Jump to content

YMZRS

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I ran diskcheck and it corrected some errors but the problem just occurred again, so there is still an issue somewhere...
  2. OTL Extras logfile created on: 11/22/2010 10:53:44 - Run 4 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\James Wyler\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 140.41 Gb Total Space | 43.34 Gb Free Space | 30.87% Space Free | Partition Type: NTFS Drive D: | 175.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 8.64 Gb Total Space | 8.39 Gb Free Space | 97.04% Space Free | Partition Type: NTFS Computer Name: JAMES_HP | User Name: James Wyler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "21:TCP" = 21:TCP:*:Enabled:FileZilla Listening Port ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master -- (Pharos Systems International) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- () "C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated) "C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\orbixd.exe" = C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\orbixd.exe:*:Enabled:orbixd -- () "C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CNEXT.exe" = C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CNEXT.exe:*:Disabled:CATIA -- (Dassault Systemes) "C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATUTIL.exe" = C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATUTIL.exe:*:Disabled:V5 Batch Management -- (Dassault Systemes) "C:\Program Files\UGS\NX 5.0\UGII\ugraf.exe" = C:\Program Files\UGS\NX 5.0\UGII\ugraf.exe:*:Disabled:NX Component -- (UGS Corp.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\Steam\steamapps\yamez_rs\race 07\Race_Steam.exe" = C:\Program Files\Steam\steamapps\yamez_rs\race 07\Race_Steam.exe:*:Enabled:RACE 07 -- (SimBin) "C:\Program Files\ContactAtOnce\ContactAtOnce.exe" = C:\Program Files\ContactAtOnce\ContactAtOnce.exe:*:Enabled: -- ( ) "C:\Program Files\ContactAtOnce\ContactAtOnce.cao" = C:\Program Files\ContactAtOnce\ContactAtOnce.cao:*:Enabled:ContactAtOnce -- () "C:\Program Files\iRacing\iRacingService.exe" = C:\Program Files\iRacing\iRacingService.exe:*:Enabled:iRacingService.exe -- (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) "C:\Program Files\iRacing\iRacingSim.exe" = C:\Program Files\iRacing\iRacingSim.exe:*:Enabled:iRacingSim.exe -- (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) "C:\Program Files\iRacing\iRacingChat.exe" = C:\Program Files\iRacing\iRacingChat.exe:*:Enabled:iRacingChat.exe -- (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) "C:\Program Files\iRacing\iRacingLocalServer.exe" = C:\Program Files\iRacing\iRacingLocalServer.exe:*:Enabled:iRacingLocalServer.exe -- (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) "C:\Program Files\iRacing\iRacingLauncher.exe" = C:\Program Files\iRacing\iRacingLauncher.exe:*:Enabled:iRacingLauncher.exe -- () "C:\Program Files\iRacing\updater\iRacingUpdater.exe" = C:\Program Files\iRacing\updater\iRacingUpdater.exe:*:Enabled:iRacingUpdater.exe -- (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) "C:\Program Files\Orb Networks\Orb\bin\Orb.exe" = C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.) "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks) "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks) "C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master -- (Pharos Systems International) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation) "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation) "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00D0E2A8-E43E-480E-B9D1-E22C9C1D2F72}" = NI-DAQ C and VB6 API "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2 "{01E47856-B1A1-4B69-A0DF-714942D5E4E8}" = NI-MDBG 1.7.0f0 for Phar Lap ETS "{0285C8EA-A48F-4EAF-A485-69C46C464271}" = NI LabVIEW 8.5 VI.lib "{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader "{035456F9-982A-49C0-A8D8-E9C0FEA659E4}" = NI-Serial 3.3 "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{03B96C48-4001-46C7-AA89-6D8C5C32A5B8}" = NI Variable Manager "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0551E151-A312-44B2-956D-32715A988EB8}" = NI-PAL 2.1.0f1 for Phar Lap ETS "{061AE98B-178A-4143-A52A-68ED9279644D}" = NI Legacy DAQmxRF "{0633AAD6-4FBD-4F94-A420-FE5FAC85FD24}" = NI-Serial 3.3 MAX Provider "{0699C67B-F5B5-4CA3-A3A9-B976406FA4DA}" = NI Service Locator "{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{08BEA449-D83E-46CE-AB4A-3CB39C156EBB}" = NI-CAN 2.5.1 ADE Support Files "{0A0FF37C-514F-4965-8D5E-A424B6D01742}" = NI-SCOPE 3.3.2 "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0D77EC38-3091-40AE-A028-3C7BBEB0FC09}" = NI LabVIEW 8.5 License "{0DD44F69-829A-4A34-8EF3-0B26E888B546}" = Intuitive Data Display "{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos "{0EC13D13-65CE-4742-BD1C-BA907E353E19}" = CesacchaWmp "{0F7038A9-4CA2-4A63-B4F4-D3DB79B089D4}" = NI-Serial 3.3 Help "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{122E90F8-A899-4225-AA82-94CBA2AEA98D}" = NI LabVIEW 8.5 Examples "{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}" = Logitech Gaming Software "{151F473B-9F91-4DAC-B77F-FF7BF8F5EE25}" = NI Instrument I/O Assistant "{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0 "{15D5755D-3795-45FE-9ED6-BC0DAFA3B333}" = NI-RPC 3.4.0f1 "{1829DACB-46DE-4624-808B-7802AC528DDF}" = NI EULA Depot "{19E110CF-0A59-46E7-883A-BF1342ECC0C8}" = NI Enhanced DSC Deployment Support 8.5 "{1A710265-096B-46CB-8849-53A209D9A8CF}" = NI Certificates Deployment Support "{1C885277-8F54-4C07-8E2B-05DE800A07E7}" = NI SCXI 1.8.1 "{1CF99BB2-C257-49A9-A5AB-078132CFFFC5}" = NI-STE10/100A 2.1.0f2 for Phar Lap ETS "{20D21946-CC38-4380-94F7-E49A447AD12F}" = NI-MXDF 1.8.0f0 "{216886AA-525A-4E20-A845-EBB75FB5AD1E}" = NI PXI-5660 Support "{21CCF072-914D-4B56-8A9A-5F3099BDFB48}" = Keil Evaluation 8051 Toolset for Silicon Laboratories "{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071 "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins "{243F0DFE-9945-4212-93CD-9B49D38477BE}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0 "{2461AEFD-6597-4B5F-9174-754B9DB56091}" = NI LabVIEW 8.5 Project "{24F9EE02-2628-4F33-BF2C-F24BB4797C8E}" = NI Timing Installer 1.10.0 "{25087132-D60F-4CF0-BAEB-9C86B2E75ACE}" = NI DAQ Assistant 1.7.0 "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22 "{26BCC645-5CD6-4864-B779-A38C8C59EC3C}" = NI-VISA 4.2 "{27540AD5-C2CD-484D-AAEF-AD1A8DF26CB7}" = NI-DIM 1.7.0f0 for Phar Lap ETS "{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine "{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog "{2998D054-9254-42D0-A2DE-3C2DB04D92F1}" = NI-CAN 2.5.1 "{299B4500-C41F-4BA3-AB4A-CC9412E16D67}" = NI LabVIEW Run-Time Engine 8.5 "{29A816A6-86EF-41ED-806C-012728927595}" = NI Remote Provider for MAX "{29E15D85-2D64-4584-AF30-32E2DC1CE55B}" = NI-IMAQ Configuration 2.1 "{2A2883FA-6ACB-4FC6-B70E-98110EC6404D}" = NI-488.2 Provider for MAX "{2CD01C28-454F-4863-B875-55C37454B1A8}" = NI Calibration Provider for MAX "{2CDFA015-CE4A-47CE-9071-AF221ABB6420}" = NI-FGEN 2.4.6 "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{2F4C21C2-2BDC-4226-961D-A9D297C4F34C}" = NI LabVIEW 8.5 Applibs "{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager "{31CB55E5-A7C6-4CC7-807D-70CFCF5603D6}" = ADuC702xV1.1 "{31E40ADA-5756-440D-8D31-4CE1388FEAD3}" = NI AFW Channel Configuration Tool "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{33547274-426C-4955-B30E-3CC12190AD3C}" = NI-RFSG 1.2.6 "{34067EE8-710C-4EDA-965F-C977FB2CEDCC}" = NI Spy 2.5.1 "{343D72CD-C056-4E19-ADF3-FAE76285154B}" = Silicon Laboratories Configuration Wizard 2 "{347D80AC-D40D-4B9C-AE48-B698D4B6EF0B}" = NI-488.2 for LabVIEW Real-Time 2.52 "{347DA1C4-9739-46DF-AF73-F90B17D68FF7}" = TunerStudioMS "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2 "{34DBA734-9992-47DC-8E92-F343A18071D0}" = NI-488.2 2.5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71 "{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5 "{37DABC6A-3662-4A68-A1D8-A6E4958F64B6}" = NI Measurement Studio 8.1 Enterprise RunTime for VS2005 "{38A1EB20-8657-43B1-ADD9-3AD5CDB423AB}" = NI-DAQmx support for LabVIEW "{38A4AD83-3492-4A4E-A502-48106D88DD3E}" = NI USI 1.5.0 "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD "{391E73EB-3AB9-4B7A-8951-621544149E8F}" = NI