TechSpot

IE8 redirect malware

Solved
By CaughtOffGuard
Oct 18, 2012
Topic Status:
Not open for further replies.
  1. I have reviewed some of the malware removal threads for other forum members. The technical volunteers in this forum are great! I hope one of you can help solve the problems with my laptop. The principal symptom I have observed is that all of my Google searches get redirected when I click on the hyperlink for a search result. I can avoid the redirect if I go to a cached version of the search result, but it is clear that some sort of malware has control of iexplorer.

    I followed your 5-Step Preliminary Removal Instructions, and my logs follow"
    -------------------------------------------------------------------------------------------------------------------------
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.10.18.06
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    admin_sertman :: MAH-SERTMAN [administrator]
    10/18/2012 11:00:26 AM
    mbam-log-2012-10-18 (11-00-26).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 355096
    Time elapsed: 11 minute(s), 12 second(s)
    Memory Processes Detected: 1
    C:\Documents and Settings\All Users\Application Data\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> 2644 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro1 (Trojan.Dropper) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Documents and Settings\All Users\Application Data\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Delete on reboot.
    (end)
    -------------------------------------------------------------------------------------------------------------------------
    -------------------------------------------------------------------------------------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-18 11:26:00
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
    Running: bph3uchs.exe; Driver: C:\DOCUME~1\ADMIN_~1\LOCALS~1\Temp\kxdoikog.sys

    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip QipTdi.sys (QIPTDI Application/Websense, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp QipTdi.sys (QIPTDI Application/Websense, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp QipTdi.sys (QIPTDI Application/Websense, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp QipTdi.sys (QIPTDI Application/Websense, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    ---- EOF - GMER 1.0.15 ----
    -------------------------------------------------------------------------------------------------------------------------
    -------------------------------------------------------------------------------------------------------------------------
    DDS (Ver_2012-10-14.05) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
    Run by admin_sertman at 11:29:56 on 2012-10-18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.2091 [GMT -4:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\btservice.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Progra~1\Abacus\BillingPopup\AbacusBillingPopupService.exe
    C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\LANDesk\Shared Files\residentagent.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\PROGRA~1\LANDesk\LDClient\collector.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    C:\WINDOWS\system32\CBA\pds.exe
    C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
    C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
    C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\TOSHIBA\IVP\ISM\pinger.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\ProPatches\Scheduler\STSchedEx.exe
    C:\Program Files\LANDesk\LDCLient\softmon.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\TIREMOTE\TIRemoteService.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files\Websense\Websense Endpoint\wepsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\USBStorage\USBDetector.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe
    C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
    C:\Program Files\HDR\HDR Interactive Call Expensor\ICE.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe
    C:\Program Files\Websense\Websense Endpoint\RFUI.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.hdrinc.com
    uWindow Title = Windows Internet Explorer provided by HDR, Inc. v1.4
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://home.hdrinc.com
    BHO: PowerBroker Desktops Browser Helper: {0A9CDB52-EBDF-4210-9C6A-B90C2FD410AB} - c:\windows\system32\pmbho.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_265_ActiveX.exe -update activex
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
    mRun: [LANDeskCustomData] "c:\program files\landesk\ldclient\ldcstm32.exe" /s
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
    mRun: [USBDetector] c:\usbstorage\USBDetector.exe
    mRun: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
    dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\abacus~1.lnk - c:\program files\abacus\billingpopup\AbacusBillingClient.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hdrint~1.lnk - c:\program files\hdr\hdr interactive call expensor\ICE.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wnwtra~1.lnk - c:\program files\wiley\webster's new world\HKML_SRV.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
    mPolicies-System: RunLogonScriptSync = dword:0
    mPolicies-System: HideStartupScripts = dword:1
    mPolicies-System: HideShutdownScripts = dword:1
    mPolicies-System: MaxGPOScriptWait = dword:60
    mPolicies-Windows\System: GpNetworkStartTimeoutPolicyValue = dword:60
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: eform.ae
    Trusted Zone: eforms.ae
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343983260375
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343983182187
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www3.gotomeeting.com/default/applets/g2mdlax.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab
    DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://asascience.webex.com/client/T27LB/webex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ice.hydroqual.com/dana-cached/setup/JuniperSetupSP1.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ice.hydroqual.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 10.73.134.246 10.4.0.91 10.4.0.139
    TCP: Interfaces\{231FF0A2-8CAD-4FDC-B83A-4BB87C7AB06F} : DHCPNameServer = 10.73.134.246 10.4.0.91 10.4.0.139
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
    Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 192.168.1.2 HP0017A42A1C10
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\admin_sertman\application data\mozilla\firefox\profiles\93b1epg2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
    FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
    FF - prefs.js: browser.search.selectedEngine - Alnaddy
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\download manager\npfpdlm.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
    FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
    FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
    FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
    FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
    FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
    FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
    FF - user.js: extensions.alnaddyToolbar_i.newTab - true
    FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
    FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
    FF - user.js: extensions.alnaddyToolbar.id - d0ebde4c00000000000000fff3acc37f
    FF - user.js: extensions.alnaddyToolbar.instlDay - 15581
    FF - user.js: extensions.alnaddyToolbar.vrsn - 1.6.4.0
    FF - user.js: extensions.alnaddyToolbar.vrsni - 1.6.4.0
    FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.6.4.012:24:06
    FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
    FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
    FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
    FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
    FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
    FF - user.js: extensions.alnaddyToolbar.instlRef -
    FF - user.js: extensions.alnaddyToolbar.dfltLng -
    FF - user.js: extensions.alnaddyToolbar.excTlbr - false
    FF - user.js: extensions.alnaddyToolbar.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 privman;privman;c:\windows\system32\drivers\privman.sys [2011-2-12 30416]
    R1 QIP;QIP;c:\windows\system32\drivers\Qip.sys [2011-8-1 56640]
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-10-26 21240]
    R2 AbacusBillingPopupService;AbacusBillingPopupService;c:\progra~1\abacus\billingpopup\AbacusBillingPopupService.exe [2011-7-21 299008]
    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-9-20 1236368]
    R2 BTService;PowerBroker Desktop Service;c:\windows\system32\btservice.exe [2010-9-23 420680]
    R2 CBA8;LANDesk(R) Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2011-8-1 147456]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-8-4 108456]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-8-4 108456]
    R2 CSIRemoteC;CM Remote Client;c:\program files\cm remote client\CSIRemoteCSvc.exe [2009-12-5 102400]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-3-9 13592]
    R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2012-1-28 207872]
    R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\landesk\ldclient\tmcsvc.exe [2012-1-28 179200]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-7-23 10448]
    R2 QipTdi;WEP QipTdi Driver;c:\windows\system32\drivers\QIPTDI.sys [2011-8-1 46656]
    R2 RNetCore;RF RNetCore Driver;c:\windows\system32\drivers\RNetCore.sys [2011-8-1 28544]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-10-26 77816]
    R2 Shavlik Scheduler;Shavlik Remote Scheduler Service;c:\windows\propatches\scheduler\STSchedEx.exe [2010-11-5 822112]
    R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2012-1-28 403632]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-8-4 1839888]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
    R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\tiremote\TIRemoteService.exe [2009-8-31 210944]
    R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
    R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2008-12-10 1590216]
    R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2009-6-26 102400]
    R2 WSRF;Websense Desktop Client ;c:\program files\websense\websense endpoint\wepsvc.exe [2011-10-19 60928]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-12-21 618896]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-11 5888]
    R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2012-1-25 14848]
    R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2012-1-25 5120]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 40720]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 10384]
    R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2012-1-25 6656]
    R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2011-2-8 10688]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20121017.019\NAVENG.SYS [2012-10-17 92704]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20121017.019\NAVEX15.SYS [2012-10-17 1601184]
    R3 NtiEnc;NtiEnc;c:\windows\system32\drivers\NtiEnc.sys [2010-2-11 156928]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-3-9 197224]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 135664]
    S2 ProcTrigger;LANDesk(R) Process Trigger Service;c:\program files\landesk\ldclient\ProcTriggerSvc.exe [2012-1-28 143872]
    S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
    S2 tracksvc;LANDesk(R) Power Management Track Service;c:\program files\landesk\ldclient\tracksvc.exe [2012-1-28 66560]
    S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2012-3-9 1414528]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-7-2 23888]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 cpuz130;cpuz130;\??\c:\docume~1\sertman\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\sertman\locals~1\temp\cpuz130\cpuz_x32.sys [?]
    S3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\emp_udau.sys --> c:\windows\system32\drivers\EMP_UDAU.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 135664]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
    S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-12-10 34248]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-22 114144]
    S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2011-1-5 6913920]
    S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys --> c:\windows\system32\drivers\ngfilter.sys [?]
    S3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys --> c:\windows\system32\drivers\nglog.sys [?]
    S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys --> c:\windows\system32\drivers\ngvpn.sys [?]
    S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys --> c:\windows\system32\drivers\ngwfp.sys [?]
    S3 NinjaService;NinjaService;c:\program files\newtech infosystems\nti shadow 4\NinjaService.exe [2009-12-3 243968]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-9-4 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-9-11 14336]
    .
    =============== File Associations ===============
    .
    ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
    ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
    .
    =============== Created Last 30 ================
    .
    2012-10-18 14:59:01 -------- d-----w- c:\documents and settings\admin_sertman\application data\Malwarebytes
    2012-10-18 14:58:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-10-18 14:58:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-18 14:58:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-17 21:31:22 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
    2012-10-17 14:52:24 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus
    2012-10-17 14:44:56 -------- d-----w- c:\documents and settings\admin_sertman\application data\LavasoftStatistics
    2012-10-17 14:39:30 -------- d-----w- c:\windows\system32\drivers\VDD
    2012-10-17 14:39:30 -------- d-----w- c:\program files\Ad-Aware Antivirus
    2012-10-17 14:38:32 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\Downloaded Installations
    2012-10-17 14:37:53 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
    2012-10-17 14:37:53 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\adawarebp
    2012-10-17 14:37:51 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
    2012-10-17 14:37:47 -------- d-----w- c:\program files\adawaretb
    2012-10-17 14:37:47 -------- d-----w- c:\documents and settings\admin_sertman\application data\adawaretb
    2012-10-17 14:37:46 -------- d-----w- c:\program files\Toolbar Cleaner
    2012-10-17 14:36:33 -------- d-----w- c:\documents and settings\admin_sertman\application data\Ad-Aware Antivirus
    2012-10-17 14:22:53 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\Threat Expert
    2012-10-17 13:32:48 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-10-17 13:32:48 -------- d-----w- c:\program files\common files\PC Tools
    2012-10-17 13:32:25 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2012-10-17 13:32:23 -------- d-----w- c:\documents and settings\admin_sertman\application data\TestApp
    2012-10-04 15:51:45 -------- d-----w- C:\Program Files (x86)
    2012-10-04 15:34:53 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\{F634D983-4380-4DAE-8533-9D1A163A3FC1}
    2012-10-04 13:50:57 -------- d-----w- c:\program files\Admiralty_Digital_Catalogue
    2012-10-04 13:50:57 -------- d-----w- c:\documents and settings\all users\application data\Admiralty_Digital_Catalogue
    2012-10-03 17:18:15 -------- d-----w- c:\program files\common files\EPSON Projector
    2012-10-03 14:27:29 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-03 13:19:58 -------- d-----w- c:\program files\UPHClean
    2012-10-03 13:09:34 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2012-10-03 13:09:31 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2012-10-03 13:09:31 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2012-10-03 13:09:28 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2012-10-03 13:09:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2012-10-03 13:09:12 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2012-10-03 13:09:09 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2012-10-03 13:09:09 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2012-10-03 13:09:06 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
    2012-10-03 13:09:06 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2012-10-03 13:07:58 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
    2012-10-03 13:06:57 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
    2012-10-03 13:05:57 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
    2012-10-03 13:04:57 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
    2012-10-03 13:03:59 404990 -c--a-w- c:\windows\system32\dllcache\slntamr.sys
    2012-10-03 13:02:59 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
    2012-10-03 13:01:59 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
    2012-10-03 13:00:58 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
    2012-10-03 12:59:58 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
    2012-10-03 12:58:58 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
    2012-10-03 12:57:59 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
    2012-10-03 12:56:59 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2012-10-03 12:55:59 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
    2012-10-03 12:54:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
    2012-10-03 12:53:59 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
    2012-10-03 12:52:59 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
    2012-10-03 12:51:59 3072 -c--a-w- c:\windows\system32\dllcache\cwbase.sys
    2012-10-03 12:50:59 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
    2012-10-03 12:49:57 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
    .
    ==================== Find3M ====================
    .
    2012-08-29 09:31:21 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-29 09:31:20 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 11:31:27.81 ===============
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    AdwCleaner Scan
    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
    OTL Scan
    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    • Click the Run Scanbutton. The scan will not take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  3. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Greetings DragonMaster Jay and thanks for your help. I went through these additional actions (ComboFix, AdwCleaner, OTL); however, Symantec Endpoint Protection was locked, so I could not disable real-time protection before scanning with ComboFix. Nevertheless, the scan seemed to run OK. Logs for ComboFix and ADWCleaner are listed below. Due to size restrictions, the two OTL logs will follow in one or possibly two subsequent replies.
    ------------------------------------------------------------------------------------------------------------------------------------
    ------------------------------------------------------------------------------------------------------------------------------------
    ComboFix 12-10-18.03 - admin_sertman 10/19/2012 8:35.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.1976 [GMT -4:00]
    Running from: c:\documents and settings\admin_sertman\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\admin_sertman\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\admin_sertman\System
    c:\documents and settings\admin_sertman\System\win_qs8.jqx
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\sertman\g2mdlhlpx.exe
    c:\documents and settings\sertman\WINDOWS
    c:\program files\msoffice
    c:\windows\system32\default_user_class.dat.LOG
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\exploder.exe
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\system32\URTTemp\URTCore.cab
    G:\Autorun.inf
    G:\Setup.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_UVNC_SERVICE
    -------\Service_uvnc_service
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-18 14:59 . 2012-10-18 14:59 -------- d-----w- c:\documents and settings\admin_sertman\Application Data\Malwarebytes
    2012-10-18 14:58 . 2012-10-18 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-10-18 14:58 . 2012-10-18 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-18 14:58 . 2012-09-29 23:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-17 21:31 . 2012-09-06 01:26 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
    2012-10-17 14:52 . 2012-10-17 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Antivirus
    2012-10-17 14:46 . 2012-10-17 14:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
    2012-10-17 14:44 . 2012-10-17 14:44 -------- d-----w- c:\documents and settings\admin_sertman\Application Data\LavasoftStatistics
    2012-10-17 14:39 . 2012-10-17 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2012-10-17 14:39 . 2012-10-17 14:48 -------- d-----w- c:\program files\Ad-Aware Antivirus
    2012-10-17 14:39 . 2012-10-17 14:39 -------- d-----w- c:\windows\system32\drivers\VDD
    2012-10-17 14:38 . 2012-10-17 14:38 -------- d-----w- c:\documents and settings\admin_sertman\Local Settings\Application Data\Downloaded Installations
    2012-10-17 14:37 . 2012-10-17 14:50 -------- d-----w- c:\documents and settings\admin_sertman\Local Settings\Application Data\adawarebp
    2012-10-17 14:37 . 2012-10-17 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
    2012-10-17 14:37 . 2012-10-17 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
    2012-10-17 14:37 . 2012-10-17 14:37 -------- d-----w- c:\program files\adawaretb
    2012-10-17 14:37 . 2012-10-17 14:37 -------- d-----w- c:\documents and settings\admin_sertman\Application Data\adawaretb
    2012-10-17 14:37 . 2012-10-17 14:37 -------- d-----w- c:\program files\Toolbar Cleaner
    2012-10-17 14:36 . 2012-10-18 15:24 -------- d-----w- c:\documents and settings\admin_sertman\Application Data\Ad-Aware Antivirus
    2012-10-17 14:22 . 2012-10-17 14:22 -------- d-----w- c:\documents and settings\admin_sertman\Local Settings\Application Data\Threat Expert
    2012-10-17 13:32 . 2012-10-17 14:24 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-10-17 13:32 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-10-17 13:32 . 2012-10-17 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-10-17 13:32 . 2012-10-17 13:32 -------- d-----w- c:\documents and settings\admin_sertman\Application Data\TestApp
    2012-10-04 15:51 . 2012-10-04 15:51 -------- d-----w- C:\Program Files (x86)
    2012-10-04 15:34 . 2012-10-04 15:34 -------- d-----w- c:\documents and settings\admin_sertman\Local Settings\Application Data\{F634D983-4380-4DAE-8533-9D1A163A3FC1}
    2012-10-04 13:50 . 2012-10-04 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Admiralty_Digital_Catalogue
    2012-10-04 13:50 . 2012-10-04 13:50 -------- d-----w- c:\program files\Admiralty_Digital_Catalogue
    2012-10-03 17:30 . 2012-10-03 17:30 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-10-03 17:18 . 2012-10-03 17:18 -------- d-----w- c:\program files\Common Files\EPSON Projector
    2012-10-03 14:27 . 2012-10-03 14:27 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-03 13:19 . 2012-10-03 13:19 -------- d-----w- c:\program files\UPHClean
    2012-10-03 12:50 . 2008-04-14 04:16 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
    2012-10-03 12:49 . 2003-03-24 20:52 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe
    2012-10-03 12:49 . 2003-03-24 20:52 20540 -c--a-w- c:\windows\system32\dllcache\author.dll
    2012-10-03 12:49 . 2003-03-24 20:52 16439 -c--a-w- c:\windows\system32\dllcache\author.exe
    2012-10-03 12:49 . 2008-04-14 12:00 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
    2012-10-03 12:49 . 2008-04-14 12:00 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
    2012-10-03 12:49 . 2003-03-24 20:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
    2012-10-03 12:49 . 2003-03-24 20:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-19 12:24 . 2012-04-04 00:52 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-19 12:24 . 2011-09-02 16:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-28 15:14 . 2008-09-11 20:42 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2008-09-11 20:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2008-09-11 20:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2008-09-11 20:42 385024 ----a-w- c:\windows\system32\html.iec
    2012-09-06 01:27 . 2011-10-31 17:00 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-06-07 01:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-08-04 115624]
    "Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-06-11 12099672]
    "LANDeskCustomData"="c:\program files\LANDesk\LDCLient\ldcstm32.exe" [2010-06-29 297472]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
    "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19979400]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Abacus Billing Client.lnk - c:\program files\Abacus\BillingPopup\AbacusBillingClient.exe [2011-10-11 2191360]
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-12-16 295606]
    Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2012-7-18 738776]
    HDR Interactive Call Expensor.lnk - c:\program files\HDR\HDR Interactive Call Expensor\ICE.exe [2012-2-20 160768]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-25 813584]
    WNW Tray Agent.lnk - c:\program files\Wiley\Webster's New World\HKML_SRV.exe [2008-12-23 147456]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideShutdownScripts"= 1 (0x1)
    "MaxGPOScriptWait"= 60 (0x3c)
    .
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\btpload32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-573735546-1417001333-386158\Scripts\Logon\0\0]
    "Script"=LogonApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-573735546-1417001333-386158\Scripts\Logon\1\0]
    "Script"=%systemroot%\HDR\Scripts\aventail-1054.cmd
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1078081533-573735546-1417001333-429851\Scripts\Logon\0\0]
    "Script"=%systemroot%\HDR\Scripts\aventail-1054.cmd
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Abacus\\BillingPopup\\AbacusBillingPopupService.exe"=
    "c:\\Program Files\\Abacus\\BillingPopup\\AbacusBillingClient.exe"=
    "c:\\WINDOWS\\system32\\mDNSResponder.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\Microsoft Lync\\UcMapi.exe"=
    "c:\\Program Files\\Microsoft Lync\\communicator.exe"=
    "c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "59007:TCP"= 59007:TCP:pandoRest Listening Port
    "56505:TCP"= 56505:TCP:pando Media Booster
    "56505:UDP"= 56505:UDP:pando Media Booster
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R1 privman;privman;c:\windows\system32\drivers\privman.sys [2/12/2011 5:55 PM 30416]
    R1 QIP;QIP;c:\windows\system32\drivers\Qip.sys [8/1/2011 11:57 PM 56640]
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/26/2009 4:06 PM 21240]
    R2 AbacusBillingPopupService;AbacusBillingPopupService;c:\progra~1\Abacus\BillingPopup\AbacusBillingPopupService.exe [7/21/2011 3:44 AM 299008]
    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [9/20/2012 3:03 PM 1236368]
    R2 BTService;PowerBroker Desktop Service;c:\windows\system32\btservice.exe [9/23/2010 2:31 PM 420680]
    R2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [8/1/2011 1:30 PM 147456]
    R2 CSIRemoteC;CM Remote Client;c:\program files\CM Remote Client\CSIRemoteCSvc.exe [12/5/2009 5:52 PM 102400]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [3/9/2012 1:59 PM 13592]
    R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [1/28/2012 12:09 PM 207872]
    R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\LANDesk\LDClient\tmcsvc.exe [1/28/2012 12:09 PM 179200]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [7/23/2010 8:17 AM 10448]
    R2 QipTdi;WEP QipTdi Driver;c:\windows\system32\drivers\QIPTDI.sys [8/1/2011 11:57 PM 46656]
    R2 RNetCore;RF RNetCore Driver;c:\windows\system32\drivers\RNetCore.sys [8/1/2011 11:57 PM 28544]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/26/2009 4:06 PM 77816]
    R2 Shavlik Scheduler;Shavlik Remote Scheduler Service;c:\windows\ProPatches\Scheduler\STSchedEx.exe [11/5/2010 12:00 PM 822112]
    R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [1/28/2012 12:09 PM 403632]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 3:22 PM 105856]
    R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [8/31/2009 4:01 PM 210944]
    R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 3:15 PM 134016]
    R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [6/26/2009 7:56 AM 102400]
    R2 WSRF;Websense Desktop Client ;c:\program files\Websense\Websense Endpoint\wepsvc.exe [10/19/2011 11:57 AM 60928]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [12/21/2008 12:49 AM 618896]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2012 4:00 AM 106656]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [9/11/2008 5:10 PM 5888]
    R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [1/25/2012 9:28 AM 14848]
    R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [1/25/2012 9:28 AM 5120]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/2010 5:01 AM 40720]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/2010 5:01 AM 10384]
    R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [1/25/2012 9:28 AM 6656]
    R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2/8/2011 2:12 AM 10688]
    R3 NtiEnc;NtiEnc;c:\windows\system32\drivers\NtiEnc.sys [2/11/2010 8:48 AM 156928]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/9/2012 2:18 PM 197224]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/26/2011 2:23 PM 101112]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/11/2009 8:24 AM 135664]
    S2 ProcTrigger;LANDesk(R) Process Trigger Service;c:\program files\LANDesk\LDClient\ProcTriggerSvc.exe [1/28/2012 12:10 PM 143872]
    S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [12/19/2011 1:20 PM 3289032]
    S2 tracksvc;LANDesk(R) Power Management Track Service;c:\program files\LANDesk\LDClient\tracksvc.exe [1/28/2012 12:10 PM 66560]
    S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [3/9/2012 2:34 PM 1414528]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/2/2010 11:55 AM 23888]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 2:58 AM 11336]
    S3 cpuz130;cpuz130;\??\c:\docume~1\sertman\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\sertman\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys --> c:\windows\system32\drivers\EMP_UDAU.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/11/2009 8:24 AM 135664]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/22/2012 11:37 AM 114144]
    S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [1/5/2011 7:38 AM 6913920]
    S3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys --> c:\windows\system32\DRIVERS\ngfilter.sys [?]
    S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys --> c:\windows\system32\DRIVERS\nglog.sys [?]
    S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys --> c:\windows\system32\DRIVERS\ngvpn.sys [?]
    S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys --> c:\windows\system32\DRIVERS\ngwfp.sys [?]
    S3 NinjaService;NinjaService;c:\program files\NewTech Infosystems\NTI Shadow 4\NinjaService.exe [12/3/2009 6:07 AM 243968]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [9/4/2010 6:20 AM 11520]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - uphcleanhlp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc05d8ae4a481b.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 12:24]
    .
    2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 12:24]
    .
    2012-10-19 c:\windows\Tasks\HDR - Daily Workstation Tasks.job
    - c:\windows\hdr\scripts\Scheduled Tasks - Daily.cmd [2012-10-17 15:34]
    .
    2012-10-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2012-06-07 01:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://home.hdrinc.com
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: eform.ae
    Trusted Zone: eforms.ae
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    TCP: DhcpNameServer = 10.73.134.246 10.4.0.91 10.4.0.139
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    FF - ProfilePath - c:\documents and settings\admin_sertman\Application Data\Mozilla\Firefox\Profiles\93b1epg2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
    FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
    FF - prefs.js: browser.search.selectedEngine - Alnaddy
    FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
    FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
    FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
    FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
    FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
    FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
    FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
    FF - user.js: extensions.alnaddyToolbar_i.newTab - true
    FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
    FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
    FF - user.js: extensions.alnaddyToolbar.id - d0ebde4c00000000000000fff3acc37f
    FF - user.js: extensions.alnaddyToolbar.instlDay - 15581
    FF - user.js: extensions.alnaddyToolbar.vrsn - 1.6.4.0
    FF - user.js: extensions.alnaddyToolbar.vrsni - 1.6.4.0
    FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.6.4.012:24
    FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
    FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
    FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
    FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
    FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
    FF - user.js: extensions.alnaddyToolbar.instlRef -
    FF - user.js: extensions.alnaddyToolbar.dfltLng -
    FF - user.js: extensions.alnaddyToolbar.excTlbr - false
    FF - user.js: extensions.alnaddyToolbar.admin - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-CmUsbSound - cmcnfgu.cpl
    SafeBoot-57111201.sys
    SafeBoot-69220509.sys
    SafeBoot-Symantec Antvirus
    AddRemove-Legacy 7.4 - c:\program files\Legacy\UNWISE.EXE
    AddRemove-{FE6BAA0E-00CF-4DEE-BDD6-89E140E4649D}_is1 - c:\documents and settings\sertman\Desktop\WorkHorse Documentation\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-19 08:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(980)
    c:\windows\system32\privman32.dll
    c:\program files\Bonjour\mdnsNSP.dll
    .
    - - - - - - - > 'lsass.exe'(1048)
    c:\program files\Bonjour\mdnsNSP.dll
    .
    - - - - - - - > 'explorer.exe'(3960)
    c:\windows\system32\WININET.dll
    c:\windows\system32\privman32.dll
    c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\AcSignIcon.dll
    c:\program files\Wiley\Webster's New World\HKMLLoad.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\progra~1\LANDesk\LDClient\collector.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\progra~1\LANDesk\LDClient\LDregwatch.exe
    c:\program files\LANDesk\LDClient\LocalSch.EXE
    c:\windows\system32\CBA\pds.exe
    c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
    c:\progra~1\LANDesk\LDCLient\issuser.exe
    c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    c:\toshiba\IVP\ISM\pinger.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\toshiba\IVP\swupdate\swupdtmr.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\UPHClean\uphclean.exe
    c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
    c:\windows\system32\RunDll32.exe
    c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
    c:\progra~1\LANDesk\LDCLient\rcgui.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\program files\Websense\Websense Endpoint\RFUI.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-19 08:52:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-19 12:52
    .
    Pre-Run: 110,682,038,272 bytes free
    Post-Run: 111,250,587,648 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 219228E5040E1A1A4AD3D98AC549F7E9
    -------------------------------------------------------------------------------------------------------------
    -------------------------------------------------------------------------------------------------------------
    # AdwCleaner v2.005 - Logfile created 10/19/2012 at 08:56:54
    # Updated 14/10/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : admin_sertman - MAH-SERTMAN
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\admin_sertman\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\user.js
    File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    Folder Deleted : C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Firefox\Profiles\93b1epg2.default\extensions\staged
    Folder Deleted : C:\Documents and Settings\admin_sertman\Local Settings\Application Data\APN
    Folder Deleted : C:\Documents and Settings\admin_sertman\Local Settings\Application Data\AskToolbar
    Folder Deleted : C:\Documents and Settings\admin_sertman\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\sertman\Local Settings\Application Data\AskToolbar
    Folder Deleted : C:\Documents and Settings\sertman\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Program Files\Ask.com
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    ***** [Registry] *****
    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AskToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    [OK] Registry is clean.
    -\\ Mozilla Firefox v15.0.1 (en-US)
    Profile name : default
    File : C:\Documents and Settings\sertman\Application Data\Mozilla\Firefox\Profiles\fmighqsu.default\prefs.js
    [OK] File is clean.
    Profile name : default
    File : C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Firefox\Profiles\93b1epg2.default\prefs.js
    C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Firefox\Profiles\93b1epg2.default\user.js ... Deleted !
    [OK] File is clean.
    Profile name : default
    File : C:\Documents and Settings\sertman\Application Data\Mozilla\Firefox\Profiles\fmighqsu.default\prefs.js
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [5520 octets] - [19/10/2012 08:56:54]
    ########## EOF - C:\AdwCleaner[S1].txt - [5580 octets] ##########
  4. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Here is the Part I of the OTL logfile:
    =========================================================================

