberg Maritime AS)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Kongsberg Maritime\SIS\bin\Splash.exe" = C:\Program Files\Kongsberg Maritime\SIS\bin\Splash.exe:*:Enabled:Splash -- ()
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\QPS\QINSy 8.0\DrvSimradEM3000.exe" = C:\Program Files\QPS\QINSy 8.0\DrvSimradEM3000.exe:*:Enabled:Driver for Simrad EM300X(D) R-Theta or dX/dY/dZ format Bathymetry and Sidescan Data -- (QPS BV)
"C:\Program Files\Kongsberg Maritime\SIS\bin\HDDS.exe" = C:\Program Files\Kongsberg Maritime\SIS\bin\HDDS.exe:*:Enabled:HDDS -- ()
"C:\Program Files\Kongsberg Maritime\SIS\bin\DDS.exe" = C:\Program Files\Kongsberg Maritime\SIS\bin\DDS.exe:*:Enabled:DDS -- ()
"C:\Program Files\QPS\QINSy 8.0\DrvKongsbergEMCtrl.exe" = C:\Program Files\QPS\QINSy 8.0\DrvKongsbergEMCtrl.exe:*:Enabled:Kongsberg EM Multibeam Controller driver -- (QPS BV)
"C:\Program Files\QPS\QINSy 8.0\SocketServer.exe" = C:\Program Files\QPS\QINSy 8.0\SocketServer.exe:*:Enabled:SocketServer -- (QPS BV)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01620E93-294D-497D-B41D-791000B5298F}" = LEICA Geo Office
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0B0BEF37-B327-48ED-A2E0-BF6974676294}" = NI Logos 4.6
"{0BF48B1B-6990-47B6-B742-DD049ACD1A7C}" = C-View NavProcess
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{1C3D7CC2-E5A9-4677-AF87-075806C5283A}" = QINSy 8.0
"{1E85A47B-4150-4003-8283-8B2EB94AF5C9}" = NI-RPC 3.2.1f0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F701DBD-1660-4108-B10A-FB435EA63BF0}" = PostgreSQL 8.2
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2146CF1A-5ACD-4A50-8B36-6A7DD095B08C}" = NI-DAQ INF Files
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{24324A7A-FD9D-4629-9CAD-2C6CC0B0C805}" = GridInQuest6
"{257D8E32-4971-4199-BE23-093A00A6DE91}" = Acronis True Image Home 2011
"{26F4D5DD-865B-4A2B-9A36-EE22ACA97331}" = NI-MXDF 1.4.0f0
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D7B1642-931E-47C5-9B55-A4E83A9548FD}" = NI-RPC 3.2.1f0 for Phar Lap ETS
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{327BB0A7-2D70-4359-B9AF-859B1909D064}" = NI LVBrokerAux8.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3CD9E7BB-6347-479A-BB0C-0093C1AE6944}" = NI Software Provider for MAX
"{3DFF45F7-C12C-4A3A-BA9E-1946A4E92424}" = NI LabVIEW Real-Time Error Dialog
"{43B7BDEE-542A-489E-9494-7A8FC7B00775}" = Grid InQuest
"{481EA8F8-CAC0-4137-9CF8-DD0297593E61}" = TP-LINK Wireless Client Utility
"{4D6A2BAB-B027-4E7B-927B-A81D3C698380}" = C-View Processing 2.00 R0
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{529E6AE2-0501-4033-8F0D-4E47F38EDA7E}" = CARIS HIPS and SIPS 7.0
"{5783F2D7-0002-0409-0000-0060B0CE6BBA}" = AutoCAD Map 2000i
"{5783F2D7-0301-0409-0002-0060B0CE6BBA}" = AutoCAD 2005 - English
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5DC9049B-DEEB-429F-8B52-FEC48FC1E9FF}" = NI Remote Provider for MAX
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{69C3FF9F-647F-4077-8BF5-750B9614C4BF}" = NI MXS 4.0
"{71FA8329-21D1-4514-8981-253C85764913}" = Geographic Calculator 6.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730FF779-B07F-4636-8C4A-2A001BB2947F}" = LEICA Geo Office
"{769ADBAC-47FC-482A-8D93-98D19838EE85}" = Matrox PowerDesk-SE
"{7797E6C7-F1F0-40A9-B64B-7EAB9D0AF7BF}" = Bricscad 10.4
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838E187D-8B7A-473D-B93C-C8E970B15D2B}" = psqlODBC
"{847D8AC1-E041-44BF-8FE9-0A1CACD3169A}" = NI Registration Wizard
"{87F64F82-D571-4F51-A8FA-A36C273BA3C7}" = NI-PAL 1.10.0f0
"{8F158BE6-D2F5-40CF-A51F-5C658A2A7CC5}" = Geosoft Oasis montaj
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E627DBD-62C2-4B82-83E7-31018CF9260B}" = C-View Bathy DV
"{9F6D6471-32F4-4583-960D-4FC956D0A04B}" = NI Portable Configuration
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A73FDA8F-9254-4B6E-B9F8-0805FFE01B02}" = NI LabVIEW Run-Time Engine 8.0