Script Editor 1.3.1 "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3C8C9093-2961-4D25-805E-E12FC0DD2FE1}" = NI-SWITCH 3.6 "{3DD972A1-05F0-48C8-9EC4-AB6D4CA0396A}" = NI-DIO Driver 151f0 "{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer "{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor "{4175EFAF-1789-4C85-908D-81C620439CE0}" = NI LabVIEW SignalExpress 2.5 Steps "{4262645A-40CC-47C7-8934-903FB7E9DC09}" = NI-PAL 2.1.0f1 "{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard "{44564479-0533-4542-8D5A-4937EA4BFBAC}" = MPLAB Tools v8.30 "{45A162D5-CF6F-49C5-9B25-A0F5DF512664}" = NI LabVIEW 8.5 Resource "{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1 "{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2 "{46ADF464-9D63-47E0-B59F-0D9C3A60B4C4}" = NI DataSocket 4.5.0 "{47101908-553A-4767-94F5-1F2B58012F6D}" = NI LabVIEW 8.5 Help "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CF5749D-2D10-4F5F-8AEC-DA808F15D665}" = NI IVI Class Driver LabVIEW 8.5 Support "{4D5C1D5C-0337-4498-8699-E940CFDDECAD}" = NI-DAQmx MAX Support 1.9.0 "{4DD8D80C-6AC9-4E19-B3CE-E2CEB656AF2A}" = NI IVI Engine "{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform "{4E765B16-84C0-40FD-A33D-D58CC7C75603}" = UGS NX 5.0 "{4EE688DD-B990-49C4-8615-BD1B0E66EA81}" = NI LabVIEW SignalExpress 2.5 Datatypes "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour "{53736430-DBEC-4582-B072-2F1F0A2C4EA6}" = NI LabVIEW Run-Time Engine 7.1.1 "{5423BE44-BD51-4BD9-B345-AE16E8A90D5D}" = Traditional NI-DAQ Documentation "{55762835-9A95-4A89-BFAE-8E46979C8C4B}" = NI LabVIEW 8.5 Manuals "{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools "{5626F094-CC8D-497E-948F-BF639800622F}" = NI-TClk 1.6.1 "{56CC729C-4986-4590-AAD5-874B8DC970AE}" = NI Sound and Vibration Frequency Analysis 5.0 "{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager "{57E227A9-B368-48A5-88A6-4A9436F24F9F}" = NI-VISA 4.2 for LabVIEW Real-Time "{59DD18B4-3953-4D52-BB1C-C68275F47CE8}" = NI Portable Configuration "{5AC708B7-B14B-4954-9997-FF8A82CCFFDE}" = Parallax USB Oscilloscope v5.1 "{5C2AD01A-C3FC-4F0E-899A-30D9B86D9941}" = NI-IVI Provider for MAX "{5C4FDEAA-BD9B-4045-B48B-A2F60775130F}" = NI-IMAQ 3.8 "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide "{5DBDA3D6-7D16-419C-8434-219011CF652B}" = NI-VISA Runtime 4.2 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F2318E0-67DD-4772-9581-1515DF87F5BB}" = NI DHV DCMP Installer 108f1 "{5F408BD6-1488-48EF-A000-92735DEA9957}" = NI LabVIEW SignalExpress 2.5 Licenses "{6015C797-82BE-4655-8D53-581C838F14B0}" = NI-TNF 1.4.1f0 for Phar Lap ETS "{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6236AC09-E2A3-4B42-BAF0-92E803E1A1BB}" = NI-DMM 2.7.2 "{627BF3DD-2460-4EA1-904D-997BA5D1AB43}" = NI Common Digital 1.7.1 "{652BD9A6-EE53-400F-99BD-221AB0ED41A0}" = ContactAtOnce "{65F1EE0F-F9D2-45E1-8E14-2EBFF34E90A0}" = NI LVBrokerAux8.0 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86 "{67C0B158-5F90-4B5D-9FD0-968CECE02A9F}" = Pi Delta Logger Management "{681DD3FE-F5D0-4781-B159-E2422524BF98}" = NI IVI Class Simulation Drivers "{68B7F576-5AF2-46D4-857A-763505551BF5}" = NI-DAQmx OPC Support "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69DCD41A-DA0B-4707-BF29-1D9787D3BB18}" = MegaLogViewer "{6B2DC860-5B05-40E6-93DE-F17AAFE0A526}" = NI Variable Engine "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6DB587C2-8289-472A-967F-B3F66DA37D39}" = NI-Motion 7.6 FX Development "{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime "{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant "{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1 "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14 "{7112A06F-A109-46CC-810E-070679754F77}" = NI LabVIEW Deployable License 8.5.0 "{71828DDB-A251-4D0D-A4B9-DAC5093D9F96}" = Silicon Laboratories C8051Fxxx uVision Driver "{71A4CCC4-599D-49ED-8572-84529FE7626E}" = NI Hierarchical Waveform Storage 1.4.5 "{72CBC468-82F9-48F8-B5B0-3300387E41AA}" = Nokia Ovi Suite Software Updater "{72D79D45-4F40-4ECF-8198-BD57635E65DA}" = NI PXI Platform Services for LabVIEW Real-Time 2.3.1 "{737C5CE5-9BB8-4A32-AC60-437F665FADCF}" = Pi Data Object "{73935D21-6136-4FF6-8069-33D767E61429}" = NI-DIM 1.7.0f0 "{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution "{74CB3747-1685-46C1-8F02-FCDA36ADDBA9}" = NI TDMS "{74F4EA0E-6E74-4336-BFB7-8B1376CACBB1}" = NI Instrument IO Assistant for LabVIEW 8.5 "{755ED4DC-D519-4918-8C9E-BAC9765B9696}" = NI LabVIEW SignalExpress 2.5 Core "{768ECA63-EB76-4837-A4CC-58DA5A2FDAE9}" = NI LabVIEW 8.5 WWW "{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773D6C77-4A5A-45C4-B4DE-3B6DAB4785BC}" = HP Broadband Wireless Modules "{775FF57D-799D-49C4-A813-B695F0AA9E5C}" = NI-IMAQ 32-bit Driver Support "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{797D46F1-214B-484F-BCC2-69E0BC0E3359}" = NI-VISA 4.2 MAX Provider "{7A6E650E-EFFA-4EF5-B807-E1F1C96F109E}" = NI-HSDIO 1.5.2 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BD2DE9E-5B66-4C99-A5EE-BC2A23932F26}" = NI-DAQ INF Files "{7DE3B2CC-B0EA-4607-B407-7E5E7C8BEAB0}" = NI LabVIEW Broker "{7DEA0C8C-2DB7-4311-87D8-A90921BF8B53}" = NI PXI Platform Services Provider for MAX 2.3.1 "{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 "{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062 "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{826A1597-DAD0-4BB2-BAE8-C16F4BEEF089}" = NI-Motion 7.6 "{82D05F0A-8652-4F8F-BCD3-61DFFF4D660E}" = NI LabVIEW 8.5 Help File "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology "{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2 "{873B6C52-4EAF-4FA8-A156-907FE78D74F3}" = NI LabWindows/CVI Code Generator "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{88635CC8-FBE4-4741-A030-7A5E36988CA3}" = NI Dynamic Signal Acquisition Installer 1.10.0 "{89B920B6-ECF2-43FB-AF9C-8DD1843FC9A3}" = NI MIO Device Drivers 1.13.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A702909-3A7D-4ABD-846B-1869A49D850B}" = NI MDF Support "{8AE51614-30BE-4F0F-B50F-459AB979D219}" = NI LabVIEW 8.5 "{8BAD0680-6FCF-4E6B-9E1F-C8D418999EF5}" = PICkit 2 v2.50.02 "{8C3790DA-0A12-4FF9-A3F1-B1D279E6D40C}" = NI-CAN Provider for MAX "{8C8D1F1E-DC31-44F2-97F5-0D84CE49BB56}" = NI Uninstaller "{8E0D1E76-BB9B-4D5C-B46F-21771677E3E4}" = NI DHV GPL 108f1 "{8E25212F-D6E5-4504-BE07-0F03A603B5E5}" = NI-APAL Error Files 1.2.0f0 "{8EB3022D-F805-421C-A573-59EC3EE5C08C}" = NI-IMAQ Provider for MAX "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{8F67CD1C-DF0B-400D-B611-A01A7C8D46B5}" = HP WWAN Setup Utility "{8FA9410D-5894-4191-B8A4-CCEFAE34051C}" = NI OPC Support "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{911F2BEE-4919-4BA3-A097-B014070FD738}" = NI Assistant Framework LabVIEW Code Generator 8.0 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{9198EBF1-7EBB-40D4-87C8-7415CF8AE448}" = NI MXS "{92228315-BA53-4061-A404-0F05A72E946B}" = NI Logos XT Support "{92FA4246-7317-4A35-A74C-EF7D15B28C03}" = NI PXI Platform Services for Windows 2.3.1 "{93971826-093B-43E7-BA90-7A507D5E2339}" = NI LabVIEW SignalExpress 2.5 "{9426846E-66E2-4364-A846-C040F95619A7}" = Silicon Laboratories IDE & Examples "{951B982C-04C6-40AD-88EB-E79DA4E229BF}" = NI-DAQ Provider for MAX "{95B2CC9F-9C29-4F43-A4E7-9953FDFDC90F}" = NI-ORB 1.7.0f0 for Phar Lap ETS "{95F1D58C-3A9C-4505-A554-A10322E4766B}" = NI-ORB 1.7.0f0 "{97C686BD-6FF3-4E3B-830D-552FE06128AA}" = NI LabVIEW 8.5 Templates "{98618CFE-CACD-48C4-85EA-F9197FFEDD0C}" = NI Assistant Framework LabVIEW Code Generator 6.1 "{9877BCD9-6698-4951-AE19-D5F398D83D5A}" = Dassault Systemes Software Prerequisites x86 "{995E87FC-1E2B-463C-890A-94D39B761C43}" = NI-TNR Driver "{99A125D2-366A-49BE-A144-B6CFB9668A90}" = IVI Shared Component "{9A5277BD-4C24-40C7-AEF2-9FA6C6229EC6}" = NI LabVIEW SignalExpress 2.5 LabVIEW Support "{9A990C4C-C1CA-450B-B816-1B56EF14D538}" = NI-DAQmx Switch Core 1.12.0 "{9C008728-2EF9-44A7-9149-EEC43B9F87AF}" = NI LabVIEW 8.5 Menus "{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater "{9FBEC876-60EB-4BAC-BF51-E7EF29C1D71A}" = NI Assistant Framework LabVIEW Code Generator 8.2 "{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2 "{A2B13DC5-3998-4D83-AD5C-D66679A1205C}" = NI-FieldPoint 6.0 "{A2B333B8-0797-42EB-A68E-39DCAB6D9DD6}" = NI-DCPower 1.1.2 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan "{A4ED947E-EC39-44F4-A576-44FA9E9F4AE3}" = NI Logos LabVIEW 8.5 Support "{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AA91B347-DDC0-41D7-BBAB-30EF9E8BBFC6}" = NI-Serial 3.3 for LabVIEW Real-Time "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AAEAC72F-9B68-464A-BC8B-587946B99B4E}" = NI MAX LabVIEW Support "{AB98CF0B-1DBB-4F9A-ABDE-625217C8D34A}" = NI Measurements eXtensions for PAL 1.7.0 "{ABCE1FFB-A320-44ED-BEE8-68AF1791B35E}" = NI LabVIEW 8.5 MeasAppChm File "{ABFAA6D6-7832-4C57-BF92-BA4A7244DE7C}" = NI LabVIEW 8.5 iMath "{AC5B4B67-A4D4-44C0-9B37-FDD197543B58}" = NI-CAN Driver Files "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{ADA35685-E6DC-42F2-807E-312AD0D18AA6}" = HP User Guides 0061 "{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2 "{ADF04B79-2737-4D79-A683-79F7DD3E1BB1}" = NI-MRU 2.8.0f1 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B05599F2-55E3-47D2-9047-AE171F35A90B}" = NI Logos 4.9 "{B0C41F37-FE9A-40A7-AFF9-0BFE9A36BCF3}" = NI-DNET 1.6.1 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2 "{B59C4A37-E4EA-41E8-922F-EF8E6762412F}" = NI-MDBG 1.7.0f0 "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support "{B6440D7E-E115-4B11-8935-54A329E364E0}" = NI LabVIEW 8.5 gMath "{B6CDE57D-9384-4AFD-8731-48955D6FFCBD}" = NI ModInst 1.4.2 "{B6E680C6-B9C5-42D0-9907-491C2200E4F8}" = NI-MXLC 1.0.0f1 "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0 "{B7944A61-5832-40F1-B052-1D0BAB45EF95}" = NI LabVIEW 8.5 Simulation "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver "{BB5AC3FF-D750-477F-9437-2EF59CDF9103}" = NI-DAQmx Documentation "{BB6B7CF3-6231-4F11-8F5B-8A7F10F3F587}" = NI Assistant Framework "{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b) "{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2404A93-1951-47D2-9C02-22F3766258D8}" = NI-DAQmx 8.6 "{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min "{C4908416-75CE-456B-9AA5-531DE7FF6415}" = NI LabVIEW 8.5 User.lib "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific "{C4FBCEA7-E603-4994-9748-23F6FB9B24FC}" = NI LVBrokerAux 8.2.1 "{C5D0A6E9-9B1B-4463-BFDC-2969EB353434}" = NI-FGEN Driver 146f1 "{C70C9D30-6DB4-445F-AAAB-E21FB8783569}" = NI IVI Class Drivers "{C74D0FA0-1D49-464F-A707-B427EE3385C1}" = BIOS Configuration for HP ProtectTools "{C7E05341-311B-4D55-A22A-073468D5BB05}" = NI FieldPoint MAX Provider "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{C97C567B-27AC-461D-933A-BF4396540980}" = NI-HSD Driver 182f1 "{C9A019F0-B88F-464B-813A-C60293FEEC58}" = NI Fusion Standard Library Installer 1.5.1 "{CA324A25-354B-4337-8C03-2BE131A6B10A}" = NI-IMAQ .NET Support "{CA3B6B06-5FA5-4C1B-87FC-44C050E1B563}" = NI IVI Compliance Package 3.1 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB75FFBB-67AA-4AF5-840C-B60D76720AC1}" = MoTeC i2 Pro "{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}" = iRacing.com Race Simulation "{CCF79A96-F9F4-4B80-B9F7-4A4B3AA7DE76}" = NI-CAN: Shared LV code "{CD7FE5D3-4678-4C79-B9EA-32D14E9BE583}" = NI IVI Online Help "{CD8DC58F-465B-4E04-853C-C43E7950FA86}" = NI LabVIEW Run-Time Engine 7.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D17DE20F-BF2B-459C-86D4-DCB3F665BF6C}" = NI-DAQ Document Set "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes "{D2B84C1E-DD92-442A-9229-42C0A426E57F}" = NI LabVIEW SignalExpress 2.5 Tools "{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline "{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant "{D335CCE7-749E-4958-A48C-6F4E804F56C9}" = NI Instrument IO Assistant for LabVIEW 7.1 "{D3FE1E36-DF92-442F-AAE6-FFF4D5913834}" = NI LabVIEW Merge Utility 8.5.0 "{D47BF5FF-D068-4A36-82B4-F55E68F38BE9}" = NI-INTEL8255X 2.1.0f0 for Phar Lap ETS "{D490070C-66AE-43CB-B230-6D92D5840E83}" = NI-Watchdog 2.2.1f9 "{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3 "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor "{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1 "{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries "{DBEEAC1D-E0AE-4B14-A9F2-38953F2E5C73}" = NI-Motion MAX Provider 7.6 "{DD4727FC-A2B4-4639-8365-8D092A3BC3E8}" = NI STC 1.2.0 "{DEBA1F73-FA74-4B62-A2CF-A83A02C967B4}" = NI-Tuner 1.6.6 "{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface "{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite "{E046A9E5-3991-40F6-91D2-57A28B4ACC60}" = NI Remote PXI Provider for MAX "{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2 "{E30CDA45-B3CA-470B-B0C0-6BD69ED86693}" = Silicon Laboratories ToolStick Development Tools "{E4DB90AC-6536-4359-90EE-75BEEFC1A923}" = MogdSharp "{E5B1DA8B-D2C2-4E4F-82CF-28C169FD4598}" = NI Assistant Framework LabVIEW Code Generator 7.1 "{E5FF4ACF-89A3-4FF9-AD1F-A3F1DD5CF5F5}" = NI-VISA Server 4.2 "{E6BBBB50-76E9-4F2F-AA8C-3FDDEB978A87}" = NI Assistant Framework LabVIEW Code Generator 8.5 "{E8FDF79F-C5C7-4801-9E42-BA2B9CFDB144}" = NI Vision Acquisition Express VI "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EB9E7F70-8F2E-412A-A182-FAC85345FDCC}" = NI Assistant Framework LabVIEW Code Generator 7.0 "{EC610AB8-3B18-4AD9-BCE5-8D014C94CD64}" = NI Example Finder 8.5 "{EDF51FA5-6909-47E1-AAFE-411BA8900AA1}" = NI-DAQmx - LabVIEW shared documentation "{F08FF422-BDBC-4816-810A-085880C15FC6}" = NI Software Provider for MAX "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F1FA3E4B-04DE-5EDE-FDC0-8E527912F2E0}" = Pandora "{F28D6E4E-EA52-49F5-B5E8-EDA4F380F83A}" = NI DN 2.0 installer "{F3BE8B64-D74E-4B79-B21A-DD5AE291BD84}" = NI-FieldPoint for LabVIEW Real-Time 6.0 "{F4AEDCEC-88CD-4408-80F4-6E7560AE2122}" = NI Variable Engine LabVIEW 8.5 Support "{F566E322-AA55-4AAE-A3E8-43B1786710A5}" = NI Measurement & Automation Explorer 4.3 "{F5A5B4B5-46A2-4489-958B-C44B89B27C38}" = NI-653x Installer 1.7.0 "{F5EEC475-6464-4072-95C1-A39DC929CDED}" = NI LabVIEW SignalExpress 2.5 Core LabVIEW Support "{F843AC27-704C-4731-A590-F57841B488F2}" = Drive Encryption for HP ProtectTools "{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network "{FA4B42B5-F071-4757-B166-F8B219D40136}" = NI-RFSA 2.0.6 "{FADFF346-8180-4F39-AEC7-FE81087315BC}" = NI LabVIEW 8.5 CINtools "{FC7E30E4-E72F-45EC-9822-FC41C41E9DFA}" = Traditional NI-DAQ 7.4.4 (Legacy) "{FC9144C1-F70B-47CF-BCDC-FEFE4C0BA7D1}" = NI LabVIEW 8.5 Instr.lib "{FDA3B45E-073C-4394-90F5-44887B54CC2C}" = NI LabVIEW 8.5 Device Detection and Deployment Support "{FDD1F9E8-A174-4A6C-A185-C5AC913D64C3}" = NI Measurement Studio Max Configuration Support for VS2005 "{FDEABB07-6AC3-41E1-A17C-CA5D9707EF72}" = NI-RPC 3.4.0f1 for Phar Lap ETS "{FDF8AE1D-C47B-4A0B-9A78-F4CC00236C42}" = NI-MXDF 1.8.0f0 for Phar Lap ETS "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BlackBerry_{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3 "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795" = Soft Data Fax Modem with SmartCP "com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora "ComcastHSI" = Comcast High-Speed Internet Install Wizard "Dassault Systemes B18_0" = Dassault Systemes Software B18 "DivX Setup.divx.com" = DivX Setup "DIYAutoTune's Tuning Software Package_is1" = DIYAutoTune's Tuning Software Package - 081909 "EAGLE 5.6.0" = EAGLE 5.6.0 "FileZilla Client" = FileZilla Client 3.2.2.1 "FileZilla Server" = FileZilla Server (remove only) "Guitar Pro 5_is1" = Guitar Pro 5.2 "HP Photo & Imaging" = HP Image Zone 4.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{31CB55E5-A7C6-4CC7-807D-70CFCF5603D6}" = ADuC702xV1.1 "InstallShield_{44564479-0533-4542-8D5A-4937EA4BFBAC}" = MPLAB Tools v8.30 "IviSharedComponent" = IVI Shared Components "Keil
  3. OTL logfile created on: 11/22/2010 10:53:44 - Run 4 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\James Wyler\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 140.41 Gb Total Space | 43.34 Gb Free Space | 30.87% Space Free | Partition Type: NTFS Drive D: | 175.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 8.64 Gb Total Space | 8.39 Gb Free Space | 97.04% Space Free | Partition Type: NTFS Computer Name: JAMES_HP | User Name: James Wyler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days < End of report >
  4. I am still having the issues where I loose the text in my tabs, window titles and icons on the desktop. It happens randomly and the computer slows down, however, the computer may operate without issues for several hours and sometimes days.
