Infected Computer - Odd Firefox and Microsoft Office Behavior

[YMZRS]

I believe my system is infected as over the last week I will notice my computer randomnlly acts weird. It will remove the text from all tabs and title bars in Firefox and all Microsoft Office products behave funny giving odd errors such as 'Out of memory for save'. Malwarbytes AM and Avira return no infected files but I can't run the DDS or Defogger. When I try to run GMER it takes a long time to scan and eventually the computer locks up. Here are the logs that I have.

MWB

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5075

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/8/2010 15:42:20

mbam-log-2010-11-08 (15-42-20).txt

Scan type: Quick scan

Objects scanned: 169704

Time elapsed: 44 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

AVIRA

Avira AntiVir Personal

Report file date: Monday, November 08, 2010 14:59

Scanning for 3022070 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : James Wyler

Computer name : JAMES_HP

Version information:

BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00

AVSCAN.EXE : 10.0.3.1 434344 Bytes 11/3/2010 00:10:46

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/20/2010 06:15:31

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 15:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 06:15:31

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 01:36:30

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 07:09:48

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 07:01:37

VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:10:46

VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:10:46

VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:10:46

VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:10:46

VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 07:00:53

VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 06:52:36

VBASE015.VDF : 7.10.13.148 2048 Bytes 11/7/2010 06:52:36

VBASE016.VDF : 7.10.13.149 2048 Bytes 11/7/2010 06:52:36

VBASE017.VDF : 7.10.13.150 2048 Bytes 11/7/2010 06:52:36

VBASE018.VDF : 7.10.13.151 2048 Bytes 11/7/2010 06:52:36

VBASE019.VDF : 7.10.13.152 2048 Bytes 11/7/2010 06:52:36

VBASE020.VDF : 7.10.13.153 2048 Bytes 11/7/2010 06:52:37

VBASE021.VDF : 7.10.13.154 2048 Bytes 11/7/2010 06:52:37

VBASE022.VDF : 7.10.13.155 2048 Bytes 11/7/2010 06:52:37

VBASE023.VDF : 7.10.13.156 2048 Bytes 11/7/2010 06:52:37

VBASE024.VDF : 7.10.13.157 2048 Bytes 11/7/2010 06:52:37

VBASE025.VDF : 7.10.13.158 2048 Bytes 11/7/2010 06:52:37

VBASE026.VDF : 7.10.13.159 2048 Bytes 11/7/2010 06:52:37

VBASE027.VDF : 7.10.13.160 2048 Bytes 11/7/2010 06:52:38

VBASE028.VDF : 7.10.13.161 2048 Bytes 11/7/2010 06:52:38

VBASE029.VDF : 7.10.13.162 2048 Bytes 11/7/2010 06:52:38

VBASE030.VDF : 7.10.13.163 2048 Bytes 11/7/2010 06:52:38

VBASE031.VDF : 7.10.13.164 2048 Bytes 11/7/2010 06:52:38

Engineversion : 8.2.4.92

AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 02:22:37

AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/4/2010 00:11:48

AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 07:03:10

AESBX.DLL : 8.1.3.1 254324 Bytes 4/24/2010 02:03:23

AERDL.DLL : 8.1.9.2 635252 Bytes 9/22/2010 07:01:09

AEPACK.DLL : 8.2.3.11 471416 Bytes 10/12/2010 03:34:25

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/21/2010 22:15:35

AEHEUR.DLL : 8.1.2.38 2990455 Bytes 11/4/2010 00:11:44

AEHELP.DLL : 8.1.14.0 246134 Bytes 10/12/2010 03:34:21

AEGEN.DLL : 8.1.3.24 401781 Bytes 11/4/2010 00:11:36

AEEMU.DLL : 8.1.2.0 393588 Bytes 4/24/2010 02:03:21

AECORE.DLL : 8.1.17.0 196982 Bytes 9/25/2010 07:01:01

AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 02:03:21

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40

AVREG.DLL : 10.0.3.2 53096 Bytes 11/3/2010 00:10:46

AVSCPLR.DLL : 10.0.3.1 83816 Bytes 11/3/2010 00:10:46

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/20/2010 06:15:31

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/3/2010 00:10:46

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, E:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +PCK,+PFS,+SPR,

Start of the scan: Monday, November 08, 2010 14:59

Starting search for hidden objects.

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed

[NOTE] The registry entry is invisible.

The scan of running processes will be started

Scan process 'WINWORD.EXE' - '67' Module(s) have been scanned

Scan process 'OUTLOOK.EXE' - '123' Module(s) have been scanned

Scan process 'plugin-container.exe' - '69' Module(s) have been scanned

Scan process 'firefox.exe' - '91' Module(s) have been scanned

Scan process 'Adobelm_Cleanup.0001' - '17' Module(s) have been scanned

Scan process 'Adobelmsvc.exe' - '11' Module(s) have been scanned

Scan process 'Adobelm_Cleanup.0001' - '17' Module(s) have been scanned

Scan process 'Acrobat.exe' - '119' Module(s) have been scanned

Scan process 'HpqToaster.exe' - '33' Module(s) have been scanned

Scan process 'dllhost.exe' - '63' Module(s) have been scanned

Scan process 'dllhost.exe' - '47' Module(s) have been scanned

Scan process 'vssvc.exe' - '50' Module(s) have been scanned

Scan process 'avscan.exe' - '71' Module(s) have been scanned

Scan process 'avcenter.exe' - '108' Module(s) have been scanned

Scan process 'NOKIAM~1.EXE' - '51' Module(s) have been scanned

Scan process 'NclBCBTSrv.exe' - '37' Module(s) have been scanned

Scan process 'NclRSSrv.exe' - '15' Module(s) have been scanned

Scan process 'NclUSBSrv.exe' - '20' Module(s) have been scanned

Scan process 'ServiceLayer.exe' - '47' Module(s) have been scanned

Scan process 'WINWORD.EXE' - '104' Module(s) have been scanned

Scan process 'wuauclt.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '36' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '43' Module(s) have been scanned

Scan process 'mqtgsvc.exe' - '38' Module(s) have been scanned

Scan process 'hpqWmiEx.exe' - '34' Module(s) have been scanned

Scan process 'SWIHPWMI.exe' - '29' Module(s) have been scanned

Scan process 'mqsvc.exe' - '58' Module(s) have been scanned

Scan process 'svchost.exe' - '45' Module(s) have been scanned

Scan process 'sprtsvc.exe' - '63' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'CTskMstr.exe' - '36' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'MDM.EXE' - '24' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '21' Module(s) have been scanned

Scan process 'iviRegMgr.exe' - '18' Module(s) have been scanned

Scan process 'avshadow.exe' - '27' Module(s) have been scanned

Scan process 'iRacingService.exe' - '35' Module(s) have been scanned

Scan process 'svchost.exe' - '80' Module(s) have been scanned

Scan process 'CATSysDemon.exe' - '25' Module(s) have been scanned

Scan process 'avguard.exe' - '57' Module(s) have been scanned

Scan process 'msdtc.exe' - '42' Module(s) have been scanned

Scan process 'BTTray.exe' - '50' Module(s) have been scanned

Scan process 'ctfmon.exe' - '28' Module(s) have been scanned

Scan process 'DivXUpdate.exe' - '60' Module(s) have been scanned

Scan process 'avgnt.exe' - '55' Module(s) have been scanned

Scan process 'Scheduler.exe' - '50' Module(s) have been scanned

Scan process 'QlbCtrl.exe' - '46' Module(s) have been scanned

Scan process 'HPWAMain.exe' - '32' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '28' Module(s) have been scanned

Scan process 'PTHOSTTR.EXE' - '69' Module(s) have been scanned

Scan process 'Explorer.EXE' - '129' Module(s) have been scanned

Scan process 'asghost.exe' - '87' Module(s) have been scanned

Scan process 'svchost.exe' - '35' Module(s) have been scanned

Scan process 'sched.exe' - '47' Module(s) have been scanned

Scan process 'SCardSvr.exe' - '25' Module(s) have been scanned

Scan process 'spoolsv.exe' - '88' Module(s) have been scanned

Scan process 'svchost.exe' - '43' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'btwdins.exe' - '23' Module(s) have been scanned

Scan process 'svchost.exe' - '169' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'HpFkCrypt.exe' - '11' Module(s) have been scanned

Scan process 'svchost.exe' - '56' Module(s) have been scanned

Scan process 'svchost.exe' - '70' Module(s) have been scanned

Scan process 'lsass.exe' - '64' Module(s) have been scanned

Scan process 'services.exe' - '29' Module(s) have been scanned

Scan process 'winlogon.exe' - '99' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1952' files ).

Starting the file scan:

Begin scan in 'C:\'

Begin scan in 'E:\' <HP_RECOVERY>

End of the scan: Monday, November 08, 2010 20:19

Used time: 5:20:33 Hour(s)

The scan has been done completely.