"{A85C7B97-CC73-4853-B05C-DA25CDC03F54}" = Brother MFL-Pro Suite MFC-6890CDW
"{AA8D8A7B-4606-420E-9FE9-E4C77B200857}" = NI Measurement & Automation Explorer 4.0
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B1AA8556-7F80-4F7B-8F6B-2E69D0C96298}" = Traditional NI-DAQ Documentation
"{B1F27A23-B6D1-4397-BA2F-25F348DF135F}" = NI Uninstaller
"{B3A667C2-66F2-41FA-94CA-B5DD9A6F3380}" = Traditional NI-DAQ 7.4.1 (Legacy)
"{B43543B0-1B58-45DF-94E2-669B1EF9D251}" = NI-ORB 1.3.0f2
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BCD6D492-DB6C-4582-8AE3-8EE9D4EAF74A}" = NI LabVIEW Broker
"{BDA039C1-CBCC-4984-93E2-D938009F1271}" = DELPH Interpretation
"{BEA0A9C5-C1D9-40AF-A52D-C2D816ADE1D5}" = NI-MDBG 1.3.0f0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5078C26-8B75-411D-9806-27E2BBD61DF6}" = NI Remote PXI Provider for MAX
"{C8476CAF-C426-4213-9C4D-1728437EF4E6}" = GAPS MMI
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD1093F6-EAFE-4B4A-AD61-21B57BC5BC12}" = DataLog Express
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EF4251-5FD8-42A4-B3A2-CDCC8CF2CAF8}" = MT9 - RT961S - RT9x2 HMI
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB5D357A-43E3-42D9-A74C-6593CF9F6D4C}" = C-View Nav (v1.2)
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DEF321A1-6E28-49A1-A5EC-DB79E647E51F}" = NI-DAQ Document Set
"{E000BAE3-4D97-4109-860C-9FCAD066CBE9}" = DataLog 400
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E39F74B4-E3F6-4038-8B08-3F536ECDEB27}" = NI Service Locator
"{E4D428F1-F177-42F2-9932-5DAE556F9EBA}" = SeaLINK
"{EEA080A7-4331-4593-A071-D0862A8178B9}" = ASUS nVidia Driver
"{F2FC4CA5-BC77-4118-BC84-1542BF2EE06B}" = NI-DAQ Provider for MAX
"{F6C6B859-30EF-4547-8DD4-FA96D09519D4}" = CARIS HIPS and SIPS 7.0 Service Pack 2
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F81DAE7A-3777-4EDB-91EE-E51958B9E879}" = C-View Tools 1.441
"3 WiFi Manager" = 3 WiFi Manager
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CP2101 USB to UART Bridge Controller" = CP2101 USB to UART Bridge Controller Driver Set
"C-Setup" = C-Setup
"DataLog Express" = DataLog Express
"File Partitioner" = File Partitioner 2.0
"FTDICOMM" = FTDI USB Serial Converter Drivers
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{529E6AE2-0501-4033-8F0D-4E47F38EDA7E}" = CARIS HIPS and SIPS 7.0
"InstallShield_{71FA8329-21D1-4514-8981-253C85764913}" = Geographic Calculator 6.2
"MagMap2000_is1" = MagMap2000 v 4.90 05/09/10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Matrox Parhelia Driver Uninstaller" = Matrox Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft OLE" = Microsoft OLE
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MRC - MRU Configuration" = MRC - MRU Configuration
"NI Uninstaller" = National Instruments Software
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PComm Lite Ver1.3_is1" = PComm Lite Ver1.3
"Perle Perle-Serial" = Perle Perle-Serial Driver
"ShockwaveFlash" = Macromedia Flash Player 8
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"ST6UNST #1" = Out String 2.3.3
"ST6UNST #10" = Rcm V1.3.6
"ST6UNST #2" = Create Autocad Plotting Script File v1.32
"ST6UNST #3" = EgsTide v3.2.2
"ST6UNST #4" = Extract Data 1.0
"ST6UNST #5" = GeoDatTransform
"ST6UNST #6" = Hypack Conversion Program v2.83
"ST6UNST #7" = HypackLine v1.9.0
"ST6UNST #8" = SortHydroProData
"ST6UNST #9" = LandSeismic
"TeamViewer 5" = TeamViewer 5
"TXTcollector_is1" = TXTcollector
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"What's Running_is1" = What's Running 2.2
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/06/2011 08:49:28 | Computer Name = SC614_PROCESSIN | Source = MsiInstaller | ID = 11704
Description = Product: Vodafone Mobile Connect Lite Huawei -- Error 1704.An installation
for C-View Nav (v1.2) is currently suspended. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

