Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iaStor.sys is suspiciously modified


  • This topic is locked This topic is locked
13 replies to this topic

#1 GGeerIII

GGeerIII

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 24 February 2010 - 08:52 AM

Bing/Google Links only SOMETIMES get rerouted. Also, problems starting laptop sometimes (freezes at windows startup screen). Lastly, laptop is now freezing (or going SUPER slow) randomly it seems.
Ran Spybot, Malware Bytes, and AdAware. They found nothing. Have AVG on laptop, that did not find anything either. GERD says iaStor.sys is suspiciously modified. Have not done ANYTHING to try to fix this yet (except move a ton of stuff onto a backup drive). Help would be greatly appreciated as this is my work laptop.
NOTE: GMER takes 3+ hours to run and freezes my computer so I can't save a log. I have attached the quick scan log that it does at the beginning.

EDIT: Also, a Windows - Delayed Write Failed Error just came up. It states: "Windows was unable to save all the data for the file \Device\Harddick1\DP(1)0-0+6. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere."
At the time the error came up I don't recall actively trying to save anything....

DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by george.geer at 12:06:27.79 on Tue 02/23/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1161 [GMT -5:00]

AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\Wootalyzer\woot.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spark\Spark.exe
C:\Documents and Settings\george.geer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Connection Wizard,ShellNext = hxxp://picasa.google.com/support/bin/request.py?contact_type=uninstall&hl=en
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [Wootalyzer] "c:\program files\wootalyzer\woot.exe" /boot
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [POEngine]
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Outlook Profile Conversion Utility] c:\program files\kerio\outlook connector (offline edition)\ConvertProfiles.cmd
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: MaxGPOScriptWait = 120 (0x78)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} c:\program files\irfanview\ebay\ebay.htm - c:\program files\irfanview\ebay\ebay.htm\inprocserver32 does not exist!
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
Notify: avgrsstarter - avgrsstx.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\george~1.gee\applic~1\mozilla\firefox\profiles\2whkt8fl.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: keyword.URL - hxxp://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=YZQicq3P&q=
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=YZQicq3P&q=
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-3-25 12552]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2007-2-15 15136]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-25 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-10-18 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-25 108552]
R2 altio;altio;c:\program files\altium designer winter 09\system\drivers\altio.sys [2004-5-31 3200]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-31 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-25 297752]
R2 CriFx;CriFx;c:\windows\system32\drivers\CriFx.sys [1998-8-22 42584]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2007-2-16 12696]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2007-4-16 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2007-4-16 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2007-4-16 674304]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2007-2-16 12696]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2007-4-16 50688]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2007-4-16 30208]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2007-2-22 11552]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2007-4-16 111616]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2007-2-23 11552]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2007-2-21 11552]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2007-2-21 11552]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2007-2-25 11552]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [2009-1-27 57536]
S3 CRIFXUSB;CAMI CableEye Fixture Driver for USB;c:\windows\system32\drivers\CRIFXUSB.sys [2005-5-6 19968]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2007-1-11 20256]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2007-2-22 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2007-2-22 11552]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2007-2-26 16672]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2007-2-22 11552]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2007-2-25 11552]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2007-2-23 11552]
S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2007-2-23 11552]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2007-2-25 11552]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2007-2-25 11552]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2007-2-22 11552]
S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2007-2-23 11552]
S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2007-2-24 11552]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2007-2-25 11552]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2006-12-18 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2006-12-18 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2007-2-22 11552]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2007-2-23 11552]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2007-2-15 11552]
S3 nipalusb;NI-PAL USB Driver;c:\windows\system32\drivers\nipalusb.sys [2007-2-15 10528]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2007-2-15 11552]
S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2007-2-23 11552]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2007-2-22 20768]
S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [2007-2-24 11552]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2007-2-26 11552]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2007-2-25 11552]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2007-2-23 11552]
S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2007-2-23 11552]
S3 nismbusk;nismbusk;c:\windows\system32\drivers\nismbusk.sys [2007-2-22 86304]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2007-2-26 11552]
S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2007-2-23 11552]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2007-2-25 11552]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2007-2-22 11552]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2007-2-23 11552]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2007-2-23 11552]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2007-2-23 11552]
S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2007-2-23 11552]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2007-2-22 11552]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2007-2-23 11552]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2007-2-25 11552]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2007-2-25 11552]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;\??\c:\program files\ufasoft\sniffer\usft_sn4.sys --> c:\program files\ufasoft\sniffer\usft_sn4.sys [?]
S3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxk.sys [2007-2-25 27936]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-02-23 15:35:11 0 d-----w- c:\docume~1\george~1.gee\applic~1\Malwarebytes
2010-02-23 15:35:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-23 13:46:01 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-22 20:10:29 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-22 20:10:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-02 14:54:35 0 d-----w- c:\program files\Audacity
2010-02-02 14:50:58 0 d-----w- c:\docume~1\george~1.gee\applic~1\Mp3 Editor For Free
2010-02-02 14:50:34 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2010-02-02 14:50:34 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2010-02-02 14:50:34 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2010-02-02 14:50:34 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2010-02-02 14:50:34 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll
2010-02-02 14:50:34 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-02-02 14:50:34 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-02-02 14:50:34 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2010-02-02 14:50:33 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2010-02-02 14:50:33 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2010-02-02 14:50:33 2084864 ----a-w- c:\windows\system32\NCTAudioDesign2.dll

==================== Find3M ====================

2010-02-23 13:13:49 172869 ----a-w- c:\windows\system32\nvModes.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-30 15:00:06 29297342 ----a-w- C:\U502 RCL RH Solidworks Files 2009_11_25.zip
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2007-02-24 05:37:42 88761 ----a-w- c:\windows\inf\pxiclean.exe
2007-09-29 05:17:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-09-24 14:36:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092420080925\index.dat
2007-10-18 21:19:46 16384 --sha-w- c:\windows\temp\cookies\index.dat
2007-10-18 21:19:46 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2007-10-18 21:19:46 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 12:07:48.87 ===============

Edited by GGeerIII, 24 February 2010 - 04:23 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:35 PM

Posted 26 February 2010 - 08:12 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 GGeerIII

GGeerIII
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 28 February 2010 - 04:54 PM

Thanks for helping me out! Here are the log files.

OTL.txt

OTL logfile created on: 2/28/2010 3:50:28 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\george.geer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.58 Gb Total Space | 12.87 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 2.66 Gb Free Space | 35.79% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 453.18 Gb Total Space | 159.35 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
Drive S: | 453.18 Gb Total Space | 159.35 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 514.47 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive U: | 465.76 Gb Total Space | 338.96 Gb Free Space | 72.77% Space Free | Partition Type: NTFS
Drive Y: | 931.51 Gb Total Space | 514.47 Gb Free Space | 55.23% Space Free | Partition Type: NTFS

Computer Name: GEORGESLAPTOP
Current User Name: george.geer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/28 15:48:25 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\george.geer\Desktop\OTL.exe
PRC - [2010/02/18 05:12:13 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/11 09:37:20 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/31 07:40:03 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/31 07:40:02 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/31 07:39:57 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/31 07:39:55 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/07/31 07:39:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/25 04:23:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/25 04:23:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/06/01 13:33:44 | 002,002,944 | ---- | M] (Kerio Technologies Inc.) -- C:\Program Files\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe
PRC - [2009/03/25 21:52:26 | 000,374,272 | ---- | M] () -- C:\Program Files\Wootalyzer\woot.exe
PRC - [2009/01/14 16:37:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 23:35:22 | 000,590,512 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 14:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/05/31 12:42:14 | 000,200,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2007/05/31 12:37:40 | 012,310,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2007/05/31 05:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/04/16 13:33:18 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/04/16 13:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/04/16 13:14:24 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/04/09 02:23:56 | 001,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/29 20:40:48 | 000,181,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/03/28 12:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/03/20 15:19:12 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2007/03/09 00:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 23:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/02 19:49:00 | 000,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/02/21 16:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2007/02/16 09:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe
PRC - [2007/02/14 21:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2007/02/14 21:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2007/02/14 21:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkads.exe
PRC - [2007/02/08 15:19:44 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2007/02/08 15:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/02/08 15:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 15:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/02/08 15:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 13:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/02/06 21:47:46 | 000,703,264 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2007/01/30 20:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/22 10:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/15 18:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/02/14 00:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 00:16:28 | 000,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/02/02 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 18:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/02/28 15:48:25 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\george.geer\Desktop\OTL.exe
MOD - [2007/01/25 01:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006/02/14 00:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/16 10:28:00 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/31 07:39:57 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/31 07:39:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/01/14 16:37:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/01/18 10:01:59 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/11/26 14:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/05/31 05:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/04/16 13:33:18 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/04/16 13:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/04/16 13:14:24 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/03/20 15:19:12 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2007/03/02 19:49:00 | 000,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/02/21 16:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/02/16 09:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu)
SRV - [2007/02/16 09:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu)
SRV - [2007/02/16 09:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (ni488enumsvc)
SRV - [2007/02/14 21:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007/02/14 21:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2007/02/14 21:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2007/02/08 15:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/02/08 15:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 15:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 13:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/02/06 21:47:46 | 000,703,264 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/01/30 20:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/29 14:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2007/01/22 10:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/15 18:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/04/14 12:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/06 20:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2004/12/02 07:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/07/31 07:40:02 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/07/31 07:40:02 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/04/26 09:32:42 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/26 09:32:28 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/01/14 16:37:00 | 006,620,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/05 16:08:14 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbblstr.sys -- (AlteraUSBBlaster)
DRV - [2008/08/20 12:58:58 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/27 14:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/11/27 14:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/11/21 09:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/29 00:29:49 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2007/09/29 00:28:41 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007/09/29 00:07:20 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/07/07 08:11:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2007/07/07 08:11:38 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/06/29 10:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/06/17 11:16:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/05/31 05:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/04/30 08:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/04/16 17:06:28 | 000,050,688 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidmmk.dll -- (nidmmk)
DRV - [2007/04/16 17:04:12 | 000,674,304 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidaq32k.sys -- (Nidaq32k)
DRV - [2007/04/16 15:42:28 | 000,111,616 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niSTCk.dll -- (nistck)
DRV - [2007/04/16 15:41:52 | 000,030,208 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nimdsk.dll -- (nimdsk)
DRV - [2007/04/16 15:40:38 | 000,021,504 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nibffrk.dll -- (nibffrk)
DRV - [2007/04/16 15:40:36 | 000,037,376 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niarbk.dll -- (niarbk)
DRV - [2007/04/12 23:08:26 | 000,306,176 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/04/06 09:01:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2007/03/29 17:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/23 08:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/22 17:59:48 | 000,094,848 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2007/03/15 00:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2007/03/14 23:50:08 | 000,040,848 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/03/02 19:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 19:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/26 19:03:56 | 000,251,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/26 15:31:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nispdkl.sys -- (nispdk)
DRV - [2007/02/26 15:31:14 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niscdkl.sys -- (niscdk)
DRV - [2007/02/26 11:40:24 | 000,016,672 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni488lock.sys -- (ni488lock)
DRV - [2007/02/25 19:12:54 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimstskl.sys -- (nimstsk)
DRV - [2007/02/25 19:12:02 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidmxfkl.sys -- (nidmxfk)
DRV - [2007/02/25 19:10:56 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsdrkl.sys -- (nimsdrk)
DRV - [2007/02/25 18:13:26 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkl.sys -- (nixsrk)
DRV - [2007/02/25 18:13:22 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niwfrkl.sys -- (niwfrk)
DRV - [2007/02/25 18:13:20 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nissrkl.sys -- (nissrk)
DRV - [2007/02/25 18:13:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niesrkl.sys -- (niesrk)
DRV - [2007/02/25 18:13:14 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niemrkl.sys -- (niemrk)
DRV - [2007/02/25 18:11:20 | 000,027,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb6xxxk.sys -- (usb6xxxk)
DRV - [2007/02/25 18:11:14 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisdigkl.sys -- (nisdigk)
DRV - [2007/02/24 03:19:54 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niRFSA2kl.sys -- (nirfsa2k)
DRV - [2007/02/24 00:10:42 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nihsdrkl.sys -- (nihsdrk)
DRV - [2007/02/23 23:17:18 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisftkl.sys -- (nisftk)
DRV - [2007/02/23 23:09:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitnr2kl.sys -- (nitnr2k)
DRV - [2007/02/23 21:32:04 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidwgkl.sys -- (nidwgk)
DRV - [2007/02/23 21:28:08 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisrcdkl.sys -- (nisrcdk)
DRV - [2007/02/23 21:19:38 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipsdkl.sys -- (nipsdk)
DRV - [2007/02/23 21:05:20 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisldkl.sys -- (nisldk)
DRV - [2007/02/23 19:44:56 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niswdkl.sys -- (niswdk)
DRV - [2007/02/23 16:43:04 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidsarkl.sys -- (nidsark)
DRV - [2007/02/23 16:25:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ninshsdkl.sys -- (ninshsdk)
DRV - [2007/02/23 15:20:54 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nigplkl.sys -- (nigplk)
DRV - [2007/02/23 14:54:22 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitiorkl.sys -- (nitiork)
DRV - [2007/02/23 09:25:22 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK)
DRV - [2007/02/23 09:25:20 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV - [2007/02/23 02:14:42 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistcrkl.sys -- (nistcrk)
DRV - [2007/02/22 19:17:26 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc2kl.sys -- (nistc2k)
DRV - [2007/02/22 17:18:46 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicdrkl.sys -- (nicdrk)
DRV - [2007/02/22 12:26:32 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimxpkl.sys -- (nimxpk)
DRV - [2007/02/22 12:21:42 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nifslkl.sys -- (nifslk)
DRV - [2007/02/22 10:45:16 | 000,020,768 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk)
DRV - [2007/02/22 10:43:52 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k)
DRV - [2007/02/22 10:40:18 | 000,025,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k)
DRV - [2007/02/22 10:34:00 | 000,086,304 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nismbusk.sys -- (nismbusk)
DRV - [2007/02/22 10:18:50 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk)
DRV - [2007/02/22 09:42:12 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK)
DRV - [2007/02/21 21:39:46 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimru2kl.sys -- (nimru2k)
DRV - [2007/02/21 21:20:20 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk)
DRV - [2007/02/21 21:10:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk)
DRV - [2007/02/21 20:46:50 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk)
DRV - [2007/02/21 20:39:06 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk)
DRV - [2007/02/15 22:00:24 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2007/02/15 22:00:18 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2007/02/15 21:59:42 | 000,010,528 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusb.sys -- (nipalusb)
DRV - [2007/02/15 21:59:34 | 000,583,968 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2007/02/15 16:23:06 | 000,015,136 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2007/02/12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/08 14:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/01/11 09:18:38 | 000,020,256 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvalarmk.sys -- (lvalarmk)
DRV - [2006/12/18 11:55:38 | 000,151,683 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsrlk.dll -- (nimsrlk)
DRV - [2006/12/18 11:55:38 | 000,014,464 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimslk.dll -- (nimslk)
DRV - [2006/11/06 18:04:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/10/22 20:23:28 | 000,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/09/13 14:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/09/13 00:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/03/01 05:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/14 00:04:58 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/02 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 07:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/21 00:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/11/18 14:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 14:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 07:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/17 12:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/05/06 11:58:20 | 000,019,968 | ---- | M] (CAMI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CRIFXUSB.sys -- (CRIFXUSB)
DRV - [2004/11/05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/05/31 15:20:04 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Program Files\Altium Designer Winter 09\System\Drivers\altio.sys -- (altio)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/11 01:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/05/01 12:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 07:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [1998/08/22 01:20:12 | 000,042,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CriFx.sys -- (CriFx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-21-147667094-602431902-1233803906-1193\S-1-5-21-147667094-602431902-1233803906-1193\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-147667094-602431902-1233803906-1193\S-1-5-21-147667094-602431902-1233803906-1193\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "GoogIe"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bing.com"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=YZQicq3P&q="