  5. COMBO FIX ComboFix 10-11-20.03 - James Wyler 11/20/2010 18:44:55.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2528 [GMT -5:00] Running from: c:\documents and settings\James Wyler\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\system32\zlibwapi.dll E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 ))))))))))))))))))))))))))))))) . 2010-11-16 00:07 . 2010-11-16 00:13 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2010-11-16 00:07 . 2010-11-16 00:13 472808 ----a-w- c:\windows\system32\deployJava1.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-16 00:13 . 2008-03-04 03:48 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-03 00:10 . 2010-04-08 22:41 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-03 00:10 . 2010-04-08 22:41 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2004-03-15 21:51 . 2004-03-15 21:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll 2003-05-01 13:36 . 2003-05-01 13:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll 2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll 2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll 2007-07-24 23:03 . 2007-07-24 23:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-21 1187840] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "HPWWANGSAssistant"="c:\swsetup\HPQWWAN\HPWWanGSAssistant.exe" [2007-05-03 4032056] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-7-14 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2007-04-30 16:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2008-04-23 07:08 483328 ----a-w- c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2] 2005-04-04 22:58 856064 ----a-w- c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] 2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niDevMon] 2007-07-14 20:39 106064 ----a-w- c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart] 2009-11-06 21:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2] 2010-02-25 01:17 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-05-25 12:07 8429568 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-05-25 12:07 81920 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-05-25 12:07 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] 2008-05-14 01:29 507904 ----a-w- c:\program files\Orb Networks\Orb\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] 2007-05-08 16:38 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2006-03-10 01:38 806912 ----a-w- c:\windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2006-07-13 15:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2007-01-05 16:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] 2009-01-21 19:19 92168 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2009-02-14 02:01 1410296 ----a-w- c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Adobe Version Cue CS2"=2 (0x2) "Adobe LM Service"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "NITaggerService"=2 (0x2) "NILM License Manager"=3 (0x3) "NIDomainService"=2 (0x2) "mxssvr"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "LkCitadelServer"=2 (0x2) "nipxirmu"=2 (0x2) "nimcdldu"=2 (0x2) "nidevldu"=2 (0x2) "ni488enumsvc"=2 (0x2) "lkTimeSync"=2 (0x2) "lkClassAds"=2 (0x2) "NVSvc"=2 (0x2) "matlabserver"=2 (0x2) "FileZilla Server"=3 (0x3) "iRacingService"=2 (0x2) "PCA"=2 (0x2) "RoxLiveShare9"=2 (0x2) "niSvcLoc"=2 (0x2) "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= "c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\orbixd.exe"= "c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe"= "c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CATUTIL.exe"= "c:\\Program Files\\UGS\\NX 5.0\\UGII\\ugraf.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Steam\\steamapps\\yamez_rs\\race 07\\Race_Steam.exe"= "c:\\Program Files\\ContactAtOnce\\ContactAtOnce.exe"= "c:\\Program Files\\ContactAtOnce\\ContactAtOnce.cao"= "c:\\Program Files\\iRacing\\iRacingService.exe"= "c:\\Program Files\\iRacing\\iRacingSim.exe"= "c:\\Program Files\\iRacing\\iRacingChat.exe"= "c:\\Program Files\\iRacing\\iRacingLocalServer.exe"= "c:\\Program Files\\iRacing\\iRacingLauncher.exe"= "c:\\Program Files\\iRacing\\updater\\iRacingUpdater.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21:TCP"= 21:TCP:FileZilla Listening Port R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/10/2007 19:08 15448] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [4/26/2007 22:23 100095] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 16:31 44720] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [3/29/2007 19:54 13696] R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [4/24/2007 10:52 16688] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [4/26/2007 22:23 5808] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/8/2010 17:41 135336] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 03:00 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 03:00 14336] R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [5/4/2007 13:24 36864] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [4/27/2007 13:58 221184] R2 iRacingService;iRacing.com Helper Service;c:\program files\iRacing\iRacingService.exe [3/30/2009 17:41 469152] R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [4/16/2007 14:40 37376] R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [4/16/2007 14:40 21504] R2 nicanpk;nicanpk;c:\windows\system32\drivers\nicanpkl.sys [7/17/2007 13:46 11336] R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [4/16/2007 16:04 674304] R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [4/16/2007 16:06 50688] R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [4/16/2007 14:41 30208] R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2/22/2007 11:18 11552] R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [4/16/2007 14:42 111616] R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [7/19/2007 10:56 11360] R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 15:13 292384] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 14:16 41216] R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [3/3/2008 21:54 47616] S2 KEILUL;Keil ULINK SERVICE (keilul.sys);c:\windows\system32\drivers\keilul.sys [7/18/2008 17:22 35306] S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 16:13 30008] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 11:28 172131] S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [1/11/2007 09:18 20256] S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2/22/2007 11:40 25888] S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2/22/2007 11:43 11552] S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [5/25/2007 12:26 22360] S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2/26/2007 11:40 16672] S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [7/15/2007 16:44 11352] S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [7/12/2007 17:18 11360] S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [7/13/2007 21:38 11336] S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [7/19/2007 02:06 11344] S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2/23/2007 21:32 11552] S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [7/24/2007 18:37 11336] S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [7/24/2007 18:37 11336] S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [7/15/2007 17:31 11352] S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2/23/2007 15:20 11552] S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [7/24/2007 21:01 11352] S3 niimaqk;NI-IMAQ Driver;c:\windows\system32\drivers\niimaqk.sys --> c:\windows\system32\drivers\niimaqk.sys [?] S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [7/24/2007 11:19 11360] S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [7/18/2007 09:47 11392] S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [6/20/2007 23:19 14464] S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [6/20/2007 23:19 151683] S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [7/13/2007 19:00 11360] S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [7/13/2007 19:01 11368] S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [7/19/2007 12:49 11360] S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [7/18/2007 20:11 11904] S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [7/18/2007 20:12 11896] S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [7/24/2007 14:29 11552] S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2/22/2007 11:45 20768] S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [6/30/2007 22:07 11552] S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [7/19/2007 01:32 11376] S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [7/16/2007 23:27 11352] S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [7/16/2007 11:52 11344] S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [6/15/2007 23:38 11624] S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [7/19/2007 01:32 11376] S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [6/1/2007 14:39 11552] S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [7/24/2007 18:37 11336] S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [7/15/2007 15:48 11312] S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [7/15/2007 16:50 11360] S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [7/17/2007 03:18 11336] S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [7/18/2007 21:15 11360] S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2/23/2007 23:09 11552] S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [7/19/2007 10:48 11384] S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [7/19/2007 10:56 11360] S3 niwdk;niwdk;c:\windows\system32\drivers\niwdk.sys [7/14/2007 19:26 19456] S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [7/24/2007 18:37 11336] S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [7/24/2007 18:38 11336] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [4/19/2010 14:17 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [4/19/2010 14:17 8320] S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?] S4 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 12696] S4 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 12696] --- Other Services/Drivers In Memory --- *NewlyCreated* - NIPALK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel HPService REG_MULTI_SZ HPSLPSVC [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comcast.net/ mStart Page = hxxp://www.comcast.net/ mWindow Title = Windows Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop uInternet Settings,ProxyOverride = *.local IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com|http://www.spiegel.de/international/|http://gizmodo.com/|http://shirt.woot.com/ FF - plugin: c:\documents and settings\James Wyler\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\James Wyler\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe MSConfigStartUp-wclock - c:\documents and settings\James Wyler\Application Data\Google\yfijv17721328.exe AddRemove-Windows Essentials Media Codec Pack - c:\program files\Essentials Codec Pack\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-20 18:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1020) c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.dll c:\windows\system32\DeviceNP.dll - - - - - - - > 'explorer.exe'(508) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-11-20 18:56:47 ComboFix-quarantined-files.txt 2010-11-20 23:56 Pre-Run: 45,729,210,368 bytes free Post-Run: 45,689,356,288 bytes free - - End Of File - - 532FCDB04F2351A109FCF8C643123ECA