    OTL logfile created on: 10/19/2012 9:04:07 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin_sertman\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 70.61% Memory free
    4.71 Gb Paging File | 3.92 Gb Available in Paging File | 83.17% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 225.37 Gb Total Space | 103.64 Gb Free Space | 45.99% Space Free | Partition Type: NTFS
    Drive G: | 465.76 Gb Total Space | 434.94 Gb Free Space | 93.38% Space Free | Partition Type: NTFS

    Computer Name: MAH-SERTMAN | User Name: admin_sertman | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/19 08:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin_sertman\Desktop\OTL.exe
    PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    PRC - [2012/09/20 15:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
    PRC - [2012/08/08 04:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2012/07/27 16:51:28 | 001,498,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
    PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    PRC - [2012/02/20 08:46:18 | 000,160,768 | ---- | M] (HDR, Inc.) -- C:\Program Files\HDR\HDR Interactive Call Expensor\ICE.exe
    PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    PRC - [2011/10/28 05:09:56 | 000,399,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
    PRC - [2011/10/20 05:22:32 | 001,459,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
    PRC - [2011/10/19 12:13:24 | 000,069,632 | ---- | M] (Websense, Inc.) -- C:\Program Files\Websense\Websense Endpoint\RFUI.exe
    PRC - [2011/10/19 11:57:38 | 000,060,928 | ---- | M] (Websense, Inc.) -- C:\Program Files\Websense\Websense Endpoint\wepsvc.exe
    PRC - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
    PRC - [2011/10/19 05:23:30 | 000,179,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    PRC - [2011/10/14 05:38:52 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    PRC - [2011/10/11 19:13:24 | 002,191,360 | ---- | M] (American Reprographics Company) -- C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe
    PRC - [2011/09/29 05:30:28 | 000,207,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
    PRC - [2011/08/04 10:07:32 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2011/08/04 10:07:32 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2011/08/04 10:07:30 | 001,893,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2011/08/04 10:07:30 | 001,839,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2011/08/04 10:07:30 | 001,459,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2011/08/01 13:30:36 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
    PRC - [2011/07/29 05:47:02 | 000,446,464 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\LDRegWatch.exe
    PRC - [2011/07/21 09:24:00 | 000,496,128 | ---- | M] (LANDesk Software, Inc. and its affiliates ) -- C:\Program Files\LANDesk\LDClient\collector.exe
    PRC - [2011/07/21 03:44:14 | 000,299,008 | ---- | M] (American Reprographics Company) -- C:\Program Files\Abacus\BillingPopup\AbacusBillingPopupService.exe
    PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/04/20 10:12:18 | 000,618,896 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
    PRC - [2010/11/11 14:12:10 | 000,210,944 | ---- | M] (Numara Software, Inc.) -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe
    PRC - [2010/10/19 06:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    PRC - [2010/10/19 06:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    PRC - [2010/10/19 06:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2010/09/23 14:31:04 | 000,420,680 | ---- | M] (BeyondTrust Software, Inc.) -- C:\WINDOWS\system32\btservice.exe
    PRC - [2010/09/16 13:25:46 | 000,822,112 | ---- | M] (Shavlik Technologies, LLC) -- C:\WINDOWS\ProPatches\Scheduler\STSchedEx.exe
    PRC - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe
    PRC - [2009/12/05 17:52:54 | 000,102,400 | ---- | M] (Configuresoft, Inc.) -- C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe
    PRC - [2009/07/20 04:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2009/07/10 04:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
    PRC - [2009/06/26 07:56:58 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    PRC - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    PRC - [2008/04/14 19:43:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe
    PRC - [2007/11/21 09:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
    PRC - [2007/08/31 09:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
    PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
    PRC - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
    PRC - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
    PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
    PRC - [2006/03/16 16:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2005/04/15 18:13:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe
    PRC - [2005/01/17 19:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2003/04/01 12:33:00 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/25 16:07:36 | 000,165,768 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
    MOD - [2012/09/25 16:07:34 | 000,190,344 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
    MOD - [2012/08/03 05:35:37 | 000,148,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\02d4f7c8ce1dfb5fff316ce0e2fea2f2\System.Configuration.Install.ni.dll
    MOD - [2012/08/03 05:35:35 | 012,079,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\d0442665f4a2e9bdbb0b8c6cc54c2045\System.Web.ni.dll
    MOD - [2012/08/03 05:30:23 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
    MOD - [2012/08/03 05:29:55 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
    MOD - [2012/08/03 05:29:34 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
    MOD - [2012/08/03 05:27:48 | 000,492,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ad089eada43038d3c2a7cd11ceabd92f\IAStorUtil.ni.dll
    MOD - [2012/08/03 05:26:01 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9cbf4db0137df3dd2d784f0b5134ca33\System.Windows.Forms.ni.dll
    MOD - [2012/08/03 05:19:51 | 018,000,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4d0e6813ee28a4025fa95bc44c6f705\PresentationFramework.ni.dll
    MOD - [2012/08/03 05:19:28 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\8031637a4a7272b1933b2e3e4b0d0b1e\PresentationCore.ni.dll
    MOD - [2012/08/03 05:19:15 | 003,858,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\359af5f153629c174201d64f3df85bb2\WindowsBase.ni.dll
    MOD - [2012/08/03 05:19:13 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\1f95afe8b48bf2a342f6109c629e105a\System.Drawing.ni.dll
    MOD - [2012/08/03 05:15:23 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
    MOD - [2012/07/27 16:51:28 | 000,249,272 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
    MOD - [2012/05/16 12:20:27 | 013,345,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\2b9bd93e5e06cf973a0fd6bc5be4a913\System.Data.Entity.ni.dll
    MOD - [2012/05/16 12:19:00 | 001,189,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\e71cb6db96a90da4509f3dfd6dbd0f3c\System.Data.OracleClient.ni.dll
    MOD - [2012/05/16 12:18:46 | 001,172,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8f0c9b7ceacd801e9605145985c6e9b2\System.DirectoryServices.ni.dll
    MOD - [2012/05/16 12:18:45 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a3f349ed89d70bbcb354ba571a514d1f\System.EnterpriseServices.ni.dll
    MOD - [2012/05/16 12:18:45 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a3f349ed89d70bbcb354ba571a514d1f\System.EnterpriseServices.Wrapper.dll
    MOD - [2012/05/16 12:18:44 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\fba015d3327119e4fe4c2eeb98c8f29a\System.Transactions.ni.dll
    MOD - [2012/05/16 12:18:42 | 002,658,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9f63fa70dd29977c1aa9c9e5e80799d8\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/16 12:18:39 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0aa2cbfdd66bbf6f74b7eccb111c0c95\System.Xml.Linq.ni.dll
    MOD - [2012/05/16 12:17:53 | 001,782,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\705c03cf409352bbed2b21fabdaacf03\System.Xaml.ni.dll
    MOD - [2012/05/16 12:14:58 | 000,172,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\01aba83a58ab96147dd87e4d6032a0d4\IsdiInterop.ni.dll
    MOD - [2012/05/16 12:14:58 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5f53bb9e3d1bd127a39576d1314842b5\IAStorCommon.ni.dll
    MOD - [2012/05/16 12:14:57 | 000,225,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\953c6e0e5db956f3b7acf40d04e71944\IAStorDataMgr.ni.dll
    MOD - [2012/05/16 12:14:57 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\84130a118b23db02a8b815679cf97e77\IAStorDataMgrSvc.ni.exe
    MOD - [2012/05/16 11:11:04 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\201d2726e96db96955949d510b78d79d\PresentationFramework.Luna.ni.dll
    MOD - [2012/05/16 11:11:03 | 006,864,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\f31a114b20f140f38a6e7e1bb6657dc9\System.Data.ni.dll
    MOD - [2012/05/16 11:10:52 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\c49cb68c6265385b749455cb32b79460\System.Xml.ni.dll
    MOD - [2012/05/16 11:10:47 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\b479bcb758794c25e7180ea8daa1e967\System.Configuration.ni.dll
    MOD - [2012/05/16 11:10:43 | 007,069,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\8b835da12888ff91d5465ec201af0e37\System.Core.ni.dll
    MOD - [2012/05/16 11:10:20 | 009,091,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\94df1a273c00450557c7a91c4e6fa0d6\System.ni.dll
    MOD - [2012/05/16 11:10:12 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\42b48b1297cae7a6c9ef37cd26c204dd\System.Numerics.ni.dll
    MOD - [2012/05/16 11:10:11 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\b3045990621c3617a0f9b85b50cfe5ea\mscorlib.ni.dll
    MOD - [2012/05/16 10:59:36 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
    MOD - [2012/05/16 10:56:12 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/16 10:54:16 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
    MOD - [2012/05/16 10:54:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
    MOD - [2012/05/16 10:54:00 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/16 10:53:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2012/03/11 14:55:40 | 000,088,656 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
    MOD - [2011/11/21 21:44:32 | 000,118,272 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\uncauthentication.dll
    MOD - [2011/10/19 11:47:08 | 001,107,456 | ---- | M] () -- C:\Program Files\Websense\Websense Endpoint\libxml2.dll
    MOD - [2011/10/14 05:29:26 | 000,186,880 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\httprequest.dll
    MOD - [2011/09/19 05:31:08 | 000,073,728 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\policy.client.business.dll
    MOD - [2011/07/29 05:47:02 | 000,446,464 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\LDRegWatch.exe
    MOD - [2011/05/20 11:05:26 | 000,059,904 | ---- | M] () -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    MOD - [2011/04/20 10:11:50 | 000,559,244 | ---- | M] () -- C:\Program Files\Webroot\Washer\sqlite3.dll
    MOD - [2009/11/23 17:51:30 | 000,024,576 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\processrunner.dll
    MOD - [2009/11/23 17:51:26 | 000,433,664 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\sqlite3.dll
    MOD - [2009/11/23 17:20:54 | 000,043,008 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\rollinglog.dll
    MOD - [2009/07/20 04:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
    MOD - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    MOD - [2007/04/20 08:28:38 | 000,106,567 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\ThinstallManageApi.dll
    MOD - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
    MOD - [2006/11/06 14:00:58 | 000,651,264 | ---- | M] () -- C:\Program Files\iPass\iPassConnect\libeay32.dll
    MOD - [2005/04/15 18:13:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe
    MOD - [2005/04/15 18:13:32 | 000,090,112 | ---- | M] () -- C:\Program Files\Wiley\Webster's New World\HKMLLoad.dll


    ========== Services (SafeList) ==========

    SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2011/10/20 05:22:32 | 001,459,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
    SRV - [2011/10/19 12:12:42 | 000,204,800 | ---- | M] (Websense, Inc.) [Auto | Running] -- C:\Program Files\Websense\Websense Endpoint\RFMain.dll -- (WSRF)
    SRV - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\SoftMon.exe -- (Softmon)
    SRV - [2011/10/19 05:23:30 | 000,179,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
    SRV - [2011/10/19 05:23:24 | 000,143,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe -- (ProcTrigger)
    SRV - [2011/10/19 05:22:36 | 000,066,560 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\tracksvc.exe -- (tracksvc)
    SRV - [2011/10/14 05:38:52 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
    SRV - [2011/09/29 05:30:28 | 000,207,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
    SRV - [2011/08/04 10:07:32 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2011/08/04 10:07:32 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2011/08/04 10:07:30 | 001,893,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2011/08/04 10:07:30 | 001,839,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2011/08/04 10:07:30 | 000,357,792 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2011/08/01 13:30:36 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe -- (CBA8)
    SRV - [2011/07/21 03:44:14 | 000,299,008 | ---- | M] (American Reprographics Company) [Auto | Running] -- C:\Program Files\Abacus\BillingPopup\AbacusBillingPopupService.exe -- (AbacusBillingPopupService)
    SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/04/20 10:12:18 | 000,618,896 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
    SRV - [2011/01/19 23:55:06 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2010/11/11 14:12:10 | 000,210,944 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
    SRV - [2010/10/19 06:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2010/10/19 06:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2010/10/19 06:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2010/09/23 14:31:04 | 000,420,680 | ---- | M] (BeyondTrust Software, Inc.) [Auto | Running] -- C:\WINDOWS\system32\btservice.exe -- (BTService)
    SRV - [2010/09/16 13:25:46 | 000,822,112 | ---- | M] (Shavlik Technologies, LLC) [Auto | Running] -- C:\WINDOWS\ProPatches\Scheduler\STSchedEx.exe -- (Shavlik Scheduler)
    SRV - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
    SRV - [2009/12/05 17:52:54 | 000,102,400 | ---- | M] (Configuresoft, Inc.) [Auto | Running] -- C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe -- (CSIRemoteC)
    SRV - [2009/12/03 06:07:00 | 000,243,968 | ---- | M] (NewTech Infosystems) [On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Shadow 4\NinjaService.exe -- (NinjaService)
    SRV - [2009/06/26 07:56:58 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
    SRV - [2008/12/16 18:00:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2008/04/14 19:43:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
    SRV - [2007/11/21 09:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
    SRV - [2007/08/31 09:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
    SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
    SRV - [2006/11/30 18:09:32 | 001,310,720 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
    SRV - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
    SRV - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
    SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2005/01/17 19:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\pciide.sys -- (PCIIde)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ngwfp.sys -- (NgWfp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ngvpn.sys -- (NgVpn)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nglog.sys -- (NgLog)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ngfilter.sys -- (NgFilter)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ivusb.sys -- (ivusb)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\EMP_UDAU.sys -- (eppvad_simple)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sertman\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/10/02 11:41:12 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121018.021\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/10/02 11:41:12 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121018.021\NAVENG.SYS -- (NAVENG)
    DRV - [2012/08/08 04:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/08/08 04:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/03/09 14:18:42 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
    DRV - [2011/11/29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
    DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2011/10/19 12:20:20 | 000,046,656 | ---- | M] (Websense, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\QIPTDI.sys -- (QipTdi)
    DRV - [2011/10/19 12:20:20 | 000,028,544 | ---- | M] (Websense, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RNetCore.sys -- (RNetCore)
    DRV - [2011/10/19 12:20:16 | 000,056,640 | ---- | M] (Websense, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Qip.sys -- (QIP)
    DRV - [2011/10/15 11:40:09 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/08/04 10:07:32 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2011/08/04 10:07:32 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2011/08/04 10:07:32 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2011/05/13 05:00:36 | 000,014,848 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
    DRV - [2011/05/13 05:00:36 | 000,006,656 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
    DRV - [2011/05/13 05:00:36 | 000,005,120 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
    DRV - [2011/02/17 10:09:07 | 000,156,928 | ---- | M] (NewTech Infosystems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NtiEnc.sys -- (NtiEnc)
    DRV - [2011/02/12 17:31:50 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP)
    DRV - [2011/02/08 09:34:31 | 000,010,688 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
    DRV - [2010/10/17 18:14:24 | 006,913,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32)
    DRV - [2010/09/23 14:32:00 | 000,030,416 | ---- | M] (BeyondTrust Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\privman.sys -- (privman)
    DRV - [2010/07/02 11:55:18 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2010/07/02 11:55:18 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
    DRV - [2010/07/02 11:55:18 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
    DRV - [2010/07/02 11:55:16 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2010/05/19 14:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2010/03/18 05:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2010/03/08 02:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2010/01/08 19:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2009/12/18 02:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2009/12/15 07:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
    DRV - [2009/11/19 06:33:20 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2009/10/25 21:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
    DRV - [2009/07/22 15:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
    DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
    DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV - [2009/04/23 03:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2008/05/12 15:06:44 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/04/14 08:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2008/04/09 22:01:16 | 004,703,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2008/01/23 17:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
    DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/09/19 07:02:24 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2007/04/04 11:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2007/03/26 15:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
    DRV - [2007/02/22 07:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2007/02/19 15:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
    DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/03/24 12:30:48 | 001,414,528 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudaxu.sys -- (cmudau32)
    DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
  5. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Here is the Part 2 of the OTL logfile:
    =========================================================================