FF - user.js..browser.search.selectedEngine: "GoogIe"
FF - user.js..keyword.URL: "http://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=YZQicq3P&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 05:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 05:12:19 | 000,000,000 | ---D | M]

[2008/09/01 10:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Extensions
[2010/02/28 14:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Firefox\Profiles\2whkt8fl.default\extensions
[2009/08/31 07:34:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Firefox\Profiles\2whkt8fl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/17 09:32:44 | 000,002,836 | ---- | M] () -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Firefox\Profiles\2whkt8fl.default\searchplugins\bing.xml
[2009/07/17 09:33:03 | 000,002,398 | ---- | M] () -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Firefox\Profiles\2whkt8fl.default\searchplugins\ni.xml
[2009/07/17 09:33:32 | 000,010,541 | ---- | M] () -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Firefox\Profiles\2whkt8fl.default\searchplugins\octopart.xml
[2010/02/28 14:28:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/14 17:21:24 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2006/01/23 09:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll
[2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
[2009/05/28 12:31:43 | 000,001,532 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-com.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Outlook Profile Conversion Utility] C:\Program Files\Kerio\Outlook Connector (Offline Edition)\ConvertProfiles.cmd ()
O4 - HKLM..\Run: [POEngine] File not found
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-147667094-602431902-1233803906-1193..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-147667094-602431902-1233803906-1193..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-147667094-602431902-1233803906-1193..\Run: [Wootalyzer] C:\Program Files\Wootalyzer\woot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 120
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\..Trusted Ranges: Range1 ([file] in Local intranet)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.111.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arcserv.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/07/07 07:00:00 | 000,000,043 | ---- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\##server2#CD-ROM#Office 2003 Suite (Also Visio, Project Etc.)\Shell - "" = AutoRun
O33 - MountPoints2\##server2#CD-ROM#Office 2003 Suite (Also Visio, Project Etc.)\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##server2#CD-ROM#Office 2003 Suite (Also Visio, Project Etc.)\Shell\AutoRun\command - "" = Y:\SETUP.EXE -- [2003/07/07 07:00:00 | 001,126,400 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8024e1ec-3ae0-11dd-bdb5-f6af7a99f1f7}\Shell - "" = AutoRun
O33 - MountPoints2\{8024e1ec-3ae0-11dd-bdb5-f6af7a99f1f7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8024e1ec-3ae0-11dd-bdb5-f6af7a99f1f7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b828eb24-e668-11de-a4c9-0013e8b6f8a1}\Shell\AutoRun\command - "" = F:\Altium NanoBoard 3000.exe -- File not found
O33 - MountPoints2\{cce9a5e0-84be-11dd-bde7-001c26e8d4b1}\Shell - "" = AutoRun
O33 - MountPoints2\{cce9a5e0-84be-11dd-bde7-001c26e8d4b1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cce9a5e0-84be-11dd-bde7-001c26e8d4b1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/09/28 23:42:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: niDevMon - hkey= - key= - C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SolidWorks_CheckForUpdates - hkey= - key= - C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0C054D2A-3736-D0D5-4662-7558995A8E79} - Microsoft Windows Media Player 6.4
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {24C4E056-D1D0-5CD8-9D1D-46BE12E71052} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {409784AC-E824-B83D-53DD-385435AFBE9A} - DirectAnimation
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5E702F1A-D858-8EC9-D759-51C44D340D5C} - Browser Customizations
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {6212EDE9-7C10-31A2-110D-5AD47DE24EBA} - IE7 Uninstall Stub
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {68C7C18E-6D10-36AA-8BDD-A187B08CFCA0} - Browser Customizations
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7D1765B9-9D3A-E132-16A4-25972E8F9B22} - Microsoft Windows Media Player 6.4
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ADF6690B-4E31-3EFA-54BB-BB56AB7F800F} - Vector Graphics Rendering (VML)
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C8E27B71-FCB2-E30B-9C87-8E84CAF9798A} - Dynamic HTML Data Binding for Java
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CF1AAE60-0734-6E96-FF02-93F38FF07145} - Microsoft Windows Media Player 6.4
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F3E3313C-19F4-E107-160E-9CEA579A7B76} - Microsoft Windows Media Player 6.4
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 15:48:26 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\george.geer\Desktop\OTL.exe
[2010/02/25 18:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/02/25 18:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/25 09:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george.geer\Desktop\Music
[2010/02/25 08:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george.geer\Desktop\_laptop stuff
[2010/02/23 10:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george.geer\Application Data\Malwarebytes
[2010/02/23 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/23 08:46:01 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/23 08:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/22 15:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/22 15:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/21 20:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/21 11:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/02/21 02:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/02/21 02:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/20 21:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/02 09:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/02/02 09:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george.geer\Application Data\Mp3 Editor For Free
[2010/02/02 09:50:34 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2010/02/02 09:50:34 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2010/02/02 09:50:34 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2010/02/02 09:50:34 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2010/02/02 09:50:34 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2010/02/02 09:50:34 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2010/02/02 09:50:34 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTTextToAudio2.dll
[2010/02/02 09:50:34 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2010/02/02 09:50:33 | 002,084,864 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDesign2.dll
[2010/02/02 09:50:33 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2010/02/02 09:50:33 | 000,835,584 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2009/06/03 09:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/31 11:02:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/31 11:02:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/31 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/09/29 00:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/28 15:48:25 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\george.geer\Desktop\OTL.exe
[2010/02/28 15:03:41 | 056,422,506 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/28 14:21:28 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/28 14:21:28 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/28 14:21:28 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/28 14:19:44 | 000,000,371 | ---- | M] () -- C:\WINDOWS\null
[2010/02/28 14:18:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/28 14:17:58 | 000,172,869 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/02/28 14:17:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\pxisys.ini
[2010/02/28 14:17:39 | 000,000,030 | ---- | M] () -- C:\WINDOWS\pxiesys.ini
[2010/02/28 14:17:15 | 000,172,869 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/28 14:16:53 | 000,182,678 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/28 14:16:53 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/02/28 14:16:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/28 14:16:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 14:16:02 | 2112,139,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/28 12:28:18 | 015,204,352 | -H-- | M] () -- C:\Documents and Settings\george.geer\NTUSER.DAT
[2010/02/28 12:27:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\george.geer\ntuser.ini
[2010/02/28 01:44:12 | 000,001,726 | -H-- | M] () -- C:\Documents and Settings\george.geer\My Documents\Default.rdp
[2010/02/26 10:06:24 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/02/26 08:46:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/26 07:22:21 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/25 20:58:33 | 000,457,615 | ---- | M] () -- C:\Documents and Settings\george.geer\Desktop\New Parts.zip
[2010/02/25 20:02:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/24 16:22:27 | 000,026,709 | ---- | M] () -- C:\Documents and Settings\george.geer\Desktop\error1.jpg
[2010/02/23 13:28:27 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\george.geer\Desktop\Microsoft Office Outlook 2003.lnk
[2010/02/23 13:27:37 | 000,044,439 | ---- | M] () -- C:\Documents and Settings\george.geer\Desktop\bookmarks-2010-02-23.json
[2010/02/23 11:53:41 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\george.geer\Desktop\dds.scr
[2010/02/23 08:45:59 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/22 16:55:25 | 000,000,226 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/21 18:41:37 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\george.geer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 03:10:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 14:06:01 | 000,001,726 | -H-- | C] () -- C:\Documents and Settings\george.geer\My Documents\Default.rdp
[2010/02/25 20:58:33 | 000,457,615 | ---- | C] () -- C:\Documents and Settings\george.geer\Desktop\New Parts.zip
[2010/02/24 16:22:27 | 000,026,709 | ---- | C] () -- C:\Documents and Settings\george.geer\Desktop\error1.jpg
[2010/02/23 17:49:18 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\george.geer\Desktop\gmer.exe
[2010/02/23 13:27:37 | 000,044,439 | ---- | C] () -- C:\Documents and Settings\george.geer\Desktop\bookmarks-2010-02-23.json
[2010/02/23 13:15:32 | 2112,139,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/23 11:53:42 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\george.geer\Desktop\dds.scr
[2010/02/23 08:47:28 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/28 13:10:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\00104run.ini
[2009/04/10 13:00:45 | 000,000,291 | ---- | C] () -- C:\WINDOWS\CAMDXP.INI
[2009/03/30 14:26:21 | 000,003,829 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2009/02/06 09:37:16 | 000,000,023 | ---- | C] () -- C:\WINDOWS\bo407cdw.ini
[2009/01/16 09:07:46 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/01/09 10:10:17 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/11/04 11:45:39 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\george.geer\Local Settings\Application Data\fusioncache.dat
[2008/09/01 14:55:25 | 000,001,032 | ---- | C] () -- C:\WINDOWS\Poker-Spy.INI
[2008/02/24 14:29:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/02/09 15:58:21 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\george.geer\Application Data\WavCodec.wff
[2008/02/01 13:43:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2008/01/30 14:51:06 | 000,000,035 | ---- | C] () -- C:\WINDOWS\render.ini
[2008/01/22 10:58:44 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/01/22 10:58:09 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/01/22 10:57:29 | 000,000,083 | ---- | C] () -- C:\WINDOWS\EPSPR260.ini
[2008/01/09 19:48:33 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\george.geer\Application Data\$_hpcst$.hpc
[2007/11/27 11:30:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\cviinst.ini
[2007/11/26 14:56:04 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/11/26 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/11/06 21:37:56 | 000,000,146 | ---- | C] () -- C:\WINDOWS\capture.INI
[2007/10/28 15:09:00 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\george.geer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 17:02:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini
[2007/10/22 17:02:41 | 000,000,030 | ---- | C] () -- C:\WINDOWS\pxiesys.ini
[2007/10/22 11:07:43 | 000,000,062 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/10/19 15:10:25 | 000,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/19 11:56:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/19 10:05:54 | 000,110,642 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/10/19 10:05:54 | 000,043,252 | ---- | C] () -- C:\WINDOWS\System32\pdfmon.dll
[2007/10/19 09:52:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/09/29 00:47:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/29 00:22:16 | 000,000,226 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/29 00:20:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/09/29 00:20:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/09/29 00:20:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/09/29 00:20:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/09/29 00:20:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/09/29 00:20:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/09/29 00:14:20 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/29 00:14:20 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/29 00:14:18 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/29 00:14:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/29 00:09:08 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/09/29 00:06:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/04/16 17:22:06 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\nipxiini.dll
[2007/04/16 16:55:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\niezid.dll
[2007/04/16 16:55:10 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\niezio.dll
[2007/04/16 16:52:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\niidaqlv.dll
[2007/04/06 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\cvirtsup.dll
[2007/04/06 09:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2007/03/20 19:57:36 | 000,052,000 | ---- | C] () -- C:\WINDOWS\System32\nipcload.dll
[2007/02/26 15:33:48 | 000,049,952 | ---- | C] () -- C:\WINDOWS\System32\nispdu.dll
[2007/02/26 15:31:16 | 000,049,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\nispdk.dll
[2007/02/26 15:31:06 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\niscdrau.dll
[2007/02/24 01:02:54 | 000,066,336 | ---- | C] () -- C:\WINDOWS\System32\cfswitch.dll
[2007/02/22 10:17:50 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pn.ini
[2007/02/22 10:17:50 | 000,000,051 | ---- | C] () -- C:\WINDOWS\pr.ini
[2007/02/21 18:30:50 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2007/02/15 22:00:42 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
[2007/01/16 10:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/12 14:45:14 | 000,012,653 | ---- | C] () -- C:\WINDOWS\System32\GPIB.DLL
[2006/06/13 15:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/11/16 12:04:36 | 000,485,376 | ---- | C] () -- C:\WINDOWS\System32\DrRw40.dll
[1999/11/04 11:00:38 | 000,001,840 | ---- | C] () -- C:\WINDOWS\System32\niidaqs.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/24 09:15:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/24 09:15:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/24 09:15:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/24 09:15:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007/03/15 00:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Program Files\ThinkVantage Fingerprint Software\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007/02/12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >



Extras.txt

OTL Extras logfile created on: 2/28/2010 3:50:28 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\george.geer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.58 Gb Total Space | 12.87 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 2.66 Gb Free Space | 35.79% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 453.18 Gb Total Space | 159.35 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
Drive S: | 453.18 Gb Total Space | 159.35 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 514.47 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive U: | 465.76 Gb Total Space | 338.96 Gb Free Space | 72.77% Space Free | Partition Type: NTFS
Drive Y: | 931.51 Gb Total Space | 514.47 Gb Free Space | 55.23% Space Free | Partition Type: NTFS

Computer Name: GEORGESLAPTOP
Current User Name: george.geer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Gizmo5\Gizmo5.exe" = C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5 -- ()
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- File not found
"C:\Program Files\National Instruments\LabVIEW 8.2\LabVIEW.exe" = C:\Program Files\National Instruments\LabVIEW 8.2\LabVIEW.exe:*:Enabled:LabVIEW 8.2.1 Development System -- (National Instruments Corporation)
"C:\Program Files\National Instruments\Shared\Example Finder\1.0\BIN\NIExampleFinder.exe" = C:\Program Files\National Instruments\Shared\Example Finder\1.0\BIN\NIExampleFinder.exe:*:Enabled:NIExampleFinder -- (National Instruments)
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:AVG Control Center -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\ARC TestCentre\TestCentre.exe" = C:\Program Files\ARC TestCentre\TestCentre.exe:*:Enabled:TestCentre -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Voip\Communicator\Communicator.exe" = C:\Program Files\Voip\Communicator\Communicator.exe:*:Enabled:Communicator -- File not found
"C:\Program Files\Gizmo5\Gizmo5.exe" = C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5 -- ()
"C:\Program Files\PokerOffice\bin\javaw.exe" = C:\Program Files\PokerOffice\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Jeyo\JMC_WindowsMobile\JMC_WM.exe" = C:\Program Files\Jeyo\JMC_WindowsMobile\JMC_WM.exe:*:Enabled:Jeyo Mobile Companion -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Altium Designer 6\dxp.exe" = C:\Program Files\Altium Designer 6\dxp.exe:*:Enabled:dxp -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Documents and Settings\george.geer\Desktop\WNHDE111 SW CD v1.1\bin\config\ConfigAssistant.exe" = C:\Documents and Settings\george.geer\Desktop\WNHDE111 SW CD v1.1\bin\config\ConfigAssistant.exe:*:Enabled:Discover -- File not found
"C:\Program Files\Altium Designer Winter 09\dxp.exe" = C:\Program Files\Altium Designer Winter 09\dxp.exe:*:Enabled:dxp -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00BD6E57-AF6D-4238-8D2A-D32B5337F3C2}" = NI LabWindows/CVI 8.1.1 FDS Package
"{0431E2E8-3CE3-436A-9ED4-B314F3F27461}" = NI IVI Compliance Package 3.0
"{044E5B6C-38A4-45BC-B779-385CD8DA0DA8}" = NI TestStand Version Selector
"{047DB692-BBD4-4768-91CC-ABD418B494B8}" = NI USI 1.4.1
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05304ADE-9374-4D0B-8366-38106FEFB717}" = NI-DAQmx Documentation
"{05A5B86B-7A8F-44B6-A43C-3B953E69F004}" = NI LabVIEW 8.2.1 Resource
"{061AE98B-178A-4143-A52A-68ED9279644D}" = NI Legacy DAQmxRF
"{06A4FAAD-1D04-41B7-9F7E-A3B03EBAFB52}" = NI MAX LabVIEW Support
"{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{089FBA30-0FB2-42A8-8370-C93EA301B2A4}" = NI PXI Platform Services Provider for MAX 2.3.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A04BFEE-B3E3-4FF7-9C9D-AC1C59ED367D}" = NI Dynamic Signal Acquisition Installer 1.9.0
"{0BB9F01F-CB8A-44C5-BAB5-98CFC10752B5}" = NI-FGEN 2.4.5
"{0EC523EE-3D9F-415C-8D30-95F973D53D87}" = NI LabVIEW Real-Time Error Dialog
"{0EC55650-EA47-4B68-87E8-CB9B5B95093C}" = NI SignalExpress 2.0 Tools
"{0EE24AF8-91DD-49C0-B50E-1986F67D2BE3}" = NI Instrument IO Assistant for LabVIEW 8.2
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1008C62D-5BDD-474A-86A5-6FC21863D6DF}" = NI SCXI 1.8.0
"{104403F3-31ED-405B-B950-22401A4CAAF6}" = NI-RFSG 1.2.5
"{10560CCA-BCF6-47B0-A0BA-FB6E134A0AD7}" = NI LabVIEW 8.2.1 License
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{143E1ACF-0E65-4A60-8A4D-A17B97E83526}" = NI LabVIEW RealTime Deployment Support
"{17983D5B-2B6F-4948-8940-80A3A4D65F21}" = NI Measurements eXtensions for PAL 1.6.0
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
"{19C33FE0-EF6C-4942-BD05-B026D278F497}" = NI-Tuner 1.6.5
"{19C55121-0F65-4A41-939F-91352996BEA3}" = NI Hierarchical Waveform Storage 1.4.4
"{1BE08195-5CFE-41D5-B224-940EF06B9BCE}" = NI-PAL 2.0.0f0
"{1C0AC819-9FAA-4ED4-8C2B-CD1B17FBD18F}" = NI-DAQmx 8.5
"{1C478488-78AD-4E94-B200-A10EC530A4E9}" = NI LabVIEW Broker
"{1D476EFD-93EF-4E01-9505-C98FF606DF61}" = NI LabVIEW 8.2.1 Instr.lib
"{1E0BFC4C-B225-44EB-AA35-0B267AA6E1B6}" = NI LabWindows/CVI 8.1.1 Program Files
"{208E6919-DDEB-4559-B547-C5828582C90F}" = NI ExpressWorkbench 2.0 LabVIEW Support
"{20969065-2AFF-4711-96F9-5D724007ACE4}" = NI LabVIEW 8.2.1 User.lib
"{20D5BBFF-73E4-4F92-8E61-7947399A55A4}" = NI-RFSA 2.0.5
"{21798A9D-4DF7-49E8-A43C-76EE3D4D934C}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 1.1
"{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071
"{238E8E63-EB2C-4325-AF45-CE226AF2BD70}" = NI-DCPower 1.1.1
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2517AE6E-DA3D-4621-9CD1-E3CA3E957DA7}" = NI-DAQmx support for LabVIEW
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2878E399-77A1-46A3-A3AF-63A97697120F}" = NI-DAQ CVI API
"{28CBD47C-221F-4A3C-8C57-C057D03D0B77}" = NI-VISA 4.1 MAX Provider
"{28FF0691-1440-452D-96EB-269AA7A2F5A4}" = NI LabVIEW 8.2 Device Detection and Deployment Support
"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A2883FA-6ACB-4FC6-B70E-98110EC6404D}" = NI-488.2 Provider for MAX
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0
"{2F3BC035-D260-4024-B6F3-C6E3B81F1148}" = GerbTool 15.1 Demo
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31274293-6159-4F39-B8D1-86279091DE49}" = NI LabWindows/CVI Code Generator
"{32135EAA-639B-4C67-AE11-A7DE80CF38F5}" = NI-DAQmx Switch Core 1.11.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{326E5445-4DD3-4403-9385-7869281DDE73}" = NI MAX CVI Support
"{34A54631-DF88-4FD6-85DE-45075EC52A72}" = NI ExpressWorkbench 2.0
"{34DBA734-9992-47DC-8E92-F343A18071D0}" = NI-488.2 2.5
"{34F3977F-070B-4CE8-89F2-653FC17749B6}" = NI SignalExpress 2.0 Datatypes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{36A998F0-C15C-4AFD-BCAE-1C0577CCA29A}" = NI DataSocket 4.4.0
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{36E64726-D41C-4E37-A972-FF93110EA3AC}" = NI LabWindows/CVI 8.1.1 Full Development System Files
"{38924B45-98B2-4E14-8B61-B5F2538C0F94}" = NI TestStand 3.5 Dependency Part
"{391E73EB-3AB9-4B7A-8951-621544149E8F}" = NI Script Editor 1.3.1
"{3A5A79C7-E7A5-4E18-9BC2-872D0BD38C58}" = NI LabVIEW 8.2.1 Examples
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}" = Garmin Communicator Plugin
"{3C782FEB-BC17-4CE1-8DD4-830C4DB2F1FC}" = NI LabVIEW 8.2.1 Templates
"{3DD972A1-05F0-48C8-9EC4-AB6D4CA0396A}" = NI-DIO Driver 151f0
"{3EE80F80-3CB1-4C9E-830C-1DABB2E76AFA}" = NI LabVIEW 8.2.1 gMath
"{3F125DD5-EC7D-4B7D-BCC2-2B15BD87587B}" = NI-VISA 2.5 Runtime
"{3F358B78-C154-46DF-8423-023729B42795}" = NI Example Finder 8.2
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{423108C4-7B7E-48A8-8B00-09240BB9246F}" = NI LabWindows/CVI 8.1.1 Help Files
"{452B119A-4D74-4FBB-A9A9-FD4D12F9B780}" = NI LabVIEW 8.2.1 WWW
"{45C69E1F-D33F-413A-B8CF-FE8483219FFB}" = NI LabVIEW 8.2.1 Project
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{4618B5C7-54C2-42D3-8349-9CDC4EE96137}" = NI-DAQ INF Files
"{46A65E66-0E98-4DFB-A8BC-2F8986178821}" = NI Remote PXI Provider for MAX
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{48ACB89A-11FB-4520-9EAA-052353DCF36C}" = NI Enhanced DSC Deployment Support 8.0
"{4ACACC50-4E9C-4C6B-A570-6CC343F4319B}" = NI-SWITCH 3.5
"{4AD47A13-F0EC-4C7F-9657-0725C1205731}" = NI-FGEN Driver 145f0
"{4F66ADD6-FC65-4A55-92A7-1D35E5E7D59D}" = NI LabVIEW 8.2 Help
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53736430-DBEC-4582-B072-2F1F0A2C4EA6}" = NI LabVIEW Run-Time Engine 7.1.1
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5423BE44-BD51-4BD9-B345-AE16E8A90D5D}" = Traditional NI-DAQ Documentation
"{542A1AF0-CA49-4F64-9209-9B75EE6FC287}" = NI PXI-5660 Support
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5535426F-E814-4B34-9B36-726E9DBEB7A7}" = NI Logos 4.7
"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5B641F4F-A9A7-49A7-917E-EB1E1F5626E1}" = NI LabVIEW 8.2 MeasAppChm File
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CFD6945-FCFC-4B1B-8DB4-ADC248093485}" = NI IVI Engine
"{5F2318E0-67DD-4772-9581-1515DF87F5BB}" = NI DHV DCMP Installer 108f1
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65F1EE0F-F9D2-45E1-8E14-2EBFF34E90A0}" = NI LVBrokerAux8.0
"{67DFA904-E2FE-4970-90B9-6218DFF1CE90}" = NI-DIM 1.6.0f0
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3AD61D-3836-4792-95AA-DB63DDC5B008}" = NI-ORB 1.6.0f0
"{6B727BD3-7A33-433D-9816-9498C1EB0A9E}" = NI Measurement Studio 8.1 Enterprise RunTime for VS2005
"{6BC3FF64-8EDF-4FEA-8DA6-BC5B7CE18640}" = NI STC 1.2.0
"{6C4E34F6-71CD-4C4A-80F4-3B3CFABDD210}" = NI ModInst 1.4.1
"{6D2737AE-8898-4BE1-AE46-555B7DB540A8}" = NI MDF Support
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D778FB0-24CD-4B09-9044-AE1A5051ABA1}" = NI TestStand 3.5 Engine Binary
"{6F00E21D-302B-4CEE-A0B5-418ECC62934A}" = NI-DMM 2.7
"{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736175D8-263C-436E-B654-EF99B2F0C8BA}" = NI-RPC 3.3.1f0 for Phar Lap ETS
"{74E2E651-4850-4CA7-A1A7-41CF3AA080D2}" = NI Instrument I/O Assistant
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{78231F18-FD98-4B03-A932-DE9329594D08}" = NI TDMS
"{78DBB2E4-DE1D-49F6-92A0-FA94F405CC1B}" = NI Spy 2.5.0
"{796CA6A7-DA8F-49CD-A3AF-6DBEC48741DF}" = NI TestStand 3.5 Support Files
"{7C9FD676-65BF-420F-8113-12E3F2F7EE08}" = NI Measurement & Automation Explorer 4.2.1
"{7D26E5EA-63A2-4C4B-BE97-446404685C59}" = NI LabVIEW 8.2.1 CINtools