  6. Still having these issues... OTL Logs OTL logfile created on: 11/17/2010 21:21:04 - Run 3 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\James Wyler\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 140.41 Gb Total Space | 37.33 Gb Free Space | 26.59% Space Free | Partition Type: NTFS Drive D: | 175.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 8.64 Gb Total Space | 8.39 Gb Free Space | 97.04% Space Free | Partition Type: NTFS Computer Name: JAMES_HP | User Name: James Wyler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/11/17 21:20:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Wyler\Desktop\OTL.exe PRC - [2010/11/02 19:10:46 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/11/02 19:10:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/11/02 19:10:46 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/10/28 23:09:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/10/28 23:09:58 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010/10/28 14:30:44 | 000,469,152 | R--- | M] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) -- C:\Program Files\iRacing\iRacingService.exe PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/05/04 13:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) -- C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe PRC - [2007/04/27 13:58:58 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2007/02/06 20:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2007/02/06 14:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007/02/06 14:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007/01/09 18:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006/12/04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe PRC - [2006/10/09 14:23:06 | 000,697,976 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe ========== Modules (SafeList) ========== MOD - [2010/11/17 21:20:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Wyler\Desktop\OTL.exe MOD - [2007/02/25 22:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll MOD - [2007/02/06 14:19:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll ========== Win32 Services (SafeList) ========== SRV - [2010/11/02 19:10:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/11/02 19:10:46 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/10/28 14:30:44 | 000,469,152 | R--- | M] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) [Auto | Running] -- C:\Program Files\iRacing\iRacingService.exe -- (iRacingService) SRV - [2010/01/26 11:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009/03/03 05:19:28 | 000,691,200 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server) SRV - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster) SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) SRV - [2008/03/25 20:25:50 | 000,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC) SRV - [2007/07/24 04:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9) SRV - [2007/07/24 04:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9) SRV - [2007/07/23 08:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2007/07/19 15:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) [Disabled | Stopped] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc) SRV - [2007/07/16 16:15:06 | 000,213,040 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2007/07/16 16:14:56 | 000,050,736 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync) SRV - [2007/07/16 16:14:46 | 000,040,488 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds) SRV - [2007/05/09 14:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum) SRV - [2007/05/04 13:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe -- (BBDemon) SRV - [2007/04/30 11:28:34 | 000,172,131 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK) SRV - [2007/04/27 13:58:58 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2007/03/21 10:35:18 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer) SRV - [2007/03/08 16:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2007/02/16 10:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu) SRV - [2007/02/16 10:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (nimcdldu) SRV - [2007/02/16 10:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu) SRV - [2007/02/16 10:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (ni488enumsvc) SRV - [2007/02/06 20:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2007/01/29 14:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/12/04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI) SRV - [2006/06/22 00:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2005/07/27 11:53:00 | 000,536,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver) SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usb6xxxkl.sys -- (usb6xxxk) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PNDIS5.SYS -- (PNDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\niimaqk.sys -- (niimaqk) DRV - [2010/11/02 19:10:46 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/11/02 19:10:46 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/01/21 13:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010/01/07 14:14:56 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010/01/07 14:14:56 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009/12/30 10:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009/12/30 10:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009/12/30 10:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009/12/30 10:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009/12/30 10:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009/05/11 10:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/01/13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2009/01/13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2009/01/13 19:13:36 | 000,031,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2009/01/13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009/01/13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/05/08 09:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008/05/02 15:39:50 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008/04/13 13:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/10/31 18:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel® DRV - [2007/07/24 21:01:32 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nihsdrkl.sys -- (nihsdrk) DRV - [2007/07/24 18:38:00 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkl.sys -- (nixsrk) DRV - [2007/07/24 18:37:56 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niwfrkl.sys -- (niwfrk) DRV - [2007/07/24 18:37:56 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nissrkl.sys -- (nissrk) DRV - [2007/07/24 18:37:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niesrkl.sys -- (niesrk) DRV - [2007/07/24 18:37:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niemrkl.sys -- (niemrk) DRV - [2007/07/24 14:29:20 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipsdkl.sys -- (nipsdk) DRV - [2007/07/24 11:19:12 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimru2kl.sys -- (nimru2k) DRV - [2007/07/24 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2007/07/19 12:49:10 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ninshsdkl.sys -- (ninshsdk) DRV - [2007/07/19 10:56:44 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK) DRV - [2007/07/19 10:56:44 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK) DRV - [2007/07/19 10:48:36 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK) DRV - [2007/07/19 02:06:50 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidsarkl.sys -- (nidsark) DRV - [2007/07/19 01:32:50 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niscdkl.sys -- (niscdk) DRV - [2007/07/19 01:32:48 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nispdkl.sys -- (nispdk) DRV - [2007/07/18 21:15:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitiorkl.sys -- (nitiork) DRV - [2007/07/18 20:12:02 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl) DRV - [2007/07/18 20:11:38 | 000,580,184 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipalk.sys -- (NIPALK) DRV - [2007/07/18 20:11:02 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl) DRV - [2007/07/18 09:47:38 | 000,011,392 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsdrkl.sys -- (nimsdrk) DRV - [2007/07/17 13:46:00 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nicanpkl.sys -- (nicanpk) DRV - [2007/07/17 03:18:04 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niswdkl.sys -- (niswdk) DRV - [2007/07/16 23:27:32 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisdigkl.sys -- (nisdigk) DRV - [2007/07/16 11:52:40 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisftkl.sys -- (nisftk) DRV - [2007/07/15 17:31:46 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nifslkl.sys -- (nifslk) DRV - [2007/07/15 16:50:40 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistcrkl.sys -- (nistcrk) DRV - [2007/07/15 16:44:52 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicdrkl.sys -- (nicdrk) DRV - [2007/07/15 15:48:04 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc2kl.sys -- (nistc2k) DRV - [2007/07/14 19:26:54 | 000,019,456 | ---- | M] (National Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\niwdk.sys -- (niwdk) DRV - [2007/07/13 21:38:56 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidmxfkl.sys -- (nidmxfk) DRV - [2007/07/13 19:01:20 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimxpkl.sys -- (nimxpk) DRV - [2007/07/13 19:00:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimstskl.sys -- (nimstsk) DRV - [2007/07/12 17:18:14 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk) DRV - [2007/07/12 17:08:54 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk) DRV - [2007/07/12 16:41:52 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk) DRV - [2007/07/12 16:31:08 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk) DRV - [2007/07/10 19:08:14 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipbcfk.sys -- (nipbcfk) DRV - [2007/07/03 13:16:10 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimcdfxkl.sys -- (nimcdfxk) DRV - [2007/06/30 22:07:58 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niRFSA2kl.sys -- (nirfsa2k) DRV - [2007/06/20 23:19:52 | 000,151,683 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsrlk.dll -- (nimsrlk) DRV - [2007/06/20 23:19:52 | 000,014,464 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimslk.dll -- (nimslk) DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/06/15 23:38:32 | 000,011,624 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisldkl.sys -- (nisldk) DRV - [2007/06/01 14:39:30 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisrcdkl.sys -- (nisrcdk) DRV - [2007/05/25 12:26:12 | 000,022,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1065k.sys -- (ni1065k) DRV - [2007/05/25 07:07:00 | 006,345,504 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2007/05/06 20:00:06 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007/05/06 20:00:06 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007/05/06 20:00:06 | 000,210,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007/04/26 22:23:36 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2007/04/26 22:23:06 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2007/04/24 10:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver) DRV - [2007/04/23 16:13:44 | 000,030,008 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2007/04/16 16:06:28 | 000,050,688 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidmmk.dll -- (nidmmk) DRV - [2007/04/16 16:04:12 | 000,674,304 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nidaq32k.sys -- (Nidaq32k) DRV - [2007/04/16 14:42:28 | 000,111,616 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niSTCk.dll -- (nistck) DRV - [2007/04/16 14:41:52 | 000,030,208 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nimdsk.dll -- (nimdsk) DRV - [2007/04/16 14:40:38 | 000,021,504 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nibffrk.dll -- (nibffrk) DRV - [2007/04/16 14:40:36 | 000,037,376 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niarbk.dll -- (niarbk) DRV - [2007/04/12 09:26:08 | 000,250,776 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel® DRV - [2007/04/10 18:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/04/04 14:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007/03/29 19:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007/03/01 06:45:58 | 000,289,792 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2007/02/26 11:40:24 | 000,016,672 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni488lock.sys -- (ni488lock) DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/02/23 23:09:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitnr2kl.sys -- (nitnr2k) DRV - [2007/02/23 21:32:04 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidwgkl.sys -- (nidwgk) DRV - [2007/02/23 15:20:54 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nigplkl.sys -- (nigplk) DRV - [2007/02/22 11:45:16 | 000,020,768 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk) DRV - [2007/02/22 11:43:52 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k) DRV - [2007/02/22 11:40:18 | 000,025,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k) DRV - [2007/02/22 11:18:50 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk) DRV - [2007/02/14 09:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007/02/14 09:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2007/02/14 09:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007/02/14 09:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007/02/14 09:20:58 | 000,047,907 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2007/02/14 09:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007/02/14 09:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007/01/12 08:04:44 | 000,201,856 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2007/01/11 09:18:38 | 000,020,256 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvalarmk.sys -- (lvalarmk) DRV - [2006/12/19 20:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32) DRV - [2006/10/09 16:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2006/07/23 23:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2006/07/23 23:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2005/06/10 11:20:44 | 000,035,306 | ---- | M] (KEIL) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\keilul.sys -- (KEILUL) Keil ULINK SERVICE (keilul.sys) DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/03/29 01:26:30 | 000,045,860 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com|http://www.spiegel.de/international/|http://gizmodo.com/|http://shirt.woot.