1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PLEASE HELP!!,cant search the web

Discussion in 'Virus & Other Malware Removal' started by Architype, Sep 26, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Architype

    Architype Thread Starter

    Joined:
    Mar 27, 2012
    Messages:
    34
    Two nights ago I let my brother use my computer. When I got it back it, the Firefox browser wasn't working. Every time I would punch in a website address, the browser would instantly return back to the Google home page "the first page I see when I load my browser". I couldn't get my browser to leave the home page even though it appeared to be connected to the internet through WiFi. So then I tried IE but it simply said that their was a connection problem and wouldn't load any page.However, I was able to download an update for my Avira anti-virus software. When I asked my brother what happened he said he tried to download a video, but it didn't work. I guess it did, just not in the way he thought it would. Also, I am have trouble connecting to the internet, every time I try to connect it says acquiring network address for way to long.Some times I'm able to connect and sometimes it does not. When I run GMER it said their was a rootkit on my computer. Here are the logs, thanks.....

    ----------------------------------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:00:36 AM, on 9/19/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Admin\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Documents and Settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\ZyXEL\N220\Common\N220.exe
    C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Documents and Settings\Admin\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\System32\svchost.exe
    E:\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    O1 - Hosts: ::1 localhost
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Admin\Local Settings\Application Data\Akamai\netsession_win.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: DRSpawner.lnk = C:\Documents and Settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe
    O4 - Global Startup: Wireless N-lite USB Adapter Utility.lnk = C:\Program Files\ZyXEL\N220\Common\N220.exe
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/US/Co...IKEA_Win32.cab
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/US/Co...erAX_Win32.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: WDM_YAMAHAAC97 (Epiusb) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit (mi-raysat_3dsmax2012_32) - Unknown owner - c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe
    O23 - Service: SecureStorageService - Unknown owner - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
    O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: WaveEnrollmentService - Unknown owner - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 16267 bytes

    ------------------------------------------------------------------------------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.1
    Run by Admin at 11:01:05 on 2012-09-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2786 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Admin\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Documents and Settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\ZyXEL\N220\Common\N220.exe
    C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Documents and Settings\Admin\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Akamai NetSession Interface] "c:\documents and settings\admin\local settings\application data\akamai\netsession_win.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
    StartupFolder: c:\docume~1\admin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\admin\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\admin\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\admin\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\drspaw~1.lnk - c:\documents and settings\all users\application data\asgvis\drspawner\DRSpawner.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\zyxel\n220\common\N220.exe
    IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    LSP: mswsock.dll
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{5B515332-AE0B-4D61-89A3-D693D0733B5E} : DhcpNameServer = 192.168.1.1 71.252.0.12
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\8v2j09ed.default-1348028205828\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-2 36000]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-4-2 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-2 110032]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-4-2 465360]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
    R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-25 83392]
    R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit;c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-2-23 86016]
    R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\zyxel\n220\common\RalinkRegistryWriter.exe [2011-5-27 69632]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
    R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
    S2 clientservice;HSXHWBS2;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-19 135664]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-10 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-19 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2012-1-14 30576]
    S3 rt2870;%Generic.Service.DispName%;c:\windows\system32\drivers\rt2870.sys [2011-5-27 803328]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-08-06 04:08:27 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-06 04:08:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
    2011-07-07 03:46:38 13683064 -c--a-w- c:\program files\Firefox Setup 5.0.exe
    2011-06-03 01:24:52 1144011680 -c--a-w- c:\program files\AutoCAD_2012_English_Win_32bit.exe
    2011-05-10 23:38:28 3948868248 -c--a-w- c:\program files\Autodesk_3ds_Max_Design_2012_English_Win_32-64bit.exe
    2011-05-09 20:11:10 3232569766 -c--a-w- c:\program files\Autodesk_Revit_Architecture_2012_English_Win_32-64bit.exe
    .
    ============= FINISH: 11:02:15.84 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/24/2008 10:58:17 PM
    System Uptime: 9/19/2012 9:16:46 AM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0UY141
    Processor: Intel Pentium III Xeon processor | Microprocessor | 2592/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 17.102 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Dell Wireless 1395 WLAN Mini-Card
    Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&AB208E&0&00E1
    Manufacturer: Broadcom
    Name: Dell Wireless 1395 WLAN Mini-Card
    PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&AB208E&0&00E1
    Service: BCM43XX
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\34D115E1384FC000
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\34D115E1384FC000
    Service: NIC1394
    .
    ==== System Restore Points ===================
    .
    RP85: 7/24/2012 9:59:39 PM - System Checkpoint
    RP86: 7/25/2012 10:38:50 PM - System Checkpoint
    RP87: 7/29/2012 11:50:06 AM - System Checkpoint
    RP88: 7/30/2012 11:55:49 AM - System Checkpoint
    RP89: 7/31/2012 12:42:04 PM - System Checkpoint
    RP90: 8/1/2012 7:42:52 PM - System Checkpoint
    RP91: 8/5/2012 10:58:39 PM - System Checkpoint
    RP92: 8/7/2012 1:16:36 AM - System Checkpoint
    RP93: 8/8/2012 1:17:13 AM - System Checkpoint
    RP94: 8/13/2012 4:13:19 PM - System Checkpoint
    RP95: 8/15/2012 2:06:29 AM - System Checkpoint
    RP96: 8/15/2012 2:30:16 PM - Software Distribution Service 3.0
    RP97: 8/15/2012 6:48:14 PM - Software Distribution Service 3.0
    RP98: 8/16/2012 1:31:09 AM - Software Distribution Service 3.0
    RP99: 8/17/2012 2:20:20 AM - System Checkpoint
    RP100: 8/21/2012 4:26:10 PM - System Checkpoint
    RP101: 8/27/2012 1:29:52 AM - System Checkpoint
    RP102: 8/28/2012 10:17:17 AM - System Checkpoint
    RP103: 8/29/2012 12:23:12 PM - System Checkpoint
    RP104: 8/31/2012 11:04:49 AM - System Checkpoint
    RP105: 9/4/2012 9:50:58 AM - System Checkpoint
    RP106: 9/5/2012 12:24:12 PM - System Checkpoint
    RP107: 9/6/2012 1:06:10 PM - System Checkpoint
    RP108: 9/8/2012 3:04:20 AM - System Checkpoint
    RP109: 9/9/2012 9:13:33 PM - System Checkpoint
    RP110: 9/11/2012 2:24:28 PM - System Checkpoint
    RP111: 9/12/2012 2:00:31 PM - Software Distribution Service 3.0
    RP112: 9/13/2012 2:18:24 PM - System Checkpoint
    RP113: 9/17/2012 11:03:06 AM - System Checkpoint
    RP114: 9/18/2012 11:39:38 AM - System Checkpoint
    RP115: 9/18/2012 11:57:36 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    AC3Filter 2.5b
    Acrobat.com
    Adobe Acrobat 8 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader X (10.1.3)
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    AuthenTec Fingerprint Sensor Minimum Install
    AutoCAD 2012 - English
    AutoCAD 2012 Language Pack - English
    Autodesk 3ds Max Design 2012 32-bit - English
    Autodesk Backburner 2012.0.0
    Autodesk Content Service
    Autodesk Design Review 2012
    Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012
    Autodesk Inventor Fusion 2012
    Autodesk Inventor Fusion 2012 Language Pack
    Autodesk Inventor Fusion plug-in for AutoCAD 2012
    Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
    Autodesk Material Library 2012
    Autodesk Material Library Base Resolution Image Library 2012
    Autodesk Material Library Low Resolution Image Library 2012
    Autodesk Material Library Medium Resolution Image Library 2012
    Autodesk Revit Architecture 2012
    Avira Free Antivirus
    Bing Maps 3D
    biolsp patch
    Bonjour
    Broadcom ASF Management Applications
    Broadcom Management Programs
    Browser Address Error Redirector
    Cheat Engine 6.1
    Composite 2012
    Dell Drivers MSI
    Dell Embassy Trust Suite by Wave Systems
    DivX Setup
    Document Manager Lite
    Dropbox
    EMBASSY Security Center
    EMBASSY Security Setup
    ERUNT 1.1j
    ESC Home Page Plugin
    FARO LS 1.1.406.58
    Gemalto
    GemSafe Standard Edition 5.1
    Google Desktop
    Google Earth
    Google SketchUp Pro 7
    Google Toolbar for Internet Explorer
    Google Update Helper
    Grasshopper
    High Definition Audio Driver Package - KB835221
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    IntelliSonic Speech Enhancement
    Java Auto Updater
    Java(TM) 7 Update 3
    Java(TM) SE Development Kit 7 Update 3
    JavaFX 2.0.3
    JavaFX 2.0.3 SDK
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Corporation
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft LifeCam
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 8.0 Support DLLs
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Modem Diagnostic Tool
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    NTRU TCG Software Stack
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    PDF Settings
    PowerDVD
    Preboot Manager
    Private Information Manager
    QuickTime
    Revit Architecture 2012
    Revit Architecture 2012 Language Pack - English
    Rhino RDK
    Rhinoceros 4.0 Evaluation
    Rhinoceros 4.0 Training Materials, Level 1
    Secure Update
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Security Wizards
    SimCity 4 Deluxe
    Skype Click to Call
    Skype™ 5.10
    SU Podium V2 2.11.130
    Trusted Drive Manager
    tsp patch
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    upekmsi
    V-Ray for Rhinoceros
    V-Ray for Rhinoceros Academic
    VC80CRTRedist - 8.0.50727.6195
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
    Wave Infrastructure Installer
    Wave Support Software
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Wireless N-lite USB Adapter Utility
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/18/2012 12:45:48 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    9/18/2012 11:00:59 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'serial.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    9/18/2012 10:33:19 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    9/18/2012 10:32:20 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    9/18/2012 10:30:32 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'serial.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    9/18/2012 10:13:28 AM, error: Service Control Manager [7022] - The Autodesk Content Service service hung on starting.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The WDM_YAMAHAAC97 service terminated with the following error: The system cannot find the file specified.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The UxTuneUp service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The Tunnelguardservice service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The TPwSav service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The S3psddr service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The Quickbooksdb service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The Incdfs service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The Iaantmon service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The HSXHWBS2 service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The GcKernel service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The Dpfusmgr service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The Citrixxteserver service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The Airgo service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7023] - The Advservice service terminated with the following error: The specified module could not be found.
    9/18/2012 10:12:16 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The Ralink Registry Writer service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:42 AM, error: Service Control Manager [7031] - The Autodesk Content Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    9/18/2012 10:04:42 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/18/2012 10:04:41 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 10:04:41 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
    9/14/2012 9:15:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fax service to connect.
    9/14/2012 9:15:46 AM, error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    ------------------------------------------------------------------------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-20 07:41:55
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9120823ASG rev.3.ADE
    Running: dccye7p1.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\fxtdypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT B86EB24C ZwClose
    SSDT B86EB206 ZwCreateKey
    SSDT B86EB256 ZwCreateSection
    SSDT B86EB1FC ZwCreateThread
    SSDT B86EB20B ZwDeleteKey
    SSDT B86EB215 ZwDeleteValueKey
    SSDT B86EB247 ZwDuplicateObject
    SSDT B86EB21A ZwLoadKey
    SSDT B86EB1E8 ZwOpenProcess
    SSDT B86EB1ED ZwOpenThread
    SSDT B86EB26F ZwQueryValueKey
    SSDT B86EB224 ZwReplaceKey
    SSDT B86EB260 ZwRequestWaitReplyPort
    SSDT B86EB21F ZwRestoreKey
    SSDT B86EB25B ZwSetContextThread
    SSDT B86EB265 ZwSetSecurityObject
    SSDT B86EB210 ZwSetValueKey
    SSDT B86EB26A ZwSystemDebugControl
    SSDT B86EB1F7 ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 8050467C 4 Bytes CALL A708B532
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6E343A0, 0x59FFE5, 0xE8000020]
    ? C:\WINDOWS\system32\DRIVERS\serial.sys suspicious PE modification

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs B3065400

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) B6D94000-B6DB0000 (114688 bytes)

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB50821$\4219550980 0 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\L\00000004.@ 804 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\L\iahonoel 64512 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\U\00000004.@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\U\00000008.@ 232960 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\U\000000cb.@ 1632 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\U\80000000.@ 13312 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\4219550980\U\80000032.@ 91136 bytes
    File C:\WINDOWS\$NtUninstallKB50821$\659319419 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    Are you able to connect to the Internet at all?
     
  3. Architype

    Architype Thread Starter

    Joined:
    Mar 27, 2012
    Messages:
    34
    I cant seem to search the web, but I was able to download an Avira antivirus update after i was infected, so it appears that I can hook up with the web. Though it didn't require me to use the browser. I think something is wrong with both Firefox and Internet explorer. Also my Wifi hangs on "Acquiring network address" for way too long, so some settings or something might have gotten changed. So to answer your question, Yes I can link to a wireless network, but I cant use any of my browsers to search. I tried resetting all the settings in firefox, but it didn't work.. Explorer will say it cant find network even though I appear to be online.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    See if you can download this and get it to run.

    Please go here and download the TDSSKiller.exe to your desktop.
    • Double-click to TDSSKiller.exe on your desktop to run it.
    • Click on Start Scan
    • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
    It will produce a log once it finishes in the root drive which should look like this example:

    C:\TDSSKiller.<version_date_time>log.txt

    Please copy and paste the contents of that log in your next reply.
     
  5. Architype

    Architype Thread Starter

    Joined:
    Mar 27, 2012
    Messages:
    34
    I ran the TDS killer and it found two objects. Also, I have to use a jump drive to transfer programs from one computer to the other.


    Here's the log...