Error - 30/06/2011 08:49:30 | Computer Name = SC614_PROCESSIN | Source = MsiInstaller | ID = 11704
Description = Product: Vodafone Mobile Connect Lite Huawei -- Error 1704.An installation
for C-View Nav (v1.2) is currently suspended. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

Error - 30/06/2011 08:49:31 | Computer Name = SC614_PROCESSIN | Source = MsiInstaller | ID = 11704
Description = Product: Vodafone Mobile Connect Lite Huawei -- Error 1704.An installation
for C-View Nav (v1.2) is currently suspended. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

Error - 30/06/2011 08:49:31 | Computer Name = SC614_PROCESSIN | Source = MsiInstaller | ID = 11704
Description = Product: Vodafone Mobile Connect Lite Huawei -- Error 1704.An installation
for C-View Nav (v1.2) is currently suspended. You must undo the changes made by
that installation to continue. Do you want to undo those changes?

[ System Events ]
Error - 30/06/2011 09:37:26 | Computer Name = SC614_PROCESSIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service
to connect.

Error - 30/06/2011 09:37:26 | Computer Name = SC614_PROCESSIN | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%1053

Error - 30/06/2011 09:37:26 | Computer Name = SC614_PROCESSIN | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends on the following nonexistent service:
AVGIDSDriver

Error - 30/06/2011 09:37:26 | Computer Name = SC614_PROCESSIN | Source = Service Control Manager | ID = 7023
Description = The Center Boot service terminated with the following error: %%1114

Error - 30/06/2011 09:51:38 | Computer Name = SC614_PROCESSIN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/06/2011 09:51:38 | Computer Name = SC614_PROCESSIN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 30/06/2011 10:02:21 | Computer Name = SC614_PROCESSIN | Source = Print | ID = 54
Description = Document Test Page was corrupted and has been deleted. The associated
driver is: Brother MFC-6890CDW Printer.

Error - 30/06/2011 10:02:33 | Computer Name = SC614_PROCESSIN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/06/2011 10:02:33 | Computer Name = SC614_PROCESSIN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 30/06/2011 10:02:33 | Computer Name = SC614_PROCESSIN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)


< End of report >

matt_me_do
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-08-15
OS : XP

View user profile

Back to top Go down

Re: regedit.sys, Win32.confi?