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E2AEDA5-5A6C-424B-8A21-C9CBD2958E43}" = NI-MXDF 1.7.0f0
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7EAE720E-519C-4304-932A-0246EFA24E1F}" = NI-VISA Server 4.1
"{7F1B5615-2C56-40F0-89C4-D2C0E72B9BCA}" = NI-VISA 4.1
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80A645AC-3EC1-495D-9AB6-8BC51D564143}" = NI Sound and Vibration Frequency Analysis 5.0
"{8169D9AA-A2DE-4EA0-BF27-2E7D1CF52D87}" = NI LabVIEW SignalExpress 2.0
"{84172037-613A-4B72-B797-E36C04BA5D17}" = NI SignalExpress 2.0.0 Steps
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{85D340FC-FC6E-49A6-88BB-0B5CA2EEF4E8}" = NI Remote Provider for MAX
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86F908CA-B1B4-476B-B8EB-7FC1D32C7A05}" = NI OPC Support
"{873258AA-8BEA-4B76-B158-F42A7FE304BB}" = NI LabVIEW 8.2.1 Simulation
"{87AA24A1-D180-46C7-A417-F8F6B62C881C}" = NI Portable Configuration
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{88D89139-C5EA-4DB5-BB0F-101C5276E361}" = NI Measurement & Automation Explorer 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8B073FE8-ED47-439E-94A9-68C1B8242FC1}" = NI-RPC 3.3.1f0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6DF316-F3F9-4E08-A773-7BA73F6095F9}" = NI LabWindows/CVI Advanced Analysis Libraries 8.1.1
"{8CB99B33-6579-4457-8415-2ED2F35A2953}" = NI-TClk 1.6.0
"{8CCA1D4D-96D2-419D-A8C9-11C0BEBC64DA}" = NI TestStand 3.5 Sequence Editor
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E0D1E76-BB9B-4D5C-B46F-21771677E3E4}" = NI DHV GPL 108f1
"{8E25212F-D6E5-4504-BE07-0F03A603B5E5}" = NI-APAL Error Files 1.2.0f0
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB44A4D-0280-48B8-9DC6-9E144D2D1F3A}" = Install To GAC
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90FEC055-1755-4BCE-BA6A-1184D29B87CD}" = NI-DAQmx OPC Support
"{911F2BEE-4919-4BA3-A097-B014070FD738}" = NI Assistant Framework LabVIEW Code Generator 8.0
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939A6B52-AE59-44E0-83FF-308BCCA3749C}" = NI Software Provider for MAX
"{94DC7454-D491-412D-A8B1-A029BD6BF282}" = NI-IVI Provider for MAX
"{951B982C-04C6-40AD-88EB-E79DA4E229BF}" = NI-DAQ Provider for MAX
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95E03D24-517B-4D92-B346-644BFECA064F}" = NI-HSD Driver 180f0
"{961D0297-6957-4D16-BE00-414FCF9D3FFB}" = NI-DAQ Document Set
"{965D8F31-7FE4-4F00-9212-8429C700A27C}" = NI Common Digital 1.7.0
"{9802D16A-3323-4836-AF9E-0027FB9553F6}" = Kerio Outlook Connector (Offline Edition)
"{98618CFE-CACD-48C4-85EA-F9197FFEDD0C}" = NI Assistant Framework LabVIEW Code Generator 6.1
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{995E87FC-1E2B-463C-890A-94D39B761C43}" = NI-TNR Driver
"{99A125D2-366A-49BE-A144-B6CFB9668A90}" = IVI Shared Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D65A47A-0929-4C50-A3BD-3AF59DA38ED8}" = NI LabVIEW 8.2.1 iMath
"{9DE44ACB-AB73-41BC-AA39-71F6DC9702C2}" = NI Fusion Standard Library Installer 1.5.0
"{9FBEC876-60EB-4BAC-BF51-E7EF29C1D71A}" = NI Assistant Framework LabVIEW Code Generator 8.2
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A14E2492-9E63-4781-AD24-4B55422EA221}" = NI LabVIEW SignalExpress 2.0 Licenses
"{A225C44C-0C31-4A45-B97F-B308212EA79A}" = NI Certificates Deployment Support
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A376575F-B8C4-4B36-9E24-815CB9B111B9}" = NI IVI Installer Creator
"{A5CE71BF-D4B2-4D29-B6EA-BC28AA9F4DD1}" = NI-VISA Runtime 4.1
"{A9642402-FB9E-4FBA-83E8-51CB70EF8E32}" = NI-DAQmx MAX Support 1.8.0
"{AA11363D-DF31-419C-961D-D8A5F148651D}" = NI LabVIEW Deployable License 8.2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC1D71B5-B622-40D2-979A-BA55261A86EB}" = NI LabVIEW 8.2.1 Applibs
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD8572C1-485A-413A-A63F-7466B5C7B9C5}" = NI TestStand 3.5 Operator Interfaces
"{AE5739D2-F749-4C03-918E-AEF420832FD2}" = NI TestStand 3.5
"{B0224028-D854-46E5-8E10-1305538AC9E3}" = NI MXS
"{B09810B8-A970-4F58-8061-A8BD023C09FA}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B306061F-9083-4DAB-9809-C4DDAF319273}" = NI LabVIEW 8.2.1 Menus
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4303A7D-8657-4878-8BF6-3A886B5AA6AB}" = NI DAQ Assistant 1.6.0
"{B51CC1CD-5828-4441-9C8F-7659ACF1BF65}" = NI LabVIEW 8.2.1 VI.lib
"{B652CC58-6222-4149-B52D-C632AEE8C66C}" = NI LabVIEW Run-Time Engine 6.0.2
"{B84F8170-2D08-438A-A307-F23C4EA95430}" = NI LabVIEW 8.2 Help File
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAA64E98-E733-431D-A066-7D9EAE7AB2E5}" = SignDoc
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE367B7-E9BB-41E1-991B-56906FF39761}" = NI-HSDIO 1.5
"{BFAA820A-C7D8-42AE-A3BA-CE118F3F0802}" = NI Service Locator
"{BFEA2222-557D-4F0D-B1AE-64EECBCA2747}" = NI VC2005MSMs x86
"{C07A6EBC-C451-4A22-959B-38596FB8556F}" = NI LabWindows/CVI FDS Sample Files 8.1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C5253437-5F29-44D3-9665-1AB316A11850}" = NI Variable Engine LabVIEW 8.2.1 Support
"{C532C3FA-4241-4521-9FAC-1FA20BAE36B6}" = NI Variable Engine
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA557FEB-D65E-4D0A-8C78-008F71E1711D}" = NI Variable Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB11FBC-77FB-4623-8F55-F53642C36684}" = NI-MRU 2.7.0f0
"{CC8971B9-9132-4C04-A8D4-628663C9E9F0}" = NI LabVIEW Run-Time Engine 6.1
"{CD8DC58F-465B-4E04-853C-C43E7950FA86}" = NI LabVIEW Run-Time Engine 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1477E16-95F7-41A6-AED2-7EAC3B833BCA}" = Altium Designer Winter 09
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D540B4F0-5B14-4449-B7DE-95AB6C3A6608}" = NI-653x Installer 1.6.0
"{D6FAEBB1-90E0-4CF8-9A41-9087E6789D11}" = NI EULA Depot
"{D778C658-7525-4842-97D6-4660EE0BBFD4}" = NI PXI Platform Services for Windows 2.3.0
"{D89EEEA4-78D7-4533-AEF4-D7918EF359D2}" = NI LabVIEW 8.2 Manuals
"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
"{DA31ADBA-0261-4D13-9BA1-9213DD56C69B}" = NI-SCOPE 3.3
"{DA8CFCD3-BDB3-4774-9AD1-14770BCF9BF8}" = NI DN 2.0 installer
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}" = Garmin City Navigator North America NT 2009 Update
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DD1370AB-8080-4E5F-9985-228839142D8A}" = NI LabWindows/CVI Sample Files 8.1.1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE4A7830-7480-425C-8330-699C30FD8C66}" = PHM Registry Editor
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DF8696A2-84DF-11D4-A291-00104B9B6F89}" = Basic IVI Class Drivers
"{E040BA70-61B7-434E-A273-F62EB400AC4F}" = NI Session Manager 3.5
"{E37AC733-62F9-4C75-924D-CF748B07778B}" = NI SignalExpress 2.0 LabVIEW Support
"{E5462412-D8C2-4225-9839-6EB2115305F5}" = NI CVI Instrument Driver Wizard Templates 8.1.1
"{E5B1DA8B-D2C2-4E4F-82CF-28C169FD4598}" = NI Assistant Framework LabVIEW Code Generator 7.1
"{E62FE555-EEBC-4789-8F53-13130907F6DC}" = NI Calibration Provider for MAX
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E71910A7-81F2-4390-9D4B-581FACBA5A44}" = NI MIO Device Drivers 1.12.0
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8991297-B702-44AA-ABAA-02C12045D8E9}" = NI Uninstaller
"{E9BC36C5-6265-4FE6-B7D2-11C0474DA681}" = NI LabVIEW 8.2.1 Activity
"{EB54040A-7373-4535-B1EB-4919B0F32F65}" = NI-MDBG 1.6.0f0
"{EB9E7F70-8F2E-412A-A182-FAC85345FDCC}" = NI Assistant Framework LabVIEW Code Generator 7.0
"{EFD09F8C-6F4C-416C-B1FD-047D452556DC}" = NI-DAQmx - LabVIEW shared documentation
"{F06DCD6F-171E-4D51-942D-348D1829F6EE}" = NI LabVIEW 8.2.1
"{F081B7B5-D95A-4CF6-ABA1-15C37DBA7AD0}" = NI-DAQ C and VB6 API
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5A51F25-F1F4-419F-8888-22A768CFE3C2}" = NI Logos LabVIEW 8.2 Support
"{F7851AEC-CA1C-491D-AA98-2DE968B66272}" = NI AFW Channel Configuration Tool
"{F9F3C962-A2E6-49D1-BF34-7A6D2023D2CE}" = NI Help Assistant
"{FB3B3D39-5EC8-4C12-BD66-E12D51C82DDC}" = NI IVI Class Drivers
"{FBC11FAF-CC2E-4614-A6C5-D5DDDE276572}" = NI LVBrokerAux 8.2.1
"{FC7E30E4-E72F-45EC-9822-FC41C41E9DFA}" = Traditional NI-DAQ 7.4.4 (Legacy)
"{FC846CFC-2F72-4155-A943-EC6E61CDAF36}" = NI Assistant Framework
"{FCA0006F-F4D6-47C5-90F3-CCFA595D0D63}" = NI Timing Installer 1.9.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD186352-CF07-4D54-9B48-FA06A8CBA770}" = NI IVI Specific Driver Test Suite
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Audacity_is1" = Audacity 1.2.6
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVG8Uninstall" = AVG 8.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 2.2.1
"CableEyeV5" = CableEye V5 (remove only)
"Cadence PSD 14.0 Node-locked" = Cadence PSD 14.0 Node-locked
"FileZilla" = FileZilla (remove only)
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Gizmo5" = Gizmo5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2F3BC035-D260-4024-B6F3-C6E3B81F1148}" = GerbTool 15.1 Demo
"IrfanView" = IrfanView (remove only)
"IviSharedComponent" = IVI Shared Components
"LTspice IV" = LTspice IV
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NI LabVIEW Run-Time Engine 5.1.1" = NI LabVIEW Run-Time Engine 5.1.1
"NI Uninstaller" = National Instruments Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Pdf995" = Pdf995
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Rainbow Sentinel Driver" = Sentinel System Driver
"Remove Multimedia Center" = Remove Multimedia Center
"SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0
"Spark 2.5.8" = Spark 2.5.8
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"SYSPRO 6.0" = SYSPRO 6.0
"Visual SourceSafe NetSetup" = Microsoft Visual SourceSafe NetSetup
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Wootalyzer" = Wootalyzer!
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2010 3:01:24 PM | Computer Name = GEORGESLAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/27/2010 3:01:25 PM | Computer Name = GEORGESLAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/27/2010 3:01:32 PM | Computer Name = GEORGESLAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/27/2010 3:02:59 PM | Computer Name = GEORGESLAPTOP | Source = UserInit | ID = 1000
Description = Could not execute the following script domain_Logon.bat. The system
cannot find the file specified. .