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.hdrinc.com
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_en
    IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q...dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1606
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.alnaddy.com/?afltid=wbpk"
    FF - prefs.js..keyword.URL: "http://www.alnaddy.com/search/?q="
    FF - prefs.js..browser.search.selectedEngine: "Alnaddy"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/17 17:31:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 05:15:55 | 000,000,000 | ---D | M]

    [2012/08/01 00:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Extensions
    [2012/10/19 08:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Firefox\Profiles\93b1epg2.default\extensions
    [2012/10/17 10:37:43 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Firefox\Profiles\93b1epg2.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2012/08/29 04:24:01 | 000,001,389 | ---- | M] () -- C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Firefox\Profiles\93b1epg2.default\searchplugins\alnaddyToolbar.xml
    [2012/10/17 17:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2008/12/15 21:32:42 | 004,796,416 | ---- | M] (Lizardtech Software) -- C:\Program Files\mozilla firefox\plugins\npexview.dll
    [2012/06/11 12:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
    [2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/10/19 08:44:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (PowerBroker Desktops Browser Helper) - {0A9CDB52-EBDF-4210-9C6A-B90C2FD410AB} - C:\WINDOWS\system32\pmbho.dll (BeyondTrust Software, Inc.)
    O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LANDeskCustomData] C:\Program Files\LANDesk\LDCLient\ldcstm32.exe (Avocent Corporation )
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
    O4 - HKCU..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Abacus Billing Client.lnk = C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe (American Reprographics Company)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HDR Interactive Call Expensor.lnk = C:\Program Files\HDR\HDR Interactive Call Expensor\ICE.exe (HDR, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WNW Tray Agent.lnk = C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 60
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: eform.ae ([]https in Trusted sites)
    O15 - HKLM\..Trusted Domains: eforms.ae ([]https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1343983260375 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343983182187 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www3.gotomeeting.com/default/applets/g2mdlax.cab (GoToMeeting Web Starter)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab (InstallShield International Setup Player)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class)
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Futuremark SystemInfo)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://asascience.webex.com/client/T27LB/webex/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://ice.hydroqual.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ice.hydroqual.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.73.134.246 10.4.0.91 10.4.0.139
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intranet.hdr
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{231FF0A2-8CAD-4FDC-B83A-4BB87C7AB06F}: DhcpNameServer = 10.73.134.246 10.4.0.91 10.4.0.139
    O18 - Protocol\Handler\jpip {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll (Lizardtech Software)
    O18 - Protocol\Handler\sidlet {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll (Lizardtech Software)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\btpload32.dll) - C:\WINDOWS\system32\btpload32.dll (BeyondTrust Software, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/09/11 16:34:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0

    SafeBootMin: Ad-Aware Service - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SBAMSvc - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: WdfLoadGroup -
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Lync 2010
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5099D356-244C-5598-61A5-7AEA58D1FD46} - Java (Sun)
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    ActiveX: Microsoft Base Smart Card Crypto Provider Package -

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
  6. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Here is the Part 3 of the OTL logfile:
    =========================================================================