Post by matt_me_do on Tue Aug 23, 2011 5:53 pm

OTL logfile created on: 23/08/2011 17:41:43 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\EGSi\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 80.60% Memory free
4.83 Gb Paging File | 4.44 Gb Available in Paging File | 91.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 76.80 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
Drive E: | 8.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive V: | 186.31 Gb Total Space | 103.05 Gb Free Space | 55.31% Space Free | Partition Type: NTFS
Drive W: | 202.36 Gb Total Space | 129.74 Gb Free Space | 64.11% Space Free | Partition Type: NTFS
Drive X: | 1863.01 Gb Total Space | 972.96 Gb Free Space | 52.22% Space Free | Partition Type: NTFS
Drive Y: | 1863.01 Gb Total Space | 1830.36 Gb Free Space | 98.25% Space Free | Partition Type: NTFS

Computer Name: SC614_PROCESSIN | User Name: EGSi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/23 17:40:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EGSi\My Documents\Downloads\OTL.com
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/10/22 11:03:02 | 003,987,376 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/08/02 19:24:18 | 000,390,712 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/08/02 19:24:16 | 000,779,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/08/02 19:23:46 | 005,418,048 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/08/02 03:03:58 | 002,536,712 | ---- | M] (Acronis) -- C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/05/21 14:56:04 | 000,499,796 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2010/05/21 14:55:40 | 000,561,263 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
PRC - [2009/07/23 10:53:12 | 001,077,248 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe
PRC - [2008/10/30 12:41:12 | 000,065,536 | ---- | M] () -- C:\Program Files\Kongsberg Maritime\SIS\bin\licserver.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/24 13:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/17 05:23:24 | 000,084,657 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
PRC - [2008/03/17 05:22:22 | 003,613,795 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.2\bin\postgres.exe
PRC - [2008/01/31 18:27:04 | 000,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/04/04 09:48:52 | 000,480,776 | ---- | M] (Matrox Graphics Inc.) -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005/10/11 15:03:26 | 000,204,800 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2005/10/11 15:00:24 | 000,053,248 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2005/10/11 15:00:22 | 000,045,056 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkads.exe
PRC - [2005/10/10 14:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2005/10/03 22:52:40 | 000,005,728 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2005/08/25 14:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2004/12/14 03:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/23 10:30:11 | 001,288,704 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11082300\algo.dll
MOD - [2011/08/23 00:30:21 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11082300\aswRep.dll
MOD - [2010/05/21 14:55:58 | 000,278,528 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll
MOD - [2010/05/21 14:55:58 | 000,163,840 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll
MOD - [2010/05/21 14:55:54 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\wgapiloc.dll
MOD - [2010/05/21 14:55:40 | 000,561,263 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
MOD - [2010/05/21 14:55:40 | 000,422,000 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/07/23 10:52:00 | 000,204,800 | ---- | M] () -- C:\Program Files\Belkin\F6D4050\v1\WcuiDLL.dll
MOD - [2009/01/07 14:25:00 | 000,589,824 | ---- | M] () -- C:\Program Files\Belkin\F6D4050\v1\SCMLib.dll
MOD - [2008/10/30 12:41:12 | 000,065,536 | ---- | M] () -- C:\Program Files\Kongsberg Maritime\SIS\bin\licserver.exe
MOD - [2008/10/29 13:40:32 | 001,122,304 | ---- | M] () -- C:\Program Files\Kongsberg Maritime\SIS\bin\ACE.dll
MOD - [2007/11/28 05:32:00 | 001,163,264 | ---- | M] () -- C:\Program Files\Belkin\F6D4050\v1\acAuth.dll
MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 20:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/13 09:02:01 | 000,074,360 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/10/22 11:03:02 | 003,987,376 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/08/02 19:24:16 | 000,779,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/05/21 14:56:04 | 000,499,796 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/04/24 13:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2008/03/17 05:23:24 | 000,084,657 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2008/03/13 20:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2007/04/04 09:48:52 | 000,480,776 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service)
SRV - [2005/10/11 15:03:26 | 000,204,800 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2005/10/11 15:00:24 | 000,053,248 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2005/10/11 15:00:22 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2005/10/10 14:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2005/10/03 22:52:40 | 000,005,728 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2005/08/25 14:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 20:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/22 11:03:04 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/10/22 11:02:59 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/10/22 11:02:57 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/10/22 11:02:50 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/05/21 14:56:04 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2010/04/12 12:28:24 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/02/24 18:38:48 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2010/02/24 18:38:48 | 000,043,520 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2009/12/17 21:26:18 | 000,089,184 | ---- | M] (Perle Systems Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pserial.sys -- (PSERIAL)
DRV - [2009/07/10 04:03:04 | 001,381,632 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/06/30 17:31:18 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/06/30 17:31:18 | 000,139,296 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2009/06/22 20:00:48 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/22 19:38:18 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/06/22 19:24:48 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/06/05 08:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/05/06 06:54:58 | 000,088,728 | R--- | M] (Moxa Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxport.sys -- (mxport)
DRV - [2009/05/06 06:54:28 | 000,030,360 | R--- | M] (Moxa Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxcard.sys -- (mxcard)
DRV - [2008/10/01 12:24:20 | 000,637,952 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/06/20 22:42:07 | 000,144,992 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1q5132.sys -- (e1qexpress) Intel(R)
DRV - [2008/03/18 16:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/07/23 15:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/07/05 15:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/07/05 15:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/05/02 16:08:42 | 000,005,504 | ---- | M] (Matrox Graphics Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mtxparmx.sys -- (Mtxparmx)
DRV - [2007/05/02 16:08:36 | 001,462,656 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTXPARM.sys -- (MTXPAR)
DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/12/28 05:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/12/06 12:41:16 | 000,044,416 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/08/21 11:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/05/18 02:49:02 | 000,061,067 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 02:48:50 | 000,047,249 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/02/07 12:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/10/13 10:18:50 | 000,050,688 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidmmk.dll -- (nidmmk)
DRV - [2005/10/13 10:17:26 | 000,674,304 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nidaq32k.sys -- (Nidaq32k)
DRV - [2005/10/13 09:30:36 | 000,111,616 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niSTCk.dll -- (nistck)
DRV - [2005/10/13 09:30:18 | 000,030,208 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nimdsk.dll -- (nimdsk)
DRV - [2005/10/13 09:29:34 | 000,021,504 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nibffrk.dll -- (nibffrk)
DRV - [2005/10/13 09:29:32 | 000,037,376 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niarbk.dll -- (niarbk)
DRV - [2005/10/06 16:22:48 | 000,038,912 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\niorbk.dll -- (niorbk)
DRV - [2005/09/28 20:52:50 | 000,212,480 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfk.dll -- (nimxdfk)
DRV - [2005/09/28 20:07:04 | 000,170,496 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgk.dll -- (nimdbgk)
DRV - [2005/09/22 21:12:08 | 000,531,968 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/26 10:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2003/07/16 22:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/17 13:11:04 | 000,070,174 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el98xn5.sys -- (EL98x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/01/23 14:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/12 12:30:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/13 12:11:15 | 000,000,000 | ---D | M]