Error - 2/27/2010 5:38:15 PM | Computer Name = GEORGESLAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/27/2010 5:38:15 PM | Computer Name = GEORGESLAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/27/2010 5:41:17 PM | Computer Name = GEORGESLAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/27/2010 5:41:52 PM | Computer Name = GEORGESLAPTOP | Source = UserInit | ID = 1000
Description = Could not execute the following script domain_Logon.bat. The system
cannot find the file specified. .

Error - 2/28/2010 1:38:15 AM | Computer Name = GEORGESLAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/28/2010 9:38:13 AM | Computer Name = GEORGESLAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 2/28/2010 2:47:05 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 2:48:09 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 3:03:11 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 3:33:11 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 4:33:11 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 6:33:11 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 10:33:11 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 3:17:01 PM | Computer Name = GEORGESLAPTOP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{FADB0289-573D-44B6-B773-4F9772E11237}
because another computer on the network has the same name. The server could not
start.

Error - 2/28/2010 3:18:02 PM | Computer Name = GEORGESLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Sentinel service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 2/28/2010 3:18:14 PM | Computer Name = GEORGESLAPTOP | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.111.84,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >




Thanks for helping me out! Here are the log files.

OTL.txt

OTL logfile created on: 2/28/2010 3:50:28 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\george.geer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.58 Gb Total Space | 12.87 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 2.66 Gb Free Space | 35.79% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 453.18 Gb Total Space | 159.35 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
Drive S: | 453.18 Gb Total Space | 159.35 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 514.47 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive U: | 465.76 Gb Total Space | 338.96 Gb Free Space | 72.77% Space Free | Partition Type: NTFS
Drive Y: | 931.51 Gb Total Space | 514.47 Gb Free Space | 55.23% Space Free | Partition Type: NTFS

Computer Name: GEORGESLAPTOP
Current User Name: george.geer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/28 15:48:25 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\george.geer\Desktop\OTL.exe
PRC - [2010/02/18 05:12:13 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/11 09:37:20 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/31 07:40:03 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/31 07:40:02 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/31 07:39:57 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/31 07:39:55 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/07/31 07:39:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/25 04:23:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/25 04:23:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/06/01 13:33:44 | 002,002,944 | ---- | M] (Kerio Technologies Inc.) -- C:\Program Files\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe
PRC - [2009/03/25 21:52:26 | 000,374,272 | ---- | M] () -- C:\Program Files\Wootalyzer\woot.exe
PRC - [2009/01/14 16:37:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 23:35:22 | 000,590,512 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 14:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/05/31 12:42:14 | 000,200,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2007/05/31 12:37:40 | 012,310,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2007/05/31 05:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/04/16 13:33:18 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/04/16 13:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/04/16 13:14:24 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/04/09 02:23:56 | 001,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/29 20:40:48 | 000,181,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/03/28 12:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/03/20 15:19:12 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2007/03/09 00:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 23:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/02 19:49:00 | 000,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/02/21 16:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2007/02/16 09:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe
PRC - [2007/02/14 21:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2007/02/14 21:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2007/02/14 21:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkads.exe
PRC - [2007/02/08 15:19:44 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2007/02/08 15:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/02/08 15:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 15:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/02/08 15:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 13:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/02/06 21:47:46 | 000,703,264 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2007/01/30 20:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/22 10:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/15 18:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/02/14 00:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 00:16:28 | 000,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/02/02 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 18:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/02/28 15:48:25 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\george.geer\Desktop\OTL.exe
MOD - [2007/01/25 01:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006/02/14 00:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/16 10:28:00 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/31 07:39:57 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/31 07:39:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/01/14 16:37:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/01/18 10:01:59 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/11/26 14:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/05/31 05:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/04/16 13:33:18 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/04/16 13:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/04/16 13:14:24 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/03/20 15:19:12 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2007/03/02 19:49:00 | 000,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/02/21 16:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/02/16 09:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu)
SRV - [2007/02/16 09:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu)
SRV - [2007/02/16 09:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (ni488enumsvc)
SRV - [2007/02/14 21:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007/02/14 21:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2007/02/14 21:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2007/02/08 15:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/02/08 15:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 15:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 13:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/02/06 21:47:46 | 000,703,264 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/01/30 20:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/29 14:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2007/01/22 10:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/15 18:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/04/14 12:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/06 20:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2004/12/02 07:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/07/31 07:40:02 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/07/31 07:40:02 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/04/26 09:32:42 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/26 09:32:28 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/01/14 16:37:00 | 006,620,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/05 16:08:14 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbblstr.sys -- (AlteraUSBBlaster)
DRV - [2008/08/20 12:58:58 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/27 14:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/11/27 14:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/11/21 09:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/29 00:29:49 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2007/09/29 00:28:41 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007/09/29 00:07:20 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/07/07 08:11:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2007/07/07 08:11:38 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/06/29 10:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/06/17 11:16:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/05/31 05:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/04/30 08:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/04/16 17:06:28 | 000,050,688 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidmmk.dll -- (nidmmk)
DRV - [2007/04/16 17:04:12 | 000,674,304 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidaq32k.sys -- (Nidaq32k)
DRV - [2007/04/16 15:42:28 | 000,111,616 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niSTCk.dll -- (nistck)
DRV - [2007/04/16 15:41:52 | 000,030,208 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nimdsk.dll -- (nimdsk)
DRV - [2007/04/16 15:40:38 | 000,021,504 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nibffrk.dll -- (nibffrk)
DRV - [2007/04/16 15:40:36 | 000,037,376 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niarbk.dll -- (niarbk)
DRV - [2007/04/12 23:08:26 | 000,306,176 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/04/06 09:01:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2007/03/29 17:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/23 08:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/22 17:59:48 | 000,094,848 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2007/03/15 00:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2007/03/14 23:50:08 | 000,040,848 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/03/02 19:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 19:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/26 19:03:56 | 000,251,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/26 15:31:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nispdkl.sys -- (nispdk)
DRV - [2007/02/26 15:31:14 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niscdkl.sys -- (niscdk)
DRV - [2007/02/26 11:40:24 | 000,016,672 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni488lock.sys -- (ni488lock)
DRV - [2007/02/25 19:12:54 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimstskl.sys -- (nimstsk)
DRV - [2007/02/25 19:12:02 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidmxfkl.sys -- (nidmxfk)
DRV - [2007/02/25 19:10:56 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsdrkl.sys -- (nimsdrk)
DRV - [2007/02/25 18:13:26 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrkl.sys -- (nixsrk)
DRV - [2007/02/25 18:13:22 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niwfrkl.sys -- (niwfrk)
DRV - [2007/02/25 18:13:20 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nissrkl.sys -- (nissrk)
DRV - [2007/02/25 18:13:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niesrkl.sys -- (niesrk)
DRV - [2007/02/25 18:13:14 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niemrkl.sys -- (niemrk)
DRV - [2007/02/25 18:11:20 | 000,027,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb6xxxk.sys -- (usb6xxxk)
DRV - [2007/02/25 18:11:14 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisdigkl.sys -- (nisdigk)
DRV - [2007/02/24 03:19:54 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niRFSA2kl.sys -- (nirfsa2k)
DRV - [2007/02/24 00:10:42 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nihsdrkl.sys -- (nihsdrk)
DRV - [2007/02/23 23:17:18 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisftkl.sys -- (nisftk)
DRV - [2007/02/23 23:09:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitnr2kl.sys -- (nitnr2k)
DRV - [2007/02/23 21:32:04 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidwgkl.sys -- (nidwgk)
DRV - [2007/02/23 21:28:08 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisrcdkl.sys -- (nisrcdk)
DRV - [2007/02/23 21:19:38 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipsdkl.sys -- (nipsdk)
DRV - [2007/02/23 21:05:20 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisldkl.sys -- (nisldk)
DRV - [2007/02/23 19:44:56 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niswdkl.sys -- (niswdk)
DRV - [2007/02/23 16:43:04 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidsarkl.sys -- (nidsark)
DRV - [2007/02/23 16:25:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ninshsdkl.sys -- (ninshsdk)
DRV - [2007/02/23 15:20:54 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nigplkl.sys -- (nigplk)
DRV - [2007/02/23 14:54:22 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitiorkl.sys -- (nitiork)
DRV - [2007/02/23 09:25:22 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK)
DRV - [2007/02/23 09:25:20 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV - [2007/02/23 02:14:42 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistcrkl.sys -- (nistcrk)
DRV - [2007/02/22 19:17:26 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc2kl.sys -- (nistc2k)
DRV - [2007/02/22 17:18:46 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nicdrkl.sys -- (nicdrk)
DRV - [2007/02/22 12:26:32 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimxpkl.sys -- (nimxpk)
DRV - [2007/02/22 12:21:42 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nifslkl.sys -- (nifslk)
DRV - [2007/02/22 10:45:16 | 000,020,768 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk)
DRV - [2007/02/22 10:43:52 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k)
DRV - [2007/02/22 10:40:18 | 000,025,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k)
DRV - [2007/02/22 10:34:00 | 000,086,304 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nismbusk.sys -- (nismbusk)
DRV - [2007/02/22 10:18:50 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk)
DRV - [2007/02/22 09:42:12 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK)
DRV - [2007/02/21 21:39:46 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimru2kl.sys -- (nimru2k)
DRV - [2007/02/21 21:20:20 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk)
DRV - [2007/02/21 21:10:16 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk)
DRV - [2007/02/21 20:46:50 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk)
DRV - [2007/02/21 20:39:06 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk)
DRV - [2007/02/15 22:00:24 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2007/02/15 22:00:18 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2007/02/15 21:59:42 | 000,010,528 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusb.sys -- (nipalusb)
DRV - [2007/02/15 21:59:34 | 000,583,968 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2007/02/15 16:23:06 | 000,015,136 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2007/02/12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/08 14:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/01/11 09:18:38 | 000,020,256 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvalarmk.sys -- (lvalarmk)
DRV - [2006/12/18 11:55:38 | 000,151,683 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsrlk.dll -- (nimsrlk)
DRV - [2006/12/18 11:55:38 | 000,014,464 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimslk.dll -- (nimslk)
DRV - [2006/11/06 18:04:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/10/22 20:23:28 | 000,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/09/13 14:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/09/13 00:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/03/01 05:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/14 00:04:58 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/02 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 07:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/21 00:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/11/18 14:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 14:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 07:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/17 12:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/05/06 11:58:20 | 000,019,968 | ---- | M] (CAMI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CRIFXUSB.sys -- (CRIFXUSB)
DRV - [2004/11/05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/05/31 15:20:04 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Program Files\Altium Designer Winter 09\System\Drivers\altio.sys -- (altio)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/11 01:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/05/01 12:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 07:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [1998/08/22 01:20:12 | 000,042,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CriFx.sys -- (CriFx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-21-147667094-602431902-1233803906-1193\S-1-5-21-147667094-602431902-1233803906-1193\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-147667094-602431902-1233803906-1193\S-1-5-21-147667094-602431902-1233803906-1193\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "GoogIe"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bing.com"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=YZQicq3P&q="

FF - user.js..browser.search.selectedEngine: "GoogIe"
FF - user.js..keyword.URL: "http://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=YZQicq3P&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 05:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 05:12:19 | 000,000,000 | ---D | M]