    16:28:01.0093 3780 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    16:28:01.0109 3780 ============================================================
    16:28:01.0109 3780 Current date / time: 2012/10/01 16:28:01.0109
    16:28:01.0109 3780 SystemInfo:
    16:28:01.0109 3780
    16:28:01.0109 3780 OS Version: 5.1.2600 ServicePack: 3.0
    16:28:01.0109 3780 Product type: Workstation
    16:28:01.0109 3780 ComputerName: M4300
    16:28:01.0109 3780 UserName: Admin
    16:28:01.0109 3780 Windows directory: C:\WINDOWS
    16:28:01.0109 3780 System windows directory: C:\WINDOWS
    16:28:01.0109 3780 Processor architecture: Intel x86
    16:28:01.0109 3780 Number of processors: 2
    16:28:01.0109 3780 Page size: 0x1000
    16:28:01.0109 3780 Boot type: Normal boot
    16:28:01.0109 3780 ============================================================
    16:28:03.0062 3780 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    16:28:03.0062 3780 Drive \Device\Harddisk1\DR3 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:28:03.0062 3780 ============================================================
    16:28:03.0062 3780 \Device\Harddisk0\DR0:
    16:28:03.0062 3780 MBR partitions:
    16:28:03.0062 3780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0xDF68576
    16:28:03.0062 3780 \Device\Harddisk1\DR3:
    16:28:03.0062 3780 MBR partitions:
    16:28:03.0062 3780 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xE, StartLBA 0x1F80, BlocksNum 0x3BA080
    16:28:03.0062 3780 ============================================================
    16:28:03.0093 3780 C: <-> \Device\Harddisk0\DR0\Partition1
    16:28:03.0093 3780 ============================================================
    16:28:03.0093 3780 Initialize success
    16:28:03.0093 3780 ============================================================
    16:28:32.0359 3744 ============================================================
    16:28:32.0359 3744 Scan started
    16:28:32.0359 3744 Mode: Manual;
    16:28:32.0359 3744 ============================================================
    16:28:33.0421 3744 ================ Scan system memory ========================
    16:28:33.0421 3744 System memory - ok
    16:28:33.0421 3744 ================ Scan services =============================
    16:28:33.0531 3744 Abiosdsk - ok
    16:28:33.0578 3744 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    16:28:33.0593 3744 abp480n5 - ok
    16:28:33.0609 3744 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    16:28:33.0625 3744 ACPI - ok
    16:28:33.0640 3744 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    16:28:33.0640 3744 ACPIEC - ok
    16:28:33.0656 3744 adfs - ok
    16:28:33.0703 3744 Adobe LM Service - ok
    16:28:33.0859 3744 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    16:28:33.0875 3744 Adobe Version Cue CS3 - ok
    16:28:33.0906 3744 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    16:28:33.0937 3744 adpu160m - ok
    16:28:33.0984 3744 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    16:28:34.0015 3744 aec - ok
    16:28:34.0062 3744 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
    16:28:34.0062 3744 AegisP - ok
    16:28:34.0125 3744 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    16:28:34.0250 3744 AFD - ok
    16:28:34.0343 3744 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    16:28:34.0359 3744 agp440 - ok
    16:28:34.0375 3744 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    16:28:34.0390 3744 agpCPQ - ok
    16:28:34.0406 3744 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    16:28:34.0421 3744 Aha154x - ok
    16:28:34.0453 3744 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    16:28:34.0468 3744 aic78u2 - ok
    16:28:34.0484 3744 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    16:28:34.0500 3744 aic78xx - ok
    16:28:34.0750 3744 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
    16:28:34.0765 3744 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
    16:28:34.0781 3744 Akamai ( HiddenFile.Multi.Generic ) - warning
    16:28:34.0781 3744 Akamai - detected HiddenFile.Multi.Generic (1)
    16:28:34.0828 3744 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    16:28:34.0843 3744 Alerter - ok
    16:28:34.0859 3744 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    16:28:34.0859 3744 AliIde - ok
    16:28:34.0875 3744 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    16:28:34.0890 3744 alim1541 - ok
    16:28:34.0890 3744 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    16:28:34.0906 3744 amdagp - ok
    16:28:34.0906 3744 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    16:28:34.0921 3744 amsint - ok
    16:28:35.0015 3744 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    16:28:35.0031 3744 AntiVirSchedulerService - ok
    16:28:35.0078 3744 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    16:28:35.0109 3744 AntiVirService - ok
    16:28:35.0171 3744 [ E38BA9FAB3981A2115C53260B930FD3C ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    16:28:35.0171 3744 AntiVirWebService - ok
    16:28:35.0234 3744 [ B8D65DA679A4A8D048783EDE2691B5D4 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    16:28:35.0234 3744 ApfiltrService - ok
    16:28:35.0281 3744 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    16:28:35.0281 3744 APPDRV - ok
    16:28:35.0390 3744 [ B8E865D24F2753A35CC2A9A6A3CE1AD4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    16:28:35.0390 3744 Apple Mobile Device - ok
    16:28:35.0437 3744 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    16:28:35.0437 3744 AppMgmt - ok
    16:28:35.0500 3744 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    16:28:35.0500 3744 Arp1394 - ok
    16:28:35.0515 3744 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    16:28:35.0531 3744 asc - ok
    16:28:35.0531 3744 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    16:28:35.0546 3744 asc3350p - ok
    16:28:35.0562 3744 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    16:28:35.0562 3744 asc3550 - ok
    16:28:35.0609 3744 [ 7591238EBF7DD1FD13B353C382227DC3 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    16:28:35.0625 3744 ASFIPmon - ok
    16:28:35.0765 3744 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    16:28:35.0796 3744 aspnet_state - ok
    16:28:35.0828 3744 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    16:28:35.0828 3744 AsyncMac - ok
    16:28:35.0859 3744 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    16:28:35.0859 3744 atapi - ok
    16:28:35.0875 3744 Atdisk - ok
    16:28:35.0906 3744 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    16:28:35.0921 3744 Atmarpc - ok
    16:28:35.0953 3744 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    16:28:35.0968 3744 AudioSrv - ok
    16:28:36.0015 3744 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    16:28:36.0031 3744 audstub - ok
    16:28:36.0156 3744 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    16:28:36.0156 3744 Autodesk Content Service - ok
    16:28:36.0218 3744 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    16:28:36.0218 3744 avgntflt - ok
    16:28:36.0281 3744 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    16:28:36.0296 3744 avipbb - ok
    16:28:36.0328 3744 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    16:28:36.0343 3744 avkmgr - ok
    16:28:36.0406 3744 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    16:28:36.0406 3744 b57w2k - ok
    16:28:36.0421 3744 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
    16:28:36.0421 3744 BASFND - ok
    16:28:36.0531 3744 [ 9208C78BD9283F79A30252AD954C77A2 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    16:28:36.0593 3744 BCM43XX - ok
    16:28:36.0656 3744 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    16:28:36.0656 3744 Beep - ok
    16:28:36.0750 3744 [ 9EFE4236F8670846B6E7C5B0EFF6E715 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    16:28:36.0781 3744 Bonjour Service - ok
    16:28:36.0828 3744 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    16:28:36.0890 3744 Browser - ok
    16:28:36.0937 3744 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    16:28:36.0953 3744 cbidf - ok
    16:28:36.0953 3744 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    16:28:36.0953 3744 cbidf2k - ok
    16:28:36.0984 3744 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    16:28:37.0000 3744 CCDECODE - ok
    16:28:37.0015 3744 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    16:28:37.0031 3744 cd20xrnt - ok
    16:28:37.0062 3744 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    16:28:37.0062 3744 Cdaudio - ok
    16:28:37.0093 3744 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    16:28:37.0109 3744 Cdfs - ok
    16:28:37.0156 3744 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    16:28:37.0171 3744 Cdrom - ok
    16:28:37.0187 3744 Changer - ok
    16:28:37.0234 3744 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    16:28:37.0250 3744 CiSvc - ok
    16:28:37.0250 3744 clientservice - ok
    16:28:37.0265 3744 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    16:28:37.0265 3744 ClipSrv - ok
    16:28:37.0343 3744 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:28:37.0375 3744 clr_optimization_v2.0.50727_32 - ok
    16:28:37.0406 3744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:28:37.0484 3744 clr_optimization_v4.0.30319_32 - ok
    16:28:37.0515 3744 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    16:28:37.0515 3744 CmBatt - ok
    16:28:37.0562 3744 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    16:28:37.0562 3744 CmdIde - ok
    16:28:37.0593 3744 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    16:28:37.0593 3744 Compbatt - ok
    16:28:37.0593 3744 COMSysApp - ok
    16:28:37.0625 3744 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    16:28:37.0625 3744 Cpqarray - ok
    16:28:37.0671 3744 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    16:28:37.0687 3744 CryptSvc - ok
    16:28:37.0687 3744 d-link_st3402 - ok
    16:28:37.0703 3744 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    16:28:37.0718 3744 dac2w2k - ok
    16:28:37.0734 3744 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    16:28:37.0734 3744 dac960nt - ok
    16:28:37.0781 3744 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    16:28:37.0859 3744 DcomLaunch - ok
    16:28:37.0890 3744 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    16:28:37.0906 3744 Dhcp - ok
    16:28:37.0921 3744 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    16:28:37.0921 3744 Disk - ok
    16:28:37.0921 3744 dmadmin - ok
    16:28:37.0984 3744 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    16:28:38.0046 3744 dmboot - ok
    16:28:38.0109 3744 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    16:28:38.0109 3744 dmio - ok
    16:28:38.0171 3744 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    16:28:38.0171 3744 dmload - ok
    16:28:38.0218 3744 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    16:28:38.0234 3744 dmserver - ok
    16:28:38.0265 3744 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    16:28:38.0281 3744 DMusic - ok
    16:28:38.0328 3744 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    16:28:38.0343 3744 Dnscache - ok
    16:28:38.0390 3744 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    16:28:38.0406 3744 Dot3svc - ok
    16:28:38.0437 3744 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    16:28:38.0437 3744 dpti2o - ok
    16:28:38.0468 3744 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    16:28:38.0484 3744 drmkaud - ok
    16:28:38.0484 3744 dsbrokerservice - ok
    16:28:38.0531 3744 [ 549734664886D91222969845E4311D1B ] DXEC01 C:\WINDOWS\system32\drivers\dxec01.sys
    16:28:38.0531 3744 DXEC01 - ok
    16:28:38.0578 3744 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
    16:28:38.0593 3744 E100B - ok
    16:28:38.0609 3744 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    16:28:38.0625 3744 EapHost - ok
    16:28:38.0656 3744 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    16:28:38.0671 3744 ERSvc - ok
    16:28:38.0718 3744 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    16:28:38.0750 3744 Eventlog - ok
    16:28:38.0796 3744 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    16:28:38.0796 3744 EventSystem - ok
    16:28:38.0843 3744 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    16:28:38.0859 3744 Fastfat - ok
    16:28:38.0921 3744 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    16:28:38.0953 3744 FastUserSwitchingCompatibility - ok
    16:28:39.0000 3744 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    16:28:39.0015 3744 Fax - ok
    16:28:39.0046 3744 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    16:28:39.0062 3744 Fdc - ok
    16:28:39.0093 3744 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    16:28:39.0109 3744 Fips - ok
    16:28:39.0218 3744 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    16:28:39.0265 3744 FLEXnet Licensing Service - ok
    16:28:39.0312 3744 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    16:28:39.0328 3744 Flpydisk - ok
    16:28:39.0375 3744 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    16:28:39.0375 3744 FltMgr - ok
    16:28:39.0468 3744 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    16:28:39.0468 3744 FontCache3.0.0.0 - ok
    16:28:39.0515 3744 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    16:28:39.0515 3744 Fs_Rec - ok
    16:28:39.0531 3744 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    16:28:39.0531 3744 Ftdisk - ok
    16:28:39.0625 3744 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    16:28:39.0625 3744 GoogleDesktopManager-051210-111108 - ok
    16:28:39.0671 3744 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    16:28:39.0671 3744 Gpc - ok
    16:28:39.0718 3744 [ 7031A936832967A93B0E5D5F1C76745A ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
    16:28:39.0718 3744 guardian2 - ok
    16:28:39.0796 3744 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    16:28:39.0796 3744 gupdate - ok
    16:28:39.0796 3744 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    16:28:39.0796 3744 gupdatem - ok
    16:28:39.0859 3744 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    16:28:39.0859 3744 gusvc - ok
    16:28:39.0859 3744 hcf_msft - ok
    16:28:39.0890 3744 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    16:28:39.0890 3744 HDAudBus - ok
    16:28:39.0968 3744 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    16:28:39.0984 3744 helpsvc - ok
    16:28:40.0031 3744 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    16:28:40.0046 3744 HidServ - ok
    16:28:40.0093 3744 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    16:28:40.0109 3744 HidUsb - ok
    16:28:40.0156 3744 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    16:28:40.0171 3744 hkmsvc - ok
    16:28:40.0187 3744 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    16:28:40.0203 3744 hpn - ok
    16:28:40.0250 3744 [ 7290FB97535C317A237D4C73149C7E2C ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    16:28:40.0265 3744 HSFHWAZL - ok
    16:28:40.0343 3744 [ F362C0B442337DA8AB0608DFAA4CA076 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    16:28:40.0500 3744 HSF_DPV - ok
    16:28:40.0546 3744 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    16:28:40.0562 3744 HTTP - ok
    16:28:40.0562 3744 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    16:28:40.0578 3744 HTTPFilter - ok
    16:28:40.0625 3744 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    16:28:40.0640 3744 i2omgmt - ok
    16:28:40.0671 3744 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    16:28:40.0671 3744 i2omp - ok
    16:28:40.0718 3744 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    16:28:40.0734 3744 i8042prt - ok
    16:28:40.0734 3744 iaimfp0 - ok
    16:28:40.0828 3744 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    16:28:40.0953 3744 idsvc - ok
    16:28:41.0000 3744 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    16:28:41.0000 3744 Imapi - ok
    16:28:41.0046 3744 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    16:28:41.0078 3744 ImapiService - ok
    16:28:41.0093 3744 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    16:28:41.0109 3744 ini910u - ok
    16:28:41.0156 3744 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    16:28:41.0156 3744 IntelIde - ok
    16:28:41.0203 3744 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    16:28:41.0218 3744 intelppm - ok
    16:28:41.0250 3744 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    16:28:41.0265 3744 Ip6Fw - ok
    16:28:41.0281 3744 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    16:28:41.0281 3744 IpFilterDriver - ok
    16:28:41.0312 3744 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    16:28:41.0312 3744 IpInIp - ok
    16:28:41.0359 3744 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    16:28:41.0375 3744 IpNat - ok
    16:28:41.0437 3744 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    16:28:41.0437 3744 IPSec - ok
    16:28:41.0484 3744 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    16:28:41.0484 3744 IRENUM - ok
    16:28:41.0546 3744 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    16:28:41.0546 3744 isapnp - ok
    16:28:41.0687 3744 [ D9B1E929F2464D4C23FA9CB47DF4A1D4 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    16:28:41.0703 3744 JavaQuickStarterService - ok
    16:28:41.0718 3744 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    16:28:41.0718 3744 Kbdclass - ok
    16:28:41.0734 3744 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    16:28:41.0734 3744 kmixer - ok
    16:28:41.0781 3744 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    16:28:41.0781 3744 KSecDD - ok
    16:28:41.0812 3744 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    16:28:41.0812 3744 lanmanserver - ok
    16:28:41.0843 3744 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    16:28:41.0859 3744 lanmanworkstation - ok
    16:28:41.0859 3744 lbrtfdc - ok
    16:28:41.0921 3744 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    16:28:41.0937 3744 LmHosts - ok
    16:28:41.0937 3744 LVCap138 - ok
    16:28:41.0937 3744 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    16:28:41.0953 3744 mdmxsdk - ok
    16:28:41.0968 3744 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    16:28:41.0984 3744 Messenger - ok
    16:28:41.0984 3744 mgabg - ok
    16:28:42.0062 3744 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2012_32 c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
    16:28:42.0078 3744 mi-raysat_3dsmax2012_32 - ok
    16:28:42.0093 3744 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    16:28:42.0093 3744 mnmdd - ok
    16:28:42.0125 3744 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    16:28:42.0125 3744 mnmsrvc - ok
    16:28:42.0156 3744 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    16:28:42.0156 3744 Modem - ok
    16:28:42.0218 3744 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    16:28:42.0234 3744 Mouclass - ok
    16:28:42.0281 3744 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    16:28:42.0281 3744 mouhid - ok
    16:28:42.0296 3744 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    16:28:42.0296 3744 MountMgr - ok
    16:28:42.0359 3744 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    16:28:42.0375 3744 MozillaMaintenance - ok
    16:28:42.0421 3744 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    16:28:42.0421 3744 mraid35x - ok
    16:28:42.0468 3744 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    16:28:42.0468 3744 MRxDAV - ok
    16:28:42.0546 3744 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    16:28:42.0546 3744 MRxSmb - ok
    16:28:42.0640 3744 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    16:28:42.0671 3744 MSCamSvc - ok
    16:28:42.0718 3744 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    16:28:42.0718 3744 MSDTC - ok
    16:28:42.0781 3744 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    16:28:42.0781 3744 Msfs - ok
    16:28:42.0828 3744 [ 5119FFC2A6B51089CDB0EFDC75808C97 ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
    16:28:42.0828 3744 MSHUSBVideo - ok
    16:28:42.0843 3744 MSIServer - ok
    16:28:42.0843 3744 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    16:28:42.0859 3744 MSKSSRV - ok
    16:28:42.0890 3744 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    16:28:42.0890 3744 MSPCLOCK - ok
    16:28:42.0921 3744 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    16:28:42.0937 3744 MSPQM - ok
    16:28:42.0968 3744 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    16:28:42.0984 3744 mssmbios - ok
    16:28:43.0015 3744 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    16:28:43.0015 3744 MSTEE - ok
    16:28:43.0062 3744 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    16:28:43.0062 3744 Mup - ok