    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/19 08:55:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/10/19 08:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Desktop\malware
    [2012/10/19 08:32:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/10/19 08:29:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/10/19 08:29:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/10/19 08:29:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/10/19 08:29:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/10/19 08:28:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/19 08:28:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/10/19 08:08:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin_sertman\Desktop\OTL.exe
    [2012/10/18 11:29:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin_sertman\My Documents\My Videos
    [2012/10/18 11:29:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin_sertman\Start Menu\Programs\Administrative Tools
    [2012/10/18 10:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Application Data\Malwarebytes
    [2012/10/18 10:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/10/18 10:58:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/10/18 10:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/10/17 10:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
    [2012/10/17 10:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
    [2012/10/17 10:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Application Data\LavasoftStatistics
    [2012/10/17 10:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
    [2012/10/17 10:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2012/10/17 10:39:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\VDD
    [2012/10/17 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
    [2012/10/17 10:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Local Settings\Application Data\Downloaded Installations
    [2012/10/17 10:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Local Settings\Application Data\adawarebp
    [2012/10/17 10:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
    [2012/10/17 10:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
    [2012/10/17 10:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Application Data\adawaretb
    [2012/10/17 10:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
    [2012/10/17 10:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Application Data\Ad-Aware Antivirus
    [2012/10/17 10:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Local Settings\Application Data\Threat Expert
    [2012/10/17 09:32:48 | 000,203,120 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
    [2012/10/17 09:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/10/17 09:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2012/10/17 09:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Application Data\TestApp
    [2012/10/17 09:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
    [2012/10/04 11:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
    [2012/10/04 11:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Local Settings\Application Data\{F634D983-4380-4DAE-8533-9D1A163A3FC1}
    [2012/10/04 09:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Admiralty Digital Catalogue
    [2012/10/04 09:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Admiralty_Digital_Catalogue
    [2012/10/04 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Admiralty_Digital_Catalogue
    [2012/10/04 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Admiralty Digital Catalogue
    [2012/10/03 13:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2012/10/03 13:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012/10/03 13:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON Projector
    [2012/10/03 10:27:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/03 09:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
    [2012/10/03 09:09:34 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2012/10/03 09:09:31 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
    [2012/10/03 09:09:25 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
    [2012/10/03 09:09:12 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
    [2012/10/03 09:09:09 | 000,019,455 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
    [2012/10/03 09:09:09 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
    [2012/10/03 09:09:06 | 000,012,063 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
    [2012/10/03 09:09:06 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
    [2012/10/03 09:08:55 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
    [2012/10/03 09:08:54 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
    [2012/10/03 09:08:51 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
    [2012/10/03 09:08:51 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
    [2012/10/03 09:08:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
    [2012/10/03 09:08:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
    [2012/10/03 09:08:49 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
    [2012/10/03 09:08:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
    [2012/10/03 09:08:49 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
    [2012/10/03 09:08:46 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
    [2012/10/03 09:08:41 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
    [2012/10/03 09:08:38 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
    [2012/10/03 09:08:38 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
    [2012/10/03 09:08:38 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
    [2012/10/03 09:08:34 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
    [2012/10/03 09:08:34 | 000,023,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
    [2012/10/03 09:08:31 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2012/10/03 09:08:29 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv10nt.sys
    [2012/10/03 09:08:28 | 000,033,599 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
    [2012/10/03 09:08:28 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv06nt.sys
    [2012/10/03 09:08:27 | 000,019,551 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
    [2012/10/03 09:08:22 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
    [2012/10/03 09:08:22 | 000,029,311 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
    [2012/10/03 09:08:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
    [2012/10/03 09:08:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
    [2012/10/03 09:08:21 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv11nt.sys
    [2012/10/03 09:08:20 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv09nt.sys
    [2012/10/03 09:08:20 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv07nt.sys
    [2012/10/03 09:08:20 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv08nt.sys
    [2012/10/03 09:08:19 | 000,012,127 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
    [2012/10/03 09:08:19 | 000,011,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
    [2012/10/03 09:08:18 | 000,012,415 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
    [2012/10/03 09:08:17 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wacompen.sys
    [2012/10/03 09:08:14 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2012/10/03 09:08:11 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2012/10/03 09:08:09 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2012/10/03 09:08:08 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
    [2012/10/03 09:08:08 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
    [2012/10/03 09:08:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
    [2012/10/03 09:08:08 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
    [2012/10/03 09:08:07 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
    [2012/10/03 09:08:04 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2012/10/03 09:08:01 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
    [2012/10/03 09:08:01 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2012/10/03 09:08:01 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
    [2012/10/03 09:07:58 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2012/10/03 09:07:55 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2012/10/03 09:07:52 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
    [2012/10/03 09:07:51 | 000,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaagp.sys
    [2012/10/03 09:07:51 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
    [2012/10/03 09:07:50 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\vchnt5.dll
    [2012/10/03 09:07:47 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
    [2012/10/03 09:07:44 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2012/10/03 09:07:41 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
    [2012/10/03 09:07:38 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
    [2012/10/03 09:07:35 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
    [2012/10/03 09:07:32 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2012/10/03 09:07:30 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2012/10/03 09:07:27 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2012/10/03 09:07:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
    [2012/10/03 09:07:25 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
    [2012/10/03 09:07:23 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2012/10/03 09:07:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
    [2012/10/03 09:07:22 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
    [2012/10/03 09:07:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
    [2012/10/03 09:07:19 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
    [2012/10/03 09:07:16 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
    [2012/10/03 09:07:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
    [2012/10/03 09:07:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
    [2012/10/03 09:07:08 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2012/10/03 09:07:05 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
    [2012/10/03 09:07:03 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
    [2012/10/03 09:07:00 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
    [2012/10/03 09:06:57 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2012/10/03 09:06:55 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2012/10/03 09:06:52 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
    [2012/10/03 09:06:52 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
    [2012/10/03 09:06:50 | 000,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
    [2012/10/03 09:06:48 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
    [2012/10/03 09:06:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
    [2012/10/03 09:06:44 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2012/10/03 09:06:41 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2012/10/03 09:06:39 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2012/10/03 09:06:36 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2012/10/03 09:06:33 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2012/10/03 09:06:31 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2012/10/03 09:06:28 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
    [2012/10/03 09:06:25 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
    [2012/10/03 09:06:24 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
    [2012/10/03 09:06:22 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
    [2012/10/03 09:06:19 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
    [2012/10/03 09:06:16 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
    [2012/10/03 09:06:13 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
    [2012/10/03 09:06:11 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
    [2012/10/03 09:06:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
    [2012/10/03 09:06:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
    [2012/10/03 09:06:07 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
    [2012/10/03 09:06:07 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
    [2012/10/03 09:06:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
    [2012/10/03 09:06:06 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
    [2012/10/03 09:06:03 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2012/10/03 09:06:01 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2012/10/03 09:06:00 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2012/10/03 09:06:00 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
    [2012/10/03 09:05:57 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2012/10/03 09:05:55 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2012/10/03 09:05:55 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
    [2012/10/03 09:05:54 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
    [2012/10/03 09:05:51 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
    [2012/10/03 09:05:48 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
    [2012/10/03 09:05:45 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2012/10/03 09:05:43 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2012/10/03 09:05:39 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
    [2012/10/03 09:05:37 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
    [2012/10/03 09:05:35 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
    [2012/10/03 09:05:32 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
    [2012/10/03 09:05:29 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
    [2012/10/03 09:05:27 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
    [2012/10/03 09:05:25 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
    [2012/10/03 09:05:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
    [2012/10/03 09:05:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
    [2012/10/03 09:05:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
    [2012/10/03 09:05:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
    [2012/10/03 09:05:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
    [2012/10/03 09:05:12 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2012/10/03 09:05:09 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2012/10/03 09:05:07 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2012/10/03 09:05:04 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2012/10/03 09:05:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
    [2012/10/03 09:05:03 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
    [2012/10/03 09:05:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
    [2012/10/03 09:05:00 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2012/10/03 09:04:57 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
    [2012/10/03 09:04:57 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
    [2012/10/03 09:04:53 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
    [2012/10/03 09:04:50 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
    [2012/10/03 09:04:48 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
    [2012/10/03 09:04:45 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
    [2012/10/03 09:04:42 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
    [2012/10/03 09:04:40 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
    [2012/10/03 09:04:38 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
    [2012/10/03 09:04:35 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
    [2012/10/03 09:04:35 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
    [2012/10/03 09:04:35 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
    [2012/10/03 09:04:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
    [2012/10/03 09:04:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
    [2012/10/03 09:04:32 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
    [2012/10/03 09:04:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
    [2012/10/03 09:04:32 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
    [2012/10/03 09:04:31 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
    [2012/10/03 09:04:31 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
    [2012/10/03 09:04:31 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
    [2012/10/03 09:04:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
    [2012/10/03 09:04:30 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
    [2012/10/03 09:04:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
    [2012/10/03 09:04:30 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
    [2012/10/03 09:04:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
    [2012/10/03 09:04:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
    [2012/10/03 09:04:27 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2012/10/03 09:04:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
    [2012/10/03 09:04:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
    [2012/10/03 09:04:24 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
    [2012/10/03 09:04:24 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2012/10/03 09:04:21 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2012/10/03 09:04:19 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2012/10/03 09:04:17 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2012/10/03 09:04:14 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
    [2012/10/03 09:04:14 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
    [2012/10/03 09:04:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
    [2012/10/03 09:04:13 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
    [2012/10/03 09:04:13 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbali.sys
    [2012/10/03 09:04:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
    [2012/10/03 09:04:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
    [2012/10/03 09:04:08 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
    [2012/10/03 09:04:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
    [2012/10/03 09:04:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
    [2012/10/03 09:04:05 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
    [2012/10/03 09:04:05 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
    [2012/10/03 09:04:03 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
    [2012/10/03 09:04:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
    [2012/10/03 09:04:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
    [2012/10/03 09:04:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
    [2012/10/03 09:04:02 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
    [2012/10/03 09:04:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
    [2012/10/03 09:04:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
    [2012/10/03 09:04:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
    [2012/10/03 09:04:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
    [2012/10/03 09:04:01 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slwdmsup.sys
    [2012/10/03 09:04:00 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slnthal.sys
    [2012/10/03 09:04:00 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slserv.exe
    [2012/10/03 09:04:00 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slrundll.exe
    [2012/10/03 09:03:59 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slntamr.sys
    [2012/10/03 09:03:59 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slgen.dll
    [2012/10/03 09:03:59 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slnt7554.sys
    [2012/10/03 09:03:58 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slextspk.dll
    [2012/10/03 09:03:58 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slcoinst.dll
    [2012/10/03 09:03:57 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2012/10/03 09:03:55 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2012/10/03 09:03:52 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2012/10/03 09:03:50 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
    [2012/10/03 09:03:48 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
    [2012/10/03 09:03:47 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2012/10/03 09:03:45 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
    [2012/10/03 09:03:42 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
    [2012/10/03 09:03:42 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisagp.sys
    [2012/10/03 09:03:40 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
    [2012/10/03 09:03:37 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
    [2012/10/03 09:03:35 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
    [2012/10/03 09:03:33 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
    [2012/10/03 09:03:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
    [2012/10/03 09:03:32 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\siint5.dll
    [2012/10/03 09:03:26 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2012/10/03 09:03:24 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2012/10/03 09:03:22 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2012/10/03 09:03:19 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2012/10/03 09:03:17 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
    [2012/10/03 09:03:13 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
    [2012/10/03 09:03:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
    [2012/10/03 09:03:13 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
    [2012/10/03 09:03:10 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
    [2012/10/03 09:03:09 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
    [2012/10/03 09:03:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
    [2012/10/03 09:03:07 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
    [2012/10/03 09:03:04 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2012/10/03 09:03:02 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
    [2012/10/03 09:02:59 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2012/10/03 09:02:57 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2012/10/03 09:02:56 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
    [2012/10/03 09:02:54 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
    [2012/10/03 09:02:51 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
    [2012/10/03 09:02:49 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
    [2012/10/03 09:02:46 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2012/10/03 09:02:44 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2012/10/03 09:02:42 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2012/10/03 09:02:39 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2012/10/03 09:02:37 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2012/10/03 09:02:35 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2012/10/03 09:02:32 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2012/10/03 09:02:30 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2012/10/03 09:02:28 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2012/10/03 09:02:25 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnb.dll
    [2012/10/03 09:02:25 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnbm.sys
    [2012/10/03 09:02:25 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
    [2012/10/03 09:02:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
    [2012/10/03 09:02:22 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2012/10/03 09:02:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2012/10/03 09:02:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2012/10/03 09:02:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2012/10/03 09:02:19 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2012/10/03 09:02:18 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
    [2012/10/03 09:02:18 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2012/10/03 09:02:18 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
    [2012/10/03 09:02:17 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
    [2012/10/03 09:02:15 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
    [2012/10/03 09:02:12 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
    [2012/10/03 09:02:09 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2012/10/03 09:02:07 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
    [2012/10/03 09:02:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
    [2012/10/03 09:02:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
    [2012/10/03 09:02:05 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2012/10/03 09:02:05 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
    [2012/10/03 09:02:02 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2012/10/03 09:02:01 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
    [2012/10/03 09:01:59 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2012/10/03 09:01:59 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
    [2012/10/03 09:01:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
    [2012/10/03 09:01:57 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\recagent.sys
    [2012/10/03 09:01:54 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
    [2012/10/03 09:01:53 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
    [2012/10/03 09:01:50 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2012/10/03 09:01:48 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2012/10/03 09:01:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
    [2012/10/03 09:01:44 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
    [2012/10/03 09:01:43 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
    [2012/10/03 09:01:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
    [2012/10/03 09:01:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
    [2012/10/03 09:01:40 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
    [2012/10/03 09:01:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
    [2012/10/03 09:01:35 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
    [2012/10/03 09:01:33 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
    [2012/10/03 09:01:31 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
    [2012/10/03 09:01:30 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
    [2012/10/03 09:01:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
    [2012/10/03 09:01:27 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2012/10/03 09:01:24 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2012/10/03 09:01:22 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2012/10/03 09:01:21 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
    [2012/10/03 09:01:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
    [2012/10/03 09:01:17 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
    [2012/10/03 09:01:14 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2012/10/03 09:01:12 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
    [2012/10/03 09:01:10 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
    [2012/10/03 09:01:10 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
    [2012/10/03 09:01:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
    [2012/10/03 09:01:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
    [2012/10/03 09:01:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
    [2012/10/03 09:01:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
    [2012/10/03 09:01:06 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
    [2012/10/03 09:01:06 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
    [2012/10/03 09:01:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
    [2012/10/03 09:01:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
    [2012/10/03 09:01:03 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
    [2012/10/03 09:01:02 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
    [2012/10/03 09:01:00 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
    [2012/10/03 09:00:58 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
    [2012/10/03 09:00:56 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
    [2012/10/03 09:00:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
    [2012/10/03 09:00:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
    [2012/10/03 09:00:49 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
    [2012/10/03 09:00:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
    [2012/10/03 09:00:48 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
    [2012/10/03 09:00:48 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
    [2012/10/03 09:00:47 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
    [2012/10/03 09:00:47 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
    [2012/10/03 09:00:45 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
    [2012/10/03 09:00:42 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
    [2012/10/03 09:00:42 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
    [2012/10/03 09:00:39 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2012/10/03 09:00:37 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
    [2012/10/03 09:00:35 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
    [2012/10/03 09:00:33 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
    [2012/10/03 09:00:30 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2012/10/03 09:00:28 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2012/10/03 09:00:28 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciide.sys
    [2012/10/03 09:00:26 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2012/10/03 09:00:25 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
    [2012/10/03 09:00:25 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
    [2012/10/03 09:00:25 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
    [2012/10/03 09:00:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
    [2012/10/03 09:00:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
    [2012/10/03 09:00:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
    [2012/10/03 09:00:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
    [2012/10/03 09:00:17 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
    [2012/10/03 09:00:15 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
    [2012/10/03 09:00:13 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
    [2012/10/03 09:00:11 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
    [2012/10/03 09:00:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
    [2012/10/03 09:00:06 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
    [2012/10/03 09:00:04 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
    [2012/10/03 09:00:02 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
    [2012/10/03 09:00:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
    [2012/10/03 08:59:58 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2012/10/03 08:59:55 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2012/10/03 08:59:53 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2012/10/03 08:59:51 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2012/10/03 08:59:49 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
    [2012/10/03 08:59:47 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
    [2012/10/03 08:59:46 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
    [2012/10/03 08:59:44 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
    [2012/10/03 08:59:42 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
    [2012/10/03 08:59:41 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\ntmtlfax.sys
    [2012/10/03 08:59:37 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2012/10/03 08:59:37 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
    [2012/10/03 08:59:34 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
    [2012/10/03 08:59:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
    [2012/10/03 08:59:32 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
    [2012/10/03 08:59:31 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
    [2012/10/03 08:59:28 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2012/10/03 08:59:26 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2012/10/03 08:59:23 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
    [2012/10/03 08:59:23 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
    [2012/10/03 08:59:22 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2012/10/03 08:59:19 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
    [2012/10/03 08:59:16 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2012/10/03 08:59:14 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2012/10/03 08:59:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
    [2012/10/03 08:59:09 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2012/10/03 08:59:07 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2012/10/03 08:59:05 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
    [2012/10/03 08:59:02 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2012/10/03 08:59:00 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2012/10/03 08:58:58 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
    [2012/10/03 08:58:56 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
    [2012/10/03 08:58:54 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
    [2012/10/03 08:58:52 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2012/10/03 08:58:50 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2012/10/03 08:58:47 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
  7. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Here is the Part 4 of the OTL logfile:
    =========================================================================
    [2012/10/03 08:58:45 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2012/10/03 08:58:43 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2012/10/03 08:58:43 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mutohpen.sys
    [2012/10/03 08:58:42 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
    [2012/10/03 08:58:40 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhm.sys
    [2012/10/03 08:58:40 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
    [2012/10/03 08:58:39 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhd.dll
    [2012/10/03 08:58:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
    [2012/10/03 08:58:38 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\mtlstrm.sys
    [2012/10/03 08:58:37 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\mtlmnt5.sys
    [2012/10/03 08:58:33 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
    [2012/10/03 08:58:30 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
    [2012/10/03 08:58:26 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
    [2012/10/03 08:58:25 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
    [2012/10/03 08:58:25 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
    [2012/10/03 08:58:24 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
    [2012/10/03 08:58:24 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
    [2012/10/03 08:58:18 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
    [2012/10/03 08:58:16 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
    [2012/10/03 08:58:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
    [2012/10/03 08:58:10 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
    [2012/10/03 08:58:08 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
    [2012/10/03 08:58:04 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
    [2012/10/03 08:58:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
    [2012/10/03 08:58:00 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
    [2012/10/03 08:57:59 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
    [2012/10/03 08:57:56 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
    [2012/10/03 08:57:54 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
    [2012/10/03 08:57:54 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
    [2012/10/03 08:57:54 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
    [2012/10/03 08:57:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
    [2012/10/03 08:57:53 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
    [2012/10/03 08:57:51 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
    [2012/10/03 08:57:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
    [2012/10/03 08:57:49 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
    [2012/10/03 08:57:46 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2012/10/03 08:57:46 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
    [2012/10/03 08:57:43 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
    [2012/10/03 08:57:43 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
    [2012/10/03 08:57:41 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
    [2012/10/03 08:57:39 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
    [2012/10/03 08:57:37 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
    [2012/10/03 08:57:35 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
    [2012/10/03 08:57:34 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
    [2012/10/03 08:57:32 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2012/10/03 08:57:30 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2012/10/03 08:57:30 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
    [2012/10/03 08:57:29 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2012/10/03 08:57:27 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2012/10/03 08:57:27 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2012/10/03 08:57:25 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2012/10/03 08:57:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
    [2012/10/03 08:57:23 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
    [2012/10/03 08:57:22 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
    [2012/10/03 08:57:19 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2012/10/03 08:57:18 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2012/10/03 08:57:16 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2012/10/03 08:57:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
    [2012/10/03 08:57:14 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2012/10/03 08:57:13 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
    [2012/10/03 08:57:11 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2012/10/03 08:57:09 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2012/10/03 08:57:06 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
    [2012/10/03 08:57:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
    [2012/10/03 08:57:04 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
    [2012/10/03 08:57:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
    [2012/10/03 08:57:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
    [2012/10/03 08:57:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
    [2012/10/03 08:57:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
    [2012/10/03 08:57:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
    [2012/10/03 08:57:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
    [2012/10/03 08:56:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
    [2012/10/03 08:56:57 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
    [2012/10/03 08:56:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
    [2012/10/03 08:56:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
    [2012/10/03 08:56:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
    [2012/10/03 08:56:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
    [2012/10/03 08:56:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
    [2012/10/03 08:56:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
    [2012/10/03 08:56:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
    [2012/10/03 08:56:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
    [2012/10/03 08:56:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
    [2012/10/03 08:56:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
    [2012/10/03 08:56:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
    [2012/10/03 08:56:45 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
    [2012/10/03 08:56:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
    [2012/10/03 08:56:43 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
    [2012/10/03 08:56:41 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
    [2012/10/03 08:56:40 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
    [2012/10/03 08:56:39 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2012/10/03 08:56:38 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
    [2012/10/03 08:56:38 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
    [2012/10/03 08:56:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
    [2012/10/03 08:56:36 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
    [2012/10/03 08:56:34 | 000,045,632 | ---- | C] (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
    [2012/10/03 08:56:32 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
    [2012/10/03 08:56:30 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
    [2012/10/03 08:56:29 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
    [2012/10/03 08:56:27 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
    [2012/10/03 08:56:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
    [2012/10/03 08:56:25 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
    [2012/10/03 08:56:25 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
    [2012/10/03 08:56:24 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
    [2012/10/03 08:56:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
    [2012/10/03 08:56:23 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
    [2012/10/03 08:56:23 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
    [2012/10/03 08:56:23 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
    [2012/10/03 08:56:23 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
    [2012/10/03 08:56:23 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
    [2012/10/03 08:56:22 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
    [2012/10/03 08:56:22 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
    [2012/10/03 08:56:22 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
    [2012/10/03 08:56:22 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
    [2012/10/03 08:56:22 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
    [2012/10/03 08:56:21 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
    [2012/10/03 08:56:21 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
    [2012/10/03 08:56:21 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
    [2012/10/03 08:56:21 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
    [2012/10/03 08:56:21 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
    [2012/10/03 08:56:21 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
    [2012/10/03 08:56:20 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
    [2012/10/03 08:56:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
    [2012/10/03 08:56:20 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
    [2012/10/03 08:56:20 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
    [2012/10/03 08:56:20 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
    [2012/10/03 08:56:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
    [2012/10/03 08:56:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
    [2012/10/03 08:56:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
    [2012/10/03 08:56:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
    [2012/10/03 08:56:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
    [2012/10/03 08:56:18 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
    [2012/10/03 08:56:18 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
    [2012/10/03 08:56:18 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
    [2012/10/03 08:56:18 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
    [2012/10/03 08:56:17 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
    [2012/10/03 08:56:14 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2012/10/03 08:56:12 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
    [2012/10/03 08:56:10 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
    [2012/10/03 08:56:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
    [2012/10/03 08:56:06 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
    [2012/10/03 08:56:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
    [2012/10/03 08:56:02 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
    [2012/10/03 08:56:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
    [2012/10/03 08:55:59 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
    [2012/10/03 08:55:57 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
    [2012/10/03 08:55:55 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
    [2012/10/03 08:55:53 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
    [2012/10/03 08:55:52 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
    [2012/10/03 08:55:50 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
    [2012/10/03 08:55:49 | 000,161,020 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
    [2012/10/03 08:55:48 | 000,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
    [2012/10/03 08:55:47 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
    [2012/10/03 08:55:45 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
    [2012/10/03 08:55:44 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
    [2012/10/03 08:55:43 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
    [2012/10/03 08:55:41 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
    [2012/10/03 08:55:39 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
    [2012/10/03 08:55:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
    [2012/10/03 08:55:39 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
    [2012/10/03 08:55:38 | 001,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfdpsp2.sys
    [2012/10/03 08:55:38 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
    [2012/10/03 08:55:37 | 000,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfcxts2.sys
    [2012/10/03 08:55:36 | 000,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfbs2s2.sys
    [2012/10/03 08:55:36 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfcisp2.dll
    [2012/10/03 08:55:34 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
    [2012/10/03 08:55:32 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
    [2012/10/03 08:55:30 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
    [2012/10/03 08:55:29 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
    [2012/10/03 08:55:27 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
    [2012/10/03 08:55:25 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
    [2012/10/03 08:55:23 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
    [2012/10/03 08:55:21 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
    [2012/10/03 08:55:20 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
    [2012/10/03 08:55:18 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
    [2012/10/03 08:55:16 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
    [2012/10/03 08:55:14 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
    [2012/10/03 08:55:12 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
    [2012/10/03 08:55:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
    [2012/10/03 08:55:09 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
    [2012/10/03 08:55:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
    [2012/10/03 08:55:05 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
    [2012/10/03 08:55:04 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
    [2012/10/03 08:55:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
    [2012/10/03 08:55:00 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2012/10/03 08:54:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
    [2012/10/03 08:54:53 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2012/10/03 08:54:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
    [2012/10/03 08:54:47 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
    [2012/10/03 08:54:43 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
    [2012/10/03 08:54:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
    [2012/10/03 08:54:41 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
    [2012/10/03 08:54:40 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidir.sys
    [2012/10/03 08:54:39 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
    [2012/10/03 08:54:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbth.sys
    [2012/10/03 08:54:38 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
    [2012/10/03 08:54:35 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
    [2012/10/03 08:54:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
    [2012/10/03 08:54:34 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
    [2012/10/03 08:54:34 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2012/10/03 08:54:32 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2012/10/03 08:54:30 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2012/10/03 08:54:29 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
    [2012/10/03 08:54:28 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
    [2012/10/03 08:54:27 | 000,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gagp30kx.sys
    [2012/10/03 08:54:26 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
    [2012/10/03 08:54:24 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
    [2012/10/03 08:54:23 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
    [2012/10/03 08:54:21 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
    [2012/10/03 08:54:20 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2012/10/03 08:54:17 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
    [2012/10/03 08:54:15 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2012/10/03 08:54:14 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2012/10/03 08:54:14 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
    [2012/10/03 08:54:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
    [2012/10/03 08:54:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
    [2012/10/03 08:54:11 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2012/10/03 08:54:10 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2012/10/03 08:54:08 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2012/10/03 08:54:08 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
    [2012/10/03 08:54:08 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
    [2012/10/03 08:54:07 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2012/10/03 08:54:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
    [2012/10/03 08:54:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
    [2012/10/03 08:54:03 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
    [2012/10/03 08:53:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
    [2012/10/03 08:53:59 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
    [2012/10/03 08:53:57 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2012/10/03 08:53:55 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
    [2012/10/03 08:53:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
    [2012/10/03 08:53:54 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2012/10/03 08:53:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
    [2012/10/03 08:53:52 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2012/10/03 08:53:50 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
    [2012/10/03 08:53:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
    [2012/10/03 08:53:49 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
    [2012/10/03 08:53:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
    [2012/10/03 08:53:48 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
    [2012/10/03 08:53:48 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
    [2012/10/03 08:53:48 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
    [2012/10/03 08:53:46 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
    [2012/10/03 08:53:45 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
    [2012/10/03 08:53:45 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
    [2012/10/03 08:53:43 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
    [2012/10/03 08:53:43 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
    [2012/10/03 08:53:42 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
    [2012/10/03 08:53:41 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
    [2012/10/03 08:53:40 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
    [2012/10/03 08:53:38 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
    [2012/10/03 08:53:37 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
    [2012/10/03 08:53:35 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
    [2012/10/03 08:53:34 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
    [2012/10/03 08:53:33 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
    [2012/10/03 08:53:31 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
    [2012/10/03 08:53:30 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
    [2012/10/03 08:53:28 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
    [2012/10/03 08:53:27 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
    [2012/10/03 08:53:26 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
    [2012/10/03 08:53:24 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
    [2012/10/03 08:53:23 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
    [2012/10/03 08:53:22 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
    [2012/10/03 08:53:21 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
    [2012/10/03 08:53:20 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
    [2012/10/03 08:53:18 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
    [2012/10/03 08:53:16 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
    [2012/10/03 08:53:15 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
    [2012/10/03 08:53:14 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
    [2012/10/03 08:53:13 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
    [2012/10/03 08:53:12 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
    [2012/10/03 08:53:11 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
    [2012/10/03 08:53:10 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
    [2012/10/03 08:53:09 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
    [2012/10/03 08:53:08 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
    [2012/10/03 08:53:07 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
    [2012/10/03 08:53:06 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
    [2012/10/03 08:53:05 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
    [2012/10/03 08:53:04 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
    [2012/10/03 08:53:03 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
    [2012/10/03 08:53:02 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
    [2012/10/03 08:53:01 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
    [2012/10/03 08:53:00 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
    [2012/10/03 08:53:00 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
    [2012/10/03 08:52:59 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
    [2012/10/03 08:52:58 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
    [2012/10/03 08:52:57 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
    [2012/10/03 08:52:54 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2012/10/03 08:52:52 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
    [2012/10/03 08:52:51 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2012/10/03 08:52:50 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
    [2012/10/03 08:52:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
    [2012/10/03 08:52:48 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
    [2012/10/03 08:52:48 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
    [2012/10/03 08:52:45 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2012/10/03 08:52:45 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
  8. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Here is the Part 5 of the OTL logfile:
    =========================================================================
    [2012/10/03 08:52:44 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2012/10/03 08:52:43 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2012/10/03 08:52:40 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2012/10/03 08:52:39 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2012/10/03 08:52:38 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2012/10/03 08:52:37 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
    [2012/10/03 08:52:36 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2012/10/03 08:52:35 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
    [2012/10/03 08:52:34 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
    [2012/10/03 08:52:34 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
    [2012/10/03 08:52:33 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
    [2012/10/03 08:52:32 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
    [2012/10/03 08:52:31 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
    [2012/10/03 08:52:30 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
    [2012/10/03 08:52:30 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
    [2012/10/03 08:52:29 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
    [2012/10/03 08:52:28 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
    [2012/10/03 08:52:27 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
    [2012/10/03 08:52:26 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
    [2012/10/03 08:52:26 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
    [2012/10/03 08:52:24 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
    [2012/10/03 08:52:23 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
    [2012/10/03 08:52:22 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2012/10/03 08:52:22 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2012/10/03 08:52:21 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
    [2012/10/03 08:52:20 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
    [2012/10/03 08:52:19 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2012/10/03 08:52:18 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
    [2012/10/03 08:52:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
    [2012/10/03 08:52:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
    [2012/10/03 08:52:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
    [2012/10/03 08:52:15 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
    [2012/10/03 08:52:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
    [2012/10/03 08:52:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
    [2012/10/03 08:52:13 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
    [2012/10/03 08:52:12 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
    [2012/10/03 08:52:12 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
    [2012/10/03 08:52:10 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
    [2012/10/03 08:52:09 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
    [2012/10/03 08:52:09 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
    [2012/10/03 08:52:08 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
    [2012/10/03 08:52:07 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
    [2012/10/03 08:52:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
    [2012/10/03 08:52:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
    [2012/10/03 08:52:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
    [2012/10/03 08:52:04 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2012/10/03 08:52:04 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
    [2012/10/03 08:52:03 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2012/10/03 08:52:03 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2012/10/03 08:52:02 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2012/10/03 08:52:00 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2012/10/03 08:52:00 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2012/10/03 08:51:59 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2012/10/03 08:51:58 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2012/10/03 08:51:58 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
    [2012/10/03 08:51:57 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
    [2012/10/03 08:51:56 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
    [2012/10/03 08:51:56 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
    [2012/10/03 08:51:54 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
    [2012/10/03 08:51:54 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
    [2012/10/03 08:51:53 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2012/10/03 08:51:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
    [2012/10/03 08:51:52 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
    [2012/10/03 08:51:51 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
    [2012/10/03 08:51:51 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
    [2012/10/03 08:51:51 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
    [2012/10/03 08:51:50 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
    [2012/10/03 08:51:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
    [2012/10/03 08:51:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
    [2012/10/03 08:51:49 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
    [2012/10/03 08:51:48 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
    [2012/10/03 08:51:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
    [2012/10/03 08:51:46 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
    [2012/10/03 08:51:45 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2012/10/03 08:51:44 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
    [2012/10/03 08:51:44 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
    [2012/10/03 08:51:43 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
    [2012/10/03 08:51:43 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
    [2012/10/03 08:51:42 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
    [2012/10/03 08:51:42 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
    [2012/10/03 08:51:42 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
    [2012/10/03 08:51:42 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
    [2012/10/03 08:51:41 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2012/10/03 08:51:41 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
    [2012/10/03 08:51:40 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
    [2012/10/03 08:51:40 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
    [2012/10/03 08:51:40 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
    [2012/10/03 08:51:40 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
    [2012/10/03 08:51:39 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
    [2012/10/03 08:51:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
    [2012/10/03 08:51:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
    [2012/10/03 08:51:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
    [2012/10/03 08:51:38 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\ch7xxnt5.dll
    [2012/10/03 08:51:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
    [2012/10/03 08:51:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
    [2012/10/03 08:51:37 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2012/10/03 08:51:36 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2012/10/03 08:51:36 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2012/10/03 08:51:36 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2012/10/03 08:51:35 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2012/10/03 08:51:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
    [2012/10/03 08:51:33 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2012/10/03 08:51:33 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2012/10/03 08:51:33 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2012/10/03 08:51:32 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2012/10/03 08:51:31 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2012/10/03 08:51:30 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
    [2012/10/03 08:51:30 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2012/10/03 08:51:29 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
    [2012/10/03 08:51:29 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
    [2012/10/03 08:51:29 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
    [2012/10/03 08:51:28 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
    [2012/10/03 08:51:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
    [2012/10/03 08:51:27 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
    [2012/10/03 08:51:27 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
    [2012/10/03 08:51:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
    [2012/10/03 08:51:26 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
    [2012/10/03 08:51:26 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
    [2012/10/03 08:51:25 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
    [2012/10/03 08:51:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
    [2012/10/03 08:51:15 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
    [2012/10/03 08:51:15 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
    [2012/10/03 08:51:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
    [2012/10/03 08:51:14 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
    [2012/10/03 08:51:14 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
    [2012/10/03 08:51:13 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2012/10/03 08:51:13 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2012/10/03 08:51:13 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2012/10/03 08:51:12 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2012/10/03 08:51:12 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2012/10/03 08:51:11 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2012/10/03 08:51:11 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2012/10/03 08:51:11 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2012/10/03 08:51:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
    [2012/10/03 08:51:09 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2012/10/03 08:51:09 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2012/10/03 08:51:09 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2012/10/03 08:51:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
    [2012/10/03 08:51:08 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2012/10/03 08:51:08 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2012/10/03 08:51:07 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2012/10/03 08:51:07 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2012/10/03 08:51:06 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2012/10/03 08:51:06 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2012/10/03 08:51:06 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2012/10/03 08:51:05 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
    [2012/10/03 08:51:04 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2012/10/03 08:51:04 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
    [2012/10/03 08:51:04 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
    [2012/10/03 08:51:03 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
    [2012/10/03 08:51:03 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
    [2012/10/03 08:51:03 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
    [2012/10/03 08:51:02 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2012/10/03 08:51:02 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2012/10/03 08:51:01 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
    [2012/10/03 08:51:01 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2012/10/03 08:51:01 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2012/10/03 08:51:00 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2012/10/03 08:51:00 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2012/10/03 08:51:00 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2012/10/03 08:50:59 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
    [2012/10/03 08:50:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
    [2012/10/03 08:50:58 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
    [2012/10/03 08:50:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
    [2012/10/03 08:50:56 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
    [2012/10/03 08:50:56 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
    [2012/10/03 08:50:55 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
    [2012/10/03 08:50:55 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
    [2012/10/03 08:50:54 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
    [2012/10/03 08:50:52 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
    [2012/10/03 08:50:51 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
    [2012/10/03 08:50:51 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
    [2012/10/03 08:50:50 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
    [2012/10/03 08:50:49 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
    [2012/10/03 08:50:48 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
    [2012/10/03 08:50:48 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
    [2012/10/03 08:50:47 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
    [2012/10/03 08:50:46 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
    [2012/10/03 08:50:46 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
    [2012/10/03 08:50:45 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
    [2012/10/03 08:50:45 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
    [2012/10/03 08:50:44 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
    [2012/10/03 08:50:44 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
    [2012/10/03 08:50:44 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
    [2012/10/03 08:50:44 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
    [2012/10/03 08:50:43 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
    [2012/10/03 08:50:43 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
    [2012/10/03 08:50:43 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
    [2012/10/03 08:50:42 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
    [2012/10/03 08:50:42 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
    [2012/10/03 08:50:42 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
    [2012/10/03 08:50:41 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
    [2012/10/03 08:50:41 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
    [2012/10/03 08:50:40 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
    [2012/10/03 08:50:40 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
    [2012/10/03 08:50:39 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
    [2012/10/03 08:50:39 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
    [2012/10/03 08:50:38 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
    [2012/10/03 08:50:38 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
    [2012/10/03 08:50:38 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
    [2012/10/03 08:50:38 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
    [2012/10/03 08:50:37 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
    [2012/10/03 08:50:37 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
    [2012/10/03 08:50:36 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
    [2012/10/03 08:50:36 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
    [2012/10/03 08:50:36 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
    [2012/10/03 08:50:35 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
    [2012/10/03 08:50:35 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
    [2012/10/03 08:50:34 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
    [2012/10/03 08:50:34 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
    [2012/10/03 08:50:34 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
    [2012/10/03 08:50:33 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
    [2012/10/03 08:50:33 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2012/10/03 08:50:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
    [2012/10/03 08:50:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
    [2012/10/03 08:50:32 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
    [2012/10/03 08:50:32 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
    [2012/10/03 08:50:32 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
    [2012/10/03 08:50:31 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
    [2012/10/03 08:50:31 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
    [2012/10/03 08:50:31 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
    [2012/10/03 08:50:31 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
    [2012/10/03 08:50:30 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
    [2012/10/03 08:50:30 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
    [2012/10/03 08:50:29 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\dllcache\amdagp.sys
    [2012/10/03 08:50:29 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2012/10/03 08:50:28 | 000,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alim1541.sys
    [2012/10/03 08:50:28 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
    [2012/10/03 08:50:28 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
    [2012/10/03 08:50:28 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
    [2012/10/03 08:50:27 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
    [2012/10/03 08:50:27 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
    [2012/10/03 08:50:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
    [2012/10/03 08:50:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
    [2012/10/03 08:50:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
    [2012/10/03 08:50:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
    [2012/10/03 08:50:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
    [2012/10/03 08:50:25 | 000,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agpcpq.sys
    [2012/10/03 08:50:25 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
    [2012/10/03 08:50:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
    [2012/10/03 08:50:23 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
    [2012/10/03 08:50:23 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
    [2012/10/03 08:50:22 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
    [2012/10/03 08:50:22 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
    [2012/10/03 08:50:21 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
    [2012/10/03 08:50:21 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
    [2012/10/03 08:50:20 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
    [2012/10/03 08:50:19 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
    [2012/10/03 08:50:19 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
    [2012/10/03 08:50:19 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2012/10/03 08:50:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
    [2012/10/03 08:50:18 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
    [2012/10/03 08:50:18 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2012/10/03 08:50:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
    [2012/10/03 08:50:17 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2012/10/03 08:50:17 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2012/10/03 08:50:17 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2012/10/03 08:50:17 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
    [2012/10/03 08:50:17 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
    [2012/10/03 08:50:16 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2012/10/03 08:50:15 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
    [2012/10/03 08:50:15 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
    [2012/10/03 08:50:15 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
    [2012/10/03 08:50:14 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2012/10/03 08:50:14 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
    [2012/10/03 08:50:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
    [2012/10/03 08:50:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
    [2012/10/03 08:50:12 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2012/10/03 08:50:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
    [2012/10/03 08:50:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
    [2012/10/03 08:50:11 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2012/10/03 08:50:11 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2012/10/03 08:50:11 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
    [2012/10/03 08:50:10 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
    [2012/10/03 08:50:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
    [2012/10/03 08:50:03 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
    [2012/10/03 08:50:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
    [2012/10/03 08:50:02 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
    [2012/10/03 08:50:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
    [2012/10/03 08:50:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
    [2012/10/03 08:50:01 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
    [2012/10/03 08:50:01 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
    [2012/10/03 08:49:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
    [2012/10/03 08:49:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
    [2012/10/03 08:49:45 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
    [2012/10/03 08:49:45 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
    [2012/10/03 08:49:45 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
    [2012/10/03 08:49:45 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
    [2012/10/03 08:49:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
    [2012/10/03 08:49:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
    [2012/10/03 08:49:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
    [2012/10/03 08:49:44 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
    [2012/10/03 08:49:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
    [2012/10/03 08:49:44 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
  9. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Here is the Part 6 (which is the end) of the OTL logfile:
    =========================================================================
    [2012/10/03 08:49:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
    [2012/10/03 08:49:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
    [2012/10/03 08:49:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
    [2012/10/03 08:49:43 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
    [2012/10/03 08:49:43 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
    [2012/10/03 08:49:43 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
    [2012/10/03 08:49:43 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
    [2012/10/03 08:49:43 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
    [2012/10/03 08:49:43 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
    [2012/10/03 08:49:42 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
    [2012/10/03 08:49:42 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
    [2012/10/03 08:49:42 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
    [2012/10/03 08:49:42 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
    [2012/10/03 08:49:42 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
    [2012/10/03 08:49:42 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
    [2012/10/03 08:49:42 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
    [2012/10/03 08:49:42 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
    [2012/10/03 08:49:42 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
    [2012/10/03 08:49:41 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
    [2012/10/03 08:49:40 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
    [2012/10/03 08:49:40 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
    [2012/10/03 08:49:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
    [2012/10/03 08:49:39 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
    [2012/10/03 08:49:39 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
    [2012/10/03 08:49:39 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
    [2012/10/03 08:49:39 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
    [2012/10/03 08:49:38 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
    [2012/10/03 08:49:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
    [2012/10/03 08:49:37 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
    [2012/10/03 08:49:37 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/19 09:02:26 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\HDR - Daily Workstation Tasks.job
    [2012/10/19 09:01:02 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2012/10/19 08:59:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/10/19 08:59:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc05d8ae4a481b.job
    [2012/10/19 08:59:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/10/19 08:58:59 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/19 08:44:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/10/19 08:32:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/10/19 08:24:41 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/10/19 08:24:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/10/19 08:10:33 | 000,046,462 | ---- | M] () -- C:\Documents and Settings\admin_sertman\Desktop\r=%3Cre.pdf
    [2012/10/19 08:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin_sertman\Desktop\OTL.exe
    [2012/10/19 07:39:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/18 17:14:23 | 000,159,485 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2012/10/17 17:42:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/10/17 10:22:18 | 000,078,122 | RHS- | M] () -- C:\Documents and Settings\admin_sertman\ntuser.pol
    [2012/10/17 09:33:15 | 000,712,567 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/10/03 16:54:12 | 001,796,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/10/03 12:23:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/10/03 09:19:59 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
    [2012/10/02 07:05:39 | 000,507,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/10/02 07:05:39 | 000,090,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/19 08:32:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/10/19 08:32:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/10/19 08:29:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/10/19 08:29:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/10/19 08:29:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/10/19 08:29:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/10/19 08:29:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/10/19 08:10:33 | 000,046,462 | ---- | C] () -- C:\Documents and Settings\admin_sertman\Desktop\r=%3Cre.pdf
    [2012/10/17 09:32:51 | 000,712,567 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/10/03 09:19:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
    [2012/10/03 09:09:31 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2012/10/03 09:09:28 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
    [2012/10/03 09:01:19 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2012/10/03 09:01:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2012/10/03 09:01:05 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2012/10/03 08:58:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2012/10/03 08:57:06 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2012/10/03 08:56:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
    [2012/10/03 08:56:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
    [2012/10/03 08:56:19 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2012/10/03 08:55:40 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2012/10/03 08:54:59 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2012/10/03 08:54:55 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2012/10/03 08:54:52 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2012/10/03 08:54:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2012/10/03 08:54:45 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2012/10/03 08:54:35 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2012/10/03 08:52:42 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2012/10/03 08:52:41 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2012/10/03 08:52:41 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2012/10/03 08:51:40 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2012/10/03 08:50:53 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2012/10/03 08:50:53 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2012/10/03 08:50:52 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2012/10/03 08:50:50 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2012/10/03 08:50:50 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2012/10/03 08:50:50 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2012/10/03 08:50:49 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2012/10/03 08:50:49 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2012/10/03 08:50:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2012/10/03 08:50:41 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2012/08/29 04:35:24 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\admin_sertman\wxDownloadFast.ini
    [2012/07/03 17:27:11 | 000,760,232 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/03/09 14:34:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
    [2012/03/09 14:34:49 | 000,005,197 | ---- | C] () -- C:\WINDOWS\Cmudau.ini
    [2012/02/28 10:50:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/14 15:25:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/02/03 13:02:57 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\admin_sertman\Application Data\winscp.rnd
    [2011/11/23 14:25:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
    [2011/07/14 01:35:30 | 000,103,290 | ---- | C] () -- C:\WINDOWS\hpqins07.dat.temp
    [2011/07/14 01:33:07 | 000,102,890 | ---- | C] () -- C:\WINDOWS\hpqins07.dat
    [2011/07/14 01:21:52 | 000,000,200 | ---- | C] () -- C:\WINDOWS\wsnk.ini
    [2011/04/21 16:02:01 | 000,002,721 | ---- | C] () -- C:\Documents and Settings\admin_sertman\_viminfo
    [2011/03/14 07:29:43 | 004,574,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-573735546-1417001333-429851-0.dat
    [2011/03/09 20:10:52 | 004,590,390 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-573735546-1417001333-386158-0.dat
    [2011/03/08 20:41:32 | 000,499,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/02/17 10:11:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\admin_sertman\Application Data\$_hpcst$.hpc
    [2011/02/17 10:05:23 | 000,078,122 | RHS- | C] () -- C:\Documents and Settings\admin_sertman\ntuser.pol
    [2011/02/12 17:55:33 | 000,000,276 | ---- | C] () -- C:\WINDOWS\eas.ini
    [2011/02/08 01:11:19 | 000,088,656 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2010/08/11 05:19:44 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2008/12/10 11:38:56 | 000,159,485 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