[2008/09/01 10:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Extensions
[2010/02/28 14:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Firefox\Profiles\2whkt8fl.default\extensions
[2009/08/31 07:34:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Firefox\Profiles\2whkt8fl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/17 09:32:44 | 000,002,836 | ---- | M] () -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Firefox\Profiles\2whkt8fl.default\searchplugins\bing.xml
[2009/07/17 09:33:03 | 000,002,398 | ---- | M] () -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Firefox\Profiles\2whkt8fl.default\searchplugins\ni.xml
[2009/07/17 09:33:32 | 000,010,541 | ---- | M] () -- C:\Documents and Settings\george.geer\Application Data\Mozilla\Firefox\Profiles\2whkt8fl.default\searchplugins\octopart.xml
[2010/02/28 14:28:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/14 17:21:24 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2006/01/23 09:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll
[2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
[2009/05/28 12:31:43 | 000,001,532 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-com.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Outlook Profile Conversion Utility] C:\Program Files\Kerio\Outlook Connector (Offline Edition)\ConvertProfiles.cmd ()
O4 - HKLM..\Run: [POEngine] File not found
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-147667094-602431902-1233803906-1193..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-147667094-602431902-1233803906-1193..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-147667094-602431902-1233803906-1193..\Run: [Wootalyzer] C:\Program Files\Wootalyzer\woot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 120
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-147667094-602431902-1233803906-1193\..Trusted Ranges: Range1 ([file] in Local intranet)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.111.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arcserv.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/07/07 07:00:00 | 000,000,043 | ---- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\##server2#CD-ROM#Office 2003 Suite (Also Visio, Project Etc.)\Shell - "" = AutoRun
O33 - MountPoints2\##server2#CD-ROM#Office 2003 Suite (Also Visio, Project Etc.)\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##server2#CD-ROM#Office 2003 Suite (Also Visio, Project Etc.)\Shell\AutoRun\command - "" = Y:\SETUP.EXE -- [2003/07/07 07:00:00 | 001,126,400 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8024e1ec-3ae0-11dd-bdb5-f6af7a99f1f7}\Shell - "" = AutoRun
O33 - MountPoints2\{8024e1ec-3ae0-11dd-bdb5-f6af7a99f1f7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8024e1ec-3ae0-11dd-bdb5-f6af7a99f1f7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b828eb24-e668-11de-a4c9-0013e8b6f8a1}\Shell\AutoRun\command - "" = F:\Altium NanoBoard 3000.exe -- File not found
O33 - MountPoints2\{cce9a5e0-84be-11dd-bde7-001c26e8d4b1}\Shell - "" = AutoRun
O33 - MountPoints2\{cce9a5e0-84be-11dd-bde7-001c26e8d4b1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cce9a5e0-84be-11dd-bde7-001c26e8d4b1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/09/28 23:42:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: niDevMon - hkey= - key= - C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SolidWorks_CheckForUpdates - hkey= - key= - C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0C054D2A-3736-D0D5-4662-7558995A8E79} - Microsoft Windows Media Player 6.4
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {24C4E056-D1D0-5CD8-9D1D-46BE12E71052} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {409784AC-E824-B83D-53DD-385435AFBE9A} - DirectAnimation
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5E702F1A-D858-8EC9-D759-51C44D340D5C} - Browser Customizations
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {6212EDE9-7C10-31A2-110D-5AD47DE24EBA} - IE7 Uninstall Stub
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {68C7C18E-6D10-36AA-8BDD-A187B08CFCA0} - Browser Customizations
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7D1765B9-9D3A-E132-16A4-25972E8F9B22} - Microsoft Windows Media Player 6.4
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ADF6690B-4E31-3EFA-54BB-BB56AB7F800F} - Vector Graphics Rendering (VML)
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C8E27B71-FCB2-E30B-9C87-8E84CAF9798A} - Dynamic HTML Data Binding for Java
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CF1AAE60-0734-6E96-FF02-93F38FF07145} - Microsoft Windows Media Player 6.4
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F3E3313C-19F4-E107-160E-9CEA579A7B76} - Microsoft Windows Media Player 6.4
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 15:48:26 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\george.geer\Desktop\OTL.exe
[2010/02/25 18:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/02/25 18:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/25 09:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george.geer\Desktop\Music
[2010/02/25 08:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george.geer\Desktop\_laptop stuff
[2010/02/23 10:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george.geer\Application Data\Malwarebytes
[2010/02/23 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/23 08:46:01 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/23 08:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/22 15:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/22 15:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/21 20:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/21 11:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/02/21 02:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/02/21 02:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/20 21:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/02 09:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/02/02 09:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\george.geer\Application Data\Mp3 Editor For Free
[2010/02/02 09:50:34 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2010/02/02 09:50:34 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2010/02/02 09:50:34 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2010/02/02 09:50:34 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2010/02/02 09:50:34 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2010/02/02 09:50:34 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2010/02/02 09:50:34 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTTextToAudio2.dll
[2010/02/02 09:50:34 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2010/02/02 09:50:33 | 002,084,864 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDesign2.dll
[2010/02/02 09:50:33 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2010/02/02 09:50:33 | 000,835,584 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2009/06/03 09:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/31 11:02:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/31 11:02:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/31 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/09/29 00:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/28 15:48:25 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\george.geer\Desktop\OTL.exe
[2010/02/28 15:03:41 | 056,422,506 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/28 14:21:28 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/28 14:21:28 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/28 14:21:28 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/28 14:19:44 | 000,000,371 | ---- | M] () -- C:\WINDOWS\null
[2010/02/28 14:18:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/28 14:17:58 | 000,172,869 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/02/28 14:17:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\pxisys.ini
[2010/02/28 14:17:39 | 000,000,030 | ---- | M] () -- C:\WINDOWS\pxiesys.ini
[2010/02/28 14:17:15 | 000,172,869 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/28 14:16:53 | 000,182,678 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/28 14:16:53 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/02/28 14:16:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/28 14:16:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 14:16:02 | 2112,139,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/28 12:28:18 | 015,204,352 | -H-- | M] () -- C:\Documents and Settings\george.geer\NTUSER.DAT
[2010/02/28 12:27:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\george.geer\ntuser.ini
[2010/02/28 01:44:12 | 000,001,726 | -H-- | M] () -- C:\Documents and Settings\george.geer\My Documents\Default.rdp
[2010/02/26 10:06:24 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/02/26 08:46:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/26 07:22:21 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/25 20:58:33 | 000,457,615 | ---- | M] () -- C:\Documents and Settings\george.geer\Desktop\New Parts.zip
[2010/02/25 20:02:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/24 16:22:27 | 000,026,709 | ---- | M] () -- C:\Documents and Settings\george.geer\Desktop\error1.jpg
[2010/02/23 13:28:27 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\george.geer\Desktop\Microsoft Office Outlook 2003.lnk
[2010/02/23 13:27:37 | 000,044,439 | ---- | M] () -- C:\Documents and Settings\george.geer\Desktop\bookmarks-2010-02-23.json
[2010/02/23 11:53:41 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\george.geer\Desktop\dds.scr
[2010/02/23 08:45:59 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/22 16:55:25 | 000,000,226 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/21 18:41:37 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\george.geer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 03:10:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 14:06:01 | 000,001,726 | -H-- | C] () -- C:\Documents and Settings\george.geer\My Documents\Default.rdp
[2010/02/25 20:58:33 | 000,457,615 | ---- | C] () -- C:\Documents and Settings\george.geer\Desktop\New Parts.zip
[2010/02/24 16:22:27 | 000,026,709 | ---- | C] () -- C:\Documents and Settings\george.geer\Desktop\error1.jpg
[2010/02/23 17:49:18 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\george.geer\Desktop\gmer.exe
[2010/02/23 13:27:37 | 000,044,439 | ---- | C] () -- C:\Documents and Settings\george.geer\Desktop\bookmarks-2010-02-23.json
[2010/02/23 13:15:32 | 2112,139,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/23 11:53:42 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\george.geer\Desktop\dds.scr
[2010/02/23 08:47:28 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/28 13:10:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\00104run.ini
[2009/04/10 13:00:45 | 000,000,291 | ---- | C] () -- C:\WINDOWS\CAMDXP.INI
[2009/03/30 14:26:21 | 000,003,829 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2009/02/06 09:37:16 | 000,000,023 | ---- | C] () -- C:\WINDOWS\bo407cdw.ini
[2009/01/16 09:07:46 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/01/09 10:10:17 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/11/04 11:45:39 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\george.geer\Local Settings\Application Data\fusioncache.dat
[2008/09/01 14:55:25 | 000,001,032 | ---- | C] () -- C:\WINDOWS\Poker-Spy.INI
[2008/02/24 14:29:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/02/09 15:58:21 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\george.geer\Application Data\WavCodec.wff
[2008/02/01 13:43:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2008/01/30 14:51:06 | 000,000,035 | ---- | C] () -- C:\WINDOWS\render.ini
[2008/01/22 10:58:44 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/01/22 10:58:09 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/01/22 10:57:29 | 000,000,083 | ---- | C] () -- C:\WINDOWS\EPSPR260.ini
[2008/01/09 19:48:33 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\george.geer\Application Data\$_hpcst$.hpc
[2007/11/27 11:30:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\cviinst.ini
[2007/11/26 14:56:04 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/11/26 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/11/06 21:37:56 | 000,000,146 | ---- | C] () -- C:\WINDOWS\capture.INI
[2007/10/28 15:09:00 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\george.geer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 17:02:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pxisys.ini
[2007/10/22 17:02:41 | 000,000,030 | ---- | C] () -- C:\WINDOWS\pxiesys.ini
[2007/10/22 11:07:43 | 000,000,062 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/10/19 15:10:25 | 000,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/19 11:56:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/19 10:05:54 | 000,110,642 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/10/19 10:05:54 | 000,043,252 | ---- | C] () -- C:\WINDOWS\System32\pdfmon.dll
[2007/10/19 09:52:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/09/29 00:47:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/29 00:22:16 | 000,000,226 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/29 00:20:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/09/29 00:20:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/09/29 00:20:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/09/29 00:20:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/09/29 00:20:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/09/29 00:20:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/09/29 00:14:20 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/29 00:14:20 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/29 00:14:18 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/29 00:14:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/29 00:09:08 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/09/29 00:06:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/04/16 17:22:06 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\nipxiini.dll
[2007/04/16 16:55:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\niezid.dll
[2007/04/16 16:55:10 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\niezio.dll
[2007/04/16 16:52:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\niidaqlv.dll
[2007/04/06 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\cvirtsup.dll
[2007/04/06 09:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2007/03/20 19:57:36 | 000,052,000 | ---- | C] () -- C:\WINDOWS\System32\nipcload.dll
[2007/02/26 15:33:48 | 000,049,952 | ---- | C] () -- C:\WINDOWS\System32\nispdu.dll
[2007/02/26 15:31:16 | 000,049,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\nispdk.dll
[2007/02/26 15:31:06 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\niscdrau.dll
[2007/02/24 01:02:54 | 000,066,336 | ---- | C] () -- C:\WINDOWS\System32\cfswitch.dll
[2007/02/22 10:17:50 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pn.ini
[2007/02/22 10:17:50 | 000,000,051 | ---- | C] () -- C:\WINDOWS\pr.ini
[2007/02/21 18:30:50 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2007/02/15 22:00:42 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
[2007/01/16 10:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/12 14:45:14 | 000,012,653 | ---- | C] () -- C:\WINDOWS\System32\GPIB.DLL
[2006/06/13 15:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/11/16 12:04:36 | 000,485,376 | ---- | C] () -- C:\WINDOWS\System32\DrRw40.dll
[1999/11/04 11:00:38 | 000,001,840 | ---- | C] () -- C:\WINDOWS\System32\niidaqs.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/24 09:15:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/24 09:15:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/24 09:15:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/24 09:15:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007/03/15 00:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Program Files\ThinkVantage Fingerprint Software\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007/02/12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >



Extras.txt

OTL Extras logfile created on: 2/28/2010 3:50:28 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\george.geer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.58 Gb Total Space | 12.87 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 2.66 Gb Free Space | 35.79% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 453.18 Gb Total Space | 159.35 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
Drive S: | 453.18 Gb Total Space | 159.35 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 514.47 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive U: | 465.76 Gb Total Space | 338.96 Gb Free Space | 72.77% Space Free | Partition Type: NTFS
Drive Y: | 931.51 Gb Total Space | 514.47 Gb Free Space | 55.23% Space Free | Partition Type: NTFS