[2010/10/12 12:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\EGSi\Application Data\Mozilla\Extensions
[2010/10/12 12:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\EGSi\Application Data\Mozilla\Firefox\Profiles\5sikprjz.default\extensions
[2011/08/23 17:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/10/12 16:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/13 11:47:31 | 000,000,806 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 HDPC # Remote Helmsman PC
O1 - Hosts: 127.0.0.1 SC615 # My name
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Matrox PowerDesk SE] c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)
O4 - Startup: C:\Documents and Settings\EGSi\Start Menu\Programs\Startup\LicenceServer.lnk = C:\Program Files\Kongsberg Maritime\SIS\bin\LicenceServer.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} [You must be registered and logged in to see this link.] (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} [You must be registered and logged in to see this link.] (InstaFred Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} [You must be registered and logged in to see this link.] (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\brx {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Bricsys\Bricscad V10\BrxProtIE.dll (BricsCad)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\EGSi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\EGSi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\avgupsvc.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\bad1.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\bad2.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\bad3.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CAVCtx.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CavEmSrv.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Cavmr.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CavMUD.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Cavoar.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CavQ.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CAVRep.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CAVRid.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CAVSCons.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\cavse.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CavSn.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CavSub.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CAVSubmit.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CavUMAS.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CavUserUpd.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Cavvl.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\CEmRep.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\copy.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\cpe17antiautorun.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\cpe17antiautoruna.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\destrukto.vbs: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\DF5Serv.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\drweb32w.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\drweb386.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\drwebwcl.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\drwreg.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\e.cmd: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\EMDISK.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\f0.cmd: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\FileKan.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\flashy.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\fptrayproc.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Frameworkservice.EXE : Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\FrzState2k.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\fssf.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\fwcagent.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\g2pfnid.com: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\guardxkickoff.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\guardxkickoff_x64.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\h3.bat: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\hookinst.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\host.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\i.bat: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\iefqwp.cmd: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\ij.bat: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\InstallCAVS.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\InstLsp.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\iSafe.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\iSafInst.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\ker.vbs: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\KeyMgr.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\killVBS.vbs: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\licmgr.ex: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\licreg.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\lky.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\m2nl.bat: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\mcappins.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\mcaupdate.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\mcinfo.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\mcregwiz.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\mcupdui.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\mcvsftsn.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\mcvsmap.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\msdos.pif: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\msfir80.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\MSGrc32.vbs: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\msime80.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\msizap.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\msmsgs.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\msvcr71.dll: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\naiavfin.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\njibyekk.com: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\olb1iimw.bat: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\OnAccessInstaller.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Pagent.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Pagentwd.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\PavReport.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\PSHost.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\pskmssvc.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\QtnMaint.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\rcukd.cmd: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\reload.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\rose.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\sal.xls.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\SCVHOST.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\scvhosts.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\SCVHSOT.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\SCVVHOST.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\scvvhosts.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\SCVVHSOT.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\SendLogs.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\session.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\SocksA.ex: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\SOLOCFG.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\SOLOLITE.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\SOLOSCAN.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\SOLOSENT.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\spidercpl.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\ssvichosst.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\sxs.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\regedit.sys (Microsoft Corporation)
O27 - HKLM IFEO\temp.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\temp2.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\toy.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\unp_test.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\UPSDbMaker.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\userdump.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\UUpd.EXE: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\v.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Vba32Act.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Vba32ECM.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Vba32ifs.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Vba32PP3.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\Vba32Qtn.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\vbglobal.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\vbimport.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\vbinst.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\vbscan.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\vbsystry.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\VetMsg.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\virusutilities.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\whi.com: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\WinGrc32.dll: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\wscntfy.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\yannh.cmd: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O27 - HKLM IFEO\ybj8df.exe: Debugger - C:\WINDOWS\system32\svchostnt.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/12 10:27:37 | 000,000,000 | ---- | M] () - C:\autoexec.001 -- [ NTFS ]