    16:28:43.0109 3744 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    16:28:43.0125 3744 NABTSFEC - ok
    16:28:43.0171 3744 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    16:28:43.0234 3744 napagent - ok
    16:28:43.0281 3744 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    16:28:43.0281 3744 NDIS - ok
    16:28:43.0328 3744 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    16:28:43.0328 3744 NdisIP - ok
    16:28:43.0375 3744 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    16:28:43.0375 3744 NdisTapi - ok
    16:28:43.0421 3744 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    16:28:43.0421 3744 Ndisuio - ok
    16:28:43.0468 3744 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    16:28:43.0484 3744 NdisWan - ok
    16:28:43.0531 3744 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    16:28:43.0531 3744 NDProxy - ok
    16:28:43.0578 3744 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    16:28:43.0578 3744 NetBIOS - ok
    16:28:43.0609 3744 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    16:28:43.0625 3744 NetBT - ok
    16:28:43.0687 3744 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    16:28:43.0703 3744 NetDDE - ok
    16:28:43.0718 3744 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    16:28:43.0718 3744 NetDDEdsdm - ok
    16:28:43.0765 3744 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    16:28:43.0765 3744 Netlogon - ok
    16:28:43.0781 3744 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    16:28:43.0781 3744 Netman - ok
    16:28:43.0812 3744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    16:28:43.0875 3744 NetTcpPortSharing - ok
    16:28:43.0906 3744 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    16:28:43.0906 3744 NIC1394 - ok
    16:28:44.0031 3744 [ 27D38B7D646283D98D65E3435B1E6197 ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    16:28:44.0046 3744 NICCONFIGSVC - ok
    16:28:44.0062 3744 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    16:28:44.0062 3744 Nla - ok
    16:28:44.0062 3744 nmwcdc - ok
    16:28:44.0109 3744 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    16:28:44.0109 3744 Npfs - ok
    16:28:44.0125 3744 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    16:28:44.0125 3744 Ntfs - ok
    16:28:44.0140 3744 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    16:28:44.0140 3744 NtLmSsp - ok
    16:28:44.0187 3744 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    16:28:44.0218 3744 NtmsSvc - ok
    16:28:44.0265 3744 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    16:28:44.0281 3744 NuidFltr - ok
    16:28:44.0296 3744 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    16:28:44.0296 3744 Null - ok
    16:28:44.0828 3744 [ ED9816DBAF6689542EA7D022631906A1 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    16:28:45.0187 3744 nv - ok
    16:28:45.0234 3744 [ A2322C6207EBB0761A6C8CC9003EBACF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
    16:28:45.0250 3744 NVSvc - ok
    16:28:45.0281 3744 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    16:28:45.0281 3744 NwlnkFlt - ok
    16:28:45.0296 3744 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    16:28:45.0296 3744 NwlnkFwd - ok
    16:28:45.0421 3744 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    16:28:45.0437 3744 odserv - ok
    16:28:45.0484 3744 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    16:28:45.0484 3744 ohci1394 - ok
    16:28:45.0531 3744 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:28:45.0546 3744 ose - ok
    16:28:45.0546 3744 ovsecurityserver - ok
    16:28:45.0546 3744 p2pgasvc - ok
    16:28:45.0609 3744 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    16:28:45.0625 3744 Parport - ok
    16:28:45.0656 3744 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    16:28:45.0656 3744 PartMgr - ok
    16:28:45.0687 3744 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    16:28:45.0687 3744 ParVdm - ok
    16:28:45.0703 3744 patrol_scheduler - ok
    16:28:45.0734 3744 [ 9EC004140E1B675ACDEB07F66EE797A4 ] PBADRV C:\WINDOWS\system32\DRIVERS\PBADRV.sys
    16:28:45.0734 3744 PBADRV - ok
    16:28:45.0750 3744 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    16:28:45.0750 3744 PCI - ok
    16:28:45.0781 3744 PCIDump - ok
    16:28:45.0828 3744 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    16:28:45.0828 3744 PCIIde - ok
    16:28:45.0843 3744 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    16:28:45.0843 3744 Pcmcia - ok
    16:28:45.0843 3744 PDCOMP - ok
    16:28:45.0843 3744 PDFRAME - ok
    16:28:45.0859 3744 PDRELI - ok
    16:28:45.0859 3744 PDRFRAME - ok
    16:28:45.0875 3744 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    16:28:45.0890 3744 perc2 - ok
    16:28:45.0906 3744 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    16:28:45.0906 3744 perc2hib - ok
    16:28:45.0953 3744 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    16:28:45.0953 3744 PlugPlay - ok
    16:28:45.0953 3744 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    16:28:45.0953 3744 PolicyAgent - ok
    16:28:46.0000 3744 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    16:28:46.0000 3744 PptpMiniport - ok
    16:28:46.0000 3744 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    16:28:46.0000 3744 ProtectedStorage - ok
    16:28:46.0000 3744 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    16:28:46.0015 3744 PSched - ok
    16:28:46.0062 3744 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    16:28:46.0062 3744 Ptilink - ok
    16:28:46.0093 3744 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    16:28:46.0093 3744 PxHelp20 - ok
    16:28:46.0109 3744 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    16:28:46.0109 3744 ql1080 - ok
    16:28:46.0125 3744 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    16:28:46.0125 3744 Ql10wnt - ok
    16:28:46.0140 3744 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    16:28:46.0140 3744 ql12160 - ok
    16:28:46.0171 3744 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    16:28:46.0171 3744 ql1240 - ok
    16:28:46.0203 3744 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    16:28:46.0203 3744 ql1280 - ok
    16:28:46.0281 3744 [ 432F5B15E21A54B48072593F03570326 ] RalinkRegistryWriter C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe
    16:28:46.0281 3744 RalinkRegistryWriter - ok
    16:28:46.0296 3744 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    16:28:46.0312 3744 RasAcd - ok
    16:28:46.0343 3744 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    16:28:46.0343 3744 RasAuto - ok
    16:28:46.0375 3744 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    16:28:46.0375 3744 Rasl2tp - ok
    16:28:46.0421 3744 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    16:28:46.0421 3744 RasMan - ok
    16:28:46.0453 3744 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    16:28:46.0453 3744 RasPppoe - ok
    16:28:46.0468 3744 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    16:28:46.0468 3744 Raspti - ok
    16:28:46.0468 3744 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    16:28:46.0468 3744 Rdbss - ok
    16:28:46.0515 3744 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    16:28:46.0515 3744 RDPCDD - ok
    16:28:46.0578 3744 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    16:28:46.0593 3744 rdpdr - ok
    16:28:46.0640 3744 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    16:28:46.0640 3744 RDPWD - ok
    16:28:46.0671 3744 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    16:28:46.0687 3744 RDSessMgr - ok
    16:28:46.0718 3744 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    16:28:46.0718 3744 redbook - ok
    16:28:46.0750 3744 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    16:28:46.0765 3744 RemoteAccess - ok
    16:28:46.0796 3744 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    16:28:46.0812 3744 RemoteRegistry - ok
    16:28:46.0843 3744 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    16:28:46.0843 3744 RpcLocator - ok
    16:28:46.0890 3744 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    16:28:46.0890 3744 RpcSs - ok
    16:28:46.0937 3744 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    16:28:46.0953 3744 RSVP - ok
    16:28:47.0000 3744 [ 1AD20F7B8B608D36983305B283A8C31C ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
    16:28:47.0046 3744 rt2870 - ok
    16:28:47.0046 3744 s217mdm - ok
    16:28:47.0062 3744 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    16:28:47.0062 3744 SamSs - ok
    16:28:47.0062 3744 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    16:28:47.0078 3744 SCardSvr - ok
    16:28:47.0109 3744 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    16:28:47.0125 3744 Schedule - ok
    16:28:47.0171 3744 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    16:28:47.0171 3744 Secdrv - ok
    16:28:47.0187 3744 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    16:28:47.0203 3744 seclogon - ok
    16:28:47.0296 3744 SecureStorageService - ok
    16:28:47.0312 3744 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    16:28:47.0312 3744 SENS - ok
    16:28:47.0328 3744 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    16:28:47.0328 3744 serenum - ok
    16:28:47.0375 3744 [ D04816D55B35C16400F45828113C9A15 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    16:28:47.0375 3744 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: D04816D55B35C16400F45828113C9A15, Fake md5: CCA207A8896D4C6A0C9CE29A4AE411A7
    16:28:47.0375 3744 Serial ( Virus.Win32.ZAccess.k ) - infected
    16:28:47.0375 3744 Serial - detected Virus.Win32.ZAccess.k (0)
    16:28:47.0406 3744 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    16:28:47.0406 3744 Sfloppy - ok
    16:28:47.0421 3744 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    16:28:47.0421 3744 ShellHWDetection - ok
    16:28:47.0421 3744 Simbad - ok
    16:28:47.0453 3744 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    16:28:47.0468 3744 sisagp - ok
    16:28:47.0765 3744 [ 4CA43B85F22C7739311788B651A779CB ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    16:28:47.0890 3744 Skype C2C Service - ok
    16:28:47.0921 3744 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    16:28:47.0921 3744 SkypeUpdate - ok
    16:28:47.0968 3744 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    16:28:47.0968 3744 SLIP - ok
    16:28:48.0000 3744 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    16:28:48.0000 3744 SONYPVU1 - ok
    16:28:48.0015 3744 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    16:28:48.0015 3744 Sparrow - ok
    16:28:48.0062 3744 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    16:28:48.0062 3744 splitter - ok
    16:28:48.0109 3744 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    16:28:48.0109 3744 Spooler - ok
    16:28:48.0125 3744 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    16:28:48.0125 3744 sr - ok
    16:28:48.0187 3744 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    16:28:48.0203 3744 srservice - ok
    16:28:48.0265 3744 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    16:28:48.0281 3744 Srv - ok
    16:28:48.0296 3744 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    16:28:48.0296 3744 SSDPSRV - ok
    16:28:48.0343 3744 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    16:28:48.0343 3744 ssmdrv - ok
    16:28:48.0406 3744 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\WINDOWS\system32\StacSV.exe
    16:28:48.0406 3744 STacSV - ok
    16:28:48.0500 3744 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    16:28:48.0515 3744 STHDA - ok
    16:28:48.0578 3744 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    16:28:48.0593 3744 stisvc - ok
    16:28:48.0625 3744 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    16:28:48.0625 3744 streamip - ok
    16:28:48.0671 3744 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    16:28:48.0671 3744 swenum - ok
    16:28:48.0671 3744 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    16:28:48.0687 3744 swmidi - ok
    16:28:48.0687 3744 SwPrv - ok
    16:28:48.0718 3744 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    16:28:48.0718 3744 symc810 - ok
    16:28:48.0734 3744 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    16:28:48.0734 3744 symc8xx - ok
    16:28:48.0750 3744 symwsc - ok
    16:28:48.0750 3744 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    16:28:48.0765 3744 sym_hi - ok
    16:28:48.0765 3744 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    16:28:48.0765 3744 sym_u3 - ok
    16:28:48.0796 3744 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    16:28:48.0812 3744 sysaudio - ok
    16:28:48.0843 3744 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    16:28:48.0843 3744 SysmonLog - ok
    16:28:48.0890 3744 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    16:28:48.0906 3744 TapiSrv - ok
    16:28:48.0953 3744 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    16:28:48.0984 3744 Tcpip - ok
    16:28:49.0093 3744 [ 23B506262493F1A521683EE88C5FBF60 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    16:28:49.0140 3744 tcsd_win32.exe - ok
    16:28:49.0265 3744 [ A27D803B21F24A5CFB775944EA4CB130 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    16:28:49.0296 3744 TdmService - ok
    16:28:49.0343 3744 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    16:28:49.0343 3744 TDPIPE - ok
    16:28:49.0359 3744 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    16:28:49.0375 3744 TDTCP - ok
    16:28:49.0406 3744 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    16:28:49.0421 3744 TermDD - ok
    16:28:49.0453 3744 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    16:28:49.0500 3744 TermService - ok
    16:28:49.0531 3744 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    16:28:49.0531 3744 Themes - ok
    16:28:49.0578 3744 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    16:28:49.0593 3744 TlntSvr - ok
    16:28:49.0609 3744 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    16:28:49.0609 3744 TosIde - ok
    16:28:49.0671 3744 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    16:28:49.0687 3744 TrkWks - ok
    16:28:49.0734 3744 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    16:28:49.0750 3744 Udfs - ok
    16:28:49.0765 3744 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    16:28:49.0781 3744 ultra - ok
    16:28:49.0828 3744 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    16:28:49.0843 3744 Update - ok
    16:28:49.0890 3744 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    16:28:50.0000 3744 upnphost - ok
    16:28:50.0015 3744 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    16:28:50.0015 3744 UPS - ok
    16:28:50.0046 3744 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    16:28:50.0046 3744 usbaudio - ok
    16:28:50.0078 3744 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    16:28:50.0078 3744 usbccgp - ok
    16:28:50.0109 3744 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    16:28:50.0109 3744 usbehci - ok
    16:28:50.0140 3744 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    16:28:50.0140 3744 usbhub - ok
    16:28:50.0171 3744 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    16:28:50.0171 3744 usbscan - ok
    16:28:50.0203 3744 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    16:28:50.0203 3744 USBSTOR - ok
    16:28:50.0218 3744 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    16:28:50.0218 3744 usbuhci - ok
    16:28:50.0250 3744 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    16:28:50.0265 3744 usbvideo - ok
    16:28:50.0265 3744 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    16:28:50.0265 3744 VgaSave - ok
    16:28:50.0296 3744 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    16:28:50.0312 3744 viaagp - ok
    16:28:50.0328 3744 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    16:28:50.0328 3744 ViaIde - ok
    16:28:50.0343 3744 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    16:28:50.0343 3744 VolSnap - ok
    16:28:50.0390 3744 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    16:28:50.0406 3744 VSS - ok
    16:28:50.0437 3744 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
    16:28:50.0453 3744 w32time - ok
    16:28:50.0468 3744 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:28:50.0609 3744 Wanarp - ok
    16:28:50.0609 3744 Wave UCSPlus - ok
    16:28:50.0687 3744 WaveEnrollmentService - ok
    16:28:50.0734 3744 [ DB626C46997C2430D4958DA5C7FFB969 ] WaveFDE C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
    16:28:50.0781 3744 WaveFDE - ok
    16:28:50.0875 3744 [ 51E756F2BFB5E3ADCB15F966AD293231 ] WavxDMgr C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
    16:28:50.0875 3744 WavxDMgr - ok
    16:28:51.0015 3744 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    16:28:51.0031 3744 Wdf01000 - ok
    16:28:51.0031 3744 WDICA - ok
    16:28:51.0093 3744 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    16:28:51.0093 3744 wdmaud - ok
    16:28:51.0109 3744 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    16:28:51.0125 3744 WebClient - ok
    16:28:51.0156 3744 [ 92CE6497076EAC3083185C44157B3A46 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    16:28:51.0234 3744 winachsf - ok
    16:28:51.0328 3744 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    16:28:51.0328 3744 winmgmt - ok
    16:28:51.0343 3744 wltrysvc - ok
    16:28:51.0375 3744 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    16:28:51.0375 3744 WmdmPmSN - ok
    16:28:51.0453 3744 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    16:28:51.0453 3744 Wmi - ok
    16:28:51.0515 3744 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    16:28:51.0515 3744 WmiAcpi - ok
    16:28:51.0546 3744 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    16:28:51.0562 3744 WmiApSrv - ok
    16:28:51.0765 3744 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    16:28:51.0921 3744 WMPNetworkSvc - ok
    16:28:52.0046 3744 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    16:28:52.0046 3744 WPFFontCache_v0400 - ok
    16:28:52.0109 3744 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    16:28:52.0125 3744 WS2IFSL - ok
    16:28:52.0171 3744 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    16:28:52.0171 3744 WSTCODEC - ok
    16:28:52.0218 3744 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    16:28:52.0234 3744 WudfPf - ok
    16:28:52.0250 3744 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    16:28:52.0250 3744 WudfRd - ok
    16:28:52.0265 3744 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    16:28:52.0296 3744 WudfSvc - ok
    16:28:52.0359 3744 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    16:28:52.0359 3744 WZCSVC - ok
    16:28:52.0390 3744 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    16:28:52.0421 3744 xmlprov - ok
    16:28:52.0437 3744 ================ Scan global ===============================
    16:28:52.0468 3744 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    16:28:52.0531 3744 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    16:28:52.0546 3744 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    16:28:52.0578 3744 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    16:28:52.0578 3744 [Global] - ok
    16:28:52.0578 3744 ================ Scan MBR ==================================
    16:28:52.0593 3744 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    16:28:52.0812 3744 \Device\Harddisk0\DR0 - ok
    16:28:52.0812 3744 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR3
    16:28:53.0328 3744 \Device\Harddisk1\DR3 - ok
    16:28:53.0328 3744 ================ Scan VBR ==================================
    16:28:53.0328 3744 [ 6225328E38543BACF55DECFBF513F854 ] \Device\Harddisk0\DR0\Partition1
    16:28:53.0343 3744 \Device\Harddisk0\DR0\Partition1 - ok
    16:28:53.0343 3744 [ D4A20B3E7FFFD09A8EBAD06233E589F3 ] \Device\Harddisk1\DR3\Partition1
    16:28:53.0343 3744 \Device\Harddisk1\DR3\Partition1 - ok
    16:28:53.0343 3744 ============================================================
    16:28:53.0343 3744 Scan finished
    16:28:53.0343 3744 ============================================================
    16:28:53.0343 2012 Detected object count: 2
    16:28:53.0343 2012 Actual detected object count: 2
    16:29:28.0500 2012 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    16:29:28.0500 2012 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    16:29:28.0500 2012 Serial ( Virus.Win32.ZAccess.k ) - skipped by user
    16:29:28.0500 2012 Serial ( Virus.Win32.ZAccess.k ) - User select action: Skip
    16:29:58.0156 3808 Deinitialize success
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    OK, please run TDSSKiller again and let it cure the one called Serial only. The other one (Akamai) is legit so please skip that one. Then run TDSSKiller again and post the new log.
     
  7. Architype

    Architype Thread Starter

    Joined:
    Mar 27, 2012
    Messages:
    34
    Hi, I ran TDSKILLER and cured "Serial". Here the log from the next scan after the reboot.
    Thanks for your time..


    09:54:24.0390 0216 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    09:54:24.0437 0216 ============================================================
    09:54:24.0437 0216 Current date / time: 2012/10/02 09:54:24.0437
    09:54:24.0437 0216 SystemInfo:
    09:54:24.0437 0216
    09:54:24.0437 0216 OS Version: 5.1.2600 ServicePack: 3.0
    09:54:24.0437 0216 Product type: Workstation
    09:54:24.0437 0216 ComputerName: M4300
    09:54:24.0437 0216 UserName: Admin
    09:54:24.0437 0216 Windows directory: C:\WINDOWS
    09:54:24.0437 0216 System windows directory: C:\WINDOWS
    09:54:24.0437 0216 Processor architecture: Intel x86
    09:54:24.0437 0216 Number of processors: 2
    09:54:24.0437 0216 Page size: 0x1000
    09:54:24.0437 0216 Boot type: Normal boot
    09:54:24.0437 0216 ============================================================
    09:54:31.0406 0216 BG loaded
    09:54:32.0640 0216 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    09:54:33.0187 0216 Drive \Device\Harddisk1\DR3 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    09:54:33.0187 0216 ============================================================
    09:54:33.0187 0216 \Device\Harddisk0\DR0:
    09:54:33.0671 0216 MBR partitions:
    09:54:33.0671 0216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0xDF68576
    09:54:33.0671 0216 \Device\Harddisk1\DR3:
    09:54:33.0671 0216 MBR partitions:
    09:54:33.0671 0216 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xE, StartLBA 0x1F80, BlocksNum 0x3BA080
    09:54:33.0671 0216 ============================================================
    09:54:33.0906 0216 C: <-> \Device\Harddisk0\DR0\Partition1
    09:54:34.0218 0216 ============================================================
    09:54:34.0218 0216 Initialize success
    09:54:34.0218 0216 ============================================================
    09:55:25.0015 2480 ============================================================
    09:55:25.0015 2480 Scan started
    09:55:25.0015 2480 Mode: Manual;
    09:55:25.0015 2480 ============================================================
    09:55:30.0515 2480 ================ Scan system memory ========================
    09:55:30.0515 2480 System memory - ok
    09:55:30.0515 2480 ================ Scan services =============================
    09:56:21.0625 2480 Abiosdsk - ok
    09:56:21.0718 2480 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    09:56:23.0796 2480 abp480n5 - ok
    09:56:52.0781 2480 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    09:56:53.0296 2480 ACPI - ok
    09:56:53.0343 2480 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    09:56:53.0531 2480 ACPIEC - ok
    09:56:53.0546 2480 adfs - ok
    09:56:53.0703 2480 Adobe LM Service - ok
    09:56:54.0078 2480 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    09:56:54.0937 2480 Adobe Version Cue CS3 - ok
    09:56:56.0078 2480 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    09:56:56.0296 2480 adpu160m - ok
    09:56:56.0578 2480 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    09:56:56.0640 2480 aec - ok
    09:56:56.0687 2480 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
    09:56:56.0968 2480 AegisP - ok
    09:56:58.0593 2480 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    09:56:58.0937 2480 AFD - ok
    09:56:59.0046 2480 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    09:56:59.0187 2480 agp440 - ok
    09:56:59.0484 2480 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    09:56:59.0625 2480 agpCPQ - ok
    09:57:03.0500 2480 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    09:57:04.0000 2480 Aha154x - ok
    09:57:04.0765 2480 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    09:57:05.0687 2480 aic78u2 - ok
    09:57:05.0796 2480 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    09:57:06.0078 2480 aic78xx - ok
    09:57:16.0171 2480 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
    09:57:16.0171 2480 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
    09:57:16.0171 2480 Akamai ( HiddenFile.Multi.Generic ) - warning
    09:57:16.0171 2480 Akamai - detected HiddenFile.Multi.Generic (1)
    09:57:16.0328 2480 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    09:57:16.0453 2480 Alerter - ok
    09:57:16.0515 2480 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    09:57:16.0515 2480 AliIde - ok
    09:57:16.0546 2480 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    09:57:16.0687 2480 alim1541 - ok
    09:57:16.0703 2480 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    09:57:16.0750 2480 amdagp - ok
    09:57:16.0781 2480 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    09:57:16.0781 2480 amsint - ok
    09:57:17.0906 2480 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    09:57:17.0937 2480 AntiVirSchedulerService - ok
    09:57:18.0140 2480 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    09:57:18.0156 2480 AntiVirService - ok
    09:57:18.0281 2480 [ E38BA9FAB3981A2115C53260B930FD3C ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    09:57:18.0296 2480 AntiVirWebService - ok
    09:57:18.0546 2480 [ B8D65DA679A4A8D048783EDE2691B5D4 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    09:57:18.0546 2480 ApfiltrService - ok
    09:57:18.0609 2480 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    09:57:18.0609 2480 APPDRV - ok
    09:57:19.0031 2480 [ B8E865D24F2753A35CC2A9A6A3CE1AD4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    09:57:19.0046 2480 Apple Mobile Device - ok
    09:57:19.0140 2480 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    09:57:19.0250 2480 AppMgmt - ok
    09:57:19.0296 2480 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    09:57:19.0312 2480 Arp1394 - ok
    09:57:19.0359 2480 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    09:57:19.0375 2480 asc - ok
    09:57:19.0390 2480 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    09:57:19.0421 2480 asc3350p - ok
    09:57:19.0671 2480 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    09:57:19.0703 2480 asc3550 - ok
    09:57:19.0781 2480 [ 7591238EBF7DD1FD13B353C382227DC3 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    09:57:19.0796 2480 ASFIPmon - ok
    09:57:20.0828 2480 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    09:57:21.0109 2480 aspnet_state - ok
    09:57:21.0140 2480 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    09:57:21.0156 2480 AsyncMac - ok
    09:57:21.0171 2480 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    09:57:21.0187 2480 atapi - ok
    09:57:21.0187 2480 Atdisk - ok
    09:57:21.0218 2480 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    09:57:21.0234 2480 Atmarpc - ok
    09:57:21.0296 2480 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    09:57:21.0343 2480 AudioSrv - ok
    09:57:21.0500 2480 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    09:57:21.0500 2480 audstub - ok
    09:57:21.0687 2480 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    09:57:21.0687 2480 Autodesk Content Service - ok
    09:57:21.0765 2480 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    09:57:21.0781 2480 avgntflt - ok
    09:57:21.0859 2480 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    09:57:21.0859 2480 avipbb - ok
    09:57:21.0937 2480 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    09:57:21.0937 2480 avkmgr - ok
    09:57:22.0015 2480 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    09:57:22.0015 2480 b57w2k - ok
    09:57:22.0031 2480 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
    09:57:22.0031 2480 BASFND - ok
    09:57:22.0187 2480 [ 9208C78BD9283F79A30252AD954C77A2 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    09:57:22.0406 2480 BCM43XX - ok
    09:57:22.0468 2480 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    09:57:22.0468 2480 Beep - ok
    09:57:22.0609 2480 [ 9EFE4236F8670846B6E7C5B0EFF6E715 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    09:57:22.0625 2480 Bonjour Service - ok
    09:57:22.0671 2480 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    09:57:22.0718 2480 Browser - ok
    09:57:22.0796 2480 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    09:57:22.0812 2480 cbidf - ok
    09:57:22.0812 2480 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    09:57:22.0812 2480 cbidf2k - ok
    09:57:22.0875 2480 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    09:57:22.0890 2480 CCDECODE - ok
    09:57:22.0937 2480 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    09:57:22.0937 2480 cd20xrnt - ok
    09:57:22.0968 2480 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    09:57:22.0984 2480 Cdaudio - ok
    09:57:23.0031 2480 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    09:57:23.0031 2480 Cdfs - ok
    09:57:23.0093 2480 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    09:57:23.0093 2480 Cdrom - ok
    09:57:23.0093 2480 Changer - ok
    09:57:23.0156 2480 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    09:57:23.0171 2480 CiSvc - ok
    09:57:23.0171 2480 clientservice - ok
    09:57:23.0218 2480 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    09:57:23.0218 2480 ClipSrv - ok
    09:57:23.0328 2480 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    09:57:23.0421 2480 clr_optimization_v2.0.50727_32 - ok
    09:57:23.0453 2480 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    09:57:23.0703 2480 clr_optimization_v4.0.30319_32 - ok
    09:57:23.0750 2480 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    09:57:23.0750 2480 CmBatt - ok
    09:57:23.0796 2480 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    09:57:23.0796 2480 CmdIde - ok
    09:57:23.0875 2480 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    09:57:23.0890 2480 Compbatt - ok
    09:57:23.0890 2480 COMSysApp - ok
    09:57:23.0921 2480 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    09:57:23.0953 2480 Cpqarray - ok
    09:57:23.0984 2480 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    09:57:24.0015 2480 CryptSvc - ok
    09:57:24.0031 2480 d-link_st3402 - ok
    09:57:24.0062 2480 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    09:57:24.0062 2480 dac2w2k - ok
    09:57:24.0109 2480 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    09:57:24.0109 2480 dac960nt - ok
    09:57:24.0187 2480 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    09:57:24.0359 2480 DcomLaunch - ok
    09:57:24.0421 2480 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    09:57:24.0421 2480 Dhcp - ok
    09:57:24.0453 2480 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    09:57:24.0468 2480 Disk - ok
    09:57:24.0468 2480 dmadmin - ok
    09:57:24.0515 2480 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    09:57:24.0562 2480 dmboot - ok
    09:57:24.0640 2480 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    09:57:24.0656 2480 dmio - ok
    09:57:24.0718 2480 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    09:57:24.0750 2480 dmload - ok
    09:57:24.0781 2480 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    09:57:24.0781 2480 dmserver - ok
    09:57:24.0828 2480 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    09:57:24.0828 2480 DMusic - ok
    09:57:24.0875 2480 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    09:57:24.0875 2480 Dnscache - ok
    09:57:24.0937 2480 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    09:57:24.0953 2480 Dot3svc - ok
    09:57:24.0968 2480 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    09:57:24.0984 2480 dpti2o - ok
    09:57:25.0015 2480 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    09:57:25.0015 2480 drmkaud - ok
    09:57:25.0015 2480 dsbrokerservice - ok
    09:57:25.0078 2480 [ 549734664886D91222969845E4311D1B ] DXEC01 C:\WINDOWS\system32\drivers\dxec01.sys
    09:57:25.0093 2480 DXEC01 - ok
    09:57:25.0125 2480 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
    09:57:25.0140 2480 E100B - ok
    09:57:25.0187 2480 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    09:57:25.0218 2480 EapHost - ok
    09:57:25.0250 2480 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    09:57:25.0250 2480 ERSvc - ok
    09:57:25.0296 2480 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    09:57:25.0312 2480 Eventlog - ok
    09:57:25.0359 2480 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    09:57:25.0359 2480 EventSystem - ok
    09:57:25.0406 2480 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    09:57:25.0406 2480 Fastfat - ok
    09:57:25.0453 2480 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    09:57:25.0468 2480 FastUserSwitchingCompatibility - ok
    09:57:25.0515 2480 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    09:57:25.0515 2480 Fax - ok
    09:57:25.0546 2480 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    09:57:25.0546 2480 Fdc - ok
    09:57:25.0578 2480 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    09:57:25.0578 2480 Fips - ok
    09:57:25.0671 2480 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    09:57:25.0718 2480 FLEXnet Licensing Service - ok
    09:57:25.0765 2480 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    09:57:25.0765 2480 Flpydisk - ok
    09:57:25.0796 2480 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    09:57:25.0812 2480 FltMgr - ok
    09:57:25.0906 2480 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    09:57:25.0906 2480 FontCache3.0.0.0 - ok
    09:57:25.0953 2480 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    09:57:25.0953 2480 Fs_Rec - ok
    09:57:25.0968 2480 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    09:57:26.0000 2480 Ftdisk - ok
    09:57:26.0109 2480 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    09:57:26.0109 2480 GoogleDesktopManager-051210-111108 - ok
    09:57:26.0156 2480 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    09:57:26.0171 2480 Gpc - ok
    09:57:26.0234 2480 [ 7031A936832967A93B0E5D5F1C76745A ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
    09:57:26.0234 2480 guardian2 - ok
    09:57:26.0312 2480 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    09:57:26.0328 2480 gupdate - ok
    09:57:26.0343 2480 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    09:57:26.0343 2480 gupdatem - ok
    09:57:26.0406 2480 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    09:57:26.0421 2480 gusvc - ok
    09:57:26.0421 2480 hcf_msft - ok
    09:57:26.0468 2480 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    09:57:26.0484 2480 HDAudBus - ok
    09:57:26.0562 2480 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    09:57:26.0578 2480 helpsvc - ok
    09:57:26.0625 2480 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    09:57:26.0640 2480 HidServ - ok
    09:57:26.0687 2480 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    09:57:26.0687 2480 HidUsb - ok
    09:57:26.0734 2480 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    09:57:26.0750 2480 hkmsvc - ok
    09:57:26.0781 2480 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    09:57:26.0781 2480 hpn - ok
    09:57:26.0828 2480 [ 7290FB97535C317A237D4C73149C7E2C ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    09:57:26.0843 2480 HSFHWAZL - ok
    09:57:26.0921 2480 [ F362C0B442337DA8AB0608DFAA4CA076 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    09:57:26.0953 2480 HSF_DPV - ok
    09:57:27.0015 2480 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    09:57:27.0031 2480 HTTP - ok
    09:57:27.0078 2480 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    09:57:27.0093 2480 HTTPFilter - ok
    09:57:27.0140 2480 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    09:57:27.0140 2480 i2omgmt - ok
    09:57:27.0171 2480 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    09:57:27.0187 2480 i2omp - ok
    09:57:27.0218 2480 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    09:57:27.0234 2480 i8042prt - ok
    09:57:27.0234 2480 iaimfp0 - ok
    09:57:27.0328 2480 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    09:57:27.0453 2480 idsvc - ok
    09:57:27.0546 2480 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    09:57:27.0562 2480 Imapi - ok
    09:57:27.0609 2480 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    09:57:27.0625 2480 ImapiService - ok
    09:57:27.0640 2480 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    09:57:27.0640 2480 ini910u - ok
    09:57:27.0687 2480 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    09:57:27.0687 2480 IntelIde - ok
    09:57:27.0718 2480 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    09:57:27.0734 2480 intelppm - ok
    09:57:27.0765 2480 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    09:57:27.0765 2480 Ip6Fw - ok
    09:57:27.0781 2480 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    09:57:27.0781 2480 IpFilterDriver - ok
    09:57:27.0812 2480 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    09:57:27.0812 2480 IpInIp - ok
    09:57:27.0843 2480 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    09:57:27.0859 2480 IpNat - ok
    09:57:27.0875 2480 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    09:57:27.0875 2480 IPSec - ok
    09:57:27.0906 2480 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    09:57:27.0906 2480 IRENUM - ok
    09:57:27.0937 2480 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    09:57:27.0937 2480 isapnp - ok
    09:57:28.0078 2480 [ D9B1E929F2464D4C23FA9CB47DF4A1D4 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    09:57:28.0093 2480 JavaQuickStarterService - ok
    09:57:28.0109 2480 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    09:57:28.0109 2480 Kbdclass - ok
    09:57:28.0125 2480 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    09:57:28.0156 2480 kmixer - ok
    09:57:28.0234 2480 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    09:57:28.0265 2480 KSecDD - ok
    09:57:28.0296 2480 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    09:57:28.0328 2480 lanmanserver - ok
    09:57:28.0375 2480 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    09:57:28.0406 2480 lanmanworkstation - ok
    09:57:28.0406 2480 lbrtfdc - ok
    09:57:28.0453 2480 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    09:57:28.0484 2480 LmHosts - ok
    09:57:28.0484 2480 LVCap138 - ok
    09:57:28.0531 2480 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    09:57:28.0562 2480 mdmxsdk - ok
    09:57:28.0593 2480 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    09:57:28.0640 2480 Messenger - ok
    09:57:28.0640 2480 mgabg - ok
    09:57:28.0781 2480 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2012_32 c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
    09:57:28.0796 2480 mi-raysat_3dsmax2012_32 - ok
    09:57:28.0828 2480 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    09:57:28.0828 2480 mnmdd - ok
    09:57:28.0875 2480 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    09:57:28.0953 2480 mnmsrvc - ok
    09:57:29.0015 2480 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    09:57:29.0031 2480 Modem - ok
    09:57:29.0078 2480 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    09:57:29.0093 2480 Mouclass - ok
    09:57:29.0140 2480 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    09:57:29.0171 2480 mouhid - ok
    09:57:29.0187 2480 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    09:57:29.0203 2480 MountMgr - ok
    09:57:29.0328 2480 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    09:57:29.0390 2480 MozillaMaintenance - ok
    09:57:29.0421 2480 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    09:57:29.0484 2480 mraid35x - ok
    09:57:29.0531 2480 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    09:57:29.0546 2480 MRxDAV - ok
    09:57:29.0609 2480 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    09:57:29.0640 2480 MRxSmb - ok
    09:57:29.0765 2480 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    09:57:29.0765 2480 MSCamSvc - ok
    09:57:29.0828 2480 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    09:57:29.0843 2480 MSDTC - ok
    09:57:29.0906 2480 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    09:57:29.0906 2480 Msfs - ok
    09:57:29.0953 2480 [ 5119FFC2A6B51089CDB0EFDC75808C97 ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
    09:57:30.0000 2480 MSHUSBVideo - ok
    09:57:30.0000 2480 MSIServer - ok
    09:57:30.0031 2480 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    09:57:30.0046 2480 MSKSSRV - ok
    09:57:30.0078 2480 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    09:57:30.0078 2480 MSPCLOCK - ok
    09:57:30.0140 2480 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    09:57:30.0171 2480 MSPQM - ok
    09:57:30.0250 2480 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    09:57:30.0265 2480 mssmbios - ok
    09:57:30.0312 2480 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    09:57:30.0343 2480 MSTEE - ok
    09:57:30.0390 2480 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    09:57:30.0500 2480 Mup - ok
    09:57:30.0562 2480 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    09:57:30.0593 2480 NABTSFEC - ok
    09:57:30.0718 2480 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    09:57:30.0875 2480 napagent - ok
    09:57:30.0937 2480 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    09:57:30.0968 2480 NDIS - ok
    09:57:31.0046 2480 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    09:57:31.0078 2480 NdisIP - ok
    09:57:31.0125 2480 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    09:57:31.0140 2480 NdisTapi - ok
    09:57:31.0171 2480 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    09:57:31.0187 2480 Ndisuio - ok
    09:57:31.0218 2480 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    09:57:31.0234 2480 NdisWan - ok
    09:57:31.0281 2480 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    09:57:31.0296 2480 NDProxy - ok
    09:57:31.0312 2480 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    09:57:31.0328 2480 NetBIOS - ok
    09:57:31.0343 2480 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    09:57:31.0359 2480 NetBT - ok
    09:57:31.0421 2480 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    09:57:31.0453 2480 NetDDE - ok
    09:57:31.0500 2480 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    09:57:31.0500 2480 NetDDEdsdm - ok
    09:57:31.0562 2480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    09:57:31.0578 2480 Netlogon - ok
    09:57:31.0625 2480 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    09:57:31.0671 2480 Netman - ok
    09:57:31.0750 2480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    09:57:31.0875 2480 NetTcpPortSharing - ok
    09:57:31.0921 2480 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    09:57:31.0953 2480 NIC1394 - ok
    09:57:32.0078 2480 [ 27D38B7D646283D98D65E3435B1E6197 ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    09:57:32.0093 2480 NICCONFIGSVC - ok
    09:57:32.0140 2480 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    09:57:32.0140 2480 Nla - ok
    09:57:32.0156 2480 nmwcdc - ok
    09:57:32.0187 2480 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    09:57:32.0203 2480 Npfs - ok
    09:57:32.0218 2480 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    09:57:32.0250 2480 Ntfs - ok
    09:57:32.0281 2480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    09:57:32.0281 2480 NtLmSsp - ok
    09:57:32.0328 2480 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    09:57:32.0359 2480 NtmsSvc - ok
    09:57:32.0406 2480 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    09:57:32.0406 2480 NuidFltr - ok
    09:57:32.0421 2480 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    09:57:32.0421 2480 Null - ok
    09:57:32.0875 2480 [ ED9816DBAF6689542EA7D022631906A1 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    09:57:33.0000 2480 nv - ok
    09:57:33.0031 2480 [ A2322C6207EBB0761A6C8CC9003EBACF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
    09:57:33.0062 2480 NVSvc - ok
    09:57:33.0093 2480 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    09:57:33.0109 2480 NwlnkFlt - ok
    09:57:33.0109 2480 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    09:57:33.0125 2480 NwlnkFwd - ok
    09:57:33.0250 2480 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    09:57:33.0296 2480 odserv - ok
    09:57:33.0343 2480 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    09:57:33.0359 2480 ohci1394 - ok
    09:57:33.0406 2480 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    09:57:33.0421 2480 ose - ok
    09:57:33.0437 2480 ovsecurityserver - ok
    09:57:33.0437 2480 p2pgasvc - ok
    09:57:33.0468 2480 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    09:57:33.0484 2480 Parport - ok
    09:57:33.0515 2480 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    09:57:33.0515 2480 PartMgr - ok
    09:57:33.0562 2480 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    09:57:33.0578 2480 ParVdm - ok
    09:57:33.0578 2480 patrol_scheduler - ok
    09:57:33.0609 2480 [ 9EC004140E1B675ACDEB07F66EE797A4 ] PBADRV C:\WINDOWS\system32\DRIVERS\PBADRV.sys
    09:57:33.0609 2480 PBADRV - ok
    09:57:33.0640 2480 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    09:57:33.0656 2480 PCI - ok
    09:57:33.0656 2480 PCIDump - ok
    09:57:33.0703 2480 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    09:57:33.0718 2480 PCIIde - ok
    09:57:33.0718 2480 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    09:57:33.0734 2480 Pcmcia - ok
    09:57:33.0750 2480 PDCOMP - ok
    09:57:33.0750 2480 PDFRAME - ok
    09:57:33.0750 2480 PDRELI - ok
    09:57:33.0765 2480 PDRFRAME - ok
    09:57:33.0781 2480 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    09:57:33.0796 2480 perc2 - ok
    09:57:33.0828 2480 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    09:57:33.0843 2480 perc2hib - ok
    09:57:33.0875 2480 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    09:57:33.0890 2480 PlugPlay - ok
    09:57:33.0890 2480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    09:57:33.0906 2480 PolicyAgent - ok
    09:57:33.0937 2480 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    09:57:33.0937 2480 PptpMiniport - ok
    09:57:33.0953 2480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    09:57:33.0953 2480 ProtectedStorage - ok
    09:57:33.0968 2480 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    09:57:33.0984 2480 PSched - ok
    09:57:34.0015 2480 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    09:57:34.0031 2480 Ptilink - ok
    09:57:34.0093 2480 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    09:57:34.0109 2480 PxHelp20 - ok
    09:57:34.0140 2480 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    09:57:34.0140 2480 ql1080 - ok
    09:57:34.0156 2480 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    09:57:34.0156 2480 Ql10wnt - ok
    09:57:34.0171 2480 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    09:57:34.0171 2480 ql12160 - ok
    09:57:34.0187 2480 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    09:57:34.0187 2480 ql1240 - ok
    09:57:34.0203 2480 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    09:57:34.0218 2480 ql1280 - ok
    09:57:34.0281 2480 [ 432F5B15E21A54B48072593F03570326 ] RalinkRegistryWriter C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe
    09:57:34.0281 2480 RalinkRegistryWriter - ok
    09:57:34.0296 2480 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    09:57:34.0296 2480 RasAcd - ok
    09:57:34.0328 2480 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    09:57:34.0343 2480 RasAuto - ok
    09:57:34.0359 2480 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    09:57:34.0375 2480 Rasl2tp - ok
    09:57:34.0406 2480 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    09:57:34.0421 2480 RasMan - ok
    09:57:34.0453 2480 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    09:57:34.0453 2480 RasPppoe - ok
    09:57:34.0453 2480 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    09:57:34.0468 2480 Raspti - ok
    09:57:34.0468 2480 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    09:57:34.0484 2480 Rdbss - ok
    09:57:34.0531 2480 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    09:57:34.0531 2480 RDPCDD - ok
    09:57:34.0562 2480 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    09:57:34.0578 2480 rdpdr - ok
    09:57:34.0609 2480 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    09:57:34.0625 2480 RDPWD - ok
    09:57:34.0671 2480 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    09:57:34.0687 2480 RDSessMgr - ok
    09:57:34.0718 2480 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    09:57:34.0718 2480 redbook - ok
    09:57:34.0765 2480 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    09:57:34.0765 2480 RemoteAccess - ok
    09:57:34.0812 2480 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    09:57:34.0828 2480 RemoteRegistry - ok
    09:57:34.0890 2480 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    09:57:34.0906 2480 RpcLocator - ok
    09:57:34.0937 2480 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    09:57:34.0953 2480 RpcSs - ok
    09:57:35.0000 2480 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    09:57:35.0015 2480 RSVP - ok
    09:57:35.0078 2480 [ 1AD20F7B8B608D36983305B283A8C31C ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
    09:57:35.0171 2480 rt2870 - ok
    09:57:35.0171 2480 s217mdm - ok
    09:57:35.0203 2480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    09:57:35.0203 2480 SamSs - ok
    09:57:35.0234 2480 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    09:57:35.0265 2480 SCardSvr - ok
    09:57:35.0296 2480 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    09:57:35.0328 2480 Schedule - ok
    09:57:35.0375 2480 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    09:57:35.0390 2480 Secdrv - ok
    09:57:35.0421 2480 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    09:57:35.0421 2480 seclogon - ok
    09:57:35.0515 2480 SecureStorageService - ok
    09:57:35.0546 2480 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    09:57:35.0578 2480 SENS - ok
    09:57:35.0609 2480 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    09:57:35.0609 2480 serenum - ok
    09:57:35.0671 2480 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    09:57:35.0687 2480 Serial - ok
    09:57:35.0703 2480 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    09:57:35.0718 2480 Sfloppy - ok
    09:57:35.0734 2480 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    09:57:35.0750 2480 ShellHWDetection - ok
    09:57:35.0750 2480 Simbad - ok
    09:57:35.0796 2480 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    09:57:35.0796 2480 sisagp - ok
    09:57:36.0140 2480 [ 4CA43B85F22C7739311788B651A779CB ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    09:57:36.0171 2480 Skype C2C Service - ok
    09:57:36.0250 2480 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    09:57:36.0250 2480 SkypeUpdate - ok
    09:57:36.0281 2480 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    09:57:36.0296 2480 SLIP - ok
    09:57:36.0312 2480 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    09:57:36.0328 2480 SONYPVU1 - ok
    09:57:36.0343 2480 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    09:57:36.0343 2480 Sparrow - ok
    09:57:36.0375 2480 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    09:57:36.0390 2480 splitter - ok
    09:57:36.0421 2480 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    09:57:36.0437 2480 Spooler - ok
    09:57:36.0453 2480 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    09:57:36.0453 2480 sr - ok
    09:57:36.0500 2480 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    09:57:36.0500 2480 srservice - ok
    09:57:36.0546 2480 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    09:57:36.0562 2480 Srv - ok
    09:57:36.0578 2480 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    09:57:36.0578 2480 SSDPSRV - ok
    09:57:36.0640 2480 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    09:57:36.0640 2480 ssmdrv - ok
    09:57:36.0687 2480 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\WINDOWS\system32\StacSV.exe
    09:57:36.0703 2480 STacSV - ok
    09:57:36.0781 2480 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    09:57:36.0796 2480 STHDA - ok
    09:57:36.0859 2480 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    09:57:36.0875 2480 stisvc - ok
    09:57:36.0906 2480 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    09:57:36.0906 2480 streamip - ok
    09:57:36.0953 2480 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    09:57:36.0953 2480 swenum - ok
    09:57:36.0968 2480 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    09:57:36.0968 2480 swmidi - ok
    09:57:36.0984 2480 SwPrv - ok
    09:57:37.0000 2480 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    09:57:37.0015 2480 symc810 - ok
    09:57:37.0031 2480 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    09:57:37.0046 2480 symc8xx - ok
    09:57:37.0046 2480 symwsc - ok
    09:57:37.0062 2480 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    09:57:37.0078 2480 sym_hi - ok
    09:57:37.0093 2480 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    09:57:37.0093 2480 sym_u3 - ok
    09:57:37.0125 2480 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    09:57:37.0125 2480 sysaudio - ok
    09:57:37.0171 2480 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    09:57:37.0187 2480 SysmonLog - ok
    09:57:37.0218 2480 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    09:57:37.0234 2480 TapiSrv - ok
    09:57:37.0296 2480 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    09:57:37.0312 2480 Tcpip - ok
    09:57:37.0437 2480 [ 23B506262493F1A521683EE88C5FBF60 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    09:57:37.0453 2480 tcsd_win32.exe - ok
    09:57:37.0593 2480 [ A27D803B21F24A5CFB775944EA4CB130 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    09:57:37.0593 2480 TdmService - ok
    09:57:37.0640 2480 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    09:57:37.0656 2480 TDPIPE - ok
    09:57:37.0656 2480 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    09:57:37.0671 2480 TDTCP - ok
    09:57:37.0703 2480 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    09:57:37.0718 2480 TermDD - ok
    09:57:37.0765 2480 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    09:57:37.0812 2480 TermService - ok
    09:57:37.0828 2480 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    09:57:37.0843 2480 Themes - ok
    09:57:37.0875 2480 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    09:57:37.0906 2480 TlntSvr - ok
    09:57:37.0921 2480 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    09:57:37.0921 2480 TosIde - ok
    09:57:37.0968 2480 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    09:57:37.0984 2480 TrkWks - ok
    09:57:38.0031 2480 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    09:57:38.0046 2480 Udfs - ok
    09:57:38.0062 2480 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    09:57:38.0078 2480 ultra - ok
    09:57:38.0125 2480 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    09:57:38.0156 2480 Update - ok
    09:57:38.0187 2480 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    09:57:38.0234 2480 upnphost - ok
    09:57:38.0234 2480 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    09:57:38.0250 2480 UPS - ok
    09:57:38.0281 2480 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    09:57:38.0296 2480 usbaudio - ok
    09:57:38.0375 2480 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    09:57:38.0390 2480 usbccgp - ok
    09:57:38.0421 2480 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    09:57:38.0437 2480 usbehci - ok
    09:57:38.0484 2480 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    09:57:38.0484 2480 usbhub - ok
    09:57:38.0515 2480 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    09:57:38.0515 2480 usbscan - ok
    09:57:38.0531 2480 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    09:57:38.0546 2480 USBSTOR - ok
    09:57:38.0546 2480 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    09:57:38.0562 2480 usbuhci - ok
    09:57:38.0578 2480 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    09:57:38.0593 2480 usbvideo - ok
    09:57:38.0593 2480 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    09:57:38.0593 2480 VgaSave - ok
    09:57:38.0640 2480 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    09:57:38.0640 2480 viaagp - ok
    09:57:38.0656 2480 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    09:57:38.0656 2480 ViaIde - ok
    09:57:38.0687 2480 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    09:57:38.0687 2480 VolSnap - ok
    09:57:38.0734 2480 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    09:57:38.0750 2480 VSS - ok
    09:57:38.0781 2480 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
    09:57:38.0796 2480 w32time - ok
    09:57:38.0812 2480 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    09:57:38.0812 2480 Wanarp - ok
    09:57:38.0812 2480 Wave UCSPlus - ok
    09:57:38.0843 2480 WaveEnrollmentService - ok
    09:57:38.0875 2480 [ DB626C46997C2430D4958DA5C7FFB969 ] WaveFDE C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
    09:57:38.0875 2480 WaveFDE - ok
    09:57:38.0906 2480 [ 51E756F2BFB5E3ADCB15F966AD293231 ] WavxDMgr C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
    09:57:38.0921 2480 WavxDMgr - ok
    09:57:38.0984 2480 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    09:57:38.0984 2480 Wdf01000 - ok
    09:57:38.0984 2480 WDICA - ok
    09:57:39.0046 2480 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    09:57:39.0062 2480 wdmaud - ok
    09:57:39.0078 2480 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    09:57:39.0093 2480 WebClient - ok
    09:57:39.0140 2480 [ 92CE6497076EAC3083185C44157B3A46 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    09:57:39.0156 2480 winachsf - ok
    09:57:39.0250 2480 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    09:57:39.0250 2480 winmgmt - ok
    09:57:39.0265 2480 wltrysvc - ok
    09:57:39.0296 2480 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    09:57:39.0312 2480 WmdmPmSN - ok
    09:57:39.0359 2480 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    09:57:39.0375 2480 Wmi - ok
    09:57:39.0421 2480 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    09:57:39.0421 2480 WmiAcpi - ok
    09:57:39.0437 2480 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    09:57:39.0453 2480 WmiApSrv - ok
    09:57:39.0656 2480 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    09:57:39.0765 2480 WMPNetworkSvc - ok
    09:57:39.0921 2480 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    09:57:39.0984 2480 WPFFontCache_v0400 - ok
    09:57:40.0046 2480 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    09:57:40.0062 2480 WS2IFSL - ok
    09:57:40.0093 2480 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    09:57:40.0109 2480 WSTCODEC - ok
    09:57:40.0140 2480 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    09:57:40.0156 2480 WudfPf - ok
    09:57:40.0171 2480 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    09:57:40.0187 2480 WudfRd - ok
    09:57:40.0218 2480 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    09:57:40.0265 2480 WudfSvc - ok
    09:57:40.0328 2480 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    09:57:40.0343 2480 WZCSVC - ok
    09:57:40.0359 2480 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    09:57:40.0390 2480 xmlprov - ok
    09:57:40.0406 2480 ================ Scan global ===============================
    09:57:40.0437 2480 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    09:57:40.0500 2480 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    09:57:40.0515 2480 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    09:57:40.0531 2480 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    09:57:40.0531 2480 [Global] - ok
    09:57:40.0531 2480 ================ Scan MBR ==================================
    09:57:40.0562 2480 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    09:57:40.0750 2480 \Device\Harddisk0\DR0 - ok
    09:57:40.0750 2480 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR3
    09:57:41.0218 2480 \Device\Harddisk1\DR3 - ok
    09:57:41.0218 2480 ================ Scan VBR ==================================
    09:57:41.0218 2480 [ 6225328E38543BACF55DECFBF513F854 ] \Device\Harddisk0\DR0\Partition1
    09:57:41.0218 2480 \Device\Harddisk0\DR0\Partition1 - ok
    09:57:41.0218 2480 [ D4A20B3E7FFFD09A8EBAD06233E589F3 ] \Device\Harddisk1\DR3\Partition1
    09:57:41.0218 2480 \Device\Harddisk1\DR3\Partition1 - ok
    09:57:41.0218 2480 ============================================================
    09:57:41.0218 2480 Scan finished
    09:57:41.0218 2480 ============================================================
    09:57:41.0234 2472 Detected object count: 1
    09:57:41.0234 2472 Actual detected object count: 1
    10:06:45.0546 2472 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    10:06:45.0546 2472 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    10:06:52.0781 2012 Deinitialize success
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  9. Architype

    Architype Thread Starter

    Joined:
    Mar 27, 2012
    Messages:
    34
    Hi, I ran the combo fix.. I got the log, but after reading your directions I realized that I did not rename combofix puppy.Instead I named the log puppy on a account of my misunderstanding.I'm posting the log, if you would like me to run it again with combofix renamed as puppy I would be happy to run it again..
    Thank you for your time.



    ComboFix 12-10-02.02 - Admin 10/02/2012 21:00:01.12.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3013 [GMT -4:00]
    Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Admin\Local Settings\Application Data\assembly\tmp
    c:\program files\AutoCAD_2012_English_Win_32bit.exe
    c:\program files\Autodesk_3ds_Max_Design_2012_English_Win_32-64bit.exe
    c:\program files\Autodesk_Revit_Architecture_2012_English_Win_32-64bit.exe
    c:\windows\system32\AegisI5Installer.exe
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\test
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-03 to 2012-10-03 )))))))))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-02 13:53 . 2004-08-04 04:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
    2012-08-06 04:08 . 2012-06-26 00:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-06 04:08 . 2011-07-07 04:16 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-06 13:58 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\browser.dll
    2011-07-07 03:46 . 2011-07-07 03:46 13683064 -c--a-w- c:\program files\Firefox Setup 5.0.exe
    2012-09-10 00:18 . 2012-09-10 00:18 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-07-21 19:19 . 2012-09-10 00:18 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-07-28 02:41 1493160 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-28 1493160]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-28 1493160]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-21 39408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17420464]
    "Akamai NetSession Interface"="c:\documents and settings\Admin\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-08-10 4440896]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NVHotkey"="nvHotkey.dll" [2010-07-09 178792]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-21 30192]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-28 397992]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
    .
    c:\documents and settings\Admin\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Admin\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [N/A]
    DRSpawner.lnk - c:\documents and settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe [2012-6-5 2080768]
    Wireless N-lite USB Adapter Utility.lnk - c:\program files\ZyXEL\N220\Common\N220.exe [2011-5-27 1990656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
    2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [4/2/2012 8:10 PM 36000]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 6:00 PM 14336]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/2/2012 8:10 PM 86224]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [4/2/2012 8:10 PM 465360]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
    R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2/2/2011 2:08 PM 18656]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5/30/2012 1:56 PM 3048136]
    R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 11:31 PM 135664]
    S2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2/23/2011 7:59 AM 86016]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 2:14 PM 160944]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/10/2008 11:26 AM 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 11:31 PM 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 9:59 PM 114144]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/14/2012 3:31 PM 30576]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - BITS
    *NewlyCreated* - WUAUSERV
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Epiusb
    patrol_scheduler
    s217mdm
    p2pgasvc
    clientservice
    dsbrokerservice
    iaimfp0
    bantext
    LVCap138
    symwsc
    nmwcdc
    mgabg
    ovsecurityserver
    hcf_msft
    d-link_st3402
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 06:03]
    .
    2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-20 03:31]
    .
    2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-20 03:31]
    .
    2012-10-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2011-07-28 02:41]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
    FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8v2j09ed.default-1348028205828\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
    SafeBoot-30100496.sys
    SafeBoot-74723438.sys
    SafeBoot-97680512.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-02 21:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,88,81,51,85,12,33,4d,84,27,bd,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,88,81,51,85,12,33,4d,84,27,bd,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(680)
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'lsass.exe'(736)
    c:\program files\Avira\AntiVir Desktop\avsda.dll
    .
    Completion time: 2012-10-02 21:47:12
    ComboFix-quarantined-files.txt 2012-10-03 01:47
    .
    Pre-Run: 17,534,820,352 bytes free
    Post-Run: 20,786,536,448 bytes free
    .
    - - End Of File - - F1A9D9752844C99D3A8A043BFCBB492A
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    That's alright.

    I'm signing off for the night now but I'll post further instructions tomorrow morning.
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    Download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  12. Architype

    Architype Thread Starter

    Joined:
    Mar 27, 2012
    Messages:
    34
    Hi, I just ran the scan, following your directions. I am attaching the two logs in my post. By the way my computer was able to go online last night after I used combofix. I was also able to surf the web...Awesome : )....One thing though, is that windows keeps asking me if I want to block certain options on programs like skype dropbox etc.."via my Firewall" that my pose a sercurity risk.. I keep selecting "ask me later"...should I just allow those programs to function normally or should I keep blocking those options for now?

    Thank you...




    OTL logfile created on: 10/3/2012 9:38:45 AM - Run 1
    OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Admin\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 78.82% Memory free
    8.58 Gb Paging File | 7.95 Gb Available in Paging File | 92.59% Paging File free
    Paging file location(s): C:\pagefile.sys 5371 6000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.70 Gb Total Space | 19.24 Gb Free Space | 17.23% Space Free | Partition Type: NTFS
    Drive E: | 1.86 Gb Total Space | 1.37 Gb Free Space | 73.30% Space Free | Partition Type: FAT

    Computer Name: M4300 | User Name: Admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/03 09:34:24 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
    PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Akamai\netsession_win.exe
    PRC - [2012/08/10 01:31:41 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/09 00:59:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2012/05/09 00:59:43 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    PRC - [2012/05/09 00:59:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2012/05/09 00:59:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2012/04/03 20:36:53 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/07/27 22:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2011/05/09 17:23:33 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () -- c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
    PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    PRC - [2010/06/21 15:24:30 | 001,990,656 | ---- | M] (ZyXEL Technology, Corp.) -- C:\Program Files\ZyXEL\N220\Common\N220.exe
    PRC - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2007/12/05 21:07:34 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
    PRC - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    PRC - [2007/09/14 11:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    PRC - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 14:09:11 | 001,211,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\c6dd1cf1d4982499cd88f936b1af25c2\System.WorkflowServices.ni.dll
    MOD - [2012/06/14 14:06:55 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
    MOD - [2012/06/13 14:13:09 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
    MOD - [2012/05/11 11:29:57 | 000,365,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll
    MOD - [2012/05/11 11:29:56 | 001,128,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll
    MOD - [2012/05/11 11:29:55 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll
    MOD - [2012/05/11 11:29:37 | 001,387,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll
    MOD - [2012/05/11 11:29:33 | 001,072,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
    MOD - [2012/05/11 11:29:31 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
    MOD - [2012/05/11 11:29:16 | 001,051,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d6efd98958647b0a5b224393605f30da\System.ServiceModel.Web.ni.dll
    MOD - [2012/05/11 11:26:28 | 001,897,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\65f64efe2aec0291c18453af0c3eb19b\System.Web.Services.ni.dll
    MOD - [2012/05/11 11:26:14 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
    MOD - [2012/05/11 11:26:14 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.Wrapper.dll
    MOD - [2012/05/11 11:26:13 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
    MOD - [2012/05/11 11:26:12 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
    MOD - [2012/05/11 11:26:11 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
    MOD - [2012/05/11 11:26:10 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/11 02:13:33 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2012/05/11 02:04:03 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
    MOD - [2012/05/11 02:04:01 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
    MOD - [2012/05/11 02:03:55 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
    MOD - [2012/05/11 02:03:54 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
    MOD - [2012/05/11 02:03:29 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
    MOD - [2012/05/11 02:03:18 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2012/05/09 00:59:44 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () -- c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
    MOD - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    MOD - [2008/06/29 22:11:04 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
    MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2007/11/28 04:32:00 | 001,163,264 | ---- | M] () -- C:\Program Files\ZyXEL\N220\Common\acAuth.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RDID1007.dll -- (symwsc)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pimsgss.dll -- (s217mdm)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\streamloadservice.dll -- (patrol_scheduler)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mskservice.dll -- (p2pgasvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsunidrv.dll -- (ovsecurityserver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pptchpad.dll -- (nmwcdc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800mgmt.dll -- (mgabg)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NICM.dll -- (LVCap138)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UsbDiag.dll -- (iaimfp0)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sqlagent$pinnaclesys.dll -- (hcf_msft)
    SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (Epiusb)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imagedrv.dll -- (dsbrokerservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (d-link_st3402)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\advantage.dll -- (clientservice)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
    SRV - [2012/09/09 20:18:55 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/06 14:16:49 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
    SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/05/09 00:59:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2012/05/09 00:59:43 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
    SRV - [2012/05/09 00:59:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2012/04/03 20:36:53 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2011/05/09 17:23:33 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () [Auto | Running] -- c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe -- (mi-raysat_3dsmax2012_32)
    SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
    SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
    SRV - [2008/02/22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2007/12/05 21:07:34 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
    SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2007/09/07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
    SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
    DRV - [2012/05/09 00:59:44 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2012/05/09 00:59:44 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/05/20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2009/11/19 13:03:18 | 000,803,328 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2008/06/29 22:11:44 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2008/06/15 20:35:02 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2008/06/15 20:35:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2008/06/15 20:35:00 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/12/05 21:07:36 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
    DRV - [2007/09/10 10:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
    DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
    DRV - [2007/09/06 10:18:40 | 000,018,176 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
    DRV - [2007/04/15 22:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/03/18 16:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
    DRV - [2006/11/02 13:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
    DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GPEA_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=UV-ZL3kkJMUkydWEbRpXkPiEAgI?q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/04/27 20:31:21 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/05 21:05:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 20:18:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/09 20:18:36 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8CF94090-6F79-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Admin\Local Settings\Application Data\{8CF94090-6F79-11E1-826D-B8AC6F996F26}\ [2012/03/16 11:06:08 | 000,000,000 | ---D | M]

    [2011/07/06 23:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
    [2011/09/06 19:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\extensions
    [2012/09/09 20:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/09 20:18:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/09/09 20:18:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/01/04 14:52:54 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
    [2012/09/03 23:18:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/03 23:18:00 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/03/26 18:58:11 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Admin\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DRSpawner.lnk = C:\Documents and Settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless N-lite USB Adapter Utility.lnk = C:\Program Files\ZyXEL\N220\Common\N220.exe (ZyXEL Technology, Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm File not found
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Unable to open value key)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B515332-AE0B-4D61-89A3-D693D0733B5E}: DhcpNameServer = 192.168.1.1 71.252.0.12
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\gemsafe: DllName - (C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll) - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/06/02 21:24:57 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/04/19 01:37:22 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Epiusb - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
    NetSvcs: patrol_scheduler - %systemroot%\system32\streamloadservice.dll File not found
    NetSvcs: s217mdm - %systemroot%\system32\pimsgss.dll File not found
    NetSvcs: p2pgasvc - %systemroot%\system32\mskservice.dll File not found
    NetSvcs: clientservice - %systemroot%\system32\advantage.dll File not found
    NetSvcs: dsbrokerservice - %systemroot%\system32\imagedrv.dll File not found
    NetSvcs: iaimfp0 - %systemroot%\system32\UsbDiag.dll File not found
    NetSvcs: bantext - File not found
    NetSvcs: LVCap138 - %systemroot%\system32\NICM.dll File not found
    NetSvcs: symwsc - %systemroot%\system32\RDID1007.dll File not found
    NetSvcs: nmwcdc - %systemroot%\system32\pptchpad.dll File not found
    NetSvcs: mgabg - %systemroot%\system32\w800mgmt.dll File not found
    NetSvcs: ovsecurityserver - %systemroot%\system32\dsunidrv.dll File not found
    NetSvcs: hcf_msft - %systemroot%\system32\sqlagent$pinnaclesys.dll File not found
    NetSvcs: d-link_st3402 - %systemroot%\system32\backupexecjobengine.dll File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/03 09:36:21 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
    [2012/10/02 20:49:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/10/02 20:49:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/10/02 20:49:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/10/02 20:49:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/10/02 20:49:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/02 20:48:35 | 004,759,935 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
    [2012/09/19 00:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Old Firefox Data-2
    [2012/09/18 23:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Old Firefox Data-1
    [2012/09/18 23:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Old Firefox Data
    [2012/09/17 09:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\DC Water
    [2012/09/09 20:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/07/06 23:46:08 | 013,683,064 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 5.0.exe
    [1 C:\Documents and Settings\Admin\Desktop\*.tmp files -> C:\Documents and Settings\Admin\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/03 09:34:24 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
    [2012/10/03 09:34:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2012/10/03 09:33:19 | 000,034,901 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2012/10/03 09:33:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/10/03 09:29:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/03 09:29:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/10/03 09:29:27 | 3755,962,368 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/02 23:09:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/02 23:01:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/10/02 20:43:28 | 004,759,935 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
    [2012/10/02 16:59:38 | 000,244,433 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Kimberly_Design_3.skp
    [2012/10/02 16:09:57 | 000,067,576 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Treatment_Proposal_1.pdf
    [2012/10/02 16:09:15 | 000,067,574 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Treatment_Proposal_Final.pdf
    [2012/10/02 16:01:04 | 000,274,372 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Kimberly_Design_3.skb
    [2012/10/01 16:16:18 | 001,153,014 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Treatment_Plant_002.ai
    [2012/10/01 12:20:47 | 001,127,297 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Treatment_Plant_001.ai
    [2012/10/01 11:42:28 | 000,091,266 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_8.dwg
    [2012/10/01 11:42:01 | 000,045,317 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_10.pdf
    [2012/09/28 17:05:09 | 000,061,772 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_Design_2.skp
    [2012/09/28 16:09:09 | 000,090,617 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_Design_1.skp
    [2012/09/28 14:57:57 | 000,061,511 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_As_built.skp
    [2012/09/28 11:02:20 | 000,453,731 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\1242_2.skp
    [2012/09/28 11:02:06 | 000,037,951 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\1242_Third_Floor_2.jpg
    [2012/09/28 11:00:38 | 000,062,022 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\1242_Third_Floor.jpg
    [2012/09/28 10:58:53 | 000,044,120 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\1242_Second_Floor_Bar_2.jpg
    [2012/09/28 10:56:51 | 000,069,501 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\1242_Second_Floor_Bar.jpg
    [2012/09/28 10:49:18 | 000,054,953 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Ground_level_Perspective_2.jpg
    [2012/09/28 10:47:28 | 000,062,702 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Ground_level_Perspective.jpg
    [2012/09/28 10:46:13 | 000,114,710 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\1242_Section_Building_2.jpg
    [2012/09/28 10:41:10 | 000,140,993 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\1242_Section_Building.jpg
    [2012/09/27 16:54:24 | 000,423,311 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\1242_2.skb
    [2012/09/26 17:03:44 | 000,410,837 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\1242.skp
    [2012/09/26 16:18:42 | 000,410,540 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\1242.skb
    [2012/09/26 16:18:34 | 000,090,373 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_8.bak
    [2012/09/26 16:18:28 | 000,045,195 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_8.pdf
    [2012/09/26 13:14:54 | 000,120,537 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_7.dwg
    [2012/09/26 13:13:00 | 000,106,847 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_7.bak
    [2012/09/26 12:09:29 | 000,069,512 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Proposal_Nathan Alexander_Break-out price.pdf
    [2012/09/25 14:29:06 | 000,050,337 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\AutoSave_Untitled.skp
    [2012/09/25 13:44:03 | 000,067,096 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Treatment_Proposal_5.pdf
    [2012/09/25 12:34:55 | 000,083,012 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_6.dwg
    [2012/09/25 12:19:56 | 000,103,419 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_2.dwg
    [2012/09/25 09:41:07 | 000,068,862 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Proposal_Nathan Alexander.pdf
    [2012/09/24 21:26:36 | 000,112,237 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_5.pdf
    [2012/09/24 20:59:51 | 000,079,268 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_2.bak
    [2012/09/24 20:59:37 | 000,041,821 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_4.pdf
    [2012/09/24 20:26:14 | 000,080,427 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_3.pdf
    [2012/09/24 20:07:36 | 000,076,515 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_1.dwg
    [2012/09/24 20:07:24 | 000,036,775 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_2.pdf
    [2012/09/24 20:04:48 | 000,075,779 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_1.bak
    [2012/09/24 16:59:38 | 000,089,465 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom.dwg
    [2012/09/24 16:54:09 | 000,089,465 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom.bak
    [2012/09/24 10:52:54 | 000,024,498 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Drawing1.pdf
    [2012/09/19 11:00:36 | 000,016,269 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\hijackthis_Log_1
    [2012/09/19 09:24:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/09/18 23:50:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/09/12 14:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/09/05 16:58:38 | 003,213,481 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\AS_BIULT_DC_WATER.skp
    [2012/09/05 16:58:28 | 003,213,648 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\AS_BIULT_DC_WATER.skb
    [1 C:\Documents and Settings\Admin\Desktop\*.tmp files -> C:\Documents and Settings\Admin\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/02 20:49:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/10/02 20:49:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/10/02 20:49:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/10/02 20:49:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/10/02 20:49:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/10/02 16:09:56 | 000,067,576 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Treatment_Proposal_1.pdf
    [2012/10/02 16:09:10 | 000,067,574 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Treatment_Proposal_Final.pdf
    [2012/10/01 12:59:54 | 001,153,014 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Treatment_Plant_002.ai
    [2012/10/01 12:20:47 | 001,127,297 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Treatment_Plant_001.ai
    [2012/10/01 11:26:45 | 000,045,317 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_10.pdf
    [2012/10/01 10:36:40 | 000,274,372 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Kimberly_Design_3.skb
    [2012/10/01 10:20:32 | 000,244,433 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Kimberly_Design_3.skp
    [2012/09/28 17:05:09 | 000,061,772 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_Design_2.skp
    [2012/09/28 16:09:09 | 000,090,617 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_Design_1.skp
    [2012/09/28 14:57:57 | 000,061,511 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_As_built.skp
    [2012/09/28 11:02:20 | 000,423,311 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\1242_2.skb
    [2012/09/28 11:02:06 | 000,037,951 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\1242_Third_Floor_2.jpg
    [2012/09/28 11:00:38 | 000,062,022 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\1242_Third_Floor.jpg
    [2012/09/28 10:58:53 | 000,044,120 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\1242_Second_Floor_Bar_2.jpg
    [2012/09/28 10:56:51 | 000,069,501 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\1242_Second_Floor_Bar.jpg
    [2012/09/28 10:49:18 | 000,054,953 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Ground_level_Perspective_2.jpg
    [2012/09/28 10:47:28 | 000,062,702 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Ground_level_Perspective.jpg
    [2012/09/28 10:46:13 | 000,114,710 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\1242_Section_Building_2.jpg
    [2012/09/28 10:32:01 | 000,140,993 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\1242_Section_Building.jpg
    [2012/09/27 16:54:24 | 000,453,731 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\1242_2.skp
    [2012/09/26 16:18:27 | 000,045,195 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_8.pdf
    [2012/09/26 16:14:22 | 000,090,373 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_8.bak
    [2012/09/26 16:14:07 | 000,091,266 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_8.dwg
    [2012/09/26 13:14:54 | 000,106,847 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_7.bak
    [2012/09/26 12:29:04 | 000,120,537 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_7.dwg
    [2012/09/26 12:09:24 | 000,069,512 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Proposal_Nathan Alexander_Break-out price.pdf
    [2012/09/25 14:39:45 | 000,410,540 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\1242.skb
    [2012/09/25 14:33:22 | 000,410,837 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\1242.skp
    [2012/09/25 14:03:43 | 000,050,337 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\AutoSave_Untitled.skp
    [2012/09/25 13:44:02 | 000,067,096 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Treatment_Proposal_5.pdf
    [2012/09/25 12:32:22 | 000,083,012 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_6.dwg
    [2012/09/25 09:41:03 | 000,068,862 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Proposal_Nathan Alexander.pdf
    [2012/09/24 21:26:36 | 000,112,237 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_5.pdf
    [2012/09/24 20:59:37 | 000,041,821 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_4.pdf
    [2012/09/24 20:58:05 | 000,079,268 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_2.bak
    [2012/09/24 20:38:18 | 000,103,419 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_2.dwg
    [2012/09/24 20:26:14 | 000,080,427 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_3.pdf
    [2012/09/24 20:07:23 | 000,036,775 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_2.pdf
    [2012/09/24 19:35:12 | 000,076,515 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_1.dwg
    [2012/09/24 19:35:12 | 000,075,779 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom_1.bak
    [2012/09/24 11:02:54 | 000,089,465 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom.dwg
    [2012/09/24 11:02:54 | 000,089,465 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Water_Sewer_Bathroom.bak
    [2012/09/24 10:52:54 | 000,024,498 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Drawing1.pdf
    [2012/09/19 11:00:36 | 000,016,269 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\hijackthis_Log_1
    [2012/09/18 23:50:57 | 000,001,901 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DRSpawner.lnk
    [2012/09/18 23:50:57 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless N-lite USB Adapter Utility.lnk
    [2012/09/18 23:50:57 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    [2012/09/18 23:50:57 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/09/18 23:50:57 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    [2012/09/18 23:50:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/09/05 16:36:19 | 003,213,648 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\AS_BIULT_DC_WATER.skb
    [2012/09/05 12:01:20 | 003,213,481 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\AS_BIULT_DC_WATER.skp
    [2012/05/15 00:47:25 | 000,326,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/02/15 09:18:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/06/02 22:54:04 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2011/05/27 13:37:05 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2011/05/09 23:46:30 | 001,910,180 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3991068211-2943843026-3238178938-1005-0.dat
    [2011/05/09 23:46:28 | 000,315,062 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/03/03 17:30:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\BongoSDK.10.v40.dll
    [2011/01/21 13:12:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\g_mgpmro417.ini
    [2011/01/21 13:12:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\bgsqtfk979.dat
    [2010/12/28 00:43:19 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Cdise.dat
    [2008/12/20 21:52:36 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/09 22:50:01 | 000,067,890 | ---- | C] () -- C:\Program Files\FORM-ZSITEPLAN100,0044.jpg
    [2008/11/09 22:48:08 | 000,075,985 | ---- | C] () -- C:\Program Files\FORM-ZSITEPLAN100,0043.jpg
    [2008/11/09 22:42:59 | 000,084,689 | ---- | C] () -- C:\Program Files\FORM-ZSITEPLAN100,0042.jpg
    [2008/10/24 22:58:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\WavXMapDrive.bat

    ========== ZeroAccess Check ==========

    [2012/09/18 22:20:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB50821$\4219550980\L
    [2012/10/02 09:53:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB50821$\4219550980\U
    [2012/10/02 09:31:22 | 000,000,804 | ---- | M] () -- C:\WINDOWS\$NtUninstallKB50821$\4219550980\L\00000004.@
    [2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >


    --------------------------------------------------------------------------------------------------------------------------------------


    OTL Extras logfile created on: 10/3/2012 9:38:45 AM - Run 1
    OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Admin\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 78.82% Memory free
    8.58 Gb Paging File | 7.95 Gb Available in Paging File | 92.59% Paging File free
    Paging file location(s): C:\pagefile.sys 5371 6000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.70 Gb Total Space | 19.24 Gb Free Space | 17.23% Space Free | Partition Type: NTFS
    Drive E: | 1.86 Gb Total Space | 1.37 Gb Free Space | 73.30% Space Free | Partition Type: FAT

    Computer Name: M4300 | User Name: Admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Unable to open value key
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Unable to open value key
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0
    "UacDisableNotify" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
    "{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
    "{0D0B4A0D-DF55-4ACD-BE97-A4DFD368C2CE}" = V-Ray for Rhinoceros Academic
    "{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
    "{1C21A34A-5CBA-4AC2-8EDD-6531C06B520E}" = V-Ray for Rhinoceros
    "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
    "{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2222706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 SDK
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
    "{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
    "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
    "{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
    "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3
    "{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
    "{3D3FF9FF-2E7E-46D8-9910-1DAF63730E61}" = Rhinoceros 4.0 Training Materials, Level 1
    "{40625DE4-DCDB-44FE-84B5-E65F1365BF44}" = V-Ray for Rhinoceros
    "{44256B68-51D7-4E8A-B70F-2E00411E2FCA}" = V-Ray for Rhinoceros Academic
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
    "{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
    "{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
    "{50566374-A1F2-4608-A173-771BEEFABAEE}" = V-Ray for Rhinoceros
    "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
    "{5749C17F-5585-4BF3-A194-5F249A839FC9}" = V-Ray for Rhinoceros Academic
    "{5783F2D7-A001-0409-0002-0060B0CE6BBA}" = AutoCAD 2012 - English
    "{5783F2D7-A001-0409-1002-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
    "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
    "{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71AB49D0-9B47-4624-904C-D44B9B996656}" = Wireless N-lite USB Adapter Utility
    "{7346B4A0-1200-0100-0409-705C0D862004}" = Revit Architecture 2012
    "{7346B4A0-1200-0101-0409-705C0D862004}" = Revit Architecture 2012 Language Pack - English
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{778D3D8E-C9B4-4DD0-AB71-96EFE5526A8C}" = V-Ray for Rhinoceros Academic
    "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
    "{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}" = Rhinoceros 4.0 Evaluation
    "{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D3924CA-DA1C-418B-B3F1-B5EACC6D5E6C}" = V-Ray for Rhinoceros Academic
    "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
    "{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
    "{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
    "{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
    "{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BBAB3188-EDC7-0409-A849-659E379CB00A}" = Autodesk 3ds Max Design 2012 32-bit - English
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1D05D17-7DC9-42E4-8599-34A8DB95C892}" = V-Ray for Rhinoceros Academic
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C541BF6F-EC08-4447-8A5B-2A4801465650}" = V-Ray for Rhinoceros
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
    "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
    "{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
    "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
    "{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
    "{FEC02973-0781-49C7-9F04-28DA9BAF0372}" = Composite 2012
    "{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
    "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
    "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
    "AC3Filter_is1" = AC3Filter 2.5b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Akamai" = Akamai NetSession Interface Service
    "AutoCAD 2012 - English" = AutoCAD 2012 - English
    "Autodesk 3ds Max Design 2012 32-bit - English" = Autodesk 3ds Max Design 2012 32-bit - English
    "Autodesk Design Review 2012" = Autodesk Design Review 2012
    "Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012" = Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012
    "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
    "Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
    "Autodesk Revit Architecture 2012" = Autodesk Revit Architecture 2012
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "Cheat Engine 6.1_is1" = Cheat Engine 6.1
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DivX Setup" = DivX Setup
    "ERUNT_is1" = ERUNT 1.1j
    "Google Desktop" = Google Desktop
    "Grasshopper" = Grasshopper
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Rhino RDK" = Rhino RDK
    "SU Podium V2_is1" = SU Podium V2 2.11.130
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/1/2012 11:45:22 AM | Computer Name = M4300 | Source = Adobe Version Cue CS3 | ID = 3
    Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
    already closed Trace: (null)

    Error - 10/1/2012 11:45:22 AM | Computer Name = M4300 | Source = Adobe Version Cue CS3 | ID = 3
    Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
    already closed Trace: (null)

    Error - 10/1/2012 11:45:22 AM | Computer Name = M4300 | Source = Adobe Version Cue CS3 | ID = 3
    Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
    already closed Trace: (null)

    Error - 10/1/2012 11:45:22 AM | Computer Name = M4300 | Source = Adobe Version Cue CS3 | ID = 3
    Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
    already closed Trace: (null)

    Error - 10/1/2012 11:45:22 AM | Computer Name = M4300 | Source = Adobe Version Cue CS3 | ID = 3
    Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
    already closed Trace: (null)

    Error - 10/1/2012 11:45:22 AM | Computer Name = M4300 | Source = Adobe Version Cue CS3 | ID = 3
    Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
    already closed Trace: (null)

    Error - 10/1/2012 11:45:22 AM | Computer Name = M4300 | Source = Adobe Version Cue CS3 | ID = 3
    Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
    already closed Trace: (null)

    Error - 10/1/2012 11:45:22 AM | Computer Name = M4300 | Source = Adobe Version Cue CS3 | ID = 3
    Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
    already closed Trace: (null)

    Error - 10/1/2012 11:45:22 AM | Computer Name = M4300 | Source = Adobe Version Cue CS3 | ID = 3
    Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
    already closed Trace: (null)

    Error - 10/1/2012 12:23:02 PM | Computer Name = M4300 | Source = Adobe Version Cue CS3 | ID = 3
    Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
    already closed Trace: (null)

    [ OSession Events ]
    Error - 6/22/2011 10:53:43 PM | Computer Name = M4300 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6140
    seconds with 1980 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/3/2012 9:31:16 AM | Computer Name = M4300 | Source = Service Control Manager | ID = 7023
    Description = The Airgo service terminated with the following error: %%126

    Error - 10/3/2012 9:31:16 AM | Computer Name = M4300 | Source = Service Control Manager | ID = 7023
    Description = The TPwSav service terminated with the following error: %%126

    Error - 10/3/2012 9:31:16 AM | Computer Name = M4300 | Source = Service Control Manager | ID = 7023
    Description = The Advservice service terminated with the following error: %%126

    Error - 10/3/2012 9:31:16 AM | Computer Name = M4300 | Source = Service Control Manager | ID = 7023
    Description = The GcKernel service terminated with the following error: %%126

    Error - 10/3/2012 9:31:16 AM | Computer Name = M4300 | Source = Service Control Manager | ID = 7023
    Description = The Iaantmon service terminated with the following error: %%126

    Error - 10/3/2012 9:31:16 AM | Computer Name = M4300 | Source = Service Control Manager | ID = 7023
    Description = The Citrixxteserver service terminated with the following error: %%126

    Error - 10/3/2012 9:31:16 AM | Computer Name = M4300 | Source = Service Control Manager | ID = 7023
    Description = The UxTuneUp service terminated with the following error: %%126

    Error - 10/3/2012 9:31:16 AM | Computer Name = M4300 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the TdmService service to
    connect.

    Error - 10/3/2012 9:31:16 AM | Computer Name = M4300 | Source = Service Control Manager | ID = 7000
    Description = The TdmService service failed to start due to the following error:
    %%1053

    Error - 10/3/2012 9:33:03 AM | Computer Name = M4300 | Source = Service Control Manager | ID = 7022
    Description = The Autodesk Content Service service hung on starting.


    < End of report >
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    Your ComboFix log indicated that it had been run 12 times. :eek: Yet there were no other logs listed. Had you used it in the past? Was the Recovery Console installed?


    Please run OTL again. Under the Custom Scans/Fixes box at the bottom paste in the following:

    Code:
    :OTL
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RDID1007.dll -- (symwsc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pimsgss.dll -- (s217mdm)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\streamloadservice.dll -- (patrol_scheduler)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mskservice.dll -- (p2pgasvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsunidrv.dll -- (ovsecurityserver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pptchpad.dll -- (nmwcdc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800mgmt.dll -- (mgabg)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NICM.dll -- (LVCap138)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UsbDiag.dll -- (iaimfp0)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sqlagent$pinnaclesys.dll -- (hcf_msft)
    SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (Epiusb)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imagedrv.dll -- (dsbrokerservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (d-link_st3402)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\advantage.dll -- (clientservice)
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm File not found
    NetSvcs: Epiusb - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
    NetSvcs: patrol_scheduler - %systemroot%\system32\streamloadservice.dll File not found
    NetSvcs: s217mdm - %systemroot%\system32\pimsgss.dll File not found
    NetSvcs: p2pgasvc - %systemroot%\system32\mskservice.dll File not found
    NetSvcs: clientservice - %systemroot%\system32\advantage.dll File not found
    NetSvcs: dsbrokerservice - %systemroot%\system32\imagedrv.dll File not found
    NetSvcs: iaimfp0 - %systemroot%\system32\UsbDiag.dll File not found
    NetSvcs: bantext - File not found
    NetSvcs: LVCap138 - %systemroot%\system32\NICM.dll File not found
    NetSvcs: symwsc - %systemroot%\system32\RDID1007.dll File not found
    NetSvcs: nmwcdc - %systemroot%\system32\pptchpad.dll File not found
    NetSvcs: mgabg - %systemroot%\system32\w800mgmt.dll File not found
    NetSvcs: ovsecurityserver - %systemroot%\system32\dsunidrv.dll File not found
    NetSvcs: hcf_msft - %systemroot%\system32\sqlagent$pinnaclesys.dll File not found
    NetSvcs: d-link_st3402 - %systemroot%\system32\backupexecjobengine.dll File not found
    [2012/09/18 22:20:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB50821$\4219550980\L
    [2012/10/02 09:53:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB50821$\4219550980\U
    [2012/10/02 09:31:22 | 000,000,804 | ---- | M] () -- C:\WINDOWS\$NtUninstallKB50821$\4219550980\L\00000004.@
    [2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
    :Files
    C:\WINDOWS\$NtUninstallKB50821$
    :commands
    [Reboot] 
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  14. Architype

    Architype Thread Starter

    Joined:
    Mar 27, 2012
    Messages:
    34
    Yes, I have used combofix in the past to fix malware on my computer before. Here is the log quickscan log from oldtimer..

    Thanks again..





    OTL logfile created on: 10/3/2012 11:31:33 AM - Run 2
    OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Admin\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 80.33% Memory free
    8.58 Gb Paging File | 8.04 Gb Available in Paging File | 93.70% Paging File free
    Paging file location(s): C:\pagefile.sys 5371 6000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.70 Gb Total Space | 19.25 Gb Free Space | 17.23% Space Free | Partition Type: NTFS
    Drive E: | 1.86 Gb Total Space | 1.37 Gb Free Space | 73.28% Space Free | Partition Type: FAT

    Computer Name: M4300 | User Name: Admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/03 09:34:24 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
    PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Akamai\netsession_win.exe
    PRC - [2012/08/10 01:31:41 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
    PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/09 00:59:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2012/05/09 00:59:43 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    PRC - [2012/05/09 00:59:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2012/05/09 00:59:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2012/04/03 20:36:53 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/01/31 08:56:43 | 000,143,240 | ---- | M] (Ask.com) -- c:\Program Files\Avira\AntiVir Desktop\apnstub.exe
    PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/07/27 22:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () -- c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
    PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    PRC - [2010/06/21 15:24:30 | 001,990,656 | ---- | M] (ZyXEL Technology, Corp.) -- C:\Program Files\ZyXEL\N220\Common\N220.exe
    PRC - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
    PRC - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2007/12/05 21:07:34 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
    PRC - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    PRC - [2007/09/14 11:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    PRC - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/09 00:59:44 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () -- c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
    MOD - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    MOD - [2008/06/29 22:11:04 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
    MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2007/11/28 04:32:00 | 001,163,264 | ---- | M] () -- C:\Program Files\ZyXEL\N220\Common\acAuth.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
    SRV - [2012/09/09 20:18:55 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/06 14:16:49 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
    SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/05/09 00:59:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2012/05/09 00:59:43 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
    SRV - [2012/05/09 00:59:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2012/04/03 20:36:53 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2011/05/09 17:23:33 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/02/23 07:59:00 | 000,086,016 | ---- | M] () [Auto | Running] -- c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe -- (mi-raysat_3dsmax2012_32)
    SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
    SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
    SRV - [2008/02/22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2007/12/05 21:07:34 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
    SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2007/09/07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
    SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
    DRV - [2012/05/09 00:59:44 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2012/05/09 00:59:44 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/05/20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2009/11/19 13:03:18 | 000,803,328 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2008/06/29 22:11:44 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2008/06/15 20:35:02 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2008/06/15 20:35:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2008/06/15 20:35:00 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/12/05 21:07:36 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
    DRV - [2007/09/10 10:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
    DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
    DRV - [2007/09/06 10:18:40 | 000,018,176 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
    DRV - [2007/04/15 22:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/03/18 16:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
    DRV - [2006/11/02 13:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
    DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081010
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GPEA_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=UV-ZL3kkJMUkydWEbRpXkPiEAgI?q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/04/27 20:31:21 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/05 21:05:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 20:18:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/09 20:18:36 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8CF94090-6F79-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Admin\Local Settings\Application Data\{8CF94090-6F79-11E1-826D-B8AC6F996F26}\ [2012/03/16 11:06:08 | 000,000,000 | ---D | M]

    [2011/07/06 23:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
    [2011/09/06 19:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\extensions
    [2012/09/09 20:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/09 20:18:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/09/09 20:18:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/01/04 14:52:54 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
    [2012/09/03 23:18:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/03 23:18:00 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/03/26 18:58:11 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Admin\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DRSpawner.lnk = C:\Documents and Settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless N-lite USB Adapter Utility.lnk = C:\Program Files\ZyXEL\N220\Common\N220.exe (ZyXEL Technology, Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Unable to open value key)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B515332-AE0B-4D61-89A3-D693D0733B5E}: DhcpNameServer = 192.168.1.1 71.252.0.12
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\gemsafe: DllName - (C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll) - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/06/02 21:24:57 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/04/19 01:37:22 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/03 11:26:53 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/10/03 09:53:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/10/03 09:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\IS Enterprises
    [2012/10/03 09:36:21 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
    [2012/10/02 20:49:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/10/02 20:49:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/10/02 20:49:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/10/02 20:49:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/10/02 20:49:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/02 20:48:35 | 004,759,935 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
    [2012/09/19 00:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Old Firefox Data-2
    [2012/09/18 23:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Old Firefox Data-1
    [2012/09/18 23:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Old Firefox Data
    [2012/09/09 20:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/07/06 23:46:08 | 013,683,064 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 5.0.exe
    [1 C:\Documents and Settings\Admin\Desktop\*.tmp files -> C:\Documents and Settings\Admin\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/03 11:32:56 | 000,034,901 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2012/10/03 11:32:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/10/03 11:29:27 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2012/10/03 11:29:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/03 11:29:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/10/03 11:29:06 | 3755,962,368 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/03 11:09:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/03 11:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/10/03 09:34:24 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
    [2012/10/02 20:43:28 | 004,759,935 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
    [2012/09/28 17:05:09 | 000,061,772 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_Design_2.skp
    [2012/09/28 16:09:09 | 000,090,617 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_Design_1.skp
    [2012/09/28 14:57:57 | 000,061,511 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_As_built.skp
    [2012/09/25 14:29:06 | 000,050,337 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\AutoSave_Untitled.skp
    [2012/09/19 11:00:36 | 000,016,269 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\hijackthis_Log_1
    [2012/09/19 09:24:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/09/18 23:50:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/09/12 14:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/09/05 16:58:38 | 003,213,481 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\AS_BIULT_DC_WATER.skp
    [2012/09/05 16:58:28 | 003,213,648 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\AS_BIULT_DC_WATER.skb
    [1 C:\Documents and Settings\Admin\Desktop\*.tmp files -> C:\Documents and Settings\Admin\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/02 20:49:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/10/02 20:49:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/10/02 20:49:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/10/02 20:49:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/10/02 20:49:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/09/28 17:05:09 | 000,061,772 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_Design_2.skp
    [2012/09/28 16:09:09 | 000,090,617 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_Design_1.skp
    [2012/09/28 14:57:57 | 000,061,511 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Kimberly_As_built.skp
    [2012/09/25 14:03:43 | 000,050,337 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\AutoSave_Untitled.skp
    [2012/09/19 11:00:36 | 000,016,269 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\hijackthis_Log_1
    [2012/09/18 23:50:57 | 000,001,901 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DRSpawner.lnk
    [2012/09/18 23:50:57 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless N-lite USB Adapter Utility.lnk
    [2012/09/18 23:50:57 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    [2012/09/18 23:50:57 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/09/18 23:50:57 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    [2012/09/18 23:50:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/09/05 16:36:19 | 003,213,648 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\AS_BIULT_DC_WATER.skb
    [2012/09/05 12:01:20 | 003,213,481 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\AS_BIULT_DC_WATER.skp
    [2012/05/15 00:47:25 | 000,326,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/02/15 09:18:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/06/02 22:54:04 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2011/05/27 13:37:05 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2011/05/09 23:46:30 | 001,910,180 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3991068211-2943843026-3238178938-1005-0.dat
    [2011/05/09 23:46:28 | 000,315,062 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/03/03 17:30:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\BongoSDK.10.v40.dll
    [2011/01/21 13:12:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\g_mgpmro417.ini
    [2011/01/21 13:12:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\bgsqtfk979.dat
    [2010/12/28 00:43:19 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Cdise.dat
    [2008/12/20 21:52:36 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/09 22:50:01 | 000,067,890 | ---- | C] () -- C:\Program Files\FORM-ZSITEPLAN100,0044.jpg
    [2008/11/09 22:48:08 | 000,075,985 | ---- | C] () -- C:\Program Files\FORM-ZSITEPLAN100,0043.jpg
    [2008/11/09 22:42:59 | 000,084,689 | ---- | C] () -- C:\Program Files\FORM-ZSITEPLAN100,0042.jpg
    [2008/10/24 22:58:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\WavXMapDrive.bat

    ========== ZeroAccess Check ==========


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/01/15 15:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\8701BFB086221559C908967FF1EFBA7B
    [2012/04/12 20:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AskToolbar
    [2011/07/27 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Autodesk
    [2008/11/07 17:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\autodessys
    [2008/11/05 19:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Azureus
    [2012/07/05 21:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DDMSettings
    [2012/10/03 11:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dropbox
    [2008/11/11 14:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GetRightToGo
    [2012/03/01 11:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Grasshopper
    [2008/11/06 01:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Opera
    [2012/04/03 20:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Oracle
    [2008/10/10 11:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Wave Systems Corp
    [2012/06/05 23:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASGvis
    [2011/07/27 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2008/11/03 23:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2012/06/04 15:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2011/03/04 03:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel
    [2008/10/10 11:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
    [2008/10/10 11:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp

    ========== Purity Check ==========



    < End of report >
     
  15. Architype

    Architype Thread Starter

    Joined:
    Mar 27, 2012
    Messages:
    34
    oh, also a few random icons popped up on my desktop.

    First is: isecvrfmfkrm.tmp
    Second is: Jeff_decking.dwl
    Third is: Jeff_decking.dwl2
    Fourth is: Thumbs.db
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1070454