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/04/19 14:18:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 23:10:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/15 19:07:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/04/19 14:18:42 | 000,000,000 | ---D | M] [2008/08/24 12:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Extensions [2010/11/17 20:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\extensions [2010/05/01 12:01:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/11 19:51:59 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/11/04 16:04:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/10/24 13:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\extensions\maps@ovi.com [2010/11/17 20:33:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/11/15 19:14:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/11/15 19:13:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1216071240354 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited) O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\James Wyler\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\James Wyler\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/07/27 18:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk E:\ O33 - MountPoints2\{28c21933-b4ee-11de-8d32-001f3bc5b671}\Shell\AutoRun\command - "" = F:\set21\ago1opa.exe -- File not found O33 - MountPoints2\{2ff8b382-dc5b-11de-8d46-001f3bc5b671}\Shell - "" = AutoRun O33 - MountPoints2\{2ff8b382-dc5b-11de-8d46-001f3bc5b671}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2ff8b382-dc5b-11de-8d46-001f3bc5b671}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{2ff8b383-dc5b-11de-8d46-001f3bc5b671}\Shell\AutoRun\command - "" = I:\trikfx\spomenar.exe -- File not found O33 - MountPoints2\{2ff8b383-dc5b-11de-8d46-001f3bc5b671}\Shell\explore\command - "" = I:\trikfx\spomenar.exe -- File not found O33 - MountPoints2\{2ff8b383-dc5b-11de-8d46-001f3bc5b671}\Shell\open\command - "" = I:\trikfx\spomenar.exe -- File not found O33 - MountPoints2\{8843ad42-9313-11dd-8b9e-00218602aaf8}\Shell - "" = AutoRun O33 - MountPoints2\{8843ad42-9313-11dd-8b9e-00218602aaf8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8843ad42-9313-11dd-8b9e-00218602aaf8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{b0cbc600-b36b-11dd-8bab-00218602aaf8}\Shell\AutoRun\command - "" = I:\assets\launch.exe -- File not found O33 - MountPoints2\{f6e3d359-e07e-11df-8dd6-00218602aaf8}\Shell - "" = AutoRun O33 - MountPoints2\{f6e3d359-e07e-11df-8dd6-00218602aaf8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f6e3d359-e07e-11df-8dd6-00218602aaf8}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/11/17 21:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Wyler\Desktop\rootkit [2010/11/17 21:20:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Wyler\Desktop\OTL.exe [2010/11/15 19:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [1 C:\Documents and Settings\James Wyler\My Documents\*.tmp files -> C:\Documents and Settings\James Wyler\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/17 21:20:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Wyler\Desktop\OTL.exe [2010/11/17 20:33:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/11/17 14:24:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/17 14:23:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/17 14:23:01 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys [2010/11/16 22:35:03 | 001,160,564 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1082_small.JPG [2010/11/16 22:33:45 | 001,155,270 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1081_small.JPG [2010/11/16 22:31:00 | 005,294,059 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1082.JPG [2010/11/16 13:16:38 | 001,531,637 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\Sensors_F10x.pptx [2010/11/15 11:01:57 | 001,531,739 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\Sensors_F10.pptx [2010/11/15 00:22:05 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/11 18:42:09 | 000,766,976 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_basic.doc [2010/11/11 17:53:34 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Aerojet.doc [2010/11/11 17:53:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\James Wyler\My Documents\~$verLetter_Aerojet.doc [2010/11/11 17:27:55 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_MTC.doc [2010/11/11 16:39:45 | 000,076,734 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_con.pdf [2010/11/11 16:38:53 | 000,767,488 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_con.doc [2010/11/10 15:22:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\James Wyler\defogger_reenable [2010/11/08 17:39:51 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\James Wyler\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2010/11/08 15:03:01 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\j3gncych.exe [2010/11/08 15:01:48 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\dds.scr [2010/11/08 15:01:03 | 000,205,241 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010/11/08 15:00:40 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\Shortcut to Defogger.exe.lnk [2010/11/08 11:27:13 | 000,464,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/08 11:27:13 | 000,079,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/04 21:58:13 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Wirth.doc [2010/11/04 16:36:07 | 000,078,083 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410_MS.pdf [2010/11/04 15:45:40 | 000,078,213 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410.pdf [2010/11/04 15:44:30 | 000,769,536 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410.doc [2010/11/02 19:10:46 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010/11/02 19:10:46 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010/11/01 14:23:44 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\James Wyler\My Documents\~$mes Wyler - Resume 101410.doc [2010/11/01 14:07:07 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\James Wyler\My Documents\~$verLetter_Wirth.doc [2010/10/28 17:19:05 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Penske.doc [2010/10/28 17:10:41 | 000,078,040 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410_CON.pdf [2010/10/26 15:32:20 | 000,971,159 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\106257175.pdf [2010/10/26 15:29:57 | 000,035,680 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\lease.pdf [2010/10/26 12:15:44 | 000,186,830 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\scope.jpg [2010/10/25 16:33:19 | 000,096,261 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\72708_708489614099_12804768_38875330_5091047_n.jpg [1 C:\Documents and Settings\James Wyler\My Documents\*.tmp files -> C:\Documents and Settings\James Wyler\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/16 22:35:01 | 001,160,564 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1082_small.JPG [2010/11/16 22:33:44 | 001,155,270 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1081_small.JPG [2010/11/16 22:31:00 | 005,294,059 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1082.JPG [2010/11/16 13:16:37 | 001,531,637 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\Sensors_F10x.pptx [2010/11/15 11:00:44 | 001,531,739 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\Sensors_F10.pptx [2010/11/11 18:07:37 | 000,766,976 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_basic.doc [2010/11/11 17:53:34 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Aerojet.doc [2010/11/11 17:53:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\James Wyler\My Documents\~$verLetter_Aerojet.doc [2010/11/11 17:25:31 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_MTC.doc [2010/11/11 16:39:36 | 000,076,734 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_con.pdf [2010/11/11 16:38:52 | 000,767,488 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_con.doc [2010/11/10 15:22:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Wyler\defogger_reenable [2010/11/08 15:03:00 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\j3gncych.exe [2010/11/08 15:01:47 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\dds.scr [2010/11/08 15:01:11 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\Defogger.exe [2010/11/08 15:00:39 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\Shortcut to Defogger.exe.lnk [2010/11/04 15:45:09 | 000,078,213 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410.pdf [2010/11/01 14:23:44 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\James Wyler\My Documents\~$mes Wyler - Resume 101410.doc [2010/11/01 14:07:07 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\James Wyler\My Documents\~$verLetter_Wirth.doc [2010/10/28 17:39:09 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Wirth.doc [2010/10/28 17:19:05 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Penske.doc [2010/10/26 15:32:19 | 000,971,159 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\106257175.pdf [2010/10/26 15:29:57 | 000,035,680 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\lease.pdf [2010/10/26 15:16:38 | 000,078,040 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410_CON.pdf [2010/10/26 12:15:41 | 000,186,830 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\scope.jpg [2010/10/25 16:33:19 | 000,096,261 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\72708_708489614099_12804768_38875330_5091047_n.jpg [2010/04/08 10:05:26 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2010/04/07 10:49:52 | 000,017,188 | -HS- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\R8x4CECgW [2010/01/07 14:36:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\canusbdrv.dll [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/03/30 17:42:20 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009/03/23 13:44:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll [2009/03/23 13:09:28 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll [2009/03/11 17:53:28 | 000,000,005 | ---- | C] () -- C:\Program Files\CaoWriteTest.txt [2009/02/23 23:17:58 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll [2009/02/18 01:29:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\FnF4.txt [2008/10/28 12:58:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/08/18 19:27:34 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008/08/18 18:12:05 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI [2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/07/23 11:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/07/21 20:02:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini [2008/07/21 20:02:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\pxiesys.ini [2008/07/21 17:35:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/07/17 19:14:18 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/07/14 23:56:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\QSwitch.txt [2008/07/14 23:56:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\DSwitch.txt [2008/07/14 23:56:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\AtStart.txt [2008/07/14 23:45:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/07/14 23:45:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/07/14 23:45:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/07/14 23:45:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/07/14 23:45:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/07/14 23:45:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/03/03 22:25:29 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/03/03 22:25:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2007/07/24 09:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys [2007/07/19 08:25:34 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini [2007/07/19 02:13:22 | 000,049,696 | ---- | C] () -- C:\WINDOWS\System32\nispdu.dll [2007/07/19 01:32:30 | 000,049,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\nispdk.dll [2007/07/19 01:32:24 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\niscdrau.dll [2007/07/18 20:12:26 | 000,003,520 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll [2007/07/18 14:17:24 | 000,066,080 | ---- | C] () -- C:\WINDOWS\System32\cfswitch.dll [2007/05/25 07:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/05/25 07:07:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/05/25 07:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/05/25 07:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/04/30 11:31:14 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll [2007/04/26 22:23:06 | 000,100,095 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys [2007/04/16 16:22:06 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\nipxiini.dll [2007/04/16 15:52:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\niidaqlv.dll [2007/02/06 14:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007/02/06 13:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007/01/19 09:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/12/13 16:03:14 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll [2006/09/19 02:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/19 02:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2006/09/12 14:45:14 | 000,012,653 | ---- | C] () -- C:\WINDOWS\System32\GPIB.DLL [2005/08/30 09:58:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\clallserial.dll [2004/08/07 08:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/08/07 08:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/07 08:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1999/11/04 10:00:38 | 000,001,840 | ---- | C] () -- C:\WINDOWS\System32\niidaqs.dll [1998/05/06 21:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== LOP Check ========== [2008/03/03 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView [2008/10/23 10:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes [2010/04/14 06:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2010/02/13 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2008/07/14 23:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2010/04/22 17:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MoTeC [2008/07/21 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments [2010/02/13 17:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2009/08/08 14:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic [2009/08/08 14:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks [2010/04/19 14:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache [2009/06/07 15:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2009/09/15 08:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/11/01 16:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2008/03/03 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView [2008/08/09 20:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Blackberry Desktop [2009/12/18 08:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\CadSoft [2010/01/28 20:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1 [2008/10/23 10:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\DassaultSystemes [2010/03/03 13:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Facebook [2009/03/05 15:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\FileZilla [2008/12/12 22:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\InterVideo [2010/03/30 19:57:17 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\James Wyler\Application Data\Microchip [2009/09/13 13:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\MuPAD [2010/02/13 18:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Nokia [2010/02/13 18:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Nokia Ovi Suite [2009/08/08 14:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Nseries [2009/02/24 18:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Opera [2010/02/13 18:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\PC Suite [2008/08/09 20:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Research In Motion [2008/03/03 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\SampleView [2009/12/01 16:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Xerox ========== Purity Check ========== < End of report > ROOTKIT UNHOOKER RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #2 ============================================== >Drivers ============================================== 0xF4CDD000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6348800 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.63 ) 0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5468160 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 101.63 ) 0xF4A19000 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2240512 bytes (Intel Corporation, Intel
  7. I believe my system is infected as over the last week I will notice my computer randomnlly acts weird. It will remove the text from all tabs and title bars in Firefox and all Microsoft Office products behave funny giving odd errors such as 'Out of memory for save'. Malwarbytes AM and Avira return no infected files but I can't run the DDS or Defogger. When I try to run GMER it takes a long time to scan and eventually the computer locks up. Here are the logs that I have. MWB Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5075 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 11/8/2010 15:42:20 mbam-log-2010-11-08 (15-42-20).txt Scan type: Quick scan Objects scanned: 169704 Time elapsed: 44 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) AVIRA Avira AntiVir Personal Report file date: Monday, November 08, 2010 14:59 Scanning for 3022070 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : James Wyler Computer name : JAMES_HP Version information: BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 11/3/2010 00:10:46 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/20/2010 06:15:31 LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 15:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 06:15:31 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 01:36:30 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 07:09:48 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 07:01:37 VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:10:46 VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:10:46 VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:10:46 VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:10:46 VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 07:00:53 VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 06:52:36 VBASE015.VDF : 7.10.13.148 2048 Bytes 11/7/2010 06:52:36 VBASE016.VDF : 7.10.13.149 2048 Bytes 11/7/2010 06:52:36 VBASE017.VDF : 7.10.13.150 2048 Bytes 11/7/2010 06:52:36 VBASE018.VDF : 7.10.13.151 2048 Bytes 11/7/2010 06:52:36 VBASE019.VDF : 7.10.13.152 2048 Bytes 11/7/2010 06:52:36 VBASE020.VDF : 7.10.13.153 2048 Bytes 11/7/2010 06:52:37 VBASE021.VDF : 7.10.13.154 2048 Bytes 11/7/2010 06:52:37 VBASE022.VDF : 7.10.13.155 2048 Bytes 11/7/2010 06:52:37 VBASE023.VDF : 7.10.13.156 2048 Bytes 11/7/2010 06:52:37 VBASE024.VDF : 7.10.13.157 2048 Bytes 11/7/2010 06:52:37 VBASE025.VDF : 7.10.13.158 2048 Bytes 11/7/2010 06:52:37 VBASE026.VDF : 7.10.13.159 2048 Bytes 11/7/2010 06:52:37 VBASE027.VDF : 7.10.13.160 2048 Bytes 11/7/2010 06:52:38 VBASE028.VDF : 7.10.13.161 2048 Bytes 11/7/2010 06:52:38 VBASE029.VDF : 7.10.13.162 2048 Bytes 11/7/2010 06:52:38 VBASE030.VDF : 7.10.13.163 2048 Bytes 11/7/2010 06:52:38 VBASE031.VDF : 7.10.13.164 2048 Bytes 11/7/2010 06:52:38 Engineversion : 8.2.4.92 AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 02:22:37 AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/4/2010 00:11:48 AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 07:03:10 AESBX.DLL : 8.1.3.1 254324 Bytes 4/24/2010 02:03:23 AERDL.DLL : 8.1.9.2 635252 Bytes 9/22/2010 07:01:09 AEPACK.DLL : 8.2.3.11 471416 Bytes 10/12/2010 03:34:25 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/21/2010 22:15:35 AEHEUR.DLL : 8.1.2.38 2990455 Bytes 11/4/2010 00:11:44 AEHELP.DLL : 8.1.14.0 246134 Bytes 10/12/2010 03:34:21 AEGEN.DLL : 8.1.3.24 401781 Bytes 11/4/2010 00:11:36 AEEMU.DLL : 8.1.2.0 393588 Bytes 4/24/2010 02:03:21 AECORE.DLL : 8.1.17.0 196982 Bytes 9/25/2010 07:01:01 AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 02:03:21 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40 AVREG.DLL : 10.0.3.2 53096 Bytes 11/3/2010 00:10:46 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 11/3/2010 00:10:46 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/20/2010 06:15:31 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/3/2010 00:10:46 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, E:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +PCK,+PFS,+SPR, Start of the scan: Monday, November 08, 2010 14:59 Starting search for hidden objects. HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'WINWORD.EXE' - '67' Module(s) have been scanned Scan process 'OUTLOOK.EXE' - '123' Module(s) have been scanned Scan process 'plugin-container.exe' - '69' Module(s) have been scanned Scan process 'firefox.exe' - '91' Module(s) have been scanned Scan process 'Adobelm_Cleanup.0001' - '17' Module(s) have been scanned Scan process 'Adobelmsvc.exe' - '11' Module(s) have been scanned Scan process 'Adobelm_Cleanup.0001' - '17' Module(s) have been scanned Scan process 'Acrobat.exe' - '119' Module(s) have been scanned Scan process 'HpqToaster.exe' - '33' Module(s) have been scanned Scan process 'dllhost.exe' - '63' Module(s) have been scanned Scan process 'dllhost.exe' - '47' Module(s) have been scanned Scan process 'vssvc.exe' - '50' Module(s) have been scanned Scan process 'avscan.exe' - '71' Module(s) have been scanned Scan process 'avcenter.exe' - '108' Module(s) have been scanned Scan process 'NOKIAM~1.EXE' - '51' Module(s) have been scanned Scan process 'NclBCBTSrv.exe' - '37' Module(s) have been scanned Scan process 'NclRSSrv.exe' - '15' Module(s) have been scanned Scan process 'NclUSBSrv.exe' - '20' Module(s) have been scanned Scan process 'ServiceLayer.exe' - '47' Module(s) have been scanned Scan process 'WINWORD.EXE' - '104' Module(s) have been scanned Scan process 'wuauclt.exe' - '39' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'wmiprvse.exe' - '43' Module(s) have been scanned Scan process 'mqtgsvc.exe' - '38' Module(s) have been scanned Scan process 'hpqWmiEx.exe' - '34' Module(s) have been scanned Scan process 'SWIHPWMI.exe' - '29' Module(s) have been scanned Scan process 'mqsvc.exe' - '58' Module(s) have been scanned Scan process 'svchost.exe' - '45' Module(s) have been scanned Scan process 'sprtsvc.exe' - '63' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'CTskMstr.exe' - '36' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'MDM.EXE' - '24' Module(s) have been scanned Scan process 'LSSrvc.exe' - '21' Module(s) have been scanned Scan process 'iviRegMgr.exe' - '18' Module(s) have been scanned Scan process 'avshadow.exe' - '27' Module(s) have been scanned Scan process 'iRacingService.exe' - '35' Module(s) have been scanned Scan process 'svchost.exe' - '80' Module(s) have been scanned Scan process 'CATSysDemon.exe' - '25' Module(s) have been scanned Scan process 'avguard.exe' - '57' Module(s) have been scanned Scan process 'msdtc.exe' - '42' Module(s) have been scanned Scan process 'BTTray.exe' - '50' Module(s) have been scanned Scan process 'ctfmon.exe' - '28' Module(s) have been scanned Scan process 'DivXUpdate.exe' - '60' Module(s) have been scanned Scan process 'avgnt.exe' - '55' Module(s) have been scanned Scan process 'Scheduler.exe' - '50' Module(s) have been scanned Scan process 'QlbCtrl.exe' - '46' Module(s) have been scanned Scan process 'HPWAMain.exe' - '32' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '28' Module(s) have been scanned Scan process 'PTHOSTTR.EXE' - '69' Module(s) have been scanned Scan process 'Explorer.EXE' - '129' Module(s) have been scanned Scan process 'asghost.exe' - '87' Module(s) have been scanned Scan process 'svchost.exe' - '35' Module(s) have been scanned Scan process 'sched.exe' - '47' Module(s) have been scanned Scan process 'SCardSvr.exe' - '25' Module(s) have been scanned Scan process 'spoolsv.exe' - '88' Module(s) have been scanned Scan process 'svchost.exe' - '43' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'btwdins.exe' - '23' Module(s) have been scanned Scan process 'svchost.exe' - '169' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'HpFkCrypt.exe' - '11' Module(s) have been scanned Scan process 'svchost.exe' - '56' Module(s) have been scanned Scan process 'svchost.exe' - '70' Module(s) have been scanned Scan process 'lsass.exe' - '64' Module(s) have been scanned Scan process 'services.exe' - '29' Module(s) have been scanned Scan process 'winlogon.exe' - '99' Module(s) have been scanned Scan process 'csrss.exe' - '16' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1952' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'E:\' <HP_RECOVERY> End of the scan: Monday, November 08, 2010 20:19 Used time: 5:20:33 Hour(s) The scan has been done completely. 31984 Scanned directories 1863483 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 1863483 Files not concerned 17823 Archives were scanned 0 Warnings 0 Notes 971249 Objects were scanned with rootkit scan 1 Hidden objects were found DEFOGGER defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:52 on 11/11/2010 (James Wyler) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read SafeBoot.sys -=E.O.F=-
  8. When I do step 1 it just tries to run combofix, not uninstall it. Is this because we never actually ran it all the way through?
  9. Everything seems to be running well and the main symptoms are gone.
  10. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3970 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/8/2010 18:27:29 mbam-log-2010-04-08 (18-27-29).txt Scan type: Quick scan Objects scanned: 112754 Time elapsed: 5 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  11. exeHelper by Raktor Build 20100329 Run at 18:17:25 on 04/08/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Removing HKCR\secfile Resetting filetype association for .com Removing HKCR\secfile Resetting userinit and shell values... Resetting policies... --Finished--
  12. Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 18:04:48, on 4/8/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Anti Bad Stuff (MWB)\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216071240354 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing) O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- End of file - 12048 bytes
  13. Good so far in safe mode, I can run .exe files and I haven't seen XP Defender in awhile. However, now out of safe mode I still can't run .exe files without the "Open with" prompt. I think I am using a different user in safe mode if that makes a difference.
  14. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3970 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 4/8/2010 5:52:48 PM mbam-log-2010-04-08 (17-52-48).txt Scan type: Quick scan Objects scanned: 111449 Time elapsed: 3 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\James Wyler\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\James Wyler\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\James Wyler\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. Rescan: OTL logfile created on: 4/8/2010 5:41:43 PM - Run 2 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 140.41 Gb Total Space | 52.25 Gb Free Space | 37.21% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 8.64 Gb Total Space | 8.39 Gb Free Space | 97.04% Space Free | Partition Type: NTFS Drive F: | 1.86 Gb Total Space | 0.94 Gb Free Space | 50.40% Space Free | Partition Type: FAT G: Drive not present or media not loaded Drive H: | 1.89 Gb Total Space | 1.29 Gb Free Space | 68.01% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: JAMES_HP Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/04/08 17:13:34 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/02/06 21:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe ========== Modules (SafeList) ========== MOD - [2010/04/08 17:13:34 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe MOD - [2007/02/25 23:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll ========== Win32 Services (SafeList) ========== SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/11/02 00:19:47 | 000,451,672 | R--- | M] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) [Disabled | Stopped] -- C:\Program Files\iRacing\iRacingService.exe -- (iRacingService) SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009/03/03 06:19:28 | 000,691,200 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server) SRV - [2008/05/16 23:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) [Auto | Stopped] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster) SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) SRV - [2008/03/25 21:25:50 | 000,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC) SRV - [2007/07/24 05:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9) SRV - [2007/07/24 05:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9) SRV - [2007/07/23 09:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2007/07/19 16:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) [Disabled | Stopped] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc) SRV - [2007/07/16 17:15:06 | 000,213,040 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2007/07/16 17:14:56 | 000,050,736 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync) SRV - [2007/07/16 17:14:46 | 000,040,488 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds) SRV - [2007/05/09 15:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum) SRV - [2007/05/04 14:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Auto | Stopped] -- C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe -- (BBDemon) SRV - [2007/04/30 12:28:34 | 000,172,131 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK) SRV - [2007/04/27 14:58:58 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2007/03/21 11:35:18 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer) SRV - [2007/03/08 17:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2007/02/16 11:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu) SRV - [2007/02/16 11:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (nimcdldu) SRV - [2007/02/16 11:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu) SRV - [2007/02/16 11:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (ni488enumsvc) SRV - [2007/02/06 21:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2007/01/29 15:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Stopped] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI) SRV - [2006/06/22 01:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2005/07/27 12:53:00 | 000,536,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver) SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.16 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/02/13 18:51:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 15:59:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 09:52:06 | 000,000,000 | ---D | M] [2010/04/08 16:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010/04/08 16:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u7prmae2.default\extensions [2010/04/08 16:30:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u7prmae2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/04/08 15:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.) O4 - HKLM..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Anti Bad Stuff (MWB)\adthings.exe File not found O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKCU..\Run: [bTBFirstRun] C:\Program Files\Hewlett-Packard\SDP\HPRun.exe (Hewlett-Packard Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1216071240354 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.61.244.254 130.207.244.244 130.207.244.251 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited) O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape Wide.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape Wide.bmp O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\MsMpEng.exe: Debugger - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msseces.exe: Debugger - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/07/27 19:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/04/30 11:01:00 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 14 Days ========== [2010/04/08 17:38:04 | 000,000,000 | ---D | C] -- C:\_OTL [2010/04/08 17:15:40 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/04/08 16:58:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010/04/08 16:36:50 | 000,000,000 | ---D | C] -- C:\cmdcons [2010/04/08 16:35:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/04/08 16:35:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/04/08 16:35:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/04/08 16:35:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/04/08 16:35:39 | 000,000,000 | --SD | C] -- C:\Combo-Fix [2010/04/08 16:35:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/04/08 16:33:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/04/08 16:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads [2010/04/08 16:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2010/04/08 16:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2010/04/08 15:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla [2010/04/08 15:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2010/04/08 15:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro [2010/04/08 11:03:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/04/08 10:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2010/04/08 10:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5 [2010/04/08 00:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2010/04/07 10:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Anti Bad Stuff (MWB) [2010/03/29 09:36:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/29 09:36:53 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/03/29 09:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/06/07 16:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/01/11 15:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/01/11 15:23:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/01/11 15:23:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft ========== Files - Modified Within 14 Days ========== [2010/04/08 17:41:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/08 17:40:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/08 17:39:46 | 001,310,720 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/04/08 17:39:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/04/08 17:18:45 | 000,551,954 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/08 17:18:45 | 000,463,074 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/08 17:18:45 | 000,078,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/08 17:13:34 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010/04/08 16:44:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/08 16:36:54 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/04/08 16:32:54 | 003,909,898 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe [2010/04/08 15:18:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ptry7pub.exe [2010/04/08 15:18:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable [2010/04/08 15:17:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe [2010/04/08 11:10:32 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2010/04/08 11:05:01 | 000,060,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/04/08 10:51:11 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk [2010/04/08 00:04:19 | 000,205,241 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010/04/07 10:06:18 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk ========== Files Created - No Company Name ========== [2010/04/08 16:36:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/04/08 16:36:53 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/04/08 16:35:45 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/04/08 16:35:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/04/08 16:35:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/04/08 16:35:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/04/08 16:35:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/04/08 16:32:53 | 003,909,898 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe [2010/04/08 15:19:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ptry7pub.exe [2010/04/08 15:18:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable [2010/04/08 15:18:17 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe [2010/04/08 11:05:26 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2010/04/08 10:51:11 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk [2010/04/07 10:06:18 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/07 15:36:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\canusbdrv.dll [2009/08/08 15:26:55 | 000,309,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/03/30 18:42:20 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009/03/23 14:44:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll [2009/03/23 14:09:28 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll [2009/03/11 18:53:28 | 000,000,005 | ---- | C] () -- C:\Program Files\CaoWriteTest.txt [2009/02/24 00:17:58 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll [2008/10/28 13:58:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/08/18 20:27:34 | 000,001,090 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008/08/18 19:12:05 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI [2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/07/21 21:02:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini [2008/07/21 21:02:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\pxiesys.ini [2008/07/21 18:35:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/07/15 00:45:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/07/15 00:45:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/07/15 00:45:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/07/15 00:45:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/07/15 00:45:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/07/15 00:45:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/07/15 00:40:32 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2008/07/15 00:40:32 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2008/03/03 23:53:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\QSwitch.txt [2008/03/03 23:53:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DSwitch.txt [2008/03/03 23:53:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AtStart.txt [2008/03/03 23:25:29 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/03/03 23:25:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2007/07/24 10:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys [2007/07/19 09:25:34 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini [2007/07/19 03:13:22 | 000,049,696 | ---- | C] () -- C:\WINDOWS\System32\nispdu.dll [2007/07/19 02:32:30 | 000,049,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\nispdk.dll [2007/07/19 02:32:24 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\niscdrau.dll [2007/07/18 21:12:26 | 000,003,520 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll [2007/07/18 15:17:24 | 000,066,080 | ---- | C] () -- C:\WINDOWS\System32\cfswitch.dll [2007/05/25 08:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/05/25 08:07:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/05/25 08:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/05/25 08:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/04/30 12:31:14 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll [2007/04/16 17:22:06 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\nipxiini.dll [2007/04/16 16:52:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\niidaqlv.dll [2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/12/13 17:03:14 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll [2006/09/19 03:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/19 03:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2006/09/12 15:45:14 | 000,012,653 | ---- | C] () -- C:\WINDOWS\System32\GPIB.DLL [2005/08/30 10:58:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\clallserial.dll [2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2004/08/07 09:19:22 | 001,310,720 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2004/08/07 09:19:22 | 000,069,632 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG [2004/08/07 09:19:22 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2004/08/07 09:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/08/07 09:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1999/11/04 11:00:38 | 000,001,840 | ---- | C] () -- C:\WINDOWS\System32\niidaqs.dll [1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== LOP Check ========== [2008/03/03 23:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView [2008/10/23 11:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes [2010/04/08 10:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2010/02/13 18:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2008/07/15 00:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2008/07/21 21:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments [2010/02/13 18:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2009/08/08 15:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic [2009/08/08 15:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks [2010/02/13 18:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache [2009/06/07 16:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2009/09/15 09:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/11/01 17:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} ========== Purity Check ========== < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.