O32 - AutoRun File - [2011/04/02 15:10:12 | 000,000,047 | ---- | M] () - C:\autoexec.002 -- [ NTFS ]
O32 - AutoRun File - [2011/04/02 15:10:12 | 000,000,047 | ---- | M] () - C:\autoexec.003 -- [ NTFS ]
O32 - AutoRun File - [2011/04/02 15:10:12 | 000,000,047 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/10/12 10:27:37 | 000,000,000 | ---- | M] () - C:\autoexec.caris -- [ NTFS ]
O32 - AutoRun File - [2009/06/26 08:30:40 | 000,135,168 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/19 18:12:34 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{098d0acc-744d-11e0-8507-485b39aeb418}\Shell\AutoRun\command - "" = E:\vgyn6ewc.exe
O33 - MountPoints2\{098d0acc-744d-11e0-8507-485b39aeb418}\Shell\open\Command - "" = E:\vgyn6ewc.exe
O33 - MountPoints2\{098d0b88-744d-11e0-8507-485b39aeb418}\Shell\AutoRun\command - "" = E:\vgyn6ewc.exe
O33 - MountPoints2\{098d0b88-744d-11e0-8507-485b39aeb418}\Shell\open\Command - "" = E:\vgyn6ewc.exe
O33 - MountPoints2\{0fee73ca-dde6-11df-b7bd-001bfca117a6}\Shell\AutoRun\command - "" = F:\vgyn6ewc.exe
O33 - MountPoints2\{0fee73ca-dde6-11df-b7bd-001bfca117a6}\Shell\open\Command - "" = F:\vgyn6ewc.exe
O33 - MountPoints2\{0fee73cb-dde6-11df-b7bd-001bfca117a6}\Shell\AutoRun\command - "" = F:\9d6resf.exe
O33 - MountPoints2\{0fee73cb-dde6-11df-b7bd-001bfca117a6}\Shell\open\Command - "" = F:\9d6resf.exe
O33 - MountPoints2\{10522cb2-ecf0-11df-91fa-806d6172696f}\Shell\AutoRun\command - "" = F:\vgyn6ewc.exe
O33 - MountPoints2\{10522cb2-ecf0-11df-91fa-806d6172696f}\Shell\open\Command - "" = F:\vgyn6ewc.exe
O33 - MountPoints2\{337d320a-5d29-11e0-b60d-485b39aeb418}\Shell\AutoRun\command - "" = E:\ -- File not found
O33 - MountPoints2\{337d320a-5d29-11e0-b60d-485b39aeb418}\Shell\open\Command - "" = E:\ -- File not found
O33 - MountPoints2\{35843002-80e0-11e0-84f5-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{35843002-80e0-11e0-84f5-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35843002-80e0-11e0-84f5-485b39aeb418}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/06/26 08:30:40 | 000,135,168 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{35843004-80e0-11e0-84f5-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{35843004-80e0-11e0-84f5-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35843004-80e0-11e0-84f5-485b39aeb418}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4534b040-ebf5-11df-8f3b-001e8c5e52ea}\Shell - "" = AutoRun
O33 - MountPoints2\{4534b040-ebf5-11df-8f3b-001e8c5e52ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4534b040-ebf5-11df-8f3b-001e8c5e52ea}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{4c6d9573-0126-11e0-b5fa-485b39aeb418}\Shell\AutoRun\command - "" = F:\cbbw88s.exe
O33 - MountPoints2\{4c6d9573-0126-11e0-b5fa-485b39aeb418}\Shell\open\Command - "" = F:\cbbw88s.exe
O33 - MountPoints2\{505f6522-6116-11e0-84c0-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{505f6522-6116-11e0-84c0-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{505f6522-6116-11e0-84c0-485b39aeb418}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/06/26 08:30:40 | 000,135,168 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5bd10fac-d6a4-11df-b7b2-001bfca117a6}\Shell\AutoRun\command - "" = F:\vgyn6ewc.exe
O33 - MountPoints2\{5bd10fac-d6a4-11df-b7b2-001bfca117a6}\Shell\open\Command - "" = F:\vgyn6ewc.exe
O33 - MountPoints2\{6ddc746d-f580-11df-b5eb-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{6ddc746d-f580-11df-b5eb-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ddc746d-f580-11df-b5eb-485b39aeb418}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{71e9216c-f4c0-11df-b5ea-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{71e9216c-f4c0-11df-b5ea-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71e9216c-f4c0-11df-b5ea-485b39aeb418}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{71e92171-f4c0-11df-b5ea-485b39aeb418}\Shell\AutoRun\command - "" = cbbw88s.exe
O33 - MountPoints2\{71e92171-f4c0-11df-b5ea-485b39aeb418}\Shell\open\Command - "" = cbbw88s.exe
O33 - MountPoints2\{72e2678b-7961-11e0-84ee-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{72e2678b-7961-11e0-84ee-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{72e2678b-7961-11e0-84ee-485b39aeb418}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{74304190-f3bc-11df-b5e8-485b39aeb418}\Shell\AutoRun\command - "" = G:\cbbw88s.exe
O33 - MountPoints2\{74304190-f3bc-11df-b5e8-485b39aeb418}\Shell\open\Command - "" = G:\cbbw88s.exe
O33 - MountPoints2\{756317b7-d6ba-11df-b7b3-001bfca117a6}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe
O33 - MountPoints2\{756317b7-d6ba-11df-b7b3-001bfca117a6}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe
O33 - MountPoints2\{7addf162-8066-11e0-84f3-485b39aeb418}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe
O33 - MountPoints2\{7addf162-8066-11e0-84f3-485b39aeb418}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe
O33 - MountPoints2\{80d87a2b-3268-11df-84e2-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{80d87a2b-3268-11df-84e2-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{80d87a2b-3268-11df-84e2-485b39aeb418}\Shell\AutoRun\command - "" = E:\Password.exe
O33 - MountPoints2\{a633ee07-af83-4dbc-aaff-0d93d7c66aca}\Shell\AutoRun\command - "" = E:\9d6resf.exe
O33 - MountPoints2\{a633ee07-af83-4dbc-aaff-0d93d7c66aca}\Shell\open\Command - "" = E:\9d6resf.exe
O33 - MountPoints2\{b512e47a-256f-11e0-8548-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{b512e47a-256f-11e0-8548-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b512e47a-256f-11e0-8548-485b39aeb418}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{b554824a-7595-11e0-84ea-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{b554824a-7595-11e0-84ea-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b554824a-7595-11e0-84ea-485b39aeb418}\Shell\AutoRun\command - "" = E:\Password.exe
O33 - MountPoints2\{b554824b-7595-11e0-84ea-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{b554824b-7595-11e0-84ea-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b554824b-7595-11e0-84ea-485b39aeb418}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{c95ad698-7421-11e0-84e9-485b39aeb418}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe
O33 - MountPoints2\{c95ad698-7421-11e0-84e9-485b39aeb418}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\whkelol.exe
O33 - MountPoints2\{cf8462bd-8c16-11e0-8502-485b39aeb418}\Shell\AutoRun\command - "" = E:\vgyn6ewc.exe
O33 - MountPoints2\{cf8462bd-8c16-11e0-8502-485b39aeb418}\Shell\open\Command - "" = E:\vgyn6ewc.exe
O33 - MountPoints2\{d51ffcf7-fc7f-11df-b5f3-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{d51ffcf7-fc7f-11df-b5f3-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d51ffcf7-fc7f-11df-b5f3-485b39aeb418}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{e9c70848-9327-4222-94b3-3d2e6977daee}\Shell\AutoRun\command - "" = H:\9d6resf.exe
O33 - MountPoints2\{e9c70848-9327-4222-94b3-3d2e6977daee}\Shell\open\Command - "" = H:\9d6resf.exe
O33 - MountPoints2\{f4ba1b6a-7680-11e0-84eb-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{f4ba1b6a-7680-11e0-84eb-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4ba1b6a-7680-11e0-84eb-485b39aeb418}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{fb0e30c0-7738-11e0-84ed-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{fb0e30c0-7738-11e0-84ed-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb0e30c0-7738-11e0-84ed-485b39aeb418}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{fd49004a-2f30-11e0-8551-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{fd49004a-2f30-11e0-8551-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd49004a-2f30-11e0-8551-485b39aeb418}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ff2fc0e4-6e7a-11e0-84e8-485b39aeb418}\Shell - "" = AutoRun
O33 - MountPoints2\{ff2fc0e4-6e7a-11e0-84e8-485b39aeb418}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff2fc0e4-6e7a-11e0-84e8-485b39aeb418}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ff2fc0e5-6e7a-11e0-84e8-485b39aeb418}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{ff2fc0e5-6e7a-11e0-84e8-485b39aeb418}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