31984 Scanned directories

1863483 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

1863483 Files not concerned

17823 Archives were scanned

0 Warnings

0 Notes

971249 Objects were scanned with rootkit scan

1 Hidden objects were found

DEFOGGER

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 19:52 on 11/11/2010 (James Wyler)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

Unable to read SafeBoot.sys

-=E.O.F=-

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Push the Quick Scan button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

Please Download Rootkit Unhooker Save it to your desktop.

• extract RKUnhooker to your desktop
  
  • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here -
  http://www.7-zip.org/
  

• Now double-click on RKUnhookerLE.exe to run it.
  
• Click the Report tab, then click Scan.
  
• Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  
• Wait till the scanner has finished and then click File, Save Report.
  
• Save the report somewhere where you can find it. Click Close.
  

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
  
• A new OTL log (don't forget extra.txt)
  
• RKU log
  

Thanks and again sorry for the delay.

[YMZRS]

Still having these issues...

OTL Logs

OTL logfile created on: 11/17/2010 21:21:04 - Run 3

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\James Wyler\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 140.41 Gb Total Space | 37.33 Gb Free Space | 26.59% Space Free | Partition Type: NTFS

Drive D: | 175.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 8.64 Gb Total Space | 8.39 Gb Free Space | 97.04% Space Free | Partition Type: NTFS

Computer Name: JAMES_HP | User Name: James Wyler | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/17 21:20:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Wyler\Desktop\OTL.exe

PRC - [2010/11/02 19:10:46 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/02 19:10:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/11/02 19:10:46 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/10/28 23:09:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/10/28 23:09:58 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/10/28 14:30:44 | 000,469,152 | R--- | M] (iRacing.com Motorsport Simulations, LLC

Bedford, MA 01730) -- C:\Program Files\iRacing\iRacingService.exe

PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe

PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/05/04 13:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) -- C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe

PRC - [2007/04/27 13:58:58 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

PRC - [2007/02/06 20:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe

PRC - [2007/02/06 14:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2007/02/06 14:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2007/01/09 18:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2006/12/04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

PRC - [2006/10/09 14:23:06 | 000,697,976 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe

========== Modules (SafeList) ==========

MOD - [2010/11/17 21:20:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Wyler\Desktop\OTL.exe

MOD - [2007/02/25 22:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll

MOD - [2007/02/06 14:19:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/02 19:10:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/11/02 19:10:46 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/10/28 14:30:44 | 000,469,152 | R--- | M] (iRacing.com Motorsport Simulations, LLC

Bedford, MA 01730) [Auto | Running] -- C:\Program Files\iRacing\iRacingService.exe -- (iRacingService)

SRV - [2010/01/26 11:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/03/03 05:19:28 | 000,691,200 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)

SRV - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)

SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)

SRV - [2008/03/25 20:25:50 | 000,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)

SRV - [2007/07/24 04:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)

SRV - [2007/07/24 04:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)

SRV - [2007/07/23 08:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)

SRV - [2007/07/19 15:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) [Disabled | Stopped] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)

SRV - [2007/07/16 16:15:06 | 000,213,040 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)

SRV - [2007/07/16 16:14:56 | 000,050,736 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)

SRV - [2007/07/16 16:14:46 | 000,040,488 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)

SRV - [2007/05/09 14:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)

SRV - [2007/05/04 13:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)

SRV - [2007/04/30 11:28:34 | 000,172,131 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)

SRV - [2007/04/27 13:58:58 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)

SRV - [2007/03/21 10:35:18 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)

SRV - [2007/03/08 16:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)

SRV - [2007/02/16 10:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu)

SRV - [2007/02/16 10:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (nimcdldu)

SRV - [2007/02/16 10:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu)

SRV - [2007/02/16 10:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nipalsm.exe -- (ni488enumsvc)

SRV - [2007/02/06 20:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)

SRV - [2007/01/29 14:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)

SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2006/12/04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)

SRV - [2006/06/22 00:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)

SRV - [2005/07/27 11:53:00 | 000,536,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver)

SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usb6xxxkl.sys -- (usb6xxxk)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PNDIS5.SYS -- (PNDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\niimaqk.sys -- (niimaqk)

DRV - [2010/11/02 19:10:46 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/02 19:10:46 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/01/21 13:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/01/07 14:14:56 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)

DRV - [2010/01/07 14:14:56 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2009/12/30 10:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009/12/30 10:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009/12/30 10:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009/12/30 10:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2009/12/30 10:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2009/05/11 10:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/01/13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

DRV - [2009/01/13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2009/01/13 19:13:36 | 000,031,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo)

DRV - [2009/01/13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2009/01/13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/05/08 09:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/05/02 15:39:50 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2008/04/13 13:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)

DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/10/31 18:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®

DRV - [2007/07/24 21:01:32 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nihsdrkl.sys -- (nihsdrk)

DRV - [2007/07/24 18:38:00 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkl.sys -- (nixsrk)

DRV - [2007/07/24 18:37:56 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niwfrkl.sys -- (niwfrk)

DRV - [2007/07/24 18:37:56 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nissrkl.sys -- (nissrk)

DRV - [2007/07/24 18:37:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niesrkl.sys -- (niesrk)

DRV - [2007/07/24 18:37:54 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niemrkl.sys -- (niemrk)

DRV - [2007/07/24 14:29:20 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipsdkl.sys -- (nipsdk)

DRV - [2007/07/24 11:19:12 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimru2kl.sys -- (nimru2k)

DRV - [2007/07/24 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)

DRV - [2007/07/19 12:49:10 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ninshsdkl.sys -- (ninshsdk)

DRV - [2007/07/19 10:56:44 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK)

DRV - [2007/07/19 10:56:44 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK)

DRV - [2007/07/19 10:48:36 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK)

DRV - [2007/07/19 02:06:50 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidsarkl.sys -- (nidsark)

DRV - [2007/07/19 01:32:50 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niscdkl.sys -- (niscdk)

DRV - [2007/07/19 01:32:48 | 000,011,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nispdkl.sys -- (nispdk)

DRV - [2007/07/18 21:15:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitiorkl.sys -- (nitiork)

DRV - [2007/07/18 20:12:02 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl)

DRV - [2007/07/18 20:11:38 | 000,580,184 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipalk.sys -- (NIPALK)

DRV - [2007/07/18 20:11:02 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl)

DRV - [2007/07/18 09:47:38 | 000,011,392 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsdrkl.sys -- (nimsdrk)

DRV - [2007/07/17 13:46:00 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nicanpkl.sys -- (nicanpk)

DRV - [2007/07/17 03:18:04 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niswdkl.sys -- (niswdk)

DRV - [2007/07/16 23:27:32 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisdigkl.sys -- (nisdigk)

DRV - [2007/07/16 11:52:40 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisftkl.sys -- (nisftk)

DRV - [2007/07/15 17:31:46 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nifslkl.sys -- (nifslk)

DRV - [2007/07/15 16:50:40 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistcrkl.sys -- (nistcrk)

DRV - [2007/07/15 16:44:52 | 000,011,352 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicdrkl.sys -- (nicdrk)

DRV - [2007/07/15 15:48:04 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc2kl.sys -- (nistc2k)

DRV - [2007/07/14 19:26:54 | 000,019,456 | ---- | M] (National Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\niwdk.sys -- (niwdk)

DRV - [2007/07/13 21:38:56 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidmxfkl.sys -- (nidmxfk)

DRV - [2007/07/13 19:01:20 | 000,011,368 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimxpkl.sys -- (nimxpk)

DRV - [2007/07/13 19:00:50 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimstskl.sys -- (nimstsk)

DRV - [2007/07/12 17:18:14 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk)

DRV - [2007/07/12 17:08:54 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk)

DRV - [2007/07/12 16:41:52 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk)

DRV - [2007/07/12 16:31:08 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk)

DRV - [2007/07/10 19:08:14 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipbcfk.sys -- (nipbcfk)

DRV - [2007/07/03 13:16:10 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimcdfxkl.sys -- (nimcdfxk)

DRV - [2007/06/30 22:07:58 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niRFSA2kl.sys -- (nirfsa2k)

DRV - [2007/06/20 23:19:52 | 000,151,683 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsrlk.dll -- (nimsrlk)

DRV - [2007/06/20 23:19:52 | 000,014,464 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimslk.dll -- (nimslk)

DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007/06/15 23:38:32 | 000,011,624 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisldkl.sys -- (nisldk)

DRV - [2007/06/01 14:39:30 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisrcdkl.sys -- (nisrcdk)

DRV - [2007/05/25 12:26:12 | 000,022,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1065k.sys -- (ni1065k)

DRV - [2007/05/25 07:07:00 | 006,345,504 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2007/05/06 20:00:06 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007/05/06 20:00:06 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007/05/06 20:00:06 | 000,210,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007/04/26 22:23:36 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)

DRV - [2007/04/26 22:23:06 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2007/04/24 10:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)

DRV - [2007/04/23 16:13:44 | 000,030,008 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)

DRV - [2007/04/16 16:06:28 | 000,050,688 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidmmk.dll -- (nidmmk)

DRV - [2007/04/16 16:04:12 | 000,674,304 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nidaq32k.sys -- (Nidaq32k)

DRV - [2007/04/16 14:42:28 | 000,111,616 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niSTCk.dll -- (nistck)

DRV - [2007/04/16 14:41:52 | 000,030,208 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nimdsk.dll -- (nimdsk)

DRV - [2007/04/16 14:40:38 | 000,021,504 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nibffrk.dll -- (nibffrk)

DRV - [2007/04/16 14:40:36 | 000,037,376 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niarbk.dll -- (niarbk)

DRV - [2007/04/12 09:26:08 | 000,250,776 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2007/04/10 18:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV - [2007/04/04 14:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2007/03/29 19:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2007/03/01 06:45:58 | 000,289,792 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2007/02/26 11:40:24 | 000,016,672 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni488lock.sys -- (ni488lock)

DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/02/23 23:09:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitnr2kl.sys -- (nitnr2k)

DRV - [2007/02/23 21:32:04 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidwgkl.sys -- (nidwgk)

DRV - [2007/02/23 15:20:54 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nigplkl.sys -- (nigplk)

DRV - [2007/02/22 11:45:16 | 000,020,768 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk)

DRV - [2007/02/22 11:43:52 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k)

DRV - [2007/02/22 11:40:18 | 000,025,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k)

DRV - [2007/02/22 11:18:50 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk)

DRV - [2007/02/14 09:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2007/02/14 09:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)

DRV - [2007/02/14 09:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2007/02/14 09:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2007/02/14 09:20:58 | 000,047,907 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2007/02/14 09:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2007/02/14 09:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2007/01/12 08:04:44 | 000,201,856 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/01/11 09:18:38 | 000,020,256 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvalarmk.sys -- (lvalarmk)

DRV - [2006/12/19 20:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)

DRV - [2006/10/09 16:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)

DRV - [2006/07/23 23:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2006/07/23 23:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2005/06/10 11:20:44 | 000,035,306 | ---- | M] (KEIL) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\keilul.sys -- (KEILUL) Keil ULINK SERVICE (keilul.sys)

DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/03/29 01:26:30 | 000,045,860 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com|http://www.spiegel.de/international/|http://gizmodo.com/|http://shirt.woot.com/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/04/19 14:18:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 23:10:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/15 19:07:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/04/19 14:18:42 | 000,000,000 | ---D | M]

[2008/08/24 12:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Extensions

[2010/11/17 20:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\extensions

[2010/05/01 12:01:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/11 19:51:59 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/11/04 16:04:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/10/24 13:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\extensions\maps@ovi.com

[2010/11/17 20:33:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/11/15 19:14:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/15 19:13:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()

O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1216071240354 (MUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)

O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\James Wyler\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\James Wyler\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 18:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O32 - Unable to obtain root file information for disk E:\

O33 - MountPoints2\{28c21933-b4ee-11de-8d32-001f3bc5b671}\Shell\AutoRun\command - "" = F:\set21\ago1opa.exe -- File not found

O33 - MountPoints2\{2ff8b382-dc5b-11de-8d46-001f3bc5b671}\Shell - "" = AutoRun

O33 - MountPoints2\{2ff8b382-dc5b-11de-8d46-001f3bc5b671}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{2ff8b382-dc5b-11de-8d46-001f3bc5b671}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\{2ff8b383-dc5b-11de-8d46-001f3bc5b671}\Shell\AutoRun\command - "" = I:\trikfx\spomenar.exe -- File not found

O33 - MountPoints2\{2ff8b383-dc5b-11de-8d46-001f3bc5b671}\Shell\explore\command - "" = I:\trikfx\spomenar.exe -- File not found

O33 - MountPoints2\{2ff8b383-dc5b-11de-8d46-001f3bc5b671}\Shell\open\command - "" = I:\trikfx\spomenar.exe -- File not found

O33 - MountPoints2\{8843ad42-9313-11dd-8b9e-00218602aaf8}\Shell - "" = AutoRun

O33 - MountPoints2\{8843ad42-9313-11dd-8b9e-00218602aaf8}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8843ad42-9313-11dd-8b9e-00218602aaf8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{b0cbc600-b36b-11dd-8bab-00218602aaf8}\Shell\AutoRun\command - "" = I:\assets\launch.exe -- File not found

O33 - MountPoints2\{f6e3d359-e07e-11df-8dd6-00218602aaf8}\Shell - "" = AutoRun

O33 - MountPoints2\{f6e3d359-e07e-11df-8dd6-00218602aaf8}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f6e3d359-e07e-11df-8dd6-00218602aaf8}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-816866572-3684673849-1850769744-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 21:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Wyler\Desktop\rootkit

[2010/11/17 21:20:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Wyler\Desktop\OTL.exe

[2010/11/15 19:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[1 C:\Documents and Settings\James Wyler\My Documents\*.tmp files -> C:\Documents and Settings\James Wyler\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/17 21:20:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Wyler\Desktop\OTL.exe

[2010/11/17 20:33:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/17 14:24:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/17 14:23:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/17 14:23:01 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/16 22:35:03 | 001,160,564 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1082_small.JPG

[2010/11/16 22:33:45 | 001,155,270 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1081_small.JPG

[2010/11/16 22:31:00 | 005,294,059 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1082.JPG

[2010/11/16 13:16:38 | 001,531,637 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\Sensors_F10x.pptx

[2010/11/15 11:01:57 | 001,531,739 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\Sensors_F10.pptx

[2010/11/15 00:22:05 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/11 18:42:09 | 000,766,976 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_basic.doc

[2010/11/11 17:53:34 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Aerojet.doc

[2010/11/11 17:53:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\James Wyler\My Documents\~$verLetter_Aerojet.doc

[2010/11/11 17:27:55 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_MTC.doc

[2010/11/11 16:39:45 | 000,076,734 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_con.pdf

[2010/11/11 16:38:53 | 000,767,488 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_con.doc

[2010/11/10 15:22:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\James Wyler\defogger_reenable

[2010/11/08 17:39:51 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\James Wyler\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/11/08 15:03:01 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\j3gncych.exe

[2010/11/08 15:01:48 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\dds.scr

[2010/11/08 15:01:03 | 000,205,241 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2010/11/08 15:00:40 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\Shortcut to Defogger.exe.lnk

[2010/11/08 11:27:13 | 000,464,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/08 11:27:13 | 000,079,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/04 21:58:13 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Wirth.doc

[2010/11/04 16:36:07 | 000,078,083 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410_MS.pdf

[2010/11/04 15:45:40 | 000,078,213 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410.pdf

[2010/11/04 15:44:30 | 000,769,536 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410.doc

[2010/11/02 19:10:46 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/11/02 19:10:46 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/11/01 14:23:44 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\James Wyler\My Documents\~$mes Wyler - Resume 101410.doc

[2010/11/01 14:07:07 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\James Wyler\My Documents\~$verLetter_Wirth.doc

[2010/10/28 17:19:05 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Penske.doc

[2010/10/28 17:10:41 | 000,078,040 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410_CON.pdf

[2010/10/26 15:32:20 | 000,971,159 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\106257175.pdf

[2010/10/26 15:29:57 | 000,035,680 | ---- | M] () -- C:\Documents and Settings\James Wyler\My Documents\lease.pdf

[2010/10/26 12:15:44 | 000,186,830 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\scope.jpg

[2010/10/25 16:33:19 | 000,096,261 | ---- | M] () -- C:\Documents and Settings\James Wyler\Desktop\72708_708489614099_12804768_38875330_5091047_n.jpg

[1 C:\Documents and Settings\James Wyler\My Documents\*.tmp files -> C:\Documents and Settings\James Wyler\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/16 22:35:01 | 001,160,564 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1082_small.JPG

[2010/11/16 22:33:44 | 001,155,270 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1081_small.JPG

[2010/11/16 22:31:00 | 005,294,059 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\ME1I1082.JPG

[2010/11/16 13:16:37 | 001,531,637 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\Sensors_F10x.pptx

[2010/11/15 11:00:44 | 001,531,739 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\Sensors_F10.pptx

[2010/11/11 18:07:37 | 000,766,976 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_basic.doc

[2010/11/11 17:53:34 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Aerojet.doc

[2010/11/11 17:53:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\James Wyler\My Documents\~$verLetter_Aerojet.doc

[2010/11/11 17:25:31 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_MTC.doc

[2010/11/11 16:39:36 | 000,076,734 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_con.pdf

[2010/11/11 16:38:52 | 000,767,488 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 111110_con.doc

[2010/11/10 15:22:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Wyler\defogger_reenable

[2010/11/08 15:03:00 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\j3gncych.exe

[2010/11/08 15:01:47 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\dds.scr

[2010/11/08 15:01:11 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\Defogger.exe

[2010/11/08 15:00:39 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\Shortcut to Defogger.exe.lnk

[2010/11/04 15:45:09 | 000,078,213 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410.pdf

[2010/11/01 14:23:44 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\James Wyler\My Documents\~$mes Wyler - Resume 101410.doc

[2010/11/01 14:07:07 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\James Wyler\My Documents\~$verLetter_Wirth.doc

[2010/10/28 17:39:09 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Wirth.doc

[2010/10/28 17:19:05 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\CoverLetter_Penske.doc

[2010/10/26 15:32:19 | 000,971,159 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\106257175.pdf

[2010/10/26 15:29:57 | 000,035,680 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\lease.pdf

[2010/10/26 15:16:38 | 000,078,040 | ---- | C] () -- C:\Documents and Settings\James Wyler\My Documents\James Wyler - Resume 101410_CON.pdf

[2010/10/26 12:15:41 | 000,186,830 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\scope.jpg

[2010/10/25 16:33:19 | 000,096,261 | ---- | C] () -- C:\Documents and Settings\James Wyler\Desktop\72708_708489614099_12804768_38875330_5091047_n.jpg

[2010/04/08 10:05:26 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/04/07 10:49:52 | 000,017,188 | -HS- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\R8x4CECgW

[2010/01/07 14:36:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\canusbdrv.dll

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/03/30 17:42:20 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/03/23 13:44:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll

[2009/03/23 13:09:28 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll

[2009/03/11 17:53:28 | 000,000,005 | ---- | C] () -- C:\Program Files\CaoWriteTest.txt

[2009/02/23 23:17:58 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll

[2009/02/18 01:29:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\FnF4.txt

[2008/10/28 12:58:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008/08/18 19:27:34 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008/08/18 18:12:05 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI

[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/07/23 11:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2008/07/21 20:02:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini

[2008/07/21 20:02:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\pxiesys.ini

[2008/07/21 17:35:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/07/17 19:14:18 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/07/14 23:56:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\QSwitch.txt

[2008/07/14 23:56:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\DSwitch.txt

[2008/07/14 23:56:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Wyler\Local Settings\Application Data\AtStart.txt

[2008/07/14 23:45:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/07/14 23:45:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/07/14 23:45:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/07/14 23:45:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/07/14 23:45:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/07/14 23:45:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/03/03 22:25:29 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2008/03/03 22:25:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI

[2007/07/24 09:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys

[2007/07/19 08:25:34 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini

[2007/07/19 02:13:22 | 000,049,696 | ---- | C] () -- C:\WINDOWS\System32\nispdu.dll

[2007/07/19 01:32:30 | 000,049,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\nispdk.dll

[2007/07/19 01:32:24 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\niscdrau.dll

[2007/07/18 20:12:26 | 000,003,520 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll

[2007/07/18 14:17:24 | 000,066,080 | ---- | C] () -- C:\WINDOWS\System32\cfswitch.dll

[2007/05/25 07:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/05/25 07:07:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/05/25 07:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/05/25 07:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/04/30 11:31:14 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll

[2007/04/26 22:23:06 | 000,100,095 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys

[2007/04/16 16:22:06 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\nipxiini.dll

[2007/04/16 15:52:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\niidaqlv.dll

[2007/02/06 14:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2007/02/06 13:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2007/01/19 09:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/12/13 16:03:14 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll

[2006/09/19 02:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/19 02:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2006/09/12 14:45:14 | 000,012,653 | ---- | C] () -- C:\WINDOWS\System32\GPIB.DLL

[2005/08/30 09:58:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\clallserial.dll

[2004/08/07 08:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/08/07 08:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/07 08:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[1999/11/04 10:00:38 | 000,001,840 | ---- | C] () -- C:\WINDOWS\System32\niidaqs.dll

[1998/05/06 21:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2008/03/03 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView

[2008/10/23 10:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes

[2010/04/14 06:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/02/13 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2008/07/14 23:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2010/04/22 17:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MoTeC

[2008/07/21 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments

[2010/02/13 17:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia

[2009/08/08 14:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic

[2009/08/08 14:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks

[2010/04/19 14:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache

[2009/06/07 15:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009/09/15 08:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/11/01 16:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2008/03/03 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

[2008/08/09 20:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Blackberry Desktop

[2009/12/18 08:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\CadSoft

[2010/01/28 20:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1

[2008/10/23 10:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\DassaultSystemes

[2010/03/03 13:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Facebook

[2009/03/05 15:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\FileZilla

[2008/12/12 22:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\InterVideo

[2010/03/30 19:57:17 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\James Wyler\Application Data\Microchip

[2009/09/13 13:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\MuPAD

[2010/02/13 18:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Nokia

[2010/02/13 18:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Nokia Ovi Suite

[2009/08/08 14:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Nseries

[2009/02/24 18:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Opera

[2010/02/13 18:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\PC Suite

[2008/08/09 20:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Research In Motion

[2008/03/03 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\SampleView

[2009/12/01 16:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Wyler\Application Data\Xerox

========== Purity Check ==========

< End of report >

ROOTKIT UNHOOKER

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xF4CDD000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6348800 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.63 )

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5468160 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 101.63 )

0xF4A19000 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2240512 bytes (Intel Corporation, Intel

[Elise]

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[YMZRS]

COMBO FIX

ComboFix 10-11-20.03 - James Wyler 11/20/2010 18:44:55.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2528 [GMT -5:00]

Running from: c:\documents and settings\James Wyler\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\windows\system32\zlibwapi.dll

E:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))

.

2010-11-16 00:07 . 2010-11-16 00:13 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2010-11-16 00:07 . 2010-11-16 00:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-16 00:13 . 2008-03-04 03:48 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-03 00:10 . 2010-04-08 22:41 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-03 00:10 . 2010-04-08 22:41 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2004-03-15 21:51 . 2004-03-15 21:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll

2003-05-01 13:36 . 2003-05-01 13:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll

2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll

2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll

2007-07-24 23:03 . 2007-07-24 23:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]

"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-21 1187840]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"HPWWANGSAssistant"="c:\swsetup\HPQWWAN\HPWWanGSAssistant.exe" [2007-05-03 4032056]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-7-14 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2007-04-30 16:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk

backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2008-04-23 07:08 483328 ----a-w- c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]

2005-04-04 22:58 856064 ----a-w- c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niDevMon]

2007-07-14 20:39 106064 ----a-w- c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]

2009-11-06 21:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]

2010-02-25 01:17 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-05-25 12:07 8429568 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-05-25 12:07 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2007-05-25 12:07 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

2008-05-14 01:29 507904 ----a-w- c:\program files\Orb Networks\Orb\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]

2007-05-08 16:38 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2006-03-10 01:38 806912 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

2006-07-13 15:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-01-05 16:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

2009-01-21 19:19 92168 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2009-02-14 02:01 1410296 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Adobe Version Cue CS2"=2 (0x2)

"Adobe LM Service"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"NITaggerService"=2 (0x2)

"NILM License Manager"=3 (0x3)

"NIDomainService"=2 (0x2)

"mxssvr"=2 (0x2)

"iPod Service"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"LkCitadelServer"=2 (0x2)

"nipxirmu"=2 (0x2)

"nimcdldu"=2 (0x2)

"nidevldu"=2 (0x2)

"ni488enumsvc"=2 (0x2)

"lkTimeSync"=2 (0x2)

"lkClassAds"=2 (0x2)

"NVSvc"=2 (0x2)

"matlabserver"=2 (0x2)

"FileZilla Server"=3 (0x3)

"iRacingService"=2 (0x2)

"PCA"=2 (0x2)

"RoxLiveShare9"=2 (0x2)

"niSvcLoc"=2 (0x2)

"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

"c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\orbixd.exe"=

"c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe"=

"c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CATUTIL.exe"=

"c:\\Program Files\\UGS\\NX 5.0\\UGII\\ugraf.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Steam\\steamapps\\yamez_rs\\race 07\\Race_Steam.exe"=

"c:\\Program Files\\ContactAtOnce\\ContactAtOnce.exe"=

"c:\\Program Files\\ContactAtOnce\\ContactAtOnce.cao"=

"c:\\Program Files\\iRacing\\iRacingService.exe"=

"c:\\Program Files\\iRacing\\iRacingSim.exe"=

"c:\\Program Files\\iRacing\\iRacingChat.exe"=

"c:\\Program Files\\iRacing\\iRacingLocalServer.exe"=

"c:\\Program Files\\iRacing\\iRacingLauncher.exe"=

"c:\\Program Files\\iRacing\\updater\\iRacingUpdater.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21:TCP"= 21:TCP:FileZilla Listening Port

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/10/2007 19:08 15448]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [4/26/2007 22:23 100095]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 16:31 44720]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [3/29/2007 19:54 13696]

R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [4/24/2007 10:52 16688]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [4/26/2007 22:23 5808]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/8/2010 17:41 135336]

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 03:00 14336]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 03:00 14336]

R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [5/4/2007 13:24 36864]

R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [4/27/2007 13:58 221184]

R2 iRacingService;iRacing.com Helper Service;c:\program files\iRacing\iRacingService.exe [3/30/2009 17:41 469152]

R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [4/16/2007 14:40 37376]

R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [4/16/2007 14:40 21504]

R2 nicanpk;nicanpk;c:\windows\system32\drivers\nicanpkl.sys [7/17/2007 13:46 11336]

R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [4/16/2007 16:04 674304]

R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [4/16/2007 16:06 50688]

R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [4/16/2007 14:41 30208]

R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2/22/2007 11:18 11552]

R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [4/16/2007 14:42 111616]

R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [7/19/2007 10:56 11360]

R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 15:13 292384]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 14:16 41216]

R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [3/3/2008 21:54 47616]

S2 KEILUL;Keil ULINK SERVICE (keilul.sys);c:\windows\system32\drivers\keilul.sys [7/18/2008 17:22 35306]

S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 16:13 30008]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 11:28 172131]

S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [1/11/2007 09:18 20256]

S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2/22/2007 11:40 25888]

S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2/22/2007 11:43 11552]

S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [5/25/2007 12:26 22360]

S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2/26/2007 11:40 16672]

S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [7/15/2007 16:44 11352]

S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [7/12/2007 17:18 11360]

S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [7/13/2007 21:38 11336]

S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [7/19/2007 02:06 11344]

S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2/23/2007 21:32 11552]

S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [7/24/2007 18:37 11336]

S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [7/24/2007 18:37 11336]

S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [7/15/2007 17:31 11352]

S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2/23/2007 15:20 11552]

S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [7/24/2007 21:01 11352]

S3 niimaqk;NI-IMAQ Driver;c:\windows\system32\drivers\niimaqk.sys --> c:\windows\system32\drivers\niimaqk.sys [?]

S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [7/24/2007 11:19 11360]

S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [7/18/2007 09:47 11392]

S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [6/20/2007 23:19 14464]

S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [6/20/2007 23:19 151683]

S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [7/13/2007 19:00 11360]

S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [7/13/2007 19:01 11368]

S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [7/19/2007 12:49 11360]

S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [7/18/2007 20:11 11904]

S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [7/18/2007 20:12 11896]

S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [7/24/2007 14:29 11552]

S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2/22/2007 11:45 20768]

S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [6/30/2007 22:07 11552]

S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [7/19/2007 01:32 11376]

S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [7/16/2007 23:27 11352]

S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [7/16/2007 11:52 11344]

S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [6/15/2007 23:38 11624]

S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [7/19/2007 01:32 11376]

S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [6/1/2007 14:39 11552]

S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [7/24/2007 18:37 11336]

S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [7/15/2007 15:48 11312]

S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [7/15/2007 16:50 11360]

S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [7/17/2007 03:18 11336]

S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [7/18/2007 21:15 11360]

S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2/23/2007 23:09 11552]

S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [7/19/2007 10:48 11384]

S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [7/19/2007 10:56 11360]

S3 niwdk;niwdk;c:\windows\system32\drivers\niwdk.sys [7/14/2007 19:26 19456]

S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [7/24/2007 18:37 11336]

S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [7/24/2007 18:38 11336]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [4/19/2010 14:17 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [4/19/2010 14:17 8320]

S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]

S4 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 12696]

S4 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 12696]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NIPALK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

Cognizance REG_MULTI_SZ ASBroker ASChannel

HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\James Wyler\Application Data\Mozilla\Firefox\Profiles\9o5evkh7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com|http://www.spiegel.de/international/|http://gizmodo.com/|http://shirt.woot.com/

FF - plugin: c:\documents and settings\James Wyler\Application Data\Facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\James Wyler\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe

MSConfigStartUp-wclock - c:\documents and settings\James Wyler\Application Data\Google\yfijv17721328.exe

AddRemove-Windows Essentials Media Codec Pack - c:\program files\Essentials Codec Pack\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-20 18:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)

c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll

c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL

c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll

c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll

c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll

c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.dll

c:\windows\system32\DeviceNP.dll

- - - - - - - > 'explorer.exe'(508)

c:\windows\system32\WININET.dll

c:\windows\system32\APSHook.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-11-20 18:56:47

ComboFix-quarantined-files.txt 2010-11-20 23:56

Pre-Run: 45,729,210,368 bytes free

Post-Run: 45,689,356,288 bytes free

- - End Of File - - 532FCDB04F2351A109FCF8C643123ECA

[Elise]

How are things running at this point?

[YMZRS]

I am still having the issues where I loose the text in my tabs, window titles and icons on the desktop. It happens randomly and the computer slows down, however, the computer may operate without issues for several hours and sometimes days.

[Elise]

This may be caused by Cognizance identify manager. You can try to disable/uninstall it and see if the problem still occurs afterwards.

Please rerun OTL, click the NONE button, then change the value under "extra registry" back to Use Safelist and click Run Scan. Post me extra.txt

[YMZRS]

OTL logfile created on: 11/22/2010 10:53:44 - Run 4

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\James Wyler\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 140.41 Gb Total Space | 43.34 Gb Free Space | 30.87% Space Free | Partition Type: NTFS

Drive D: | 175.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 8.64 Gb Total Space | 8.39 Gb Free Space | 97.04% Space Free | Partition Type: NTFS

Computer Name: JAMES_HP | User Name: James Wyler | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >

[YMZRS]

OTL Extras logfile created on: 11/22/2010 10:53:44 - Run 4

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\James Wyler\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 140.41 Gb Total Space | 43.34 Gb Free Space | 30.87% Space Free | Partition Type: NTFS

Drive D: | 175.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 8.64 Gb Total Space | 8.39 Gb Free Space | 97.04% Space Free | Partition Type: NTFS

Computer Name: JAMES_HP | User Name: James Wyler | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"21:TCP" = 21:TCP:*:Enabled:FileZilla Listening Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master -- (Pharos Systems International)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()

"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)

"C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\orbixd.exe" = C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\orbixd.exe:*:Enabled:orbixd -- ()

"C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CNEXT.exe" = C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CNEXT.exe:*:Disabled:CATIA -- (Dassault Systemes)

"C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATUTIL.exe" = C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATUTIL.exe:*:Disabled:V5 Batch Management -- (Dassault Systemes)

"C:\Program Files\UGS\NX 5.0\UGII\ugraf.exe" = C:\Program Files\UGS\NX 5.0\UGII\ugraf.exe:*:Disabled:NX Component -- (UGS Corp.)

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\Steam\steamapps\yamez_rs\race 07\Race_Steam.exe" = C:\Program Files\Steam\steamapps\yamez_rs\race 07\Race_Steam.exe:*:Enabled:RACE 07 -- (SimBin)

"C:\Program Files\ContactAtOnce\ContactAtOnce.exe" = C:\Program Files\ContactAtOnce\ContactAtOnce.exe:*:Enabled: -- ( )

"C:\Program Files\ContactAtOnce\ContactAtOnce.cao" = C:\Program Files\ContactAtOnce\ContactAtOnce.cao:*:Enabled:ContactAtOnce -- ()

"C:\Program Files\iRacing\iRacingService.exe" = C:\Program Files\iRacing\iRacingService.exe:*:Enabled:iRacingService.exe -- (iRacing.com Motorsport Simulations, LLC

Bedford, MA 01730)

"C:\Program Files\iRacing\iRacingSim.exe" = C:\Program Files\iRacing\iRacingSim.exe:*:Enabled:iRacingSim.exe -- (iRacing.com Motorsport Simulations, LLC

Bedford, MA 01730)

"C:\Program Files\iRacing\iRacingChat.exe" = C:\Program Files\iRacing\iRacingChat.exe:*:Enabled:iRacingChat.exe -- (iRacing.com Motorsport Simulations, LLC

Bedford, MA 01730)

"C:\Program Files\iRacing\iRacingLocalServer.exe" = C:\Program Files\iRacing\iRacingLocalServer.exe:*:Enabled:iRacingLocalServer.exe -- (iRacing.com Motorsport Simulations, LLC

Bedford, MA 01730)

"C:\Program Files\iRacing\iRacingLauncher.exe" = C:\Program Files\iRacing\iRacingLauncher.exe:*:Enabled:iRacingLauncher.exe -- ()

"C:\Program Files\iRacing\updater\iRacingUpdater.exe" = C:\Program Files\iRacing\updater\iRacingUpdater.exe:*:Enabled:iRacingUpdater.exe -- (iRacing.com Motorsport Simulations, LLC

Bedford, MA 01730)

"C:\Program Files\Orb Networks\Orb\bin\Orb.exe" = C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)

"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)

"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)

"C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master -- (Pharos Systems International)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)

"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00D0E2A8-E43E-480E-B9D1-E22C9C1D2F72}" = NI-DAQ C and VB6 API

"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2

"{01E47856-B1A1-4B69-A0DF-714942D5E4E8}" = NI-MDBG 1.7.0f0 for Phar Lap ETS

"{0285C8EA-A48F-4EAF-A485-69C46C464271}" = NI LabVIEW 8.5 VI.lib

"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader

"{035456F9-982A-49C0-A8D8-E9C0FEA659E4}" = NI-Serial 3.3

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{03B96C48-4001-46C7-AA89-6D8C5C32A5B8}" = NI Variable Manager

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0551E151-A312-44B2-956D-32715A988EB8}" = NI-PAL 2.1.0f1 for Phar Lap ETS

"{061AE98B-178A-4143-A52A-68ED9279644D}" = NI Legacy DAQmxRF

"{0633AAD6-4FBD-4F94-A420-FE5FAC85FD24}" = NI-Serial 3.3 MAX Provider

"{0699C67B-F5B5-4CA3-A3A9-B976406FA4DA}" = NI Service Locator

"{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{08BEA449-D83E-46CE-AB4A-3CB39C156EBB}" = NI-CAN 2.5.1 ADE Support Files

"{0A0FF37C-514F-4965-8D5E-A424B6D01742}" = NI-SCOPE 3.3.2

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0D77EC38-3091-40AE-A028-3C7BBEB0FC09}" = NI LabVIEW 8.5 License

"{0DD44F69-829A-4A34-8EF3-0B26E888B546}" = Intuitive Data Display

"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos

"{0EC13D13-65CE-4742-BD1C-BA907E353E19}" = CesacchaWmp

"{0F7038A9-4CA2-4A63-B4F4-D3DB79B089D4}" = NI-Serial 3.3 Help

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{122E90F8-A899-4225-AA82-94CBA2AEA98D}" = NI LabVIEW 8.5 Examples

"{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}" = Logitech Gaming Software

"{151F473B-9F91-4DAC-B77F-FF7BF8F5EE25}" = NI Instrument I/O Assistant

"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0

"{15D5755D-3795-45FE-9ED6-BC0DAFA3B333}" = NI-RPC 3.4.0f1

"{1829DACB-46DE-4624-808B-7802AC528DDF}" = NI EULA Depot

"{19E110CF-0A59-46E7-883A-BF1342ECC0C8}" = NI Enhanced DSC Deployment Support 8.5

"{1A710265-096B-46CB-8849-53A209D9A8CF}" = NI Certificates Deployment Support

"{1C885277-8F54-4C07-8E2B-05DE800A07E7}" = NI SCXI 1.8.1

"{1CF99BB2-C257-49A9-A5AB-078132CFFFC5}" = NI-STE10/100A 2.1.0f2 for Phar Lap ETS

"{20D21946-CC38-4380-94F7-E49A447AD12F}" = NI-MXDF 1.8.0f0

"{216886AA-525A-4E20-A845-EBB75FB5AD1E}" = NI PXI-5660 Support

"{21CCF072-914D-4B56-8A9A-5F3099BDFB48}" = Keil Evaluation 8051 Toolset for Silicon Laboratories

"{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins

"{243F0DFE-9945-4212-93CD-9B49D38477BE}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0

"{2461AEFD-6597-4B5F-9174-754B9DB56091}" = NI LabVIEW 8.5 Project

"{24F9EE02-2628-4F33-BF2C-F24BB4797C8E}" = NI Timing Installer 1.10.0

"{25087132-D60F-4CF0-BAEB-9C86B2E75ACE}" = NI DAQ Assistant 1.7.0

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{26BCC645-5CD6-4864-B779-A38C8C59EC3C}" = NI-VISA 4.2

"{27540AD5-C2CD-484D-AAEF-AD1A8DF26CB7}" = NI-DIM 1.7.0f0 for Phar Lap ETS

"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine

"{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog

"{2998D054-9254-42D0-A2DE-3C2DB04D92F1}" = NI-CAN 2.5.1

"{299B4500-C41F-4BA3-AB4A-CC9412E16D67}" = NI LabVIEW Run-Time Engine 8.5

"{29A816A6-86EF-41ED-806C-012728927595}" = NI Remote Provider for MAX

"{29E15D85-2D64-4584-AF30-32E2DC1CE55B}" = NI-IMAQ Configuration 2.1

"{2A2883FA-6ACB-4FC6-B70E-98110EC6404D}" = NI-488.2 Provider for MAX

"{2CD01C28-454F-4863-B875-55C37454B1A8}" = NI Calibration Provider for MAX

"{2CDFA015-CE4A-47CE-9071-AF221ABB6420}" = NI-FGEN 2.4.6

"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager

"{2F4C21C2-2BDC-4226-961D-A9D297C4F34C}" = NI LabVIEW 8.5 Applibs

"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager

"{31CB55E5-A7C6-4CC7-807D-70CFCF5603D6}" = ADuC702xV1.1

"{31E40ADA-5756-440D-8D31-4CE1388FEAD3}" = NI AFW Channel Configuration Tool

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33547274-426C-4955-B30E-3CC12190AD3C}" = NI-RFSG 1.2.6

"{34067EE8-710C-4EDA-965F-C977FB2CEDCC}" = NI Spy 2.5.1

"{343D72CD-C056-4E19-ADF3-FAE76285154B}" = Silicon Laboratories Configuration Wizard 2

"{347D80AC-D40D-4B9C-AE48-B698D4B6EF0B}" = NI-488.2 for LabVIEW Real-Time 2.52

"{347DA1C4-9739-46DF-AF73-F90B17D68FF7}" = TunerStudioMS

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2

"{34DBA734-9992-47DC-8E92-F343A18071D0}" = NI-488.2 2.5

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71

"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5

"{37DABC6A-3662-4A68-A1D8-A6E4958F64B6}" = NI Measurement Studio 8.1 Enterprise RunTime for VS2005

"{38A1EB20-8657-43B1-ADD9-3AD5CDB423AB}" = NI-DAQmx support for LabVIEW

"{38A4AD83-3492-4A4E-A502-48106D88DD3E}" = NI USI 1.5.0

"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD

"{391E73EB-3AB9-4B7A-8951-621544149E8F}" = NI Script Editor 1.3.1

"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel

"{3C8C9093-2961-4D25-805E-E12FC0DD2FE1}" = NI-SWITCH 3.6

"{3DD972A1-05F0-48C8-9EC4-AB6D4CA0396A}" = NI-DIO Driver 151f0

"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer

"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor

"{4175EFAF-1789-4C85-908D-81C620439CE0}" = NI LabVIEW SignalExpress 2.5 Steps

"{4262645A-40CC-47C7-8934-903FB7E9DC09}" = NI-PAL 2.1.0f1

"{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard

"{44564479-0533-4542-8D5A-4937EA4BFBAC}" = MPLAB Tools v8.30

"{45A162D5-CF6F-49C5-9B25-A0F5DF512664}" = NI LabVIEW 8.5 Resource

"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1

"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2

"{46ADF464-9D63-47E0-B59F-0D9C3A60B4C4}" = NI DataSocket 4.5.0

"{47101908-553A-4767-94F5-1F2B58012F6D}" = NI LabVIEW 8.5 Help

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CF5749D-2D10-4F5F-8AEC-DA808F15D665}" = NI IVI Class Driver LabVIEW 8.5 Support

"{4D5C1D5C-0337-4498-8699-E940CFDDECAD}" = NI-DAQmx MAX Support 1.9.0

"{4DD8D80C-6AC9-4E19-B3CE-E2CEB656AF2A}" = NI IVI Engine

"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform

"{4E765B16-84C0-40FD-A33D-D58CC7C75603}" = UGS NX 5.0

"{4EE688DD-B990-49C4-8615-BD1B0E66EA81}" = NI LabVIEW SignalExpress 2.5 Datatypes

"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour

"{53736430-DBEC-4582-B072-2F1F0A2C4EA6}" = NI LabVIEW Run-Time Engine 7.1.1

"{5423BE44-BD51-4BD9-B345-AE16E8A90D5D}" = Traditional NI-DAQ Documentation

"{55762835-9A95-4A89-BFAE-8E46979C8C4B}" = NI LabVIEW 8.5 Manuals

"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools

"{5626F094-CC8D-497E-948F-BF639800622F}" = NI-TClk 1.6.1

"{56CC729C-4986-4590-AAD5-874B8DC970AE}" = NI Sound and Vibration Frequency Analysis 5.0

"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager

"{57E227A9-B368-48A5-88A6-4A9436F24F9F}" = NI-VISA 4.2 for LabVIEW Real-Time

"{59DD18B4-3953-4D52-BB1C-C68275F47CE8}" = NI Portable Configuration

"{5AC708B7-B14B-4954-9997-FF8A82CCFFDE}" = Parallax USB Oscilloscope v5.1

"{5C2AD01A-C3FC-4F0E-899A-30D9B86D9941}" = NI-IVI Provider for MAX

"{5C4FDEAA-BD9B-4045-B48B-A2F60775130F}" = NI-IMAQ 3.8

"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check

"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide

"{5DBDA3D6-7D16-419C-8434-219011CF652B}" = NI-VISA Runtime 4.2

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F2318E0-67DD-4772-9581-1515DF87F5BB}" = NI DHV DCMP Installer 108f1

"{5F408BD6-1488-48EF-A000-92735DEA9957}" = NI LabVIEW SignalExpress 2.5 Licenses

"{6015C797-82BE-4655-8D53-581C838F14B0}" = NI-TNF 1.4.1f0 for Phar Lap ETS

"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6236AC09-E2A3-4B42-BAF0-92E803E1A1BB}" = NI-DMM 2.7.2

"{627BF3DD-2460-4EA1-904D-997BA5D1AB43}" = NI Common Digital 1.7.1

"{652BD9A6-EE53-400F-99BD-221AB0ED41A0}" = ContactAtOnce

"{65F1EE0F-F9D2-45E1-8E14-2EBFF34E90A0}" = NI LVBrokerAux8.0

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86

"{67C0B158-5F90-4B5D-9FD0-968CECE02A9F}" = Pi Delta Logger Management

"{681DD3FE-F5D0-4781-B159-E2422524BF98}" = NI IVI Class Simulation Drivers

"{68B7F576-5AF2-46D4-857A-763505551BF5}" = NI-DAQmx OPC Support

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69DCD41A-DA0B-4707-BF29-1D9787D3BB18}" = MegaLogViewer

"{6B2DC860-5B05-40E6-93DE-F17AAFE0A526}" = NI Variable Engine

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6DB587C2-8289-472A-967F-B3F66DA37D39}" = NI-Motion 7.6 FX Development

"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime

"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant

"{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1

"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14

"{7112A06F-A109-46CC-810E-070679754F77}" = NI LabVIEW Deployable License 8.5.0

"{71828DDB-A251-4D0D-A4B9-DAC5093D9F96}" = Silicon Laboratories C8051Fxxx uVision Driver

"{71A4CCC4-599D-49ED-8572-84529FE7626E}" = NI Hierarchical Waveform Storage 1.4.5

"{72CBC468-82F9-48F8-B5B0-3300387E41AA}" = Nokia Ovi Suite Software Updater

"{72D79D45-4F40-4ECF-8198-BD57635E65DA}" = NI PXI Platform Services for LabVIEW Real-Time 2.3.1

"{737C5CE5-9BB8-4A32-AC60-437F665FADCF}" = Pi Data Object

"{73935D21-6136-4FF6-8069-33D767E61429}" = NI-DIM 1.7.0f0

"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution

"{74CB3747-1685-46C1-8F02-FCDA36ADDBA9}" = NI TDMS

"{74F4EA0E-6E74-4336-BFB7-8B1376CACBB1}" = NI Instrument IO Assistant for LabVIEW 8.5

"{755ED4DC-D519-4918-8C9E-BAC9765B9696}" = NI LabVIEW SignalExpress 2.5 Core

"{768ECA63-EB76-4837-A4CC-58DA5A2FDAE9}" = NI LabVIEW 8.5 WWW

"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{773D6C77-4A5A-45C4-B4DE-3B6DAB4785BC}" = HP Broadband Wireless Modules

"{775FF57D-799D-49C4-A813-B695F0AA9E5C}" = NI-IMAQ 32-bit Driver Support

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{797D46F1-214B-484F-BCC2-69E0BC0E3359}" = NI-VISA 4.2 MAX Provider

"{7A6E650E-EFFA-4EF5-B807-E1F1C96F109E}" = NI-HSDIO 1.5.2

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7BD2DE9E-5B66-4C99-A5EE-BC2A23932F26}" = NI-DAQ INF Files

"{7DE3B2CC-B0EA-4607-B407-7E5E7C8BEAB0}" = NI LabVIEW Broker

"{7DEA0C8C-2DB7-4311-87D8-A90921BF8B53}" = NI PXI Platform Services Provider for MAX 2.3.1

"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime

"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2

"{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{826A1597-DAD0-4BB2-BAE8-C16F4BEEF089}" = NI-Motion 7.6

"{82D05F0A-8652-4F8F-BCD3-61DFFF4D660E}" = NI LabVIEW 8.5 Help File

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology

"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2

"{873B6C52-4EAF-4FA8-A156-907FE78D74F3}" = NI LabWindows/CVI Code Generator

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{88635CC8-FBE4-4741-A030-7A5E36988CA3}" = NI Dynamic Signal Acquisition Installer 1.10.0

"{89B920B6-ECF2-43FB-AF9C-8DD1843FC9A3}" = NI MIO Device Drivers 1.13.0

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A702909-3A7D-4ABD-846B-1869A49D850B}" = NI MDF Support

"{8AE51614-30BE-4F0F-B50F-459AB979D219}" = NI LabVIEW 8.5

"{8BAD0680-6FCF-4E6B-9E1F-C8D418999EF5}" = PICkit 2 v2.50.02

"{8C3790DA-0A12-4FF9-A3F1-B1D279E6D40C}" = NI-CAN Provider for MAX

"{8C8D1F1E-DC31-44F2-97F5-0D84CE49BB56}" = NI Uninstaller

"{8E0D1E76-BB9B-4D5C-B46F-21771677E3E4}" = NI DHV GPL 108f1

"{8E25212F-D6E5-4504-BE07-0F03A603B5E5}" = NI-APAL Error Files 1.2.0f0

"{8EB3022D-F805-421C-A573-59EC3EE5C08C}" = NI-IMAQ Provider for MAX

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{8F67CD1C-DF0B-400D-B611-A01A7C8D46B5}" = HP WWAN Setup Utility

"{8FA9410D-5894-4191-B8A4-CCEFAE34051C}" = NI OPC Support

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{911F2BEE-4919-4BA3-A097-B014070FD738}" = NI Assistant Framework LabVIEW Code Generator 8.0

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{9198EBF1-7EBB-40D4-87C8-7415CF8AE448}" = NI MXS

"{92228315-BA53-4061-A404-0F05A72E946B}" = NI Logos XT Support

"{92FA4246-7317-4A35-A74C-EF7D15B28C03}" = NI PXI Platform Services for Windows 2.3.1

"{93971826-093B-43E7-BA90-7A507D5E2339}" = NI LabVIEW SignalExpress 2.5

"{9426846E-66E2-4364-A846-C040F95619A7}" = Silicon Laboratories IDE & Examples

"{951B982C-04C6-40AD-88EB-E79DA4E229BF}" = NI-DAQ Provider for MAX

"{95B2CC9F-9C29-4F43-A4E7-9953FDFDC90F}" = NI-ORB 1.7.0f0 for Phar Lap ETS

"{95F1D58C-3A9C-4505-A554-A10322E4766B}" = NI-ORB 1.7.0f0

"{97C686BD-6FF3-4E3B-830D-552FE06128AA}" = NI LabVIEW 8.5 Templates

"{98618CFE-CACD-48C4-85EA-F9197FFEDD0C}" = NI Assistant Framework LabVIEW Code Generator 6.1

"{9877BCD9-6698-4951-AE19-D5F398D83D5A}" = Dassault Systemes Software Prerequisites x86

"{995E87FC-1E2B-463C-890A-94D39B761C43}" = NI-TNR Driver

"{99A125D2-366A-49BE-A144-B6CFB9668A90}" = IVI Shared Component

"{9A5277BD-4C24-40C7-AEF2-9FA6C6229EC6}" = NI LabVIEW SignalExpress 2.5 LabVIEW Support

"{9A990C4C-C1CA-450B-B816-1B56EF14D538}" = NI-DAQmx Switch Core 1.12.0

"{9C008728-2EF9-44A7-9149-EEC43B9F87AF}" = NI LabVIEW 8.5 Menus

"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater

"{9FBEC876-60EB-4BAC-BF51-E7EF29C1D71A}" = NI Assistant Framework LabVIEW Code Generator 8.2

"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2

"{A2B13DC5-3998-4D83-AD5C-D66679A1205C}" = NI-FieldPoint 6.0

"{A2B333B8-0797-42EB-A68E-39DCAB6D9DD6}" = NI-DCPower 1.1.2

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{A4ED947E-EC39-44F4-A576-44FA9E9F4AE3}" = NI Logos LabVIEW 8.5 Support

"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AA91B347-DDC0-41D7-BBAB-30EF9E8BBFC6}" = NI-Serial 3.3 for LabVIEW Real-Time

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AAEAC72F-9B68-464A-BC8B-587946B99B4E}" = NI MAX LabVIEW Support

"{AB98CF0B-1DBB-4F9A-ABDE-625217C8D34A}" = NI Measurements eXtensions for PAL 1.7.0

"{ABCE1FFB-A320-44ED-BEE8-68AF1791B35E}" = NI LabVIEW 8.5 MeasAppChm File

"{ABFAA6D6-7832-4C57-BF92-BA4A7244DE7C}" = NI LabVIEW 8.5 iMath

"{AC5B4B67-A4D4-44C0-9B37-FDD197543B58}" = NI-CAN Driver Files

"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{ADA35685-E6DC-42F2-807E-312AD0D18AA6}" = HP User Guides 0061

"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2

"{ADF04B79-2737-4D79-A683-79F7DD3E1BB1}" = NI-MRU 2.8.0f1

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B05599F2-55E3-47D2-9047-AE171F35A90B}" = NI Logos 4.9

"{B0C41F37-FE9A-40A7-AFF9-0BFE9A36BCF3}" = NI-DNET 1.6.1

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2

"{B59C4A37-E4EA-41E8-922F-EF8E6762412F}" = NI-MDBG 1.7.0f0

"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support

"{B6440D7E-E115-4B11-8935-54A329E364E0}" = NI LabVIEW 8.5 gMath

"{B6CDE57D-9384-4AFD-8731-48955D6FFCBD}" = NI ModInst 1.4.2

"{B6E680C6-B9C5-42D0-9907-491C2200E4F8}" = NI-MXLC 1.0.0f1

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{B7944A61-5832-40F1-B052-1D0BAB45EF95}" = NI LabVIEW 8.5 Simulation

"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver

"{BB5AC3FF-D750-477F-9437-2EF59CDF9103}" = NI-DAQmx Documentation

"{BB6B7CF3-6231-4F11-8F5B-8A7F10F3F587}" = NI Assistant Framework

"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)

"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2404A93-1951-47D2-9C02-22F3766258D8}" = NI-DAQmx 8.6

"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min

"{C4908416-75CE-456B-9AA5-531DE7FF6415}" = NI LabVIEW 8.5 User.lib

"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific

"{C4FBCEA7-E603-4994-9748-23F6FB9B24FC}" = NI LVBrokerAux 8.2.1

"{C5D0A6E9-9B1B-4463-BFDC-2969EB353434}" = NI-FGEN Driver 146f1

"{C70C9D30-6DB4-445F-AAAB-E21FB8783569}" = NI IVI Class Drivers

"{C74D0FA0-1D49-464F-A707-B427EE3385C1}" = BIOS Configuration for HP ProtectTools

"{C7E05341-311B-4D55-A22A-073468D5BB05}" = NI FieldPoint MAX Provider

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{C97C567B-27AC-461D-933A-BF4396540980}" = NI-HSD Driver 182f1

"{C9A019F0-B88F-464B-813A-C60293FEEC58}" = NI Fusion Standard Library Installer 1.5.1

"{CA324A25-354B-4337-8C03-2BE131A6B10A}" = NI-IMAQ .NET Support

"{CA3B6B06-5FA5-4C1B-87FC-44C050E1B563}" = NI IVI Compliance Package 3.1

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB75FFBB-67AA-4AF5-840C-B60D76720AC1}" = MoTeC i2 Pro

"{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}" = iRacing.com Race Simulation

"{CCF79A96-F9F4-4B80-B9F7-4A4B3AA7DE76}" = NI-CAN: Shared LV code

"{CD7FE5D3-4678-4C79-B9EA-32D14E9BE583}" = NI IVI Online Help

"{CD8DC58F-465B-4E04-853C-C43E7950FA86}" = NI LabVIEW Run-Time Engine 7.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D17DE20F-BF2B-459C-86D4-DCB3F665BF6C}" = NI-DAQ Document Set

"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes

"{D2B84C1E-DD92-442A-9229-42C0A426E57F}" = NI LabVIEW SignalExpress 2.5 Tools

"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline

"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant

"{D335CCE7-749E-4958-A48C-6F4E804F56C9}" = NI Instrument IO Assistant for LabVIEW 7.1

"{D3FE1E36-DF92-442F-AAE6-FFF4D5913834}" = NI LabVIEW Merge Utility 8.5.0

"{D47BF5FF-D068-4A36-82B4-F55E68F38BE9}" = NI-INTEL8255X 2.1.0f0 for Phar Lap ETS

"{D490070C-66AE-43CB-B230-6D92D5840E83}" = NI-Watchdog 2.2.1f9

"{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3

"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor

"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard

"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1

"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries

"{DBEEAC1D-E0AE-4B14-A9F2-38953F2E5C73}" = NI-Motion MAX Provider 7.6

"{DD4727FC-A2B4-4639-8365-8D092A3BC3E8}" = NI STC 1.2.0

"{DEBA1F73-FA74-4B62-A2CF-A83A02C967B4}" = NI-Tuner 1.6.6

"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface

"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite

"{E046A9E5-3991-40F6-91D2-57A28B4ACC60}" = NI Remote PXI Provider for MAX

"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2

"{E30CDA45-B3CA-470B-B0C0-6BD69ED86693}" = Silicon Laboratories ToolStick Development Tools

"{E4DB90AC-6536-4359-90EE-75BEEFC1A923}" = MogdSharp

"{E5B1DA8B-D2C2-4E4F-82CF-28C169FD4598}" = NI Assistant Framework LabVIEW Code Generator 7.1

"{E5FF4ACF-89A3-4FF9-AD1F-A3F1DD5CF5F5}" = NI-VISA Server 4.2

"{E6BBBB50-76E9-4F2F-AA8C-3FDDEB978A87}" = NI Assistant Framework LabVIEW Code Generator 8.5

"{E8FDF79F-C5C7-4801-9E42-BA2B9CFDB144}" = NI Vision Acquisition Express VI

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EB9E7F70-8F2E-412A-A182-FAC85345FDCC}" = NI Assistant Framework LabVIEW Code Generator 7.0

"{EC610AB8-3B18-4AD9-BCE5-8D014C94CD64}" = NI Example Finder 8.5

"{EDF51FA5-6909-47E1-AAFE-411BA8900AA1}" = NI-DAQmx - LabVIEW shared documentation

"{F08FF422-BDBC-4816-810A-085880C15FC6}" = NI Software Provider for MAX

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F1FA3E4B-04DE-5EDE-FDC0-8E527912F2E0}" = Pandora

"{F28D6E4E-EA52-49F5-B5E8-EDA4F380F83A}" = NI DN 2.0 installer

"{F3BE8B64-D74E-4B79-B21A-DD5AE291BD84}" = NI-FieldPoint for LabVIEW Real-Time 6.0

"{F4AEDCEC-88CD-4408-80F4-6E7560AE2122}" = NI Variable Engine LabVIEW 8.5 Support

"{F566E322-AA55-4AAE-A3E8-43B1786710A5}" = NI Measurement & Automation Explorer 4.3

"{F5A5B4B5-46A2-4489-958B-C44B89B27C38}" = NI-653x Installer 1.7.0

"{F5EEC475-6464-4072-95C1-A39DC929CDED}" = NI LabVIEW SignalExpress 2.5 Core LabVIEW Support

"{F843AC27-704C-4731-A590-F57841B488F2}" = Drive Encryption for HP ProtectTools

"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network

"{FA4B42B5-F071-4757-B166-F8B219D40136}" = NI-RFSA 2.0.6

"{FADFF346-8180-4F39-AEC7-FE81087315BC}" = NI LabVIEW 8.5 CINtools

"{FC7E30E4-E72F-45EC-9822-FC41C41E9DFA}" = Traditional NI-DAQ 7.4.4 (Legacy)

"{FC9144C1-F70B-47CF-BCDC-FEFE4C0BA7D1}" = NI LabVIEW 8.5 Instr.lib

"{FDA3B45E-073C-4394-90F5-44887B54CC2C}" = NI LabVIEW 8.5 Device Detection and Deployment Support

"{FDD1F9E8-A174-4A6C-A185-C5AC913D64C3}" = NI Measurement Studio Max Configuration Support for VS2005

"{FDEABB07-6AC3-41E1-A17C-CA5D9707EF72}" = NI-RPC 3.4.0f1 for Phar Lap ETS

"{FDF8AE1D-C47B-4A0B-9A78-F4CC00236C42}" = NI-MXDF 1.8.0f0 for Phar Lap ETS

"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BlackBerry_{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3

"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795" = Soft Data Fax Modem with SmartCP

"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora

"ComcastHSI" = Comcast High-Speed Internet Install Wizard

"Dassault Systemes B18_0" = Dassault Systemes Software B18

"DivX Setup.divx.com" = DivX Setup

"DIYAutoTune's Tuning Software Package_is1" = DIYAutoTune's Tuning Software Package - 081909

"EAGLE 5.6.0" = EAGLE 5.6.0

"FileZilla Client" = FileZilla Client 3.2.2.1

"FileZilla Server" = FileZilla Server (remove only)

"Guitar Pro 5_is1" = Guitar Pro 5.2

"HP Photo & Imaging" = HP Image Zone 4.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{31CB55E5-A7C6-4CC7-807D-70CFCF5603D6}" = ADuC702xV1.1

"InstallShield_{44564479-0533-4542-8D5A-4937EA4BFBAC}" = MPLAB Tools v8.30

"IviSharedComponent" = IVI Shared Components

"Keil

[Elise]

This might be also related to harddisk errors. Click Start > Programs > Accessories, right click "command prompt", bype chkdsk /r and press enter.

Type Y and press enter to schedule the scan for next reboot. Restart your computer and let the diskcheck run unhindered. Note - this may take some time.

When done, see how the problem is.

[YMZRS]

I ran diskcheck and it corrected some errors but the problem just occurred again, so there is still an issue somewhere...

This might be also related to harddisk errors. Click Start > Programs > Accessories, right click "command prompt", bype chkdsk /r and press enter.

Type Y and press enter to schedule the scan for next reboot. Restart your computer and let the diskcheck run unhindered. Note - this may take some time.

When done, see how the problem is.

[Elise]

Hi again, I see no reason this behavior, do you have any scheduled scans or so running at the time that the problem occurs.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "JDK 6 Update 22 (JDK or JRE)".
  
• Click the "Download JRE" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  
• If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please run also the following scan: do NOT delete any items, only cure if the option is there.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.
  

[Elise]

Hi, are you still there?

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!