    ========== ZeroAccess Check ==========

    [2008/09/11 16:36:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
    Interface type: IDE
    Media Type: Fixed\thard disk media
    Model: TOSHIBA MK2552GSX
    Partitions: 2
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
    Interface type: USB
    Media Type: Fixed\thard disk media
    Model: Seagate FreeAgent GoFlex USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 225.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 8.00GB
    Starting Offset: 241987737600
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #0
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 466.00GB
    Starting Offset: 32256
    Hidden sectors: 0

    [2010/04/24 05:24:43 | 000,000,000 | -H-D | M] -- C:\DESKTOP_HARD_DRIVE\Documents and Settings\sertman\Desktop\Thumb Drive\TC\TrueCrypt
    [2007/06/21 06:50:32 | 000,000,381 | -H-- | M] () -- C:\DESKTOP_HARD_DRIVE\Documents and Settings\sertman\Desktop\Thumb Drive\TC\TrueCrypt.lnk
    [2010/04/24 05:21:55 | 000,000,000 | -H-D | M] -- C:\DESKTOP_HARD_DRIVE\Users\Jobs\Akron_CSO_Assessment\Akron.Data
    [2011/08/19 13:42:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\admin_sertman\InstallAnywhere
    [2009/03/20 10:07:46 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
    [2012/10/03 13:22:53 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2011/08/19 13:43:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
    [2010/09/06 04:32:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Autodesk\DWG TrueView 2011\UserDataCache
    [2007/02/15 08:59:18 | 000,308,832 | -H-- | M] (CANON INC.) -- C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe
    [2009/01/14 03:54:45 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ\IJPrinter
    [2009/03/20 10:07:46 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ\IJScan
    [2009/01/14 03:54:51 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ\IJPrinter\Canon iP90
    [2009/03/20 10:07:55 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ\IJScan\CNQ4805
    [2008/02/28 16:03:40 | 006,104,632 | -H-- | M] (Google Inc.) -- C:\Program Files\Picasa2\setup.exe
    [2011/11/23 14:13:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\msdownld.tmp
    [2009/03/20 10:07:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\system32\CanonIJ Uninstaller Information
    [2011/02/12 17:50:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\system32\dwrcssft
    [2009/01/14 03:54:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP90
    [2009/03/20 10:07:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805
    [2012/10/19 09:01:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\system32\GroupPolicy\BeyondTrust\History

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

    < %systemroot%\System32\config\*.sav >
    [2008/09/11 09:30:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2008/09/11 09:30:05 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2008/09/11 09:30:05 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %SYSTEMDRIVE%\*.exe /md5 >
    [2004/03/18 17:43:48 | 000,079,872 | ---- | M] (Microsoft) MD5=FA3E13260171B038CC70422238017849 -- C:\robocopy.exe

    < "%WinDir%\$NtUninstallKB*.*" /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %appdata%\*.* >
    [2011/02/17 10:11:07 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\admin_sertman\Application Data\$_hpcst$.hpc
    [2008/09/11 09:30:59 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\admin_sertman\Application Data\desktop.ini
    [2012/02/03 13:02:57 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\admin_sertman\Application Data\winscp.rnd

    < MD5 for: SERVICES.EXE >
    [2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
    [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

    < MD5 for: USERINIT.EXE >
    [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
    [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
    [C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
    [C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
    [C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction
    < End of report >
  10. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Here is Part 1 of the OTL Extras logfile:
    ----------------------------------------------------------------------------------------------------------------------------
    ----------------------------------------------------------------------------------------------------------------------------

    OTL Extras logfile created on: 10/19/2012 9:04:08 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin_sertman\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 70.61% Memory free
    4.71 Gb Paging File | 3.92 Gb Available in Paging File | 83.17% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 225.37 Gb Total Space | 103.64 Gb Free Space | 45.99% Space Free | Partition Type: NTFS
    Drive G: | 465.76 Gb Total Space | 434.94 Gb Free Space | 93.38% Space Free | Partition Type: NTFS

    Computer Name: MAH-SERTMAN | User Name: admin_sertman | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
    "AllowUserPrefMerge" = 1
    "Enabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
    "%ProgramFiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Microsoft Communicator 2005 R2" = %ProgramFiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Microsoft Communicator 2005 R2
    "%ProgramFiles%\Riverbed\Steelhead Mobile\rbtsport.exe:*:enabled:Riverbed Steelhead Mobile Client" = %ProgramFiles%\Riverbed\Steelhead Mobile\rbtsport.exe:*:enabled:Riverbed Steelhead Mobile Client
    "%WINDIR%\CMAgent\Installer\EcmAgentInspector\EcmAgtStartup.exe:10.4.0.119,10.4.1.11:enabled:EcmAgtStartup" = %WINDIR%\CMAgent\Installer\EcmAgentInspector\EcmAgtStartup.exe:10.4.0.119,10.4.1.11:enabled:EcmAgtStartup -- (Configuresoft, Inc.)
    "%WINDIR%\CMAgent\Installer\EcmInstallSimpleInstaller\EcmColInstallAgtSimpleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:EcmAgentSimpleInstallerDcom" = %WINDIR%\CMAgent\Installer\EcmInstallSimpleInstaller\EcmColInstallAgtSimpleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:EcmAgentSimpleInstallerDcom -- (Configuresoft, Inc.)
    "%WINDIR%\CMAgent\Installer\EcmModuleInstaller\EcmColInstallAgtModuleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:EcmColInstallAgtModuleInstallerDcom" = %WINDIR%\CMAgent\Installer\EcmModuleInstaller\EcmColInstallAgtModuleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:EcmColInstallAgtModuleInstallerDcom -- (Configuresoft, Inc.)
    "%WINDIR%\ECM4\Installer\EcmAgentInspector\EcmAgtStartup.exe:10.4.0.119,10.4.1.11:enabled:EcmAgtStartup" = %WINDIR%\ECM4\Installer\EcmAgentInspector\EcmAgtStartup.exe:10.4.0.119,10.4.1.11:enabled:EcmAgtStartup
    "%WINDIR%\ECM4\Installer\EcmInstallSimpleInstaller\EcmColInstallAgtSimpleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:EcmAgentSimpleInstallerDcom" = %WINDIR%\ECM4\Installer\EcmInstallSimpleInstaller\EcmColInstallAgtSimpleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:EcmAgentSimpleInstallerDcom
    "%WINDIR%\ECM4\Installer\EcmModuleInstaller\EcmColInstallAgtModuleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:EcmColInstallAgtModuleInstallerDcom" = %WINDIR%\ECM4\Installer\EcmModuleInstaller\EcmColInstallAgtModuleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:EcmColInstallAgtModuleInstallerDcom
    "%programfiles%\Cisco Systems\Cisco IP Communicator\communicatork9.exe:10.0.0.0/8:enabled:Cisco IP Communicator" = %programfiles%\Cisco Systems\Cisco IP Communicator\communicatork9.exe:10.0.0.0/8:enabled:Cisco IP Communicator
    "%ProgramFiles%\Microsoft Lync\communicator.exe:*:enabled:Microsoft Lync 2010" = %ProgramFiles%\Microsoft Lync\communicator.exe:*:enabled:Microsoft Lync 2010 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
    "AllowUserPrefMerge" = 1
    "Enabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
    "135:TCP:10.4.1.32:enabled:Websense Polling" = 135:TCP:10.4.1.32:enabled:Websense Polling
    "2967:TCP:10.0.0.0/8:enabled:Symantec RTVScan - TCP" = 2967:TCP:10.0.0.0/8:enabled:Symantec RTVScan - TCP
    "2967:UDP:10.0.0.0/8:enabled:Symantec RTVScan - UDP" = 2967:UDP:10.0.0.0/8:enabled:Symantec RTVScan - UDP
    "3389:TCP:10.0.0.0/8:enabled:Microsoft RDP" = 3389:TCP:10.0.0.0/8:enabled:Microsoft RDP
    "38293:UDP:10.0.0.0/8:enabled:Intel PDS Service" = 38293:UDP:10.0.0.0/8:enabled:Intel PDS Service
    "9090:TCP:10.0.0.0/8:enabled:ARC Billing" = 9090:TCP:10.0.0.0/8:enabled:ARC Billing
    "9593:TCP:10.0.0.0/8:enabled:LANDesk Management Suite" = 9593:TCP:10.0.0.0/8:enabled:LANDesk Management Suite
    "9594:TCP:10.0.0.0/8:enabled:LANDesk Management Suite" = 9594:TCP:10.0.0.0/8:enabled:LANDesk Management Suite
    "9595:TCP:10.0.0.0/8:enabled:LANDesk Management Suite" = 9595:TCP:10.0.0.0/8:enabled:LANDesk Management Suite
    "12174:TCP:10.0.0.0/8:enabled:LANDesk Management Suite" = 12174:TCP:10.0.0.0/8:enabled:LANDesk Management Suite
    "9535:TCP:10.0.0.0/8:enabled:LANDesk Management Suite" = 9535:TCP:10.0.0.0/8:enabled:LANDesk Management Suite
    "9595:UDP:10.0.0.0/8:enabled:LANDesk Management Suite" = 9595:UDP:10.0.0.0/8:enabled:LANDesk Management Suite
    "9535:UDP:10.0.0.0/8:enabled:LANDesk Management Suite" = 9535:UDP:10.0.0.0/8:enabled:LANDesk Management Suite
    "33355:UDP:10.0.0.0/8:enabled:LANDesk Management Suite" = 33355:UDP:10.0.0.0/8:enabled:LANDesk Management Suite
    "33354:UDP:10.0.0.0/8:enabled:LANDesk Management Suite" = 33354:UDP:10.0.0.0/8:enabled:LANDesk Management Suite

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
    "AllowOutboundDestinationUnreachable" = 1
    "AllowOutboundSourceQuench" = 0
    "AllowRedirect" = 0
    "AllowInboundEchoRequest" = 1
    "AllowInboundRouterRequest" = 1
    "AllowOutboundTimeExceeded" = 1
    "AllowOutboundParameterProblem" = 0
    "AllowInboundTimestampRequest" = 0
    "AllowInboundMaskRequest" = 0
    "AllowOutboundPacketTooBig" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
    "LogDroppedPackets" = 1
    "LogSuccessfulConnections" = 0
    "LogFilePath" = %SYSTEMROOT%\firewall.log -- ()
    "LogFileSize" = 10240

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
    "Enabled" = 1
    "RemoteAddresses" = 10.4.1.11,10.4.1.215,10.4.0.70,10.4.1.17,10.4.0.213,10.4.2.42,10.4.0.250,10.4.2.50,10.4.2.53,10.4.0.66,10.4.0.67,10.4.0.167

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
    "Enabled" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    "DisableUnicastResponsesToMulticastBroadcast" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
    "AllowUserPrefMerge" = 0
    "Enabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
    "%WINDIR%\CMAgent\Installer\EcmAgentInspector\EcmAgtStartup.exe:10.4.0.119,10.4.1.11:enabled:External - EcmAgtStartup" = %WINDIR%\CMAgent\Installer\EcmAgentInspector\EcmAgtStartup.exe:10.4.0.119,10.4.1.11:enabled:External - EcmAgtStartup -- (Configuresoft, Inc.)
    "%WINDIR%\CMAgent\Installer\EcmInstallSimpleInstaller\EcmColInstallAgtSimpleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:External - EcmAgentSimpleInstallerDcom" = %WINDIR%\CMAgent\Installer\EcmInstallSimpleInstaller\EcmColInstallAgtSimpleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:External - EcmAgentSimpleInstallerDcom -- (Configuresoft, Inc.)
    "%WINDIR%\CMAgent\Installer\EcmModuleInstaller\EcmColInstallAgtModuleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:External - EcmColInstallAgtModuleInstallerDcom" = %WINDIR%\CMAgent\Installer\EcmModuleInstaller\EcmColInstallAgtModuleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:External - EcmColInstallAgtModuleInstallerDcom -- (Configuresoft, Inc.)
    "%WINDIR%\ECM4\Installer\EcmAgentInspector\EcmAgtStartup.exe:10.4.0.119,10.4.1.11:enabled:External - EcmAgtStartup" = %WINDIR%\ECM4\Installer\EcmAgentInspector\EcmAgtStartup.exe:10.4.0.119,10.4.1.11:enabled:External - EcmAgtStartup
    "%WINDIR%\ECM4\Installer\EcmInstallSimpleInstaller\EcmColInstallAgtSimpleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:External - EcmAgentSimpleInstallerDcom" = %WINDIR%\ECM4\Installer\EcmInstallSimpleInstaller\EcmColInstallAgtSimpleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:External - EcmAgentSimpleInstallerDcom
    "%WINDIR%\ECM4\Installer\EcmModuleInstaller\EcmColInstallAgtModuleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:External - EcmColInstallAgtModuleInstallerDcom" = %WINDIR%\ECM4\Installer\EcmModuleInstaller\EcmColInstallAgtModuleInstallerDcom.exe:10.4.0.119,10.4.1.11:enabled:External - EcmColInstallAgtModuleInstallerDcom
    "%programfiles%\microsoft activesync\wcesmgr.exe:localsubnet:enabled:External - ActiveSync Application" = %programfiles%\microsoft activesync\wcesmgr.exe:localsubnet:enabled:External - ActiveSync Application -- (Microsoft Corporation)
    "%programfiles%\microsoft activesync\wcescomm.exe:localsubnet:enabled:External - ActiveSync Connection Manager" = %programfiles%\microsoft activesync\wcescomm.exe:localsubnet:enabled:External - ActiveSync Connection Manager -- (Microsoft Corporation)
    "%programfiles%\microsoft activesync\rapimgr.exe:localsubnet:enabled:External - ActiveSync RAPI Manager" = %programfiles%\microsoft activesync\rapimgr.exe:localsubnet:enabled:External - ActiveSync RAPI Manager -- (Microsoft Corporation)
    "%programfiles%\Cisco Systems\Cisco IP Communicator\communicatork9.exe:10.0.0.0/8:enabled:Cisco IP Communicator" = %programfiles%\Cisco Systems\Cisco IP Communicator\communicatork9.exe:10.0.0.0/8:enabled:Cisco IP Communicator
    "%ProgramFiles%\Microsoft Lync\communicator.exe:*:enabled:Microsoft Lync 2010" = %ProgramFiles%\Microsoft Lync\communicator.exe:*:enabled:Microsoft Lync 2010 -- (Microsoft Corporation)
    "%ProgramFiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Microsoft Communicator 2005 R2" = %ProgramFiles%\Microsoft Office Communicator\communicator.exe:*:enabled:Microsoft Communicator 2005 R2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
    "AllowUserPrefMerge" = 0
    "Enabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
    "9:TCP:127.0.0.1:disabled:Fake entry to allow inbound port exceptions to be enabled in this policy" = 9:TCP:127.0.0.1:disabled:Fake entry to allow inbound port exceptions to be enabled in this policy
    "26675:TCP:localsubnet:enabled:External - ActiveSync Service" = 26675:TCP:localsubnet:enabled:External - ActiveSync Service
    "9593:TCP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9593 TCP" = 9593:TCP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9593 TCP
    "9594:TCP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9594 TCP" = 9594:TCP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9594 TCP
    "9595:TCP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9595 TCP" = 9595:TCP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9595 TCP
    "12174:TCP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 12174 TCP" = 12174:TCP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 12174 TCP
    "9535:TCP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9535 TCP" = 9535:TCP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9535 TCP
    "38293:UDP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 38293 UDP" = 38293:UDP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 38293 UDP
    "9595:UDP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9595 UDP" = 9595:UDP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9595 UDP
    "9535:UDP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9535 UDP" = 9535:UDP:10.0.0.0/8:enabled:External - LANDesk Management Suite - 9535 UDP
    "7801:TCP:*:enabled:External - Steelhead Mobile - 7801 TCP" = 7801:TCP:*:enabled:External - Steelhead Mobile - 7801 TCP

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
    "AllowOutboundDestinationUnreachable" = 1
    "AllowOutboundSourceQuench" = 0
    "AllowRedirect" = 0
    "AllowInboundEchoRequest" = 1
    "AllowInboundRouterRequest" = 1
    "AllowOutboundTimeExceeded" = 1
    "AllowOutboundParameterProblem" = 0
    "AllowInboundTimestampRequest" = 0
    "AllowInboundMaskRequest" = 0
    "AllowOutboundPacketTooBig" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
    "LogDroppedPackets" = 1
    "LogSuccessfulConnections" = 0
    "LogFilePath" = %SYSTEMROOT%\firewall.log -- ()
    "LogFileSize" = 32767

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
    "Enabled" = 1
    "RemoteAddresses" = 10.4.1.11,10.4.2.42,10.4.0.250,10.4.2.50,10.4.2.53,10.4.0.66,10.4.0.67,10.4.0.167

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
    "Enabled" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
    "Enabled" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
    "Enabled" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "5900:TCP" = 5900:TCP:*:Enabled:vnc5900
    "5800:TCP" = 5800:TCP:*:Enabled:vnc5800
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "8999:TCP" = 8999:TCP:*:Enabled:DameWare Mini Remote Control Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "59007:TCP" = 59007:TCP:*:Enabled:pandoRest Listening Port
    "56505:TCP" = 56505:TCP:*:Enabled:pando Media Booster
    "56505:UDP" = 56505:UDP:*:Enabled:pando Media Booster
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
  11. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Here is Part 2 of the OTL Extras logfile:
    ----------------------------------------------------------------------------------------------------------------------------
    ----------------------------------------------------------------------------------------------------------------------------

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:HP Network Device Rediscovery Service -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Nirvana\SWLive\SWLive.exe" = C:\Program Files\Nirvana\SWLive\SWLive.exe:127.0.0.1/255.255.255.255:Enabled:SWLive
    "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
    "C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
    "C:\Program Files\NBC Direct\DirectPlayerCore.exe" = C:\Program Files\NBC Direct\DirectPlayerCore.exe:*:Enabled:NBC Direct
    "C:\WINDOWS\TIREMOTE\TIRemoteService.exe" = C:\WINDOWS\TIREMOTE\TIRemoteService.exe:*:Enabled:Track-It! Workstation Manager -- (Numara Software, Inc.)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
    "C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
    "C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
    "C:\Documents and Settings\sertman\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.exe" = C:\Documents and Settings\sertman\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.exe:*:Enabled:Skype
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Abacus\BillingPopup\AbacusBillingPopupService.exe" = C:\Program Files\Abacus\BillingPopup\AbacusBillingPopupService.exe:*:Enabled:Abacus Billing Popup Service -- (American Reprographics Company)
    "C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe" = C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe:*:Enabled:Abacus Billing Popup Client -- (American Reprographics Company)
    "C:\WINDOWS\system32\mDNSResponder.exe" = C:\WINDOWS\system32\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\LANDesk\LDCLient\AdvanceAgent.exe" = C:\Program Files\LANDesk\LDCLient\AdvanceAgent.exe:*:Enabled:LANDesk Advance Agent
    "C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service -- (LANDesk Software Ltd.)
    "C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)
    "C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent -- (LANDesk Software, Inc. and its affiliates.)
    "C:\Program Files\LANDesk\LDClient\tmcsvc.exe" = C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast -- (LANDesk Software, Inc. and its affiliates.)
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\Microsoft Lync\communicator.exe" = C:\Program Files\Microsoft Lync\communicator.exe:*:Enabled:Lync -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Lync\UcMapi.exe" = C:\Program Files\Microsoft Lync\UcMapi.exe:*:Enabled:UcMapi -- (Microsoft Corporation)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent -- (Avocent Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
    "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
    "C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
    "C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
    "C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Abacus\BillingPopup\AbacusBillingPopupService.exe" = C:\Program Files\Abacus\BillingPopup\AbacusBillingPopupService.exe:*:Enabled:Abacus Billing Popup Service -- (American Reprographics Company)
    "C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe" = C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe:*:Enabled:Abacus Billing Popup Client -- (American Reprographics Company)
    "C:\WINDOWS\system32\mDNSResponder.exe" = C:\WINDOWS\system32\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files\Hp\HP Officejet 7500 E910\Bin\DeviceSetup.exe" = C:\Program Files\Hp\HP Officejet 7500 E910\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
    "C:\Program Files\Hp\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe" = C:\Program Files\Hp\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
    "C:\Program Files\Microsoft Lync\UcMapi.exe" = C:\Program Files\Microsoft Lync\UcMapi.exe:*:Enabled:UcMapi -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Lync\communicator.exe" = C:\Program Files\Microsoft Lync\communicator.exe:*:Enabled:Lync -- (Microsoft Corporation)
    "C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent -- (Avocent Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{06b2b7ed-809a-44e6-8538-ca0f5b74ecc4}.sdb" = CVE-2012-1889
    "{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility
    "{088581C6-156F-4D1E-B4E0-FD11E3742A17}" = SonUtils
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A4F187E-BB7F-48ED-906F-3609CAAFEC65}" = HYDRAS3 LT
    "{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0E57CA21-3406-4934-8231-78627D84BB79}" = Websense Endpoint
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP90" = Canon iP90
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
    "{1611A5CF-50B8-4669-98BF-087A28A8CB49}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
    "{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
    "{177BD75A-2B69-47BC-944F-27F5DAAFFE81}" = Lakes Environmental WRPLOT View - Freeware V.6.5.1
    "{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18CC6334-7ED1-44e8-AA25-A0B1B5E56B8E}" = L7700
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1AADD9E6-1EEA-4015-BB14-1B0014495FCE}" = Teledyne RD Instruments PlanADCP v2.06
    "{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}" = Family Tree Maker 2012
    "{1D13B230-B709-49E5-9641-7A9047E7762F}" = Admiralty Digital Catalogue 1.6.5
    "{1E1BFFDB-F373-4DD5-9DC7-B2A003A04C15}" = ViewADP
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}" = HP Officejet 7500 E910 Help
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{2674A0AE-0BA4-41C7-9023-4FD307F61001}" = Teledyne RD Instruments SurfaceView v1.09
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{29447369-6968-4e86-a208-603f6f0771a6}.sdb" = CVE-2012-1889
    "{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
    "{298841B2-F28A-4AEF-9F10-2505B3D6993E}" = SRS1 Cubic Spline for Excel
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
    "{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000 SR-1
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3567006D-78F7-4E72-9258-E333ACBC0F2F}" = NTI Shadow 4
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{37115AAB-2549-4E74-869B-71E68161DC8E}" = NTI Ninja 4
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3B101941-675F-4470-93D6-BFED1469DF7E}" = LoggerNet 4.0
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Etisalat USB
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
    "{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
    "{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk(R) Common Base Agent 8
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{480C80F7-0A26-4ED6-9077-177EC5AD9AF8}" = CMAgent5.2.1.43
    "{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware
    "{4BD88989-38A3-4227-A6E4-6E5C54804ED2}" = LANDesk Advance Agent
    "{4C7D2491-8A4B-4621-803E-AACF4AF9DB74}" = mobile broadband manager
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{4EB0C586-8015-4D9F-B711-EF7A4C13169C}" = HDR Interactive Call Expensor
    "{4ED81C88-1F99-4DCC-9C26-05FBF492B1DF}" = Abacus Billing Popup
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
    "{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}" = Microsoft Office PowerPoint 2007 Get Started Tab
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61B84435-7A82-4F5C-87EC-1071EC28D72D}" = TOSHIBA Utilities
    "{634FA727-B731-4204-AADC-D6F34F41374F}" = HP Officejet 7500 E910 Basic Device Software
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{6669C30F-B453-4A43-9C29-C9CEA25ADFA9}" = HDR - Harvey Balls Font
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{686695ED-BB3F-415D-B0DB-18CF535F7B50}" = Driver Manager
    "{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus
    "{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
    "{6ED6BB9B-669A-4C50-B49E-9270E5BEDAE3}" = Teledyne RD Instruments WinADCP v1.14
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
    "{743D18E2-1B67-4AA9-9E74-B392505A3565}" = Aventail OPSWAT End Point Control
    "{75078933-CD23-4ED9-8334-F88379F4C2D1}" = CurrentMonitor
    "{7567B648-CC60-4DB8-BEF5-321AFE3A960E}" = Teledyne RD Instruments WavesMon Documentation
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7D15B945-2725-4443-AB3F-D900556612FE}" = User Profile Hive Cleanup Service
    "{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
    "{813EE1F0-D251-4F98-AC91-9B98CF22717E}" = WD Drive Manager (x86)
    "{81A3B75B-3784-4917-8AA7-5E4580C9C273}" = Teledyne RD Instruments WavesMon v3.08
    "{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
    "{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8C045626-4496-4238-B3B8-394CC6D46427}" = 7500_7600_7700_Help
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = TOSHIBA Power Saver
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
     
  12. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Here is Part 3 (and the end) of the OTL Extras logfile:
    ----------------------------------------------------------------------------------------------------------------------------
    ----------------------------------------------------------------------------------------------------------------------------

    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
    "{939E704B-022F-402A-86C8-6BE4AD128B2E}" = SWLive
    "{945F844A-769E-37E3-A945-FEF421298C60}" = Multi-Targeting Pack for the Microsoft .NET Framework 4.0.2
    "{95140000-0052-0409-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{97C7B36A-46A9-4A7C-BC43-135D01781375}" = Teledyne RD Instruments Tools November 2009
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE00FB9-E6A5-4155-82C1-ECB630A3A7C1}" = RTMC Pro 3.1
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9CD8FC8E-A1CA-4634-96BC-CD6B2D4797CC}" = Lizardtech Express View Browser Plug-in
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2B7DE12-A197-416A-B44B-A5A39B169273}" = EASClient
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
    "{AAE221D5-C3DD-4FE2-A063-C1368FE730A5}" = Symantec Endpoint Protection
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB6FFA58-F491-11D3-8951-000000026114}" = iPassConnect
    "{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
    "{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
    "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2AD5ADB-E31A-430F-B382-BABF0E93F113}" = Teledyne RD Instruments WinSC v1.31
    "{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{BEB09DF2-49C2-4D5E-B71C-DB5EB4E100F7}" = WinADCP docs
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C02A6D5F-0FE1-46DE-B483-2BD33A226BCF}" = TOSHIBA TouchPad ON/Off Utility
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1402431-CA42-5A99-9F17-080C641EC9E4}" = ProjectWise Explorer V8i (SELECTseries 3)
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
    "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
    "{D33EA845-AAF5-4F0F-A7D9-E9B9AE7DFC22}" = Waves Docs
    "{D48D30E5-470B-4386-B784-DBB49A62FB41}" = Teledyne RD Instruments WinSC and PlanADCP Documentation
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DD854795-BF0A-477B-8E45-F71CE21958B3}" = Slingshot
    "{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
    "{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E4A79980-931A-48DC-8819-AAB10FF54E2A}_is1" = WavesMon Documentation version Nov11
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E5367C84-A736-46D7-9C66-1BB5AC6ED788}" = HDR ProjectWise SS3 (32 Bit) Client Customizations
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{ED60612C-B481-481B-AE8C-934FB825A84B}" = DeployADP
    "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{f300e352-12de-4e7f-ace3-a376874402b6}.sdb" = CVE-2012-1889
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F3E374F7-B06D-498A-947E-5CB7DB9E9C43}" = Short Cut 2.8
    "{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package
    "{F58E04CD-6E76-43C8-AAF1-482225C2910E}" = Xml Viewer
    "{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
    "{F880BEFC-E294-4328-8A72-E99B44CE29F9}" = BeyondTrust PowerBroker Desktops Client
    "{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi Software
    "{F91FD799-A90D-4A1C-AC99-F5723E8B70F8}" = CM Remote Client
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBAA5E9E-8614-11E1-B079-B8AC6F97B88E}" = Google Earth Pro
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "ActiveTouchMeetingClient" = WebEx
    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
    "Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
    "AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
    "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
    "AniMap" = The Gold Bug AniMap 3.0
    "Canon CanoScan 8800F User Registration" = Canon CanoScan 8800F User Registration
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CutePDF Writer Installation" = CutePDF Writer 3.0
    "Digital Editions" = Adobe Digital Editions
    "DSMT6" = MathType 6
    "DWG TrueView 2011" = DWG TrueView 2011
    "ePassword Keeper" = ePassword Keeper
    "Family Tree Maker 2012" = Family Tree Maker 2012
    "Generic USB Sound" = USB7.1 AUDIO
    "GSview 4.9" = GSview 4.9
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Document Viewer" = HP Document Viewer 7.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
    "InstallShield_{3567006D-78F7-4E72-9258-E333ACBC0F2F}" = NTI Shadow 4
    "InstallShield_{37115AAB-2549-4E74-869B-71E68161DC8E}" = NTI Ninja 4
    "InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mathcad 2000 Professional" = Mathcad 2000 Professional
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "ncBrowse" = ncBrowse
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Numara Track-It! Agent" = Numara Track-It! 9 Agent
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "Online Documentation" = Online Documentation
    "Picasa2" = Picasa 2
    "ProInst" = Intel PROSet Wireless
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "RADVideo" = RAD Video Tools
    "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
    "ST6UNST #1" = PC295W v2.00
    "ST6UNST #2" = YSI Code Updater
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "ttkVWR_is1" = TatukGIS Viewer 1.11.0.363
    "Ultravnc2_is1" = UltraVNC 1.0.8.2
    "unWNW1.0" = Webster's New World Dictionary
    "Vim 7.3" = Vim 7.3 (self-installing)
    "VueScan" = VueScan
    "WaveView" = WaveView
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Window Washer" = Window Washer
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "WXTide32" = WXTide32
    "XpsEP" = XPS Essentials Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/18/2012 2:50:18 PM | Computer Name = MAH-SERTMAN | Source = MsiInstaller | ID = 10005
    Description = Product: 32 Bit HP BiDi Channel Components Installer -- The installer
    has encountered an unexpected error installing this package. This may indicate
    a problem with this package. The error code is 2753. The arguments are: ipm12.CF34E983_546C_421F_A494_3C30281E4CF3,
    ,

    Error - 10/18/2012 2:50:22 PM | Computer Name = MAH-SERTMAN | Source = MsiInstaller | ID = 10005
    Description = Product: 32 Bit HP BiDi Channel Components Installer -- The installer
    has encountered an unexpected error installing this package. This may indicate
    a problem with this package. The error code is 2753. The arguments are: ipm12.CF34E983_546C_421F_A494_3C30281E4CF3,
    ,

    Error - 10/18/2012 7:06:10 PM | Computer Name = MAH-SERTMAN | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Bloodhound.MalPE in File: C:\System Volume Information\_restore{E6281E8D-5BCF-412A-8532-C7FE9ECF653A}\RP508\A0111023.exe
    by: Auto-Protect scan. Action: Delete succeeded : Access denied. Action Description:
    The file was deleted successfully.

    Error - 10/19/2012 8:09:28 AM | Computer Name = MAH-SERTMAN | Source = MsiInstaller | ID = 10005
    Description = Product: 32 Bit HP BiDi Channel Components Installer -- The installer
    has encountered an unexpected error installing this package. This may indicate
    a problem with this package. The error code is 2753. The arguments are: ipm12.CF34E983_546C_421F_A494_3C30281E4CF3,
    ,

    Error - 10/19/2012 8:18:09 AM | Computer Name = MAH-SERTMAN | Source = Userenv | ID = 1085
    Description = The Group Policy client-side extension PowerBroker Desktops failed
    to execute. Please look for any errors reported earlier by that extension.

    Error - 10/19/2012 8:19:24 AM | Computer Name = MAH-SERTMAN | Source = Userenv | ID = 1085
    Description = The Group Policy client-side extension PowerBroker Desktops failed
    to execute. Please look for any errors reported earlier by that extension.

    Error - 10/19/2012 8:28:35 AM | Computer Name = MAH-SERTMAN | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
    Event
    Info: Terminate Process Action Taken: Blocked Actor Process: C:\32788R22FWJFW\License\iexplore.exe
    (PID 2928) Time: Friday, October 19, 2012 8:28:35 AM

    Error - 10/19/2012 8:35:07 AM | Computer Name = MAH-SERTMAN | Source = Application Error | ID = 1000
    Description = Faulting application rmbr.3xe, version 0.0.0.0, faulting module ntdll.dll,
    version 5.1.2600.6055, fault address 0x00002128.

    Error - 10/19/2012 8:56:54 AM | Computer Name = MAH-SERTMAN | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
    C:\Documents and Settings\admin_sertman\Desktop\adwcleaner.exe (PID 5272) Time:
    Friday, October 19, 2012 8:56:54 AM

    Error - 10/19/2012 8:56:54 AM | Computer Name = MAH-SERTMAN | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
    Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Blocked
    Actor
    Process: C:\Documents and Settings\admin_sertman\Desktop\adwcleaner.exe (PID 5272)
    Time:
    Friday, October 19, 2012 8:56:54 AM

    [ OSession Events ]
    Error - 2/24/2011 2:27:15 PM | Computer Name = MAH-SERTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 157
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 3/8/2011 5:51:20 PM | Computer Name = MAH-SERTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9217
    seconds with 8820 seconds of active time. This session ended with a crash.

    Error - 3/15/2011 12:06:18 PM | Computer Name = MAH-SERTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1354
    seconds with 1320 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/17/2012 4:55:23 PM | Computer Name = MAH-SERTMAN | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 10/18/2012 8:28:06 AM | Computer Name = MAH-SERTMAN | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 10/18/2012 9:00:34 AM | Computer Name = MAH-SERTMAN | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 10/18/2012 10:55:28 AM | Computer Name = MAH-SERTMAN | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 10/18/2012 11:18:12 AM | Computer Name = MAH-SERTMAN | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 10/18/2012 11:56:28 AM | Computer Name = MAH-SERTMAN | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 10/19/2012 8:16:37 AM | Computer Name = MAH-SERTMAN | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 10/19/2012 8:35:02 AM | Computer Name = MAH-SERTMAN | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain INTRANET due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 10/19/2012 8:45:21 AM | Computer Name = MAH-SERTMAN | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 10/19/2012 9:00:50 AM | Computer Name = MAH-SERTMAN | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde


    < End of report >
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    Let me know also if redirects continue. :)
  14. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Hello DragonMaster Jay,

    We are definitely making progress. I ran OTL in fix mode; the log follows. The IE8 search redirects have stopped (Thank you!). Frankly, I thought we were done and since I didn't need to use my laptop for awhile, I ran a full scan using Lavasoft Ad-Aware expecting to see a clean PC. Unfortunately, Ad-Aware claims to have found and quarantined "Trojan.Win32.Generic!BT", which was something it was reporting before I contacted TechSpot. So unless this is just a false positive, it seems that my laptop might still be infected with malware. Can you offer further advice?
    -------------------------------------------------------------------------------------------------------
    -------------------------------------------------------------------------------------------------------

    All processes killed
    ========== OTL ==========
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eform.ae\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eforms.ae\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully.
    Invalid CLSID key: *
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found.
    Invalid CLSID key: *
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 321 bytes

    User: admin_jszydlik
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 537 bytes

    User: admin_sertman
    ->Temp folder emptied: 9782943 bytes
    ->Temporary Internet Files folder emptied: 8673716 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 16815457 bytes
    ->Flash cache emptied: 506 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 3455 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 57012 bytes

    User: install
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->Flash cache emptied: 36617 bytes

    User: jszydlik
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 556 bytes

    User: junk
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 321 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 128210 bytes
    ->Flash cache emptied: 799 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: sertman
    ->Temp folder emptied: 55066335 bytes
    ->Temporary Internet Files folder emptied: 6659629 bytes
    ->Java cache emptied: 2175415 bytes
    ->FireFox cache emptied: 53679955 bytes
    ->Google Chrome cache emptied: 20359126 bytes
    ->Flash cache emptied: 168231 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 127521 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 207007 bytes
    RecycleBin emptied: 729544 bytes

    Total Files Cleaned = 167.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10192012_182359
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Are you running a HP computer? A certain screensaver made by HP gets detected as Generic-BT.

    Open OTL, press Quick Scan, post log, please.
  16. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Working on the weekend, hmm? Thanks for your dedication!

    Regarding my laptop, it is a Toshiba Satellite Pro, and I use the standard Windows XP screen saver.

    The Ad-Aware response seems to be triggered by an executable that accesses winlogon.exe. The Ad-Aware scan log lists the following path and filename: "C:\WINDOWS\HDR\Scripts\ad_localcom_desc_sync.exe." However, when I viewed that directory, I did not see that file, nor did I find the file on my hard drive when I performed a filename search. That was earlier when I was logged in to my normal account. Just now, I searched while logged in to my administrator account, and I did find the file in the specified directory. Was the file newly transferred to my hard drive or is it possible to hide files from a "normal user" versus an "administrator"?

    I should mention that my laptop might be connecting with my employer's network in the background, so the executable file "ad_localcom_desc_sync.exe" might be something legitimate that they are imposing from outside. I examined the file with a text editor, but it did not contain sufficient ASCII/ANSI text to discern an origin or a purpose.

    Per your instructions, I ran an OTL Quick Scan. The first half of the log file follows:
    ==========================================================================================

    OTL logfile created on: 10/20/2012 4:21:36 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin_sertman\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 70.11% Memory free
    4.71 Gb Paging File | 3.93 Gb Available in Paging File | 83.34% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 225.37 Gb Total Space | 103.34 Gb Free Space | 45.85% Space Free | Partition Type: NTFS

    Computer Name: MAH-SERTMAN | User Name: admin_sertman | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/19 08:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin_sertman\Desktop\OTL.exe
    PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    PRC - [2012/09/20 15:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
    PRC - [2012/08/08 04:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    PRC - [2012/02/20 08:46:18 | 000,160,768 | ---- | M] (HDR, Inc.) -- C:\Program Files\HDR\HDR Interactive Call Expensor\ICE.exe
    PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    PRC - [2011/10/28 05:09:56 | 000,399,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
    PRC - [2011/10/20 05:22:32 | 001,459,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
    PRC - [2011/10/19 12:13:24 | 000,069,632 | ---- | M] (Websense, Inc.) -- C:\Program Files\Websense\Websense Endpoint\RFUI.exe
    PRC - [2011/10/19 11:57:38 | 000,060,928 | ---- | M] (Websense, Inc.) -- C:\Program Files\Websense\Websense Endpoint\wepsvc.exe
    PRC - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
    PRC - [2011/10/19 05:23:30 | 000,179,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    PRC - [2011/10/14 05:38:52 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    PRC - [2011/10/11 19:13:24 | 002,191,360 | ---- | M] (American Reprographics Company) -- C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe
    PRC - [2011/09/29 05:30:28 | 000,207,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
    PRC - [2011/08/30 19:56:58 | 000,046,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
    PRC - [2011/08/04 10:07:32 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2011/08/04 10:07:32 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2011/08/04 10:07:30 | 001,893,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2011/08/04 10:07:30 | 001,839,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2011/08/04 10:07:30 | 001,459,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2011/08/01 13:30:36 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
    PRC - [2011/07/29 05:47:02 | 000,446,464 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\LDRegWatch.exe
    PRC - [2011/07/21 09:24:00 | 000,496,128 | ---- | M] (LANDesk Software, Inc. and its affiliates ) -- C:\Program Files\LANDesk\LDClient\collector.exe
    PRC - [2011/07/21 03:44:14 | 000,299,008 | ---- | M] (American Reprographics Company) -- C:\Program Files\Abacus\BillingPopup\AbacusBillingPopupService.exe
    PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/04/20 10:12:18 | 000,618,896 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
    PRC - [2010/11/11 14:12:10 | 000,210,944 | ---- | M] (Numara Software, Inc.) -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe
    PRC - [2010/10/19 06:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    PRC - [2010/10/19 06:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    PRC - [2010/10/19 06:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2010/09/23 14:31:04 | 000,420,680 | ---- | M] (BeyondTrust Software, Inc.) -- C:\WINDOWS\system32\btservice.exe
    PRC - [2010/09/16 13:25:46 | 000,822,112 | ---- | M] (Shavlik Technologies, LLC) -- C:\WINDOWS\ProPatches\Scheduler\STSchedEx.exe
    PRC - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe
    PRC - [2009/12/05 17:52:54 | 000,102,400 | ---- | M] (Configuresoft, Inc.) -- C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe
    PRC - [2009/07/20 04:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2009/07/10 04:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
    PRC - [2009/06/26 07:56:58 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    PRC - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    PRC - [2008/04/14 19:43:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/11/21 09:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
    PRC - [2007/08/31 09:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
    PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
    PRC - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
    PRC - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
    PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
    PRC - [2006/03/16 16:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2005/04/15 18:13:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe
    PRC - [2005/01/17 19:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2003/04/01 12:33:00 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/25 16:07:36 | 000,165,768 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
    MOD - [2012/09/25 16:07:34 | 000,190,344 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
    MOD - [2012/08/03 05:35:37 | 000,148,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\02d4f7c8ce1dfb5fff316ce0e2fea2f2\System.Configuration.Install.ni.dll
    MOD - [2012/08/03 05:35:35 | 012,079,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\d0442665f4a2e9bdbb0b8c6cc54c2045\System.Web.ni.dll
    MOD - [2012/08/03 05:30:23 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
    MOD - [2012/08/03 05:29:55 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
    MOD - [2012/08/03 05:29:34 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
    MOD - [2012/08/03 05:27:48 | 000,492,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ad089eada43038d3c2a7cd11ceabd92f\IAStorUtil.ni.dll
    MOD - [2012/08/03 05:26:01 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9cbf4db0137df3dd2d784f0b5134ca33\System.Windows.Forms.ni.dll
    MOD - [2012/08/03 05:19:51 | 018,000,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4d0e6813ee28a4025fa95bc44c6f705\PresentationFramework.ni.dll
    MOD - [2012/08/03 05:19:28 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\8031637a4a7272b1933b2e3e4b0d0b1e\PresentationCore.ni.dll
    MOD - [2012/08/03 05:19:15 | 003,858,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\359af5f153629c174201d64f3df85bb2\WindowsBase.ni.dll
    MOD - [2012/08/03 05:19:13 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\1f95afe8b48bf2a342f6109c629e105a\System.Drawing.ni.dll
    MOD - [2012/08/03 05:15:23 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
    MOD - [2012/05/16 12:20:27 | 013,345,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\2b9bd93e5e06cf973a0fd6bc5be4a913\System.Data.Entity.ni.dll
    MOD - [2012/05/16 12:19:00 | 001,189,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\e71cb6db96a90da4509f3dfd6dbd0f3c\System.Data.OracleClient.ni.dll
    MOD - [2012/05/16 12:18:46 | 001,172,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8f0c9b7ceacd801e9605145985c6e9b2\System.DirectoryServices.ni.dll
    MOD - [2012/05/16 12:18:45 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a3f349ed89d70bbcb354ba571a514d1f\System.EnterpriseServices.ni.dll
    MOD - [2012/05/16 12:18:45 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a3f349ed89d70bbcb354ba571a514d1f\System.EnterpriseServices.Wrapper.dll
    MOD - [2012/05/16 12:18:44 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\fba015d3327119e4fe4c2eeb98c8f29a\System.Transactions.ni.dll
    MOD - [2012/05/16 12:18:42 | 002,658,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9f63fa70dd29977c1aa9c9e5e80799d8\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/16 12:18:39 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0aa2cbfdd66bbf6f74b7eccb111c0c95\System.Xml.Linq.ni.dll
    MOD - [2012/05/16 12:17:53 | 001,782,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\705c03cf409352bbed2b21fabdaacf03\System.Xaml.ni.dll
    MOD - [2012/05/16 12:14:58 | 000,172,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\01aba83a58ab96147dd87e4d6032a0d4\IsdiInterop.ni.dll
    MOD - [2012/05/16 12:14:58 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5f53bb9e3d1bd127a39576d1314842b5\IAStorCommon.ni.dll
    MOD - [2012/05/16 12:14:57 | 000,225,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\953c6e0e5db956f3b7acf40d04e71944\IAStorDataMgr.ni.dll
    MOD - [2012/05/16 12:14:57 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\84130a118b23db02a8b815679cf97e77\IAStorDataMgrSvc.ni.exe
    MOD - [2012/05/16 11:11:04 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\201d2726e96db96955949d510b78d79d\PresentationFramework.Luna.ni.dll
    MOD - [2012/05/16 11:11:03 | 006,864,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\f31a114b20f140f38a6e7e1bb6657dc9\System.Data.ni.dll
    MOD - [2012/05/16 11:10:52 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\c49cb68c6265385b749455cb32b79460\System.Xml.ni.dll
    MOD - [2012/05/16 11:10:47 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\b479bcb758794c25e7180ea8daa1e967\System.Configuration.ni.dll
    MOD - [2012/05/16 11:10:43 | 007,069,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\8b835da12888ff91d5465ec201af0e37\System.Core.ni.dll
    MOD - [2012/05/16 11:10:20 | 009,091,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\94df1a273c00450557c7a91c4e6fa0d6\System.ni.dll
    MOD - [2012/05/16 11:10:12 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\42b48b1297cae7a6c9ef37cd26c204dd\System.Numerics.ni.dll
    MOD - [2012/05/16 11:10:11 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\b3045990621c3617a0f9b85b50cfe5ea\mscorlib.ni.dll
    MOD - [2012/05/16 10:59:36 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
    MOD - [2012/05/16 10:56:12 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/16 10:54:16 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
    MOD - [2012/05/16 10:54:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
    MOD - [2012/05/16 10:54:00 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/16 10:53:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2012/03/11 14:55:40 | 000,088,656 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
    MOD - [2011/11/21 21:44:32 | 000,118,272 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\uncauthentication.dll
    MOD - [2011/10/19 11:47:08 | 001,107,456 | ---- | M] () -- C:\Program Files\Websense\Websense Endpoint\libxml2.dll
    MOD - [2011/10/14 05:29:26 | 000,186,880 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\httprequest.dll
    MOD - [2011/09/19 05:31:08 | 000,073,728 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\policy.client.business.dll
    MOD - [2011/07/29 05:47:02 | 000,446,464 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\LDRegWatch.exe
    MOD - [2011/05/20 11:05:26 | 000,059,904 | ---- | M] () -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    MOD - [2011/04/20 10:11:50 | 000,559,244 | ---- | M] () -- C:\Program Files\Webroot\Washer\sqlite3.dll
    MOD - [2009/11/23 17:51:30 | 000,024,576 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\processrunner.dll
    MOD - [2009/11/23 17:51:26 | 000,433,664 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\sqlite3.dll
    MOD - [2009/11/23 17:20:54 | 000,043,008 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\rollinglog.dll
    MOD - [2009/07/20 04:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
    MOD - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    MOD - [2007/04/20 08:28:38 | 000,106,567 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\ThinstallManageApi.dll
    MOD - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
    MOD - [2006/11/06 14:00:58 | 000,651,264 | ---- | M] () -- C:\Program Files\iPass\iPassConnect\libeay32.dll
    MOD - [2005/04/15 18:13:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe
    MOD - [2005/04/15 18:13:32 | 000,090,112 | ---- | M] () -- C:\Program Files\Wiley\Webster's New World\HKMLLoad.dll


    ========== Services (SafeList) ==========

    SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2011/10/20 05:22:32 | 001,459,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
    SRV - [2011/10/19 12:12:42 | 000,204,800 | ---- | M] (Websense, Inc.) [Auto | Running] -- C:\Program Files\Websense\Websense Endpoint\RFMain.dll -- (WSRF)
    SRV - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\SoftMon.exe -- (Softmon)
    SRV - [2011/10/19 05:23:30 | 000,179,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
    SRV - [2011/10/19 05:23:24 | 000,143,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe -- (ProcTrigger)
    SRV - [2011/10/19 05:22:36 | 000,066,560 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\tracksvc.exe -- (tracksvc)
    SRV - [2011/10/14 05:38:52 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
    SRV - [2011/09/29 05:30:28 | 000,207,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
    SRV - [2011/08/04 10:07:32 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2011/08/04 10:07:32 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2011/08/04 10:07:30 | 001,893,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2011/08/04 10:07:30 | 001,839,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2011/08/04 10:07:30 | 000,357,792 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2011/08/01 13:30:36 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe -- (CBA8)
    SRV - [2011/07/21 03:44:14 | 000,299,008 | ---- | M] (American Reprographics Company) [Auto | Running] -- C:\Program Files\Abacus\BillingPopup\AbacusBillingPopupService.exe -- (AbacusBillingPopupService)
    SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/04/20 10:12:18 | 000,618,896 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
    SRV - [2011/01/19 23:55:06 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2010/11/11 14:12:10 | 000,210,944 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
    SRV - [2010/10/19 06:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2010/10/19 06:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2010/10/19 06:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2010/09/23 14:31:04 | 000,420,680 | ---- | M] (BeyondTrust Software, Inc.) [Auto | Running] -- C:\WINDOWS\system32\btservice.exe -- (BTService)
    SRV - [2010/09/16 13:25:46 | 000,822,112 | ---- | M] (Shavlik Technologies, LLC) [Auto | Running] -- C:\WINDOWS\ProPatches\Scheduler\STSchedEx.exe -- (Shavlik Scheduler)
    SRV - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
    SRV - [2009/12/05 17:52:54 | 000,102,400 | ---- | M] (Configuresoft, Inc.) [Auto | Running] -- C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe -- (CSIRemoteC)
    SRV - [2009/12/03 06:07:00 | 000,243,968 | ---- | M] (NewTech Infosystems) [On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Shadow 4\NinjaService.exe -- (NinjaService)
    SRV - [2009/06/26 07:56:58 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
    SRV - [2008/12/16 18:00:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/05/21 17:07:00 | 000,111,984 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2008/04/14 19:43:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
    SRV - [2007/11/21 09:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
    SRV - [2007/08/31 09:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
    SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
    SRV - [2006/11/30 18:09:32 | 001,310,720 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
    SRV - [2006/11/29 17:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
    SRV - [2006/11/29 17:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
    SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2005/01/17 19:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\pciide.sys -- (PCIIde)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ngwfp.sys -- (NgWfp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ngvpn.sys -- (NgVpn)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nglog.sys -- (NgLog)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ngfilter.sys -- (NgFilter)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ivusb.sys -- (ivusb)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\EMP_UDAU.sys -- (eppvad_simple)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sertman\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/10/02 11:41:12 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121019.022\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/10/02 11:41:12 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121019.022\NAVENG.SYS -- (NAVENG)
    DRV - [2012/08/08 04:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/08/08 04:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/03/09 14:18:42 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
    DRV - [2011/11/29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
    DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2011/10/19 12:20:20 | 000,046,656 | ---- | M] (Websense, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\QIPTDI.sys -- (QipTdi)
    DRV - [2011/10/19 12:20:20 | 000,028,544 | ---- | M] (Websense, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RNetCore.sys -- (RNetCore)
    DRV - [2011/10/19 12:20:16 | 000,056,640 | ---- | M] (Websense, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Qip.sys -- (QIP)
    DRV - [2011/10/15 11:40:09 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/08/04 10:07:32 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2011/08/04 10:07:32 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2011/08/04 10:07:32 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2011/05/13 05:00:36 | 000,014,848 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
    DRV - [2011/05/13 05:00:36 | 000,006,656 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
    DRV - [2011/05/13 05:00:36 | 000,005,120 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
    DRV - [2011/02/17 10:09:07 | 000,156,928 | ---- | M] (NewTech Infosystems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NtiEnc.sys -- (NtiEnc)
    DRV - [2011/02/12 17:31:50 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP)
    DRV - [2011/02/08 09:34:31 | 000,010,688 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
    DRV - [2010/10/17 18:14:24 | 006,913,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32)
    DRV - [2010/09/23 14:32:00 | 000,030,416 | ---- | M] (BeyondTrust Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\privman.sys -- (privman)
    DRV - [2010/07/02 11:55:18 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2010/07/02 11:55:18 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
    DRV - [2010/07/02 11:55:18 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
    DRV - [2010/07/02 11:55:16 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2010/05/19 14:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2010/03/18 05:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2010/03/08 02:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2010/01/08 19:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2009/12/18 02:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2009/12/15 07:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
    DRV - [2009/11/19 06:33:20 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2009/10/25 21:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
    DRV - [2009/07/22 15:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
    DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
    DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV - [2009/04/23 03:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2008/05/12 15:06:44 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/04/14 08:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2008/04/09 22:01:16 | 004,703,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2008/01/23 17:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
    DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/09/19 07:02:24 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2007/04/04 11:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2007/03/26 15:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
    DRV - [2007/02/22 07:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2007/02/19 15:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
    DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/03/24 12:30:48 | 001,414,528 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudaxu.sys -- (cmudau32)
    DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
  17. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    The "second half" of the OTL log was too large, so I guess this part becomes the "second third".


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.hdrinc.com
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_en
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.alnaddy.com/?afltid=wbpk"
    FF - prefs.js..keyword.URL: "http://www.alnaddy.com/search/?q="
    FF - prefs.js..browser.search.selectedEngine: "Alnaddy"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/17 17:31:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 05:15:55 | 000,000,000 | ---D | M]

    [2012/08/01 00:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Extensions
    [2012/10/19 08:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Firefox\Profiles\93b1epg2.default\extensions
    [2012/10/17 10:37:43 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Firefox\Profiles\93b1epg2.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2012/08/29 04:24:01 | 000,001,389 | ---- | M] () -- C:\Documents and Settings\admin_sertman\Application Data\Mozilla\Firefox\Profiles\93b1epg2.default\searchplugins\alnaddyToolbar.xml
    [2012/10/17 17:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2008/12/15 21:32:42 | 004,796,416 | ---- | M] (Lizardtech Software) -- C:\Program Files\mozilla firefox\plugins\npexview.dll
    [2012/06/11 12:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
    [2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/10/19 08:44:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (PowerBroker Desktops Browser Helper) - {0A9CDB52-EBDF-4210-9C6A-B90C2FD410AB} - C:\WINDOWS\system32\pmbho.dll (BeyondTrust Software, Inc.)
    O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LANDeskCustomData] C:\Program Files\LANDesk\LDCLient\ldcstm32.exe (Avocent Corporation )
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
    O4 - HKCU..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Abacus Billing Client.lnk = C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe (American Reprographics Company)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HDR Interactive Call Expensor.lnk = C:\Program Files\HDR\HDR Interactive Call Expensor\ICE.exe (HDR, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WNW Tray Agent.lnk = C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 60
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1343983260375 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343983182187 (MUWebControl Class)
    O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www3.gotomeeting.com/default/applets/g2mdlax.cab (GoToMeeting Web Starter)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab (InstallShield International Setup Player)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class)
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Futuremark SystemInfo)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://asascience.webex.com/client/T27LB/webex/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://ice.hydroqual.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ice.hydroqual.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.73.134.246 10.4.0.91 10.4.0.139
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intranet.hdr
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{231FF0A2-8CAD-4FDC-B83A-4BB87C7AB06F}: DhcpNameServer = 10.73.134.246 10.4.0.91 10.4.0.139
    O18 - Protocol\Handler\jpip {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll (Lizardtech Software)
    O18 - Protocol\Handler\sidlet {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll (Lizardtech Software)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\btpload32.dll) - C:\WINDOWS\system32\btpload32.dll (BeyondTrust Software, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/09/11 16:34:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/19 18:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/10/19 08:55:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/10/19 08:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Desktop\malware
    [2012/10/19 08:32:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/10/19 08:29:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/10/19 08:29:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/10/19 08:29:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/10/19 08:29:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/10/19 08:28:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/19 08:28:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/10/19 08:08:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin_sertman\Desktop\OTL.exe
    [2012/10/18 11:29:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin_sertman\My Documents\My Videos
    [2012/10/18 11:29:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin_sertman\Start Menu\Programs\Administrative Tools
    [2012/10/18 10:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Application Data\Malwarebytes
    [2012/10/18 10:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/10/18 10:58:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/10/18 10:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/10/17 10:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
    [2012/10/17 10:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
    [2012/10/17 10:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Application Data\LavasoftStatistics
    [2012/10/17 10:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
    [2012/10/17 10:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2012/10/17 10:39:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\VDD
    [2012/10/17 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
    [2012/10/17 10:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Local Settings\Application Data\Downloaded Installations
    [2012/10/17 10:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Local Settings\Application Data\adawarebp
    [2012/10/17 10:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
    [2012/10/17 10:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
    [2012/10/17 10:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Application Data\adawaretb
    [2012/10/17 10:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
    [2012/10/17 10:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Application Data\Ad-Aware Antivirus
    [2012/10/17 10:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Local Settings\Application Data\Threat Expert
    [2012/10/17 09:32:48 | 000,203,120 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
    [2012/10/17 09:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/10/17 09:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2012/10/17 09:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Application Data\TestApp
    [2012/10/17 09:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
    [2012/10/04 11:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
    [2012/10/04 11:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin_sertman\Local Settings\Application Data\{F634D983-4380-4DAE-8533-9D1A163A3FC1}
    [2012/10/04 09:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Admiralty Digital Catalogue
    [2012/10/04 09:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Admiralty_Digital_Catalogue
    [2012/10/04 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Admiralty_Digital_Catalogue
    [2012/10/04 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Admiralty Digital Catalogue
    [2012/10/03 13:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2012/10/03 13:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012/10/03 13:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON Projector
    [2012/10/03 10:27:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/03 09:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
    [2012/10/03 09:09:34 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2012/10/03 09:09:31 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
    [2012/10/03 09:09:12 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
    [2012/10/03 09:09:09 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
    [2012/10/03 09:08:54 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
    [2012/10/03 09:08:51 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
    [2012/10/03 09:08:46 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
    [2012/10/03 09:08:31 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2012/10/03 09:08:14 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2012/10/03 09:08:11 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2012/10/03 09:08:09 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2012/10/03 09:08:04 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2012/10/03 09:08:01 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2012/10/03 09:07:58 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2012/10/03 09:07:55 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2012/10/03 09:07:44 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2012/10/03 09:07:32 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2012/10/03 09:07:30 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2012/10/03 09:07:27 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2012/10/03 09:07:23 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2012/10/03 09:07:08 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2012/10/03 09:06:57 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2012/10/03 09:06:55 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2012/10/03 09:06:44 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2012/10/03 09:06:41 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2012/10/03 09:06:39 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2012/10/03 09:06:36 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2012/10/03 09:06:33 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2012/10/03 09:06:31 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2012/10/03 09:06:07 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
    [2012/10/03 09:06:03 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2012/10/03 09:06:01 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2012/10/03 09:06:00 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2012/10/03 09:05:57 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2012/10/03 09:05:55 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2012/10/03 09:05:45 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2012/10/03 09:05:43 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2012/10/03 09:05:12 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2012/10/03 09:05:09 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2012/10/03 09:05:07 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2012/10/03 09:05:04 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2012/10/03 09:05:00 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2012/10/03 09:04:45 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
    [2012/10/03 09:04:27 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2012/10/03 09:04:24 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2012/10/03 09:04:21 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2012/10/03 09:04:19 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2012/10/03 09:04:17 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2012/10/03 09:03:57 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2012/10/03 09:03:55 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2012/10/03 09:03:52 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2012/10/03 09:03:47 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2012/10/03 09:03:26 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2012/10/03 09:03:24 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2012/10/03 09:03:22 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2012/10/03 09:03:19 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2012/10/03 09:03:04 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2012/10/03 09:02:59 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2012/10/03 09:02:57 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2012/10/03 09:02:46 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2012/10/03 09:02:44 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2012/10/03 09:02:42 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2012/10/03 09:02:39 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2012/10/03 09:02:37 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2012/10/03 09:02:35 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2012/10/03 09:02:32 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2012/10/03 09:02:30 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2012/10/03 09:02:28 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2012/10/03 09:02:22 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2012/10/03 09:02:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2012/10/03 09:02:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2012/10/03 09:02:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2012/10/03 09:02:19 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2012/10/03 09:02:18 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
    [2012/10/03 09:02:18 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2012/10/03 09:02:09 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2012/10/03 09:02:05 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2012/10/03 09:02:02 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2012/10/03 09:01:59 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2012/10/03 09:01:50 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2012/10/03 09:01:48 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2012/10/03 09:01:27 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2012/10/03 09:01:24 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2012/10/03 09:01:22 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2012/10/03 09:01:14 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2012/10/03 09:00:39 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2012/10/03 09:00:30 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2012/10/03 09:00:28 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2012/10/03 09:00:26 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2012/10/03 08:59:58 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2012/10/03 08:59:55 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2012/10/03 08:59:53 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2012/10/03 08:59:51 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2012/10/03 08:59:37 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2012/10/03 08:59:28 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2012/10/03 08:59:26 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2012/10/03 08:59:22 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2012/10/03 08:59:16 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2012/10/03 08:59:14 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2012/10/03 08:59:09 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2012/10/03 08:59:07 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2012/10/03 08:59:05 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
    [2012/10/03 08:59:02 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2012/10/03 08:59:00 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2012/10/03 08:58:58 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
  18. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    This is the "last third" of the OTL Quick Scan log file.

    [2012/10/03 08:58:52 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2012/10/03 08:58:50 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2012/10/03 08:58:47 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
    [2012/10/03 08:58:45 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2012/10/03 08:58:43 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2012/10/03 08:58:10 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
    [2012/10/03 08:57:46 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2012/10/03 08:57:32 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2012/10/03 08:57:30 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2012/10/03 08:57:29 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2012/10/03 08:57:27 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2012/10/03 08:57:27 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2012/10/03 08:57:25 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2012/10/03 08:57:19 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2012/10/03 08:57:18 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2012/10/03 08:57:16 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2012/10/03 08:57:14 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2012/10/03 08:57:11 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2012/10/03 08:57:09 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2012/10/03 08:56:39 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2012/10/03 08:56:14 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2012/10/03 08:55:00 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2012/10/03 08:54:53 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2012/10/03 08:54:34 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2012/10/03 08:54:32 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2012/10/03 08:54:30 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2012/10/03 08:54:20 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2012/10/03 08:54:15 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2012/10/03 08:54:14 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2012/10/03 08:54:11 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2012/10/03 08:54:10 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2012/10/03 08:54:08 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2012/10/03 08:54:07 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2012/10/03 08:53:57 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2012/10/03 08:53:54 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2012/10/03 08:53:52 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2012/10/03 08:52:54 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2012/10/03 08:52:51 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2012/10/03 08:52:45 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2012/10/03 08:52:44 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2012/10/03 08:52:43 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2012/10/03 08:52:40 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2012/10/03 08:52:39 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2012/10/03 08:52:38 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2012/10/03 08:52:37 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
    [2012/10/03 08:52:36 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2012/10/03 08:52:22 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2012/10/03 08:52:22 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2012/10/03 08:52:19 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2012/10/03 08:52:04 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2012/10/03 08:52:03 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2012/10/03 08:52:03 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2012/10/03 08:52:02 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2012/10/03 08:52:00 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2012/10/03 08:52:00 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2012/10/03 08:51:59 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2012/10/03 08:51:58 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2012/10/03 08:51:53 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2012/10/03 08:51:45 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2012/10/03 08:51:41 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2012/10/03 08:51:37 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2012/10/03 08:51:36 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2012/10/03 08:51:36 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2012/10/03 08:51:36 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2012/10/03 08:51:35 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2012/10/03 08:51:33 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2012/10/03 08:51:33 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2012/10/03 08:51:33 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2012/10/03 08:51:32 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2012/10/03 08:51:31 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2012/10/03 08:51:30 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
    [2012/10/03 08:51:30 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2012/10/03 08:51:13 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2012/10/03 08:51:13 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2012/10/03 08:51:13 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2012/10/03 08:51:12 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2012/10/03 08:51:12 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2012/10/03 08:51:11 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2012/10/03 08:51:11 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2012/10/03 08:51:11 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2012/10/03 08:51:09 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2012/10/03 08:51:09 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2012/10/03 08:51:09 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2012/10/03 08:51:08 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2012/10/03 08:51:08 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2012/10/03 08:51:07 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2012/10/03 08:51:07 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2012/10/03 08:51:06 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2012/10/03 08:51:06 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2012/10/03 08:51:06 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2012/10/03 08:51:04 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2012/10/03 08:51:02 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2012/10/03 08:51:02 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2012/10/03 08:51:01 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2012/10/03 08:51:01 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2012/10/03 08:51:00 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2012/10/03 08:51:00 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2012/10/03 08:51:00 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2012/10/03 08:50:33 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2012/10/03 08:50:29 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2012/10/03 08:50:19 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2012/10/03 08:50:18 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2012/10/03 08:50:17 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2012/10/03 08:50:17 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2012/10/03 08:50:17 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2012/10/03 08:50:16 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2012/10/03 08:50:14 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2012/10/03 08:50:12 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2012/10/03 08:50:11 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2012/10/03 08:50:11 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/10/20 16:22:09 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\HDR - Daily Workstation Tasks.job
    [2012/10/20 16:19:25 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2012/10/20 16:18:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/10/20 16:18:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc05d8ae4a481b.job
    [2012/10/20 16:17:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/10/20 16:17:52 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/20 15:39:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/19 08:44:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/10/19 08:32:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/10/19 08:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin_sertman\Desktop\OTL.exe
    [2012/10/18 17:14:23 | 000,159,485 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2012/10/17 17:42:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/10/17 10:22:18 | 000,078,122 | RHS- | M] () -- C:\Documents and Settings\admin_sertman\ntuser.pol
    [2012/10/17 09:33:15 | 000,712,567 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/10/03 16:54:12 | 001,796,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/10/03 12:23:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/10/03 09:19:59 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
    [2012/10/02 07:05:39 | 000,507,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/10/02 07:05:39 | 000,090,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/10/19 08:32:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/10/19 08:32:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/10/19 08:29:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/10/19 08:29:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/10/19 08:29:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/10/19 08:29:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/10/19 08:29:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/10/17 09:32:51 | 000,712,567 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/10/03 09:19:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
    [2012/10/03 09:09:31 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2012/10/03 09:09:28 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
    [2012/10/03 09:01:19 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2012/10/03 09:01:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2012/10/03 09:01:05 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2012/10/03 08:58:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2012/10/03 08:57:06 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2012/10/03 08:56:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
    [2012/10/03 08:56:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
    [2012/10/03 08:56:19 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2012/10/03 08:55:40 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2012/10/03 08:54:59 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2012/10/03 08:54:55 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2012/10/03 08:54:52 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2012/10/03 08:54:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2012/10/03 08:54:45 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2012/10/03 08:54:35 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2012/10/03 08:52:42 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2012/10/03 08:52:41 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2012/10/03 08:52:41 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2012/10/03 08:51:40 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2012/10/03 08:50:53 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2012/10/03 08:50:53 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2012/10/03 08:50:52 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2012/10/03 08:50:50 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2012/10/03 08:50:50 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2012/10/03 08:50:50 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2012/10/03 08:50:49 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2012/10/03 08:50:49 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2012/10/03 08:50:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2012/10/03 08:50:41 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2012/08/29 04:35:24 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\admin_sertman\wxDownloadFast.ini
    [2012/07/03 17:27:11 | 000,760,232 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/03/09 14:34:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
    [2012/03/09 14:34:49 | 000,005,197 | ---- | C] () -- C:\WINDOWS\Cmudau.ini
    [2012/02/28 10:50:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/14 15:25:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/02/03 13:02:57 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\admin_sertman\Application Data\winscp.rnd
    [2011/11/23 14:25:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
    [2011/07/14 01:35:30 | 000,103,290 | ---- | C] () -- C:\WINDOWS\hpqins07.dat.temp
    [2011/07/14 01:33:07 | 000,102,890 | ---- | C] () -- C:\WINDOWS\hpqins07.dat
    [2011/07/14 01:21:52 | 000,000,200 | ---- | C] () -- C:\WINDOWS\wsnk.ini
    [2011/04/21 16:02:01 | 000,002,721 | ---- | C] () -- C:\Documents and Settings\admin_sertman\_viminfo
    [2011/03/14 07:29:43 | 004,574,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-573735546-1417001333-429851-0.dat
    [2011/03/09 20:10:52 | 004,590,390 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-573735546-1417001333-386158-0.dat
    [2011/03/08 20:41:32 | 000,499,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/02/17 10:11:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\admin_sertman\Application Data\$_hpcst$.hpc
    [2011/02/17 10:05:23 | 000,078,122 | RHS- | C] () -- C:\Documents and Settings\admin_sertman\ntuser.pol
    [2011/02/12 17:55:33 | 000,000,276 | ---- | C] () -- C:\WINDOWS\eas.ini
    [2011/02/08 01:11:19 | 000,088,656 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2010/08/11 05:19:44 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2008/12/10 11:38:56 | 000,159,485 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

    ========== ZeroAccess Check ==========

    [2008/09/11 16:36:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/10/18 11:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\Ad-Aware Antivirus
    [2012/10/17 10:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\adawaretb
    [2011/03/15 11:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\Aventail
    [2011/12/22 10:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\ElevatedDiagnostics
    [2011/12/06 18:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\EndNote
    [2012/05/08 17:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\Garmin
    [2012/06/07 09:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\LANDesk
    [2012/06/07 10:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\Oracle
    [2011/06/21 10:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\SmartDraw
    [2012/10/17 09:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\TestApp
    [2008/09/11 17:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\toshiba
    [2008/09/11 17:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin_sertman\Application Data\WinBatch
    [2012/10/17 10:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
    [2012/10/17 10:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
    [2012/10/04 09:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Admiralty_Digital_Catalogue
    [2011/01/10 10:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2011/01/09 07:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2011/11/23 14:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
    [2011/11/23 14:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
    [2012/07/06 16:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
    [2011/08/24 11:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bentley
    [2011/02/12 17:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BeyondTrust
    [2009/01/14 03:54:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2012/03/09 13:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
    [2011/02/08 14:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eMedia Guitar Method
    [2009/03/22 00:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2011/02/12 16:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
    [2011/02/12 17:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPass
    [2010/08/18 14:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2011/04/23 12:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
    [2010/02/11 06:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
    [2009/03/12 10:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nirvana Systems
    [2010/02/11 09:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTIReg
    [2012/10/18 11:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OptimizerPro1
    [2011/08/24 11:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProjectWise
    [2009/03/20 10:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2009/10/26 16:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shavlik Technologies
    [2012/01/20 01:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slingshot
    [2011/12/06 13:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
    [2012/03/09 13:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
    [2012/10/19 17:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
    [2010/09/04 06:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2012/08/26 06:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/11/23 14:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
    [2009/06/17 12:51:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8E4D9CD2-A0BD-44C0-B4F9-226AE2B967E1}
    [2009/04/15 10:52:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{964C8871-6315-4FC5-8A47-F4C420428929}

    ========== Purity Check ==========


    < End of report >
  19. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    DMJ,

    Since writing to you yesterday, I am again experiencing a lot of Google-search redirects. Is it possible that many of the Google-search results are themselves diguised redirects? Some search results take me to the intended webpage. Others that appear to be legitimate search results redirect me to an undesired webpage. The odd thing is that those results that redirect me to an undesired webpage seem to have valid paths when I hover my cursor over the hyperlink, and they also have valid cached pages that I can use to get to the desired webpage and avoid the redirect.

    Any idea what is going on here?
  20. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    If it helps, "click.livesearchnow.com" seems to be common redirection for the Google-search results.
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I've got to look in to that a lot more. I'll be back Monday Morning (ET).
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  23. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Good morning Dragon Master Jay,

    I have another troubleshooting question for you. I have run all of the previous scans and fixes from an administrator account on my laptop, while presuming that the scans and fixes will be applied to all user accounts. Was that a valid presumption or do I also need to run some or all of the scans and fixes from my normal (limited, non-administrator) account, as well?

    SystemLook log follows. As noted by the log, I ran System Look from my Limited Used account:
    ====================================================================

    SystemLook 30.07.11 by jpshortstuff
    Log created at 08:40 on 22/10/2012 by sertman
    (Limited User)
    ========== filefind ==========
    Searching for "serial.sys"
    C:\WINDOWS\system32\drivers\serial.sys --a---- 64512 bytes [00:45 14/04/2008] [12:00 14/04/2008] CCA207A8896D4C6A0C9CE29A4AE411A7
    Searching for "*mrxsmb*"
    C:\WINDOWS\Driver Cache\i386\mrxsmb.sys ------- 456320 bytes [16:10 10/12/2008] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0
    C:\WINDOWS\I386\MRXSMB.SY_ --a---- 218709 bytes [20:44 11/09/2008] [12:00 14/04/2008] A47440876DDA7EA94192296A7E1477B1
    C:\WINDOWS\system32\drivers\mrxsmb.sys --a---- 456320 bytes [20:42 11/09/2008] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0
    Searching for "*redbook*"
    C:\Documents and Settings\sertman\Favorites\MWGen\http--rredc.nrel.gov-solar-old_data-nsrdb-1961-1990-redbook-atlas-serve.cgi.url --a---- 262 bytes [15:01 16/04/2012] [15:01 16/04/2012] 2A22E01168690104578D3FADF6A0E8EF
    C:\WINDOWS\system32\drivers\redbook.sys --a---- 57600 bytes [13:31 11/09/2008] [00:10 14/04/2008] F828DD7E1419B6653894A8F97A0094C5
    ========== dir ==========
    C:\Documents and Settings\sertman\AppData\Local\*.xml - Unable to find folder.
    C:\Documents and Settings\sertman\AppData\Local\Temp\*.xml - Unable to find folder.
    C:\Documents and Settings\All Users\Application Data\*.dll - Unable to find folder.
    C:\Documents and Settings\All Users\Application Data\*.exe - Unable to find folder.
    -= EOF =-
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Just admin.

    Please run Panda ActiveScan online scan.
    • Choose Quick Scan then click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply
  25. CaughtOffGuard

    CaughtOffGuard TS Rookie Topic Starter Posts: 19

    Hello DragonMaster Jay,

    I finally solved my redirect problem by purchasing and running HitMan Pro. But since you got me started with some great tools and probably removed some other malware from my system, I made a donation to you via PayPal anyway. I think you earned it.

    HitMan Pro found two files that were infected (igfxrfin4.dll & wupdmgr0.dll). The extra zero in the filename for Windows Update Manager was a dead giveaway that HitMan Pro was on to something. Once I quarantined the files, I started getting rundll load errors on startup. Hunting through the registry, I found were the two files were being loaded and deleted the offending entries, which solved the load errors.

    Finally, no more Google Search redirects!!! The fix also solved the rundll hang error I was getting on shut down.

    Thanks for your help!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.