matt_me_do
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-08-15
OS : XP

View user profile

Back to top Go down

Re: regedit.sys, Win32.confi?

Post by matt_me_do on Tue Aug 23, 2011 5:54 pm

OTL logfile created on: 23/08/2011 17:41:43 - Run 1 - Continued


NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: qbablkkn - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Password.lnk - - File not found
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {21A9C8E8-9365-6AFD-BA3A-D78F21459588} - Browser Customizations
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {45F845E7-4562-CD4B-A71C-E76F6D5D5349} - Vector Graphics Rendering (VML)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {91AD8123-52D2-72AE-25D3-AE9520C03D3C} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AA4D39E2-B4A6-9D86-7DB4-070CA804961F} - Browser Customizations
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F83D4A83-F3F2-E077-7176-CCA5BCB8DDBC} - NetShow
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 17:22:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\EGSi\Recent
[2011/08/23 17:16:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/08/23 17:16:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/08/23 17:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/08/23 16:57:44 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/08/23 16:57:42 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/08/23 16:57:38 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2011/08/23 16:57:28 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/08/23 16:57:25 | 000,019,455 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2011/08/23 16:57:25 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/08/23 16:57:24 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/08/23 16:57:23 | 000,012,063 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2011/08/23 16:57:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2011/08/23 16:57:16 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2011/08/23 16:57:15 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/08/23 16:57:13 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/08/23 16:57:09 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/08/23 16:57:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2011/08/23 16:57:04 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011/08/23 16:57:01 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2011/08/23 16:57:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2011/08/23 16:57:00 | 000,023,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2011/08/23 16:56:58 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/08/23 16:56:57 | 000,033,599 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2011/08/23 16:56:57 | 000,019,551 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2011/08/23 16:56:56 | 000,029,311 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2011/08/23 16:56:55 | 000,012,415 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2011/08/23 16:56:55 | 000,012,127 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2011/08/23 16:56:55 | 000,011,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2011/08/23 16:56:52 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/08/23 16:56:50 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/08/23 16:56:48 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/08/23 16:56:45 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/08/23 16:56:42 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/08/23 16:56:40 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/08/23 16:56:38 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/08/23 16:56:36 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2011/08/23 16:56:35 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2011/08/23 16:56:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/08/23 16:56:32 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2011/08/23 16:56:29 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/08/23 16:56:27 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2011/08/23 16:56:25 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2011/08/23 16:56:23 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2011/08/23 16:56:21 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/08/23 16:56:19 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/08/23 16:56:16 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/08/23 16:56:15 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/08/23 16:56:15 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2011/08/23 16:56:14 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/08/23 16:56:14 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/08/23 16:56:11 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2011/08/23 16:56:09 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2011/08/23 15:56:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2011/08/23 15:56:06 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2011/08/23 15:56:04 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/08/23 15:56:02 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2011/08/23 15:56:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2011/08/23 15:55:58 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2011/08/23 15:55:56 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/08/23 15:55:54 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/08/23 15:55:52 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2011/08/23 15:55:49 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2011/08/23 15:55:46 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/08/23 15:55:44 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/08/23 15:55:42 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/08/23 15:55:40 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/08/18 04:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\2_C-view processing 2.0 (20110207)
[2011/08/18 03:14:50 | 000,000,000 | ---D | C] -- C:\C-View Tools
[2011/08/18 01:38:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\EGSi\Start Menu\Programs\Administrative Tools
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/23 17:16:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/08/23 17:15:31 | 000,436,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/23 17:15:31 | 000,068,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/23 17:13:32 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/08/23 17:12:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/23 16:59:05 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/23 13:50:22 | 007,665,152 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\EGSi\Desktop\mbam-rules.exe
[2011/08/22 17:47:04 | 057,716,768 | ---- | M] () -- C:\Documents and Settings\EGSi\Desktop\setup_av_free.exe
[2011/08/09 13:56:29 | 000,023,996 | ---- | M] () -- C:\Documents and Settings\EGSi\My Documents\Pioneer_Back_Deck_01.pdf
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/23 16:57:42 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/08/23 16:57:40 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/08/18 03:14:51 | 000,002,185 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\C-ViewTools 1.441 (for ACAD 2004-2006).lnk
[2011/08/09 13:56:29 | 000,023,996 | ---- | C] () -- C:\Documents and Settings\EGSi\My Documents\Pioneer_Back_Deck_01.pdf
[2011/07/01 14:57:24 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/07/01 14:57:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/06/11 14:04:48 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/06/11 14:04:19 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/05/18 01:57:23 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/05/18 01:57:05 | 000,422,000 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2011/05/18 01:57:05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\wgapiloc.dll
[2011/05/08 02:13:41 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\EGSi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 16:52:03 | 000,008,039 | ---- | C] () -- C:\WINDOWS\magmap2000.ini
[2011/04/10 10:02:49 | 000,000,247 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/04/10 10:02:49 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/04/10 10:02:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf09a.dat
[2011/04/10 10:01:54 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011/04/10 09:57:36 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/04/10 09:25:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/04/10 09:25:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/04/10 09:25:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/04/10 09:24:25 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/04/08 19:29:16 | 000,000,078 | ---- | C] () -- C:\WINDOWS\omcore.INI
[2011/04/02 14:06:25 | 000,001,006 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2011/03/09 16:16:51 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2011/03/09 16:16:51 | 000,000,133 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/11/19 06:22:35 | 000,000,234 | ---- | C] () -- C:\WINDOWS\ConvDxfQxf.INI
[2010/11/17 21:46:21 | 000,000,236 | ---- | C] () -- C:\WINDOWS\SLXMon.INI
[2010/11/12 19:47:58 | 000,228,632 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/12 19:47:56 | 000,228,632 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/12 19:47:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/12 12:41:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/11 19:37:53 | 000,000,789 | ---- | C] () -- C:\WINDOWS\GAPS_UK.INI
[2010/11/11 19:33:06 | 000,000,052 | ---- | C] () -- C:\WINDOWS\GAPSFirmware.ini
[2010/11/11 16:56:29 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/11/11 16:43:25 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/11/09 16:24:14 | 000,000,148 | ---- | C] () -- C:\WINDOWS\DspGeneric.INI
[2010/10/22 15:04:26 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/10/22 14:52:47 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\MtxEscape.dll
[2010/10/13 11:50:06 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\hasp6150.dll
[2010/10/13 11:50:06 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\hasp6130.dll
[2010/10/13 11:50:06 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\hasp6120.dll
[2010/10/13 11:50:06 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\hasp6110.dll
[2010/10/13 11:50:06 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\hasp6100.dll
[2010/10/13 11:50:06 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\hasp6050.dll
[2010/10/13 11:50:06 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\hasp6003.dll
[2010/10/13 11:50:06 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\hasp6002.dll
[2010/10/13 11:50:05 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\hasp6000.dll
[2010/10/13 10:53:40 | 000,148,992 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010/10/13 10:19:35 | 000,000,247 | ---- | C] () -- C:\WINDOWS\ISkiPro.Lfx.INI
[2010/10/13 10:19:24 | 000,000,247 | ---- | C] () -- C:\WINDOWS\LGO.Tool.Lfx.INI
[2010/10/13 10:17:23 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2010/10/12 12:30:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/12 11:16:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/12 11:15:27 | 000,348,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/12 10:34:07 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/10/12 10:33:41 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2010/10/12 10:33:41 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2010/10/12 10:33:07 | 000,029,005 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/10/12 10:33:07 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/10/12 10:32:59 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/10/12 10:29:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/12 10:25:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/14 23:03:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/12 12:28:24 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010/03/17 06:34:35 | 000,018,397 | ---- | C] () -- C:\WINDOWS\LGO..OT3.INI
[2010/03/17 06:34:27 | 000,000,155 | ---- | C] () -- C:\WINDOWS\LGO..INI
[2010/03/17 06:34:06 | 000,000,317 | ---- | C] () -- C:\WINDOWS\LGO..Lfx.INI
[2008/09/23 04:37:50 | 001,785,911 | ---- | C] () -- C:\WINDOWS\System32\egssp.dll
[2008/03/07 17:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/03/07 14:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2007/07/27 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 13:00:00 | 000,436,034 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 13:00:00 | 000,068,612 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/10/13 10:28:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\nipxiini.dll
[2005/10/13 10:11:44 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\niidaqlv.dll
[2005/10/13 09:33:06 | 000,005,081 | ---- | C] () -- C:\WINDOWS\System32\ni7030.dat
[2005/10/13 09:28:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NIAutoConfig.exe
[2005/10/13 09:28:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NIAutoCfgRda.exe
[2005/09/28 16:26:34 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2005/09/22 21:11:56 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
[2004/07/26 10:00:00 | 000,007,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2004/03/03 01:10:22 | 001,351,743 | ---- | C] () -- C:\WINDOWS\System32\hypkline.dll
[2000/08/04 16:23:32 | 000,009,552 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2000/06/12 01:37:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe
[1999/11/04 11:00:38 | 000,001,840 | ---- | C] () -- C:\WINDOWS\System32\niidaqs.dll
[1998/10/02 12:02:46 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\Opcenum.exe