Computer Name: GEORGESLAPTOP
Current User Name: george.geer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Gizmo5\Gizmo5.exe" = C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5 -- ()
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- File not found
"C:\Program Files\National Instruments\LabVIEW 8.2\LabVIEW.exe" = C:\Program Files\National Instruments\LabVIEW 8.2\LabVIEW.exe:*:Enabled:LabVIEW 8.2.1 Development System -- (National Instruments Corporation)
"C:\Program Files\National Instruments\Shared\Example Finder\1.0\BIN\NIExampleFinder.exe" = C:\Program Files\National Instruments\Shared\Example Finder\1.0\BIN\NIExampleFinder.exe:*:Enabled:NIExampleFinder -- (National Instruments)
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:AVG Control Center -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\ARC TestCentre\TestCentre.exe" = C:\Program Files\ARC TestCentre\TestCentre.exe:*:Enabled:TestCentre -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Voip\Communicator\Communicator.exe" = C:\Program Files\Voip\Communicator\Communicator.exe:*:Enabled:Communicator -- File not found
"C:\Program Files\Gizmo5\Gizmo5.exe" = C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5 -- ()
"C:\Program Files\PokerOffice\bin\javaw.exe" = C:\Program Files\PokerOffice\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Jeyo\JMC_WindowsMobile\JMC_WM.exe" = C:\Program Files\Jeyo\JMC_WindowsMobile\JMC_WM.exe:*:Enabled:Jeyo Mobile Companion -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Altium Designer 6\dxp.exe" = C:\Program Files\Altium Designer 6\dxp.exe:*:Enabled:dxp -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Documents and Settings\george.geer\Desktop\WNHDE111 SW CD v1.1\bin\config\ConfigAssistant.exe" = C:\Documents and Settings\george.geer\Desktop\WNHDE111 SW CD v1.1\bin\config\ConfigAssistant.exe:*:Enabled:Discover -- File not found
"C:\Program Files\Altium Designer Winter 09\dxp.exe" = C:\Program Files\Altium Designer Winter 09\dxp.exe:*:Enabled:dxp -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00BD6E57-AF6D-4238-8D2A-D32B5337F3C2}" = NI LabWindows/CVI 8.1.1 FDS Package
"{0431E2E8-3CE3-436A-9ED4-B314F3F27461}" = NI IVI Compliance Package 3.0
"{044E5B6C-38A4-45BC-B779-385CD8DA0DA8}" = NI TestStand Version Selector
"{047DB692-BBD4-4768-91CC-ABD418B494B8}" = NI USI 1.4.1
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05304ADE-9374-4D0B-8366-38106FEFB717}" = NI-DAQmx Documentation
"{05A5B86B-7A8F-44B6-A43C-3B953E69F004}" = NI LabVIEW 8.2.1 Resource
"{061AE98B-178A-4143-A52A-68ED9279644D}" = NI Legacy DAQmxRF
"{06A4FAAD-1D04-41B7-9F7E-A3B03EBAFB52}" = NI MAX LabVIEW Support
"{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{089FBA30-0FB2-42A8-8370-C93EA301B2A4}" = NI PXI Platform Services Provider for MAX 2.3.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A04BFEE-B3E3-4FF7-9C9D-AC1C59ED367D}" = NI Dynamic Signal Acquisition Installer 1.9.0
"{0BB9F01F-CB8A-44C5-BAB5-98CFC10752B5}" = NI-FGEN 2.4.5
"{0EC523EE-3D9F-415C-8D30-95F973D53D87}" = NI LabVIEW Real-Time Error Dialog
"{0EC55650-EA47-4B68-87E8-CB9B5B95093C}" = NI SignalExpress 2.0 Tools
"{0EE24AF8-91DD-49C0-B50E-1986F67D2BE3}" = NI Instrument IO Assistant for LabVIEW 8.2
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1008C62D-5BDD-474A-86A5-6FC21863D6DF}" = NI SCXI 1.8.0
"{104403F3-31ED-405B-B950-22401A4CAAF6}" = NI-RFSG 1.2.5
"{10560CCA-BCF6-47B0-A0BA-FB6E134A0AD7}" = NI LabVIEW 8.2.1 License
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{143E1ACF-0E65-4A60-8A4D-A17B97E83526}" = NI LabVIEW RealTime Deployment Support
"{17983D5B-2B6F-4948-8940-80A3A4D65F21}" = NI Measurements eXtensions for PAL 1.6.0
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
"{19C33FE0-EF6C-4942-BD05-B026D278F497}" = NI-Tuner 1.6.5
"{19C55121-0F65-4A41-939F-91352996BEA3}" = NI Hierarchical Waveform Storage 1.4.4
"{1BE08195-5CFE-41D5-B224-940EF06B9BCE}" = NI-PAL 2.0.0f0
"{1C0AC819-9FAA-4ED4-8C2B-CD1B17FBD18F}" = NI-DAQmx 8.5
"{1C478488-78AD-4E94-B200-A10EC530A4E9}" = NI LabVIEW Broker
"{1D476EFD-93EF-4E01-9505-C98FF606DF61}" = NI LabVIEW 8.2.1 Instr.lib
"{1E0BFC4C-B225-44EB-AA35-0B267AA6E1B6}" = NI LabWindows/CVI 8.1.1 Program Files
"{208E6919-DDEB-4559-B547-C5828582C90F}" = NI ExpressWorkbench 2.0 LabVIEW Support
"{20969065-2AFF-4711-96F9-5D724007ACE4}" = NI LabVIEW 8.2.1 User.lib
"{20D5BBFF-73E4-4F92-8E61-7947399A55A4}" = NI-RFSA 2.0.5
"{21798A9D-4DF7-49E8-A43C-76EE3D4D934C}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 1.1
"{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071
"{238E8E63-EB2C-4325-AF45-CE226AF2BD70}" = NI-DCPower 1.1.1
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2517AE6E-DA3D-4621-9CD1-E3CA3E957DA7}" = NI-DAQmx support for LabVIEW
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2878E399-77A1-46A3-A3AF-63A97697120F}" = NI-DAQ CVI API
"{28CBD47C-221F-4A3C-8C57-C057D03D0B77}" = NI-VISA 4.1 MAX Provider
"{28FF0691-1440-452D-96EB-269AA7A2F5A4}" = NI LabVIEW 8.2 Device Detection and Deployment Support
"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A2883FA-6ACB-4FC6-B70E-98110EC6404D}" = NI-488.2 Provider for MAX
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0
"{2F3BC035-D260-4024-B6F3-C6E3B81F1148}" = GerbTool 15.1 Demo
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31274293-6159-4F39-B8D1-86279091DE49}" = NI LabWindows/CVI Code Generator
"{32135EAA-639B-4C67-AE11-A7DE80CF38F5}" = NI-DAQmx Switch Core 1.11.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{326E5445-4DD3-4403-9385-7869281DDE73}" = NI MAX CVI Support
"{34A54631-DF88-4FD6-85DE-45075EC52A72}" = NI ExpressWorkbench 2.0
"{34DBA734-9992-47DC-8E92-F343A18071D0}" = NI-488.2 2.5
"{34F3977F-070B-4CE8-89F2-653FC17749B6}" = NI SignalExpress 2.0 Datatypes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{36A998F0-C15C-4AFD-BCAE-1C0577CCA29A}" = NI DataSocket 4.4.0
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{36E64726-D41C-4E37-A972-FF93110EA3AC}" = NI LabWindows/CVI 8.1.1 Full Development System Files
"{38924B45-98B2-4E14-8B61-B5F2538C0F94}" = NI TestStand 3.5 Dependency Part
"{391E73EB-3AB9-4B7A-8951-621544149E8F}" = NI Script Editor 1.3.1
"{3A5A79C7-E7A5-4E18-9BC2-872D0BD38C58}" = NI LabVIEW 8.2.1 Examples
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}" = Garmin Communicator Plugin
"{3C782FEB-BC17-4CE1-8DD4-830C4DB2F1FC}" = NI LabVIEW 8.2.1 Templates
"{3DD972A1-05F0-48C8-9EC4-AB6D4CA0396A}" = NI-DIO Driver 151f0
"{3EE80F80-3CB1-4C9E-830C-1DABB2E76AFA}" = NI LabVIEW 8.2.1 gMath
"{3F125DD5-EC7D-4B7D-BCC2-2B15BD87587B}" = NI-VISA 2.5 Runtime
"{3F358B78-C154-46DF-8423-023729B42795}" = NI Example Finder 8.2
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{423108C4-7B7E-48A8-8B00-09240BB9246F}" = NI LabWindows/CVI 8.1.1 Help Files
"{452B119A-4D74-4FBB-A9A9-FD4D12F9B780}" = NI LabVIEW 8.2.1 WWW
"{45C69E1F-D33F-413A-B8CF-FE8483219FFB}" = NI LabVIEW 8.2.1 Project
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{4618B5C7-54C2-42D3-8349-9CDC4EE96137}" = NI-DAQ INF Files
"{46A65E66-0E98-4DFB-A8BC-2F8986178821}" = NI Remote PXI Provider for MAX
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{48ACB89A-11FB-4520-9EAA-052353DCF36C}" = NI Enhanced DSC Deployment Support 8.0
"{4ACACC50-4E9C-4C6B-A570-6CC343F4319B}" = NI-SWITCH 3.5
"{4AD47A13-F0EC-4C7F-9657-0725C1205731}" = NI-FGEN Driver 145f0
"{4F66ADD6-FC65-4A55-92A7-1D35E5E7D59D}" = NI LabVIEW 8.2 Help
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53736430-DBEC-4582-B072-2F1F0A2C4EA6}" = NI LabVIEW Run-Time Engine 7.1.1
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5423BE44-BD51-4BD9-B345-AE16E8A90D5D}" = Traditional NI-DAQ Documentation
"{542A1AF0-CA49-4F64-9209-9B75EE6FC287}" = NI PXI-5660 Support
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5535426F-E814-4B34-9B36-726E9DBEB7A7}" = NI Logos 4.7
"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5B641F4F-A9A7-49A7-917E-EB1E1F5626E1}" = NI LabVIEW 8.2 MeasAppChm File
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CFD6945-FCFC-4B1B-8DB4-ADC248093485}" = NI IVI Engine
"{5F2318E0-67DD-4772-9581-1515DF87F5BB}" = NI DHV DCMP Installer 108f1
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65F1EE0F-F9D2-45E1-8E14-2EBFF34E90A0}" = NI LVBrokerAux8.0
"{67DFA904-E2FE-4970-90B9-6218DFF1CE90}" = NI-DIM 1.6.0f0
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3AD61D-3836-4792-95AA-DB63DDC5B008}" = NI-ORB 1.6.0f0
"{6B727BD3-7A33-433D-9816-9498C1EB0A9E}" = NI Measurement Studio 8.1 Enterprise RunTime for VS2005
"{6BC3FF64-8EDF-4FEA-8DA6-BC5B7CE18640}" = NI STC 1.2.0
"{6C4E34F6-71CD-4C4A-80F4-3B3CFABDD210}" = NI ModInst 1.4.1
"{6D2737AE-8898-4BE1-AE46-555B7DB540A8}" = NI MDF Support
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D778FB0-24CD-4B09-9044-AE1A5051ABA1}" = NI TestStand 3.5 Engine Binary
"{6F00E21D-302B-4CEE-A0B5-418ECC62934A}" = NI-DMM 2.7
"{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736175D8-263C-436E-B654-EF99B2F0C8BA}" = NI-RPC 3.3.1f0 for Phar Lap ETS
"{74E2E651-4850-4CA7-A1A7-41CF3AA080D2}" = NI Instrument I/O Assistant
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{78231F18-FD98-4B03-A932-DE9329594D08}" = NI TDMS
"{78DBB2E4-DE1D-49F6-92A0-FA94F405CC1B}" = NI Spy 2.5.0
"{796CA6A7-DA8F-49CD-A3AF-6DBEC48741DF}" = NI TestStand 3.5 Support Files
"{7C9FD676-65BF-420F-8113-12E3F2F7EE08}" = NI Measurement & Automation Explorer 4.2.1
"{7D26E5EA-63A2-4C4B-BE97-446404685C59}" = NI LabVIEW 8.2.1 CINtools
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E2AEDA5-5A6C-424B-8A21-C9CBD2958E43}" = NI-MXDF 1.7.0f0
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7EAE720E-519C-4304-932A-0246EFA24E1F}" = NI-VISA Server 4.1
"{7F1B5615-2C56-40F0-89C4-D2C0E72B9BCA}" = NI-VISA 4.1
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80A645AC-3EC1-495D-9AB6-8BC51D564143}" = NI Sound and Vibration Frequency Analysis 5.0
"{8169D9AA-A2DE-4EA0-BF27-2E7D1CF52D87}" = NI LabVIEW SignalExpress 2.0
"{84172037-613A-4B72-B797-E36C04BA5D17}" = NI SignalExpress 2.0.0 Steps
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{85D340FC-FC6E-49A6-88BB-0B5CA2EEF4E8}" = NI Remote Provider for MAX
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86F908CA-B1B4-476B-B8EB-7FC1D32C7A05}" = NI OPC Support
"{873258AA-8BEA-4B76-B158-F42A7FE304BB}" = NI LabVIEW 8.2.1 Simulation
"{87AA24A1-D180-46C7-A417-F8F6B62C881C}" = NI Portable Configuration
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{88D89139-C5EA-4DB5-BB0F-101C5276E361}" = NI Measurement & Automation Explorer 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8B073FE8-ED47-439E-94A9-68C1B8242FC1}" = NI-RPC 3.3.1f0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6DF316-F3F9-4E08-A773-7BA73F6095F9}" = NI LabWindows/CVI Advanced Analysis Libraries 8.1.1
"{8CB99B33-6579-4457-8415-2ED2F35A2953}" = NI-TClk 1.6.0
"{8CCA1D4D-96D2-419D-A8C9-11C0BEBC64DA}" = NI TestStand 3.5 Sequence Editor
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E0D1E76-BB9B-4D5C-B46F-21771677E3E4}" = NI DHV GPL 108f1
"{8E25212F-D6E5-4504-BE07-0F03A603B5E5}" = NI-APAL Error Files 1.2.0f0
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB44A4D-0280-48B8-9DC6-9E144D2D1F3A}" = Install To GAC
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90FEC055-1755-4BCE-BA6A-1184D29B87CD}" = NI-DAQmx OPC Support
"{911F2BEE-4919-4BA3-A097-B014070FD738}" = NI Assistant Framework LabVIEW Code Generator 8.0
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939A6B52-AE59-44E0-83FF-308BCCA3749C}" = NI Software Provider for MAX
"{94DC7454-D491-412D-A8B1-A029BD6BF282}" = NI-IVI Provider for MAX
"{951B982C-04C6-40AD-88EB-E79DA4E229BF}" = NI-DAQ Provider for MAX
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95E03D24-517B-4D92-B346-644BFECA064F}" = NI-HSD Driver 180f0
"{961D0297-6957-4D16-BE00-414FCF9D3FFB}" = NI-DAQ Document Set
"{965D8F31-7FE4-4F00-9212-8429C700A27C}" = NI Common Digital 1.7.0
"{9802D16A-3323-4836-AF9E-0027FB9553F6}" = Kerio Outlook Connector (Offline Edition)
"{98618CFE-CACD-48C4-85EA-F9197FFEDD0C}" = NI Assistant Framework LabVIEW Code Generator 6.1
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{995E87FC-1E2B-463C-890A-94D39B761C43}" = NI-TNR Driver
"{99A125D2-366A-49BE-A144-B6CFB9668A90}" = IVI Shared Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D65A47A-0929-4C50-A3BD-3AF59DA38ED8}" = NI LabVIEW 8.2.1 iMath
"{9DE44ACB-AB73-41BC-AA39-71F6DC9702C2}" = NI Fusion Standard Library Installer 1.5.0
"{9FBEC876-60EB-4BAC-BF51-E7EF29C1D71A}" = NI Assistant Framework LabVIEW Code Generator 8.2
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A14E2492-9E63-4781-AD24-4B55422EA221}" = NI LabVIEW SignalExpress 2.0 Licenses
"{A225C44C-0C31-4A45-B97F-B308212EA79A}" = NI Certificates Deployment Support
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A376575F-B8C4-4B36-9E24-815CB9B111B9}" = NI IVI Installer Creator
"{A5CE71BF-D4B2-4D29-B6EA-BC28AA9F4DD1}" = NI-VISA Runtime 4.1
"{A9642402-FB9E-4FBA-83E8-51CB70EF8E32}" = NI-DAQmx MAX Support 1.8.0
"{AA11363D-DF31-419C-961D-D8A5F148651D}" = NI LabVIEW Deployable License 8.2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC1D71B5-B622-40D2-979A-BA55261A86EB}" = NI LabVIEW 8.2.1 Applibs
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD8572C1-485A-413A-A63F-7466B5C7B9C5}" = NI TestStand 3.5 Operator Interfaces
"{AE5739D2-F749-4C03-918E-AEF420832FD2}" = NI TestStand 3.5
"{B0224028-D854-46E5-8E10-1305538AC9E3}" = NI MXS
"{B09810B8-A970-4F58-8061-A8BD023C09FA}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B306061F-9083-4DAB-9809-C4DDAF319273}" = NI LabVIEW 8.2.1 Menus
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4303A7D-8657-4878-8BF6-3A886B5AA6AB}" = NI DAQ Assistant 1.6.0
"{B51CC1CD-5828-4441-9C8F-7659ACF1BF65}" = NI LabVIEW 8.2.1 VI.lib
"{B652CC58-6222-4149-B52D-C632AEE8C66C}" = NI LabVIEW Run-Time Engine 6.0.2
"{B84F8170-2D08-438A-A307-F23C4EA95430}" = NI LabVIEW 8.2 Help File
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAA64E98-E733-431D-A066-7D9EAE7AB2E5}" = SignDoc
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE367B7-E9BB-41E1-991B-56906FF39761}" = NI-HSDIO 1.5
"{BFAA820A-C7D8-42AE-A3BA-CE118F3F0802}" = NI Service Locator
"{BFEA2222-557D-4F0D-B1AE-64EECBCA2747}" = NI VC2005MSMs x86
"{C07A6EBC-C451-4A22-959B-38596FB8556F}" = NI LabWindows/CVI FDS Sample Files 8.1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C5253437-5F29-44D3-9665-1AB316A11850}" = NI Variable Engine LabVIEW 8.2.1 Support
"{C532C3FA-4241-4521-9FAC-1FA20BAE36B6}" = NI Variable Engine
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA557FEB-D65E-4D0A-8C78-008F71E1711D}" = NI Variable Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB11FBC-77FB-4623-8F55-F53642C36684}" = NI-MRU 2.7.0f0
"{CC8971B9-9132-4C04-A8D4-628663C9E9F0}" = NI LabVIEW Run-Time Engine 6.1
"{CD8DC58F-465B-4E04-853C-C43E7950FA86}" = NI LabVIEW Run-Time Engine 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1477E16-95F7-41A6-AED2-7EAC3B833BCA}" = Altium Designer Winter 09
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D540B4F0-5B14-4449-B7DE-95AB6C3A6608}" = NI-653x Installer 1.6.0
"{D6FAEBB1-90E0-4CF8-9A41-9087E6789D11}" = NI EULA Depot
"{D778C658-7525-4842-97D6-4660EE0BBFD4}" = NI PXI Platform Services for Windows 2.3.0
"{D89EEEA4-78D7-4533-AEF4-D7918EF359D2}" = NI LabVIEW 8.2 Manuals
"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
"{DA31ADBA-0261-4D13-9BA1-9213DD56C69B}" = NI-SCOPE 3.3
"{DA8CFCD3-BDB3-4774-9AD1-14770BCF9BF8}" = NI DN 2.0 installer
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}" = Garmin City Navigator North America NT 2009 Update
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DD1370AB-8080-4E5F-9985-228839142D8A}" = NI LabWindows/CVI Sample Files 8.1.1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE4A7830-7480-425C-8330-699C30FD8C66}" = PHM Registry Editor
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DF8696A2-84DF-11D4-A291-00104B9B6F89}" = Basic IVI Class Drivers
"{E040BA70-61B7-434E-A273-F62EB400AC4F}" = NI Session Manager 3.5
"{E37AC733-62F9-4C75-924D-CF748B07778B}" = NI SignalExpress 2.0 LabVIEW Support
"{E5462412-D8C2-4225-9839-6EB2115305F5}" = NI CVI Instrument Driver Wizard Templates 8.1.1
"{E5B1DA8B-D2C2-4E4F-82CF-28C169FD4598}" = NI Assistant Framework LabVIEW Code Generator 7.1
"{E62FE555-EEBC-4789-8F53-13130907F6DC}" = NI Calibration Provider for MAX
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E71910A7-81F2-4390-9D4B-581FACBA5A44}" = NI MIO Device Drivers 1.12.0
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8991297-B702-44AA-ABAA-02C12045D8E9}" = NI Uninstaller
"{E9BC36C5-6265-4FE6-B7D2-11C0474DA681}" = NI LabVIEW 8.2.1 Activity
"{EB54040A-7373-4535-B1EB-4919B0F32F65}" = NI-MDBG 1.6.0f0
"{EB9E7F70-8F2E-412A-A182-FAC85345FDCC}" = NI Assistant Framework LabVIEW Code Generator 7.0
"{EFD09F8C-6F4C-416C-B1FD-047D452556DC}" = NI-DAQmx - LabVIEW shared documentation
"{F06DCD6F-171E-4D51-942D-348D1829F6EE}" = NI LabVIEW 8.2.1
"{F081B7B5-D95A-4CF6-ABA1-15C37DBA7AD0}" = NI-DAQ C and VB6 API
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5A51F25-F1F4-419F-8888-22A768CFE3C2}" = NI Logos LabVIEW 8.2 Support
"{F7851AEC-CA1C-491D-AA98-2DE968B66272}" = NI AFW Channel Configuration Tool
"{F9F3C962-A2E6-49D1-BF34-7A6D2023D2CE}" = NI Help Assistant
"{FB3B3D39-5EC8-4C12-BD66-E12D51C82DDC}" = NI IVI Class Drivers
"{FBC11FAF-CC2E-4614-A6C5-D5DDDE276572}" = NI LVBrokerAux 8.2.1
"{FC7E30E4-E72F-45EC-9822-FC41C41E9DFA}" = Traditional NI-DAQ 7.4.4 (Legacy)
"{FC846CFC-2F72-4155-A943-EC6E61CDAF36}" = NI Assistant Framework
"{FCA0006F-F4D6-47C5-90F3-CCFA595D0D63}" = NI Timing Installer 1.9.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD186352-CF07-4D54-9B48-FA06A8CBA770}" = NI IVI Specific Driver Test Suite
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Audacity_is1" = Audacity 1.2.6
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVG8Uninstall" = AVG 8.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 2.2.1
"CableEyeV5" = CableEye V5 (remove only)
"Cadence PSD 14.0 Node-locked" = Cadence PSD 14.0 Node-locked
"FileZilla" = FileZilla (remove only)
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Gizmo5" = Gizmo5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2F3BC035-D260-4024-B6F3-C6E3B81F1148}" = GerbTool 15.1 Demo
"IrfanView" = IrfanView (remove only)
"IviSharedComponent" = IVI Shared Components
"LTspice IV" = LTspice IV
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NI LabVIEW Run-Time Engine 5.1.1" = NI LabVIEW Run-Time Engine 5.1.1
"NI Uninstaller" = National Instruments Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Pdf995" = Pdf995
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Rainbow Sentinel Driver" = Sentinel System Driver
"Remove Multimedia Center" = Remove Multimedia Center
"SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0
"Spark 2.5.8" = Spark 2.5.8
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"SYSPRO 6.0" = SYSPRO 6.0
"Visual SourceSafe NetSetup" = Microsoft Visual SourceSafe NetSetup
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Wootalyzer" = Wootalyzer!
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-147667094-602431902-1233803906-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2010 3:01:24 PM | Computer Name = GEORGESLAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/27/2010 3:01:25 PM | Computer Name = GEORGESLAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/27/2010 3:01:32 PM | Computer Name = GEORGESLAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/27/2010 3:02:59 PM | Computer Name = GEORGESLAPTOP | Source = UserInit | ID = 1000
Description = Could not execute the following script domain_Logon.bat. The system
cannot find the file specified. .

Error - 2/27/2010 5:38:15 PM | Computer Name = GEORGESLAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/27/2010 5:38:15 PM | Computer Name = GEORGESLAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/27/2010 5:41:17 PM | Computer Name = GEORGESLAPTOP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/27/2010 5:41:52 PM | Computer Name = GEORGESLAPTOP | Source = UserInit | ID = 1000
Description = Could not execute the following script domain_Logon.bat. The system
cannot find the file specified. .

Error - 2/28/2010 1:38:15 AM | Computer Name = GEORGESLAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/28/2010 9:38:13 AM | Computer Name = GEORGESLAPTOP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 2/28/2010 2:47:05 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 2:48:09 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 3:03:11 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 3:33:11 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 4:33:11 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 6:33:11 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 10:33:11 AM | Computer Name = GEORGESLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2010 3:17:01 PM | Computer Name = GEORGESLAPTOP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{FADB0289-573D-44B6-B773-4F9772E11237}
because another computer on the network has the same name. The server could not
start.

Error - 2/28/2010 3:18:02 PM | Computer Name = GEORGESLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Sentinel service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 2/28/2010 3:18:14 PM | Computer Name = GEORGESLAPTOP | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.111.84,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:35 PM

Posted 01 March 2010 - 11:18 AM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 GGeerIII

GGeerIII
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 02 March 2010 - 05:31 PM

Should I deselect "Sections" and "IAT/EAT" like in the prep guide?
Sorry this is taking so long, I am doing this but I have to find time around when I'm actually working on the laptop to do these scans.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:35 PM

Posted 02 March 2010 - 06:00 PM

Hi,

I would prefer to see the entire log, however if the scan takes over 20 minutes please deselect devices and try again.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 GGeerIII

GGeerIII
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 02 March 2010 - 08:42 PM

I deselected devices and will provide the scan when its done. It was taking 3+ hours before.

#8 GGeerIII

GGeerIII
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 03 March 2010 - 09:36 AM

Finally finished. At the end when I tried to save it told me it couldn't find drive "c" because of insufficient resources. I did manage to save it on my harddrive, but it took about 10 minutes because everything was running SUPER slow. Anyways, here's the log.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-03 09:18:38
Windows 5.1.2600 Service Pack 3
Running: r7u04c45.exe; Driver: C:\DOCUME~1\GEORGE~1.GEO\LOCALS~1\Temp\fgriykoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\iaStor.sys entry point in ".rsrc" section [0xF7BDC014]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[636] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\svchost.exe[636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[636] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\system32\svchost.exe[636] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0089000A
.text C:\WINDOWS\Explorer.EXE[968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0796.JPG 664409 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0779.JPG 670967 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0780.JPG 1244412 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0781.JPG 1070846 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0782.JPG 846925 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0783.JPG 769097 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0784.JPG 956153 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0785.JPG 920971 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0786.JPG 996653 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0787.JPG 1222488 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0788.JPG 1257301 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0789.JPG 1167953 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0790.JPG 620128 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0791.JPG 589177 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0792.JPG 678815 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0793.JPG 442650 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0794.JPG 741866 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0795.JPG 703149 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0797.JPG 706321 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0798.JPG 735425 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0799.JPG 582055 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0800.JPG 558268 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0801.JPG 636032 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0802.JPG 695564 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0803.JPG 713201 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0804.JPG 682182 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0805.JPG 1125991 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0806.JPG 1193320 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0807.JPG 633224 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0808.JPG 627199 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0809.JPG 854272 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0810.JPG 896861 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0811.JPG 683961 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0812.JPG 709764 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0814.JPG 453073 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0815.JPG 792676 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0816.JPG 918785 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0817.JPG 747869 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0818.JPG 854732 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0819.JPG 887780 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\IMG_0820.JPG 904372 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\BOAR_HUNT_CAUTION\Thumbs.db 155648 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1414.jpg 647120 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1420.jpg 553853 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1423.jpg 347086 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1424.jpg 418672 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1427.jpg 334287 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1435.jpg 433757 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1441.jpg 383262 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1444.jpg 650615 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1445.jpg 650220 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1446.jpg 492967 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1447.jpg 622998 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1448.jpg 719250 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1450.jpg 583703 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1452.jpg 633114 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1453.jpg 467270 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1455.jpg 668906 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1457.jpg 693885 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1458.jpg 690404 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1459.jpg 719688 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1461.jpg 763303 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1462.jpg 760729 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\IMG_1466.jpg 573091 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\MVI_1439.avi 7305260 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\dc\Thumbs.db 8192 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0617.JPG 3018977 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0619.JPG 3054862 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0621.JPG 2866861 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0629.JPG 2957712 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0635.JPG 3023038 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0636.JPG 3039339 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0639.JPG 2858416 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0645.JPG 3070790 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0654.JPG 3014678 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0658.JPG 2962793 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0664.JPG 3114374 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0668.JPG 2965059 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0674.JPG 2928036 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0676.JPG 2897812 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0682.JPG 3025256 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0687.JPG 3061775 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0690.JPG 2991914 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0697.JPG 2862420 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0702.JPG 3107012 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0711.JPG 3055802 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0720.JPG 3147208 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0729.JPG 2980949 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0732.JPG 3069735 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\HPIM0736.JPG 3210306 bytes
File C:\Documents and Settings\george.geer\Desktop\_laptop stuff\desktop stuff\temp\july 4th\Thumbs.db 0 bytes
File C:\Downloads\Simtel 0 bytes
File C:\Downloads\Simtel\gif89a.zip 20640 bytes
File C:\drivers\AUDIO 0 bytes
File C:\drivers\AUDIO\audio.tag 8 bytes
File C:\drivers\AUDIO\INFCACHE.1 4128 bytes
File C:\drivers\MODEM 0 bytes
File C:\drivers\MODEM\INFCACHE.1 4128 bytes
File C:\drivers\MODEM\modem.tag 8 bytes
File C:\drivers\MOUSE 0 bytes
File C:\drivers\MOUSE\INFCACHE.1 4128 bytes
File C:\drivers\MOUSE\mouse.tag 8 bytes
File C:\drivers\NETWORK 0 bytes
File C:\drivers\NETWORK\INFCACHE.1 4128 bytes
File C:\drivers\NETWORK\network.tag 10 bytes
File C:\drivers\NETWORK2 0 bytes
File C:\drivers\NETWORK2\INFCACHE.1 4128 bytes
File C:\drivers\NETWORK2\network2.tag 11 bytes
File C:\drivers\other 0 bytes
File C:\drivers\other\5000xzvp.cat 13567 bytes
File C:\drivers\other\5000XZVP.inf 0 bytes
File C:\drivers\other\5000XZVP.PNF 0 bytes
File C:\drivers\other\51SWI.txt 0 bytes
File C:\drivers\other\852.cat 0 bytes
File C:\drivers\other\852.inf 0 bytes
File C:\drivers\other\852.PNF 0 bytes
File C:\drivers\other\855.cat 0 bytes
File C:\drivers\other\855.inf 0 bytes
File C:\drivers\other\855.PNF 5628 bytes
File C:\drivers\other\865.cat 9757 bytes
File C:\drivers\other\865.inf 4787 bytes
File C:\drivers\other\865.PNF 8996 bytes
File C:\drivers\other\915.cat 11565 bytes
File C:\drivers\other\915.inf 3912 bytes
File C:\drivers\other\915.PNF 6472 bytes
File C:\drivers\other\915M.cat 7505 bytes
File C:\drivers\other\915M.inf 3374 bytes
File C:\drivers\other\915M.PNF 5588 bytes
File C:\drivers\other\945.cat 9597 bytes
File C:\drivers\other\945.inf 4620 bytes
File C:\drivers\other\945.PNF 7812 bytes
File C:\drivers\other\945gm.cat 13561 bytes
File C:\drivers\other\945GM.inf 0 bytes
File C:\drivers\other\945GM.PNF 0 bytes
File C:\drivers\other\965g.cat 0 bytes
File C:\drivers\other\965g.inf 0 bytes
File C:\drivers\other\965g.PNF 0 bytes
File C:\drivers\other\965m.cat 0 bytes
File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#9 GGeerIII

GGeerIII
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 03 March 2010 - 01:07 PM

I just had this show up and I healed it.

Attached Files



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:35 PM

Posted 05 March 2010 - 08:44 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 GGeerIII

GGeerIII
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 08 March 2010 - 10:29 AM

Reformated and installed Win 7. Is there anything I should run to double check everything is all set?
Thanks for the help myrti!!

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:35 PM

Posted 08 March 2010 - 02:48 PM

Hi,

happy to hear that everything is running now.
These are tips I usually give to people after cleaning, maybe you'll find something that'll help you :
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 GGeerIII

GGeerIII
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 09 March 2010 - 10:49 AM

Thanks a bunch. Feel free to close this thread.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:35 PM

Posted 09 March 2010 - 12:07 PM

Heya,

glad we could help! thumbup.gif

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users