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/23 13:50:22 | 007,665,152 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\EGSi\Desktop\mbam-rules.exe
[2010/09/28 17:54:16 | 000,475,136 | ---- | M] (NAVCOM Technologies Inc.) -- C:\Documents and Settings\EGSi\Desktop\RinexUtilV2.0.9.exe
[2011/08/22 17:47:04 | 057,716,768 | ---- | M] () -- C:\Documents and Settings\EGSi\Desktop\setup_av_free.exe
[2010/04/19 18:53:14 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\EGSi\Desktop\USBLSmoothing.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/09/15 00:02:44 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/09/15 00:02:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/09/15 00:02:44 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/09/15 00:02:44 | 000,243,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/01/18 05:51:59 | 000,000,000 | ---D | M] -- C:\Program Files\2_C-view processing 2.0 (20110207)
[2011/04/07 15:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\3 WiFi Manager
[2010/10/22 11:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2010/10/12 10:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/11/12 16:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2011/04/13 09:00:12 | 000,000,000 | ---D | M] -- C:\Program Files\AnswerWorks 4.0
[2010/11/11 16:38:16 | 000,000,000 | ---D | M] -- C:\Program Files\ASUS
[2011/04/13 09:11:22 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2005
[2011/07/01 09:55:51 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD Map 2000i
[2011/04/02 18:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2011/01/23 14:38:42 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2011/05/17 11:15:22 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/06/11 14:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2010/10/13 10:53:19 | 000,000,000 | ---D | M] -- C:\Program Files\blue marble
[2011/04/02 14:04:24 | 000,000,000 | ---D | M] -- C:\Program Files\Blue Marble Geo
[2010/10/13 09:27:06 | 000,000,000 | ---D | M] -- C:\Program Files\Bricsys
[2011/07/01 14:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2010/10/13 10:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\C-Nav
[2011/01/22 11:56:09 | 000,000,000 | ---D | M] -- C:\Program Files\C-View
[2011/01/18 05:54:38 | 000,000,000 | ---D | M] -- C:\Program Files\C-View 1.56 R0 (Temporary) Real Time Mosaicking Quick Version and Sonar Target Logger
[2010/06/07 16:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\C-View Bathy
[2010/10/13 09:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\C-View Nav
[2010/05/30 02:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\C-View NavProcess
[2011/08/18 03:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\C-View Tools
[2011/01/18 16:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\C-View_laptop
[2011/01/10 17:33:40 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/05/09 08:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/10/12 10:25:09 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/10/13 11:32:13 | 000,000,000 | ---D | M] -- C:\Program Files\Cygnal
[2010/10/13 11:15:55 | 000,000,000 | ---D | M] -- C:\Program Files\DataLog 400
[2011/04/02 15:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\EgsTide
[2011/04/08 18:29:16 | 000,000,000 | ---D | M] -- C:\Program Files\ESRI
[2011/05/11 18:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\File Partitioner
[2011/04/02 15:42:11 | 000,000,000 | ---D | M] -- C:\Program Files\GeoDatTransform
[2011/04/08 18:29:16 | 000,000,000 | ---D | M] -- C:\Program Files\Geosoft
[2011/04/02 15:42:24 | 000,000,000 | ---D | M] -- C:\Program Files\Hyconv
[2011/04/02 15:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\HypackLine
[2011/07/01 14:57:05 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/11/12 20:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/08 17:26:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/04/02 14:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/11/12 10:13:41 | 000,000,000 | ---D | M] -- C:\Program Files\IXSEA
[2010/10/13 11:44:43 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/04/02 15:14:37 | 000,000,000 | ---D | M] -- C:\Program Files\JoshMadison
[2010/10/13 11:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Kongsberg Maritime
[2011/04/02 15:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\LandSeismic
[2010/10/13 10:18:56 | 000,000,000 | ---D | M] -- C:\Program Files\LEICA Geosystems
[2011/04/12 16:51:55 | 000,000,000 | ---D | M] -- C:\Program Files\MagMap2000
[2011/01/10 17:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/22 14:53:00 | 000,000,000 | ---D | M] -- C:\Program Files\Matrox Graphics Inc
[2010/10/19 11:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/04/02 15:16:30 | 000,000,000 | ---D | M] -- C:\Program Files\metamorphose
[2010/10/19 11:55:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2010/10/12 10:27:56 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/04/13 09:00:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/19 11:57:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/10/19 11:40:16 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/08/23 17:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/10/13 11:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\MRC
[2010/11/09 12:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/12 10:24:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/10/12 10:24:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/10/13 12:12:04 | 000,000,000 | ---D | M] -- C:\Program Files\National Instruments
[2010/10/12 10:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/10/19 11:39:32 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/04/10 09:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\Nuance
[2010/11/12 19:48:31 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/10/12 10:24:59 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/10/19 11:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/03/08 13:46:46 | 000,000,000 | ---D | M] -- C:\Program Files\OutString
[2011/03/08 13:52:23 | 000,000,000 | ---D | M] -- C:\Program Files\PCommLite
[2010/11/12 20:17:45 | 000,000,000 | ---D | M] -- C:\Program Files\Perle Systems Limited
[2011/04/02 15:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\PlottingScriptFile
[2010/10/13 11:45:02 | 000,000,000 | ---D | M] -- C:\Program Files\PostgreSQL
[2011/04/02 15:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\Project1
[2010/10/13 11:45:24 | 000,000,000 | ---D | M] -- C:\Program Files\psqlODBC
[2010/11/09 12:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\QPS
[2011/04/02 15:17:32 | 000,000,000 | ---D | M] -- C:\Program Files\QUEST
[2011/05/09 08:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\Quest Geo Solutions Ltd
[2011/04/02 15:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\Rcm
[2010/11/11 16:59:17 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/11/09 12:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/04/10 09:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/10/13 11:32:10 | 000,000,000 | ---D | M] -- C:\Program Files\SeaLINK
[2011/04/02 15:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\SortHydroProData
[2010/11/12 16:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2011/04/02 14:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2010/11/30 14:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\TextPad 5
[2011/05/18 01:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\TP-LINK
[2011/04/09 11:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\TXTcollector
[2010/10/12 10:31:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/11/11 20:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2010/11/21 16:31:57 | 000,000,000 | ---D | M] -- C:\Program Files\Vodafone
[2011/01/23 11:39:15 | 000,000,000 | ---D | M] -- C:\Program Files\WhatsRunning
[2010/10/19 11:40:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/10/19 11:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/10/12 10:26:46 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/10/12 10:27:56 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2007/07/27 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/07/27 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\atapi.sys
[2007/07/27 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007/07/27 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2007/07/27 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2007/07/27 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\SP2QFE\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\SP2QFE\netlogon.dll
[2007/07/27 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-23 16:16:35

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/09/15 00:02:44 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/09/15 00:02:44 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/09/15 00:02:44 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/09/15 00:02:44 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/09/15 00:02:44 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/09/15 00:02:44 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/09/15 00:02:44 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/09/15 00:02:44 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/09/15 00:02:44 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/09/15 00:02:44 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/09/15 00:02:44 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/09/15 00:02:44 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

matt_me_do
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-08-15
OS : XP

View user profile

Back to top Go down

Re: regedit.sys, Win32.confi?

Post by matt_me_do on Fri Aug 26, 2011 2:30 pm

bump

matt_me_do
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-08-15
OS : XP

View user profile

Back to top Go down

Re: regedit.sys, Win32.confi?

Post by Belahzur on Wed Sep 07, 2011 11:38 pm

Sorry about the wait.

Hi,


Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum