1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Not Sure What's Going On

Discussion in 'Malware and Virus Removal Archive' started by funshinepa, 2010/06/09.

  1. 2010/06/09
    funshinepa

    funshinepa Inactive Thread Starter

    Joined:
    2010/06/09
    Messages:
    9
    Likes Received:
    0
    [Active] Not Sure What's Going On

    Malwarebytes finds VUNDO, but nothing will remove it. I tried the VUNDO FIX but that didn't work.
    Here are the logs required.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by wfw at 16:09:00.93 on Wed 06/09/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1125 [GMT -4:00]

    AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Frontstep Shared\Service\FSValidationSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\MAPICS\SyteLine\TaskMan\TaskMan.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER2008\OLAP\bin\msmdsrv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\SQLAGENT.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\fdhost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\lotus\notes\NLNOTES.EXE
    C:\DOCUME~1\BILLWI~1\LOCALS~1\Temp\notes6030C8\dds.scr
    C:\Program Files\lotus\notes\ntaskldr.EXE

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.vansystems.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    mSearchAssistant = hxxp://www.google.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE "
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [yabcdbdrv] rundll32.exe "hgdeed.dll ",s
    mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [cbbyvssys]
    mRun: [tuvvvudrvrat]
    mRun: [urronnsys] rundll32.exe "byvwtq.dll ",DllRegisterServer
    mRun: [hgdefgdrv] rundll32.exe "hgdeed.dll ",s
    dRun: [fcbxutsys] rundll32.exe "byvwtq.dll ",DllRegisterServer
    dRun: [ursqpndrv] rundll32.exe "hgdeed.dll ",s
    uPolicies-explorer: NoFileUrl = 0 (0x0)
    uPolicies-explorer: NoUpdateCheck = 0 (0x0)
    uPolicies-explorer: DisableCurrentUserRunOnce = 1 (0x1)
    uPolicies-explorer: DisableCurrentUserRun = 1 (0x1)
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: no-ip.org\disdemo
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E746C486-B9D4-4B9E-B4A6-D923AA504A43} - hxxp://www.vansystems.com/IMSACTX/ImsRptView.CAB
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 byvwtq.dll
    Hosts: 192.168.10.1 VANSYS01 www.vansystems.com # Model 520
    Hosts: 192.168.10.2 VSServ01 # Primary Domain
    Hosts: 192.168.10.3 Server1/Vanguard VSSERV04 # Domino
    Hosts: 192.168.10.4 S1024C4R # R&D Model 150
    Hosts: 192.168.10.9 S65F612D # Model 520

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ============= SERVICES / DRIVERS ===============

    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
    R2 FSValidationSvc;MAPICS Validation Service;c:\program files\common files\frontstep shared\service\FSValidationSvc.exe [2001-10-30 69632]
    R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [2003-12-25 8440]
    R2 MAPICS Task Manager;MAPICS Task Manager;c:\program files\mapics\syteline\taskman\TaskMan.exe [2004-12-20 163840]
    R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
    R2 MSOLAP$MSSQLSERVER2008;SQL Server Analysis Services (MSSQLSERVER2008);c:\program files\microsoft sql server\msas10.mssqlserver2008\olap\bin\msmdsrv.exe [2008-7-10 21945368]
    R2 MSSQL$MSSQLSERVER2008;SQL Server (MSSQLSERVER2008);c:\program files\microsoft sql server\mssql10.mssqlserver2008\mssql\binn\sqlservr.exe [2008-7-10 40999448]
    R2 ReportServer$MSSQLSERVER2008;SQL Server Reporting Services (MSSQLSERVER2008);c:\program files\microsoft sql server\msrs10.mssqlserver2008\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
    R2 SQLAgent$MSSQLSERVER2008;SQL Server Agent (MSSQLSERVER2008);c:\program files\microsoft sql server\mssql10.mssqlserver2008\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-9-11 2436536]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-5 102448]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-2-28 87936]
    R3 MSSQLFDLauncher$MSSQLSERVER2008;SQL Full-text Filter Daemon Launcher (MSSQLSERVER2008);c:\program files\microsoft sql server\mssql10.mssqlserver2008\mssql\binn\fdlauncher.exe [2008-7-10 31256]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100608.056\NAVENG.SYS [2010-6-9 85552]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100608.056\NAVEX15.SYS [2010-6-9 1347504]
    S3 ATIXPGAA;ATIXPGAA;c:\dell\drivers\r101342\ATIXPGAA.SYS [2007-7-17 12032]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
    S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2003-12-25 11237]
    S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi9.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI9.sys [?]
    S3 nwusbmdm;Novatel Wireless Merlin CDMA EV-DO Modem Driver;c:\windows\system32\drivers\nwusbmdm.sys [2006-4-14 63360]
    S3 nwusbser;Novatel Wireless Merlin CDMA EV-DO Status Port;c:\windows\system32\drivers\nwusbser.sys [2006-4-14 63360]
    S3 Replicator;MAPICS Replicator;c:\program files\mapics\syteline\Replicator.exe [2004-12-20 151552]
    S3 ReplqListener;MAPICS Replication Listener;c:\program files\mapics\syteline\ReplQListener.exe [2004-12-20 221184]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
    S3 WorkFlowListener;MAPICS Workflow Queue Listener;c:\program files\mapics\syteline\WorkflowListener.exe [2004-12-20 159744]
    S4 Application Server Service;XVT Application Server Service;c:\windows\system32\appserv.exe --> c:\windows\system32\AppServ.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
    S4 sesnmngr;Session Manager;c:\wfdemo\sesnmngr.exe [2010-3-31 137216]

    =============== Created Last 30 ================

    2010-06-09 20:08:07 0 d-----w- c:\docume~1\billwi~1\applic~1\smkits
    2010-06-09 16:38:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-06-09 16:38:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-09 16:22:23 0 d-----w- c:\program files\Trend Micro
    2010-06-09 15:42:35 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-06-09 15:42:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-06-09 14:53:55 0 d-----w- c:\program files\common files\PC Tools
    2010-06-08 21:07:31 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-08 20:52:10 0 d-----w- c:\program files\common files\Macrovision Shared
    2010-06-08 20:51:26 45392 ----a-r- c:\windows\system32\AdobePDF.dll
    2010-06-08 20:51:26 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2010-06-08 11:26:15 73728 ---ha-w- c:\windows\system32\hgdeed.dll
    2010-06-06 23:12:23 86528 ---ha-w- c:\windows\system32\qonllk.dll
    2010-06-06 03:22:17 93696 ---ha-w- c:\windows\system32\ljihgh.dll
    2010-06-06 03:17:11 80384 ---ha-w- c:\windows\system32\byvwtq.dll
    2010-06-06 03:16:05 140288 ----a-w- c:\windows\system32\pcre3.dll
    2010-05-28 15:43:37 0 d-----w- c:\program files\The Regex Coach
    2010-05-28 15:39:05 0 d-----w- c:\program files\common files\Ims21 FTSOCR
    2010-05-24 14:59:46 83192 ----a-w- c:\windows\system32\MabryObj.dll
    2010-05-24 14:59:46 422 ----a-w- c:\windows\system32\SmtpX.LIC
    2010-05-24 14:59:46 156920 ----a-w- c:\windows\system32\SmtpX.DLL
    2010-05-24 14:59:46 152824 ----a-w- c:\windows\system32\EncodeX.dll
    2010-05-24 14:59:43 156920 ----a-w- c:\windows\system32\MimeX.dll
    2010-05-24 14:29:30 0 d-----w- C:\IMS.BW

    ==================== Find3M ====================

    2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-03 18:59:57 72080 ----a-w- c:\documents and settings\bill wilson\g2mdlhlpx.exe
    2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\win32k.sys
    2010-04-29 19:48:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
    2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-23 18:58:27 4455 ----a-w- c:\windows\sigplus.bak2
    2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-15 16:14:17 108920 ----a-w- c:\documents and settings\bill wilson\g2ax_customer_downloadhelper_win32_x86.exe
    2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2009-08-21 03:14:01 16176 ----a-w- c:\program files\common files\loqu.vbs
    2009-08-21 03:14:01 10302 ----a-w- c:\program files\common files\nycif.dl
    2009-08-21 03:14:00 17894 ----a-w- c:\program files\common files\vuxewy.sys
    2009-08-21 03:14:00 14080 ----a-w- c:\program files\common files\eleq.ban
    2008-09-16 02:32:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat
    2008-09-16 19:23:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat
    2008-09-17 23:43:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat
    2008-09-18 13:09:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

    ============= FINISH: 16:10:16.40 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/9/2006 10:40:59 AM
    System Uptime: 6/9/2010 3:54:02 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0D8006
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1729/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 128 GiB total, 33.815 GiB free.
    D: is CDROM ()
    N: is NetworkDisk (NTFS) - 102 GiB total, 4.453 GiB free.
    W: is NetworkDisk (NTFS) - 102 GiB total, 4.453 GiB free.
    X: is NetworkDisk (NTFS) - 102 GiB total, 4.453 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 2200BG Network Connection
    Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&2FA23535&0&18F0
    Manufacturer: Intel(R) Corporation
    Name: Intel(R) PRO/Wireless 2200BG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&2FA23535&0&18F0
    Service: w29n51

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0001
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0001
    Service: CVirtA

    ==== System Restore Points ===================

    No restore point in system.

    ==== Hosts File Hijack ======================

    Hosts: 192.168.10.1 VANSYS01 www.vansystems.com # Model 520
    Hosts: 192.168.10.2 VSServ01 # Primary Domain
    Hosts: 192.168.10.3 Server1/Vanguard VSSERV04 # Domino
    Hosts: 192.168.10.4 S1024C4R # R&D Model 150
    Hosts: 192.168.10.9 S65F612D # Model 520
    Hosts: 192.168.10.11 VSSERV11 # xSeries Workflow
    Hosts: 192.168.10.178 LotusSametime # Sametime Meeting Server
    Hosts: 192.168.10.197 VSSERV03 # WorkFlow Server
    Hosts: 192.168.10.195 FAXSR # Fax
    Hosts: 192.168.10.169 FTSSRV01
    Hosts: 146.145.75.2 S102CFBM www.michells.com
    Hosts: 146.145.75.1 HMServ1
    Hosts: 146.145.75.4 HMServ2
    Hosts: 67.98.98.36 S102991M www.dietzandwatson.com
    Hosts: 67.98.98.37 DWServ1
    Hosts: 216.142.97.6 S102GT4M
    Hosts: 216.142.97.3 MMServ1
    Hosts: 67.151.95.51 S1036C4C www.millerchitty.com
    Hosts: 67.151.95.50 www
    Hosts: 208.47.184.101 S10A9931
    Hosts: 208.47.184.102 GBServ1
    Hosts: 66.153.113.116 DDMADC
    Hosts: 66.153.113.115 DDMADCDOM1
    Hosts: 66.153.113.123 DDMADCDOM3
    Hosts: 65.211.57.3 S10AB90B Playmore
    Hosts: 65.211.57.2 PMIDomSrv1
    Hosts: 209.222.8.253 S10357VM WGDomServ1
    Hosts: 209.222.8.252 WGServ01
    Hosts: 63.174.190.3 Regional
    Hosts: 216.233.80.163 S105G43M
    Hosts: 66.89.217.188 S104652A
    Hosts: 66.89.217.187 HGOServ1
    Hosts: 151.197.246.6 S10BC25B
    Hosts: 64.80.86.165 PNNCLSRVTTRAC
    Hosts: 64.80.86.166 PNNCLSRVEMAIL
    Hosts: 64.139.81.88 S10C442F
    Hosts: 65.242.212.134 S108AB1B
    Hosts: 64.221.86.22 S103BHCM KAServ1
    Hosts: 209.137.168.194 S102KGZM
    Hosts: 63.89.211.135 S105LBCM
    Hosts: 206.20.133.252 BFServ1
    Hosts: 209.116.184.155 FRAME400
    Hosts: 208.31.19.22 SKA400

    ==== Installed Programs ======================

    99C78594-049E-4762-8AFC-44EC44D100DF
    Acrobat.com
    Adobe Acrobat 9 Standard - English, Français, Deutsch
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3.2
    ALPS Touch Pad Driver
    AltiGenJLIB
    AOL Spyware Protection
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Control Panel
    ATI Display Driver
    Bonjour
    Broadcom Advanced Control Suite 2
    Broadcom ASF Management Applications
    Caere Scan Manager 4.01
    Canon P-150 Driver
    Cisco Systems VPN Client 5.0.05.0290
    Compatibility Pack for the 2007 Office system
    Conexant D110 MDC V.9x Modem
    Crystal Reports 9
    DAO
    Digital Line Detect
    EdmsNet Image Viewer
    Fujitsu ISIS Drivers
    Google
    Google Toolbar for Internet Explorer
    GoToMeeting 4.5.0.457
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    IBM iSeries Access for Windows
    IBM Software Uninstall
    IMS WORKFLOW 8-1
    IMS/21 Administrator Console
    IMS/21 Applet - Annotation Security Version 1.0.0
    IMS/21 Applet - Cache Management Version 1.0.0
    IMS/21 Applet - Configure Storage Servers Version 1.0.0
    IMS/21 Applet - Manage Batch Subsystems Version 1.0.0
    IMS/21 Applet - Overlay Maintenance 1.0.0
    IMS/21 Applet - RunSQL Version 1.0.0
    IMS/21 Applet - Sets and Volumes 1.0.0
    IMS/21 Applet - Table Maintenance Version 1.0.0
    IMS/21 Applet - User Codes Version 1.0.0
    IMS/21 Applet - User Maintenance Version 1.0.0
    IMS/21 Applet - Work with Storage Servers Version 1.0.0
    IMS/21 Application Server
    IMS/21 Windows Screen Scrape 6.5.0
    Ims21 Version 6.50 PTF02 - Client
    Ims21 Version 6.50 PTF02 - PortableBriefcase
    IMS21 WORKFLOW Ver. 8-2
    Intel(R) PROSet/Wireless Software
    Internal Network Card Power Management
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 20
    Kofax TWAIN Data Source
    Kofax VirtualReScan 4.20
    Kofax VRS Component Fujitsu fi-6140
    Kofax VRS Update 2 for 4.10
    Kofax VRS Update for 4.10 PFU PRO OEM
    LiveUpdate (Symantec Corporation)
    looksoftware suite 8.0
    Lotus Notes 8.0.2 (Basic)
    Lotus NotesSQL 3.01 driver
    Malwarebytes' Anti-Malware
    MAPICS SyteLine ERP
    MaxCommunicator 6.0 Update2
    mCore
    MCU
    mDrWiFi
    Meeting Center
    Merlin V620 CDMA EV-DO PC Card Device Driver
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync 3.7
    Microsoft Application Error Reporting
    Microsoft Office 2000 SR-1 Premium
    Microsoft Office 2003 Web Components
    Microsoft Office Visio Viewer 2003 (English)
    Microsoft Office Word Viewer 2003
    Microsoft SQL Server 2000
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Analysis Services
    Microsoft SQL Server 2008 BI Development Studio
    Microsoft SQL Server 2008 Books Online (English)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Client Tools
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Full text search
    Microsoft SQL Server 2008 Integration Services
    Microsoft SQL Server 2008 Management Studio
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 Policies
    Microsoft SQL Server 2008 Reporting Services
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files (English)
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 (x86)
    Microsoft Sync Services for ADO.NET v2.0 (x86)
    Microsoft Unified Communications Client API SDK
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    mIWA
    mIWCA
    mLogView
    mMHouse
    Modem Helper
    Monarch 5.02
    Monochrome Printer Driver User-Level
    mPfMgr
    mPfWiz
    mProSafe
    MSN Music Assistant
    mSSO
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6.0 Parser (KB933579)
    mToolkit
    mWlsSafe
    MX-900 Editor
    MX-950 Editor
    mXML
    mZConfig
    NETGEAR GA511 Gigabit Cardbus Adapter
    NETGEAR GA511 Smart Wizard Utility
    NetWaiting
    newlook 7.0
    O2Micro Smartcard Driver
    OGA Notifier 2.0.0048.0
    OMCI
    OutlookAccessAddInSetup
    PDFCreator
    PowerDVD 5.1
    Presto! BizCard 5
    Presto! BizCard Component for Windows CE
    QuickSet
    QuickTime
    RealPlayer Basic
    S2K50 Client
    Safari
    Sametime Client v7.0
    ScanSoft PaperPort 11
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Selling Chain 3.1
    Sentinel Protection Installer 7.0.0
    SkyCaddie Desktop
    Skype™ 3.8
    Software Operation Panel
    Sonic DLA
    Sonic RecordNow! Plus
    Spybot - Search & Destroy
    Sql Server Customer Experience Improvement Program
    SQL Server System CLR Types
    Symantec Endpoint Protection
    SYSTEM 2000
    The Regex Coach 0.9.1
    Topaz e-Signatures SigPlus 3.74
    Topaz SigPlus Basic 3.74
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB955759)
    URL Assistant
    Vanguard Systems Help Desk Customer Maintenance Contract Paymen
    Viewpoint Media Player
    VRS 4.00 OEM Licensing Update
    VsXmlDll
    WebEx
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows PowerShell(TM) 1.0 MUI pack
    WinZip 12.0
    Work Flow
    WorkFlow Lookup
    WorkFlow Lookup (c:\Ims_VerL\)
    Workpay Setup

    ==== Event Viewer Messages From Past Week ========

    6/9/2010 2:24:39 PM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
    6/9/2010 11:02:41 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/8/2010 9:13:42 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments " " in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    6/8/2010 8:34:19 AM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 00166F494E2F has been denied by the DHCP server 192.168.10.2 (The DHCP Server sent a DHCPNACK message).
    6/8/2010 8:22:42 PM, error: Service Control Manager [7034] - The SQL Server Integration Services 10.0 service terminated unexpectedly. It has done this 1 time(s).
    6/8/2010 8:22:42 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    6/8/2010 8:22:42 PM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2010 8:30:48 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00166F494E2F has been denied by the DHCP server 192.168.10.2 (The DHCP Server sent a DHCPNACK message).
    6/6/2010 7:12:37 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
    6/6/2010 6:25:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    6/6/2010 6:07:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service LiveUpdate with arguments " " in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
    6/6/2010 6:06:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/6/2010 6:05:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV eeCtrl Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip WPS WS2IFSL
    6/6/2010 6:05:24 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2010 6:05:24 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2010 6:05:24 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2010 6:05:24 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2010 6:05:24 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2010 6:05:24 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2010 12:22:49 AM, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
    6/6/2010 12:04:42 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer WILSONHOME-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6C53AB77-FF8D-. The master browser is stopping or an election is being forced.
    6/6/2010 1:31:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip WPS WS2IFSL
    6/6/2010 1:23:17 AM, error: Service Control Manager [7034] - The Windows System Backup Dumper service terminated unexpectedly. It has done this 1 time(s).
    6/6/2010 1:22:11 AM, error: Service Control Manager [7034] - The Telnet service terminated unexpectedly. It has done this 1 time(s).
    6/6/2010 1:20:55 AM, error: DCOM [10001] - Unable to start a DCOM Server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} as /. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\MDM.EXE -Embedding
    6/6/2010 1:19:03 AM, error: Service Control Manager [7022] - The SQL Server Reporting Services (MSSQLSERVER2008) service hung on starting.
    6/6/2010 1:17:39 AM, error: Service Control Manager [7024] - The MAPICS Task Manager service terminated with service-specific error 2 (0x2).
    6/6/2010 1:17:39 AM, error: Service Control Manager [7001] - The Sentinel service depends on the Parallel port driver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/6/2010 1:17:39 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/5/2010 10:56:47 PM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/5/2010 10:56:46 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    6/4/2010 9:21:32 AM, error: Dhcp [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 00166F494E2F has been denied by the DHCP server 192.168.10.2 (The DHCP Server sent a DHCPNACK message).
    6/4/2010 9:21:23 AM, error: Dhcp [1002] - The IP address lease 10.1.82.55 for the Network Card with network address 001422E6C9D8 has been denied by the DHCP server 192.168.10.2 (The DHCP Server sent a DHCPNACK message).
    6/4/2010 11:59:19 AM, error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    6/4/2010 10:04:27 PM, error: Dhcp [1002] - The IP address lease 192.168.10.237 for the Network Card with network address 00166F494E2F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    6/2/2010 4:31:06 PM, error: Dhcp [1002] - The IP address lease 172.16.254.88 for the Network Card with network address 001422E6C9D8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================
     
    Last edited: 2010/06/09
    funshinepa,
    #1
  2. 2010/06/09
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)

    Please read this as indicated at the head of the forum and post the logs requested in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2010/06/09
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

    ============

    Your MBA-M log shows that you took no action on what it found. You are meant to remove the finds.
     
    crunchie,
    #3
  5. 2010/06/11
    funshinepa

    funshinepa Inactive Thread Starter

    Joined:
    2010/06/09
    Messages:
    9
    Likes Received:
    0
    "Your MBA-M log shows that you took no action on what it found. You are meant to remove the finds. "

    We have taken action every scan, but nothing happens. We come back to the same stuff.

    OTL.txt 1

    OTL logfile created on: 6/11/2010 9:39:12 AM - Run 1
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Bill Wilson\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 128.00 Gb Total Space | 33.80 Gb Free Space | 26.41% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: BILLNB02
    Current User Name: wfw
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/11 09:38:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill Wilson\Desktop\OTL.exe
    PRC - [2009/12/23 16:42:09 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/12/07 10:15:04 | 000,315,392 | ---- | M] (Vanguard Systems, Inc.) -- C:\Program Files\Ims21\IMSAppSvr.Exe
    PRC - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2008/09/11 17:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2008/09/04 15:44:20 | 001,439,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2008/09/04 15:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2008/08/14 14:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2008/08/08 16:53:26 | 000,015,752 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\ntaskldr.exe
    PRC - [2008/08/08 16:52:08 | 002,041,224 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\nlnotes.exe
    PRC - [2008/07/10 05:49:38 | 040,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\sqlservr.exe
    PRC - [2008/07/10 05:49:34 | 000,369,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\SQLAGENT.EXE
    PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    PRC - [2008/07/10 02:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    PRC - [2008/07/10 02:22:18 | 001,106,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    PRC - [2008/07/10 01:22:40 | 021,945,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER2008\OLAP\bin\msmdsrv.exe
    PRC - [2008/07/10 01:22:36 | 000,218,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    PRC - [2008/07/10 01:15:32 | 000,068,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\fdhost.exe
    PRC - [2008/07/10 01:15:32 | 000,031,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\fdlauncher.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/12/20 14:33:42 | 000,163,840 | ---- | M] () -- C:\Program Files\MAPICS\SyteLine\TaskMan\TaskMan.exe
    PRC - [2004/10/30 16:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    PRC - [2004/09/07 18:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2004/09/07 18:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2004/09/07 18:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2004/09/07 18:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2004/01/23 06:30:00 | 000,801,280 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Client Access\Emulator\pcsws.exe
    PRC - [2004/01/23 06:30:00 | 000,016,896 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Client Access\Emulator\pcscm.exe
    PRC - [2003/09/01 19:52:42 | 000,376,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    PRC - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    PRC - [2001/10/30 12:31:46 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Frontstep Shared\Service\FSValidationSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/11 09:38:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill Wilson\Desktop\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (Application Server Service)
    SRV - [2010/06/08 16:52:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/11/20 11:20:42 | 000,137,216 | ---- | M] (Vanguard systems) [Disabled | Stopped] -- C:\WFDemo\sesnmngr.exe -- (sesnmngr)
    SRV - [2009/02/19 16:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2009/02/19 16:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
    SRV - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2008/09/11 17:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2008/09/04 15:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2008/09/04 15:19:46 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2008/08/08 16:53:44 | 000,058,760 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Program Files\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
    SRV - [2008/07/10 05:49:38 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSQLSERVER2008) SQL Server (MSSQLSERVER2008)
    SRV - [2008/07/10 05:49:34 | 000,369,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$MSSQLSERVER2008) SQL Server Agent (MSSQLSERVER2008)
    SRV - [2008/07/10 05:49:34 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
    SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2008/07/10 02:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2008/07/10 02:22:18 | 001,106,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer$MSSQLSERVER2008) SQL Server Reporting Services (MSSQLSERVER2008)
    SRV - [2008/07/10 01:22:40 | 021,945,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER2008\OLAP\bin\msmdsrv.exe -- (MSOLAP$MSSQLSERVER2008) SQL Server Analysis Services (MSSQLSERVER2008)
    SRV - [2008/07/10 01:22:36 | 000,218,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer100)
    SRV - [2008/07/10 01:15:32 | 000,031,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher$MSSQLSERVER2008) SQL Full-text Filter Daemon Launcher (MSSQLSERVER2008)
    SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2004/12/20 14:33:42 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\MAPICS\SyteLine\TaskMan\TaskMan.exe -- (MAPICS Task Manager)
    SRV - [2004/12/20 14:33:26 | 000,159,744 | ---- | M] (Mapics) [On_Demand | Stopped] -- C:\Program Files\MAPICS\SyteLine\WorkflowListener.exe -- (WorkFlowListener)
    SRV - [2004/12/20 14:33:18 | 000,221,184 | ---- | M] (MAPICS, Inc.) [On_Demand | Stopped] -- C:\Program Files\MAPICS\SyteLine\ReplQListener.exe -- (ReplqListener)
    SRV - [2004/12/20 14:33:18 | 000,151,552 | ---- | M] (MAPICS, Inc.) [On_Demand | Stopped] -- C:\Program Files\MAPICS\SyteLine\Replicator.exe -- (Replicator)
    SRV - [2004/09/10 07:00:00 | 000,189,536 | ---- | M] (SafeNet, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
    SRV - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
    SRV - [2004/09/07 18:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2004/09/07 18:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
    SRV - [2004/09/07 18:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
    SRV - [2004/04/01 20:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Disabled | Stopped] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)
    SRV - [2004/02/13 12:47:02 | 000,155,648 | ---- | M] (Dell Inc) [Disabled | Stopped] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
    SRV - [2003/10/07 06:30:00 | 000,057,344 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)
    SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
    SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT)
    SRV - [2001/10/30 12:31:46 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Frontstep Shared\Service\FSValidationSvc.exe -- (FSValidationSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/05/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/05/10 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100610.025\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/05/10 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100610.025\NAVENG.SYS -- (NAVENG)
    DRV - [2010/01/12 17:57:06 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
    DRV - [2009/09/14 09:14:33 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
    DRV - [2009/01/13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2008/09/04 15:47:26 | 000,091,968 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
    DRV - [2008/09/04 15:45:36 | 000,041,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2008/09/04 15:20:04 | 000,038,640 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WGX.SYS -- (WGX)
    DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2008/08/15 10:41:08 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2008/08/15 10:41:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2008/08/15 10:41:06 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2008/07/10 03:57:56 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
    DRV - [2008/06/16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2007/11/14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2006/04/06 15:27:25 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2006/01/19 10:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2006/01/19 05:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
    DRV - [2005/09/28 14:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2005/09/01 14:38:12 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2005/08/03 12:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/05/31 18:46:26 | 000,087,936 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
    DRV - [2005/05/13 04:46:20 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/03/11 00:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
    DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/10/21 22:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
    DRV - [2004/10/15 19:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
    DRV - [2004/09/17 21:30:16 | 000,063,360 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (nwusbser)
    DRV - [2004/09/17 21:30:16 | 000,063,360 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (nwusbmdm)
    DRV - [2004/09/10 07:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2004/09/10 07:00:00 | 000,027,056 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
    DRV - [2004/08/31 10:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2004/08/23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
    DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/08/02 16:43:40 | 000,070,400 | ---- | M] (NETGEAR ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GA511NXP.SYS -- (RTL8023xp)
    DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2004/06/17 22:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2004/06/17 22:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/06/17 22:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/03/25 20:37:08 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) CP2101 USB Composite Device driver (WDM)
    DRV - [2004/03/25 20:36:48 | 000,084,512 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
    DRV - [2004/02/20 12:31:30 | 000,012,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\dell\Drivers\R101342\ATIXPGAA.SYS -- (ATIXPGAA)
    DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2003/12/25 11:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
    DRV - [2003/12/25 11:53:10 | 000,008,440 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.vansystems.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google "


    [2008/09/16 16:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\Mozilla\Extensions
    [2008/02/29 14:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\Mozilla\Firefox\Profiles\cfmie53o.default\extensions
    [2006/03/21 19:02:04 | 001,312,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

    O1 HOSTS File: ([2010/06/11 07:48:48 | 000,002,293 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
    O1 - Hosts: 192.168.10.1 VANSYS01 www.vansystems.com # Model 520
    O1 - Hosts: 192.168.10.2 VSServ01 # Primary Domain
    O1 - Hosts: 192.168.10.3 Server1/Vanguard VSSERV04 # Domino
    O1 - Hosts: 192.168.10.4 S1024C4R # R&D Model 150
    O1 - Hosts: 192.168.10.9 S65F612D # Model 520
    O1 - Hosts: 192.168.10.11 VSSERV11 # xSeries Workflow
    O1 - Hosts: 192.168.10.178 LotusSametime # Sametime Meeting Server
    O1 - Hosts: 192.168.10.197 VSSERV03 # WorkFlow Server
    O1 - Hosts: 192.168.10.195 FAXSR # Fax
    O1 - Hosts: 192.168.10.169 FTSSRV01
    O1 - Hosts: 146.145.75.2 S102CFBM www.michells.com
    O1 - Hosts: 146.145.75.1 HMServ1
    O1 - Hosts: 146.145.75.4 HMServ2
    O1 - Hosts: 67.98.98.36 S102991M www.dietzandwatson.com
    O1 - Hosts: 67.98.98.37 DWServ1
    O1 - Hosts: 216.142.97.6 S102GT4M
    O1 - Hosts: 216.142.97.3 MMServ1
    O1 - Hosts: 67.151.95.51 S1036C4C www.millerchitty.com
    O1 - Hosts: 67.151.95.50 www
    O1 - Hosts: 208.47.184.101 S10A9931
    O1 - Hosts: 208.47.184.102 GBServ1
    O1 - Hosts: 66.153.113.116 DDMADC
    O1 - Hosts: 66.153.113.115 DDMADCDOM1
    O1 - Hosts: 66.153.113.123 DDMADCDOM3
    O1 - Hosts: 65.211.57.3 S10AB90B Playmore
    O1 - Hosts: 44 more lines...
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [ddawuvdrv] C:\WINDOWS\System32\hgdeed.dll ()
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [ssqnmjsys] C:\WINDOWS\System32\byvwtq.dll ($t@t1c_V()1D)
    O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
    O4 - HKCU..\Run: [jkkjkhdrv] C:\WINDOWS\System32\hgdeed.dll ()
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Nosecuritytab = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUpdateCheck = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WindowsUpdate: DisableWindowsUpdateAccess = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: no-ip.org ([disdemo] http in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E746C486-B9D4-4B9E-B4A6-D923AA504A43} http://www.vansystems.com/IMSACTX/ImsRptView.CAB (ImsRptView.ImsRptViewAX)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.2
    O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O30 - LSA: Authentication Packages - (byvwtq.dll) - C:\WINDOWS\System32\byvwtq.dll ($t@t1c_V()1D)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/12/09 11:34:15 | 000,000,000 | ---D | M] - C:\autohostxp -- [ NTFS ]
    O32 - AutoRun File - [2009/06/26 10:01:47 | 000,000,000 | ---D | M] - C:\AUTOUPGRADETEMP -- [ NTFS ]
    O33 - MountPoints2\{14b4b8d2-fe2a-11db-85f2-00166f494e2f}\Shell\AutoRun\command - " " = E:\eDMSNET.exe -- File not found
    O33 - MountPoints2\{775e09eb-063d-11dd-94bb-001422e6c9d8}\Shell - " " = AutoRun
    O33 - MountPoints2\{775e09eb-063d-11dd-94bb-001422e6c9d8}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{775e09eb-063d-11dd-94bb-001422e6c9d8}\Shell\AutoRun\command - " " = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{ff6e6815-e98c-11de-9959-00166f494e2f}\Shell - " " = AutoRun
    O33 - MountPoints2\{ff6e6815-e98c-11de-9959-00166f494e2f}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{ff6e6815-e98c-11de-9959-00166f494e2f}\Shell\AutoRun\command - " " = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{ff6e6816-e98c-11de-9959-00166f494e2f}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{ff6e6816-e98c-11de-9959-00166f494e2f}\Shell\Explore\command - " " = system.exe
    O33 - MountPoints2\{ff6e6816-e98c-11de-9959-00166f494e2f}\Shell\Open\command - " " = system.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/28 07:46:06 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    Unable to start service SrService!

    ========== Files/Folders - Created Within 90 Days ==========
     
    funshinepa,
    #4
  6. 2010/06/11
    funshinepa

    funshinepa Inactive Thread Starter

    Joined:
    2010/06/09
    Messages:
    9
    Likes Received:
    0
    OTL.txt 2

    [2010/06/11 09:38:38 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill Wilson\Desktop\OTL.exe
    [2010/06/11 08:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Application Data\smkits
    [2010/06/09 12:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/06/09 12:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/06/09 11:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/06/09 11:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/06/09 11:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\Threat Expert
    [2010/06/09 10:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2010/06/09 10:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/06/08 17:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
    [2010/06/08 16:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
    [2010/06/08 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
    [2010/06/05 23:16:05 | 000,140,288 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\WINDOWS\System32\pcre3.dll
    [2010/06/05 23:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\Desktop Cleanup Wizard
    [2010/05/28 11:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\The Regex Coach
    [2010/05/28 11:39:19 | 000,222,792 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\cswskav5.dll
    [2010/05/28 11:39:19 | 000,218,960 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\cstcpapi.dll
    [2010/05/28 11:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ims21 FTSOCR
    [2010/05/26 09:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\My Documents\Old Windows Edition Icons
    [2010/05/24 10:59:46 | 000,156,920 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\SmtpX.DLL
    [2010/05/24 10:59:46 | 000,152,824 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\EncodeX.dll
    [2010/05/24 10:59:46 | 000,083,192 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\MabryObj.dll
    [2010/05/24 10:59:43 | 000,156,920 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\MimeX.dll
    [2010/05/24 10:29:30 | 000,000,000 | ---D | C] -- C:\IMS.BW
    [2010/05/07 16:57:27 | 004,955,791 | ---- | C] (Bernard D&G) -- C:\Documents and Settings\Bill Wilson\Desktop\Dashboards and Widgets_908x727.exe
    [2010/04/30 23:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\nfwksykcq
    [2010/04/30 23:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/04/30 23:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/04/30 23:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/04/28 22:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\lsiwkvodg
    [2010/04/28 03:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\bjlhcwpgq
    [2010/04/23 08:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\My Documents\Visual Studio 2008
    [2010/04/18 19:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/04/18 19:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/04/18 11:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\walqyrohu
    [2010/04/12 23:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    [2010/04/11 21:24:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
    [2010/04/11 21:24:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
    [2010/04/11 21:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
    [2010/04/04 23:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/04/01 15:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\My Documents\Integration Services Script Component
    [2010/04/01 15:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\My Documents\Integration Services Script Task
    [2010/04/01 15:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2010/04/01 15:04:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
    [2010/04/01 15:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
    [2010/04/01 14:28:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
    [2010/03/31 23:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\wryitqkyn
    [2010/03/31 13:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\My Documents\SQL Server Management Studio
    [2010/03/31 13:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\Microsoft_Corporation
    [2010/03/31 11:40:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
    [2010/03/31 11:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2010/03/31 11:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010/03/31 11:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
    [2010/03/31 11:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
    [2010/03/31 11:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010/03/31 09:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Desktop\AR Demo
    [2010/03/31 09:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Desktop\AP Demo
    [2010/03/31 09:06:42 | 000,000,000 | ---D | C] -- C:\WFDemo
    [2010/03/29 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
    [2010/03/28 23:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\qijglj
    [2010/03/28 00:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\hkavvc
    [2010/03/26 09:08:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2010/03/26 08:56:37 | 000,000,000 | ---D | C] -- C:\SDFix
    [2010/03/17 22:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/03/17 22:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [65 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/06/11 09:38:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill Wilson\Desktop\OTL.exe
    [2010/06/11 07:48:48 | 000,002,293 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
    [2010/06/11 07:09:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/06/11 07:09:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/06/11 07:08:57 | 2146,914,304 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/11 00:32:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bill Wilson\ntuser.ini
    [2010/06/11 00:32:51 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\ntuser.dat
    [2010/06/10 22:23:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/10 14:29:07 | 000,001,249 | ---- | M] () -- C:\WINDOWS\SETSCAN.INI
    [2010/06/10 14:27:20 | 000,000,070 | ---- | M] () -- C:\WINDOWS\bi_group.ini
    [2010/06/09 17:06:44 | 000,000,751 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/06/09 17:06:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/06/09 17:06:44 | 000,000,194 | RHS- | M] () -- C:\boot.ini
    [2010/06/09 10:14:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/06/08 21:13:48 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/06/08 21:13:35 | 000,077,816 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/06/08 20:17:36 | 000,287,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/08 18:06:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/06/08 18:00:43 | 000,682,880 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/08 18:00:43 | 000,565,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/08 18:00:43 | 000,122,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/08 16:50:09 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Standard.lnk
    [2010/06/08 10:44:51 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\Excel.lnk
    [2010/06/08 07:26:16 | 000,073,728 | -H-- | M] () -- C:\WINDOWS\System32\hgdeed.dll
    [2010/06/07 16:13:05 | 004,964,648 | -H-- | M] () -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\IconCache.db
    [2010/06/07 07:22:27 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\Word.lnk
    [2010/06/06 19:12:24 | 000,086,528 | -H-- | M] ($t@t1c_V()1D) -- C:\WINDOWS\System32\qonllk.dll
    [2010/06/05 23:22:20 | 000,093,696 | -H-- | M] () -- C:\WINDOWS\System32\ljihgh.dll
    [2010/06/05 23:17:11 | 000,080,384 | -H-- | M] ($t@t1c_V()1D) -- C:\WINDOWS\System32\byvwtq.dll
    [2010/06/05 23:16:05 | 000,140,288 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\WINDOWS\System32\pcre3.dll
    [2010/06/02 17:25:20 | 000,196,650 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\Deductible memo.pdf
    [2010/05/28 11:41:40 | 000,001,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IMS21 Windows Screen Scrape.lnk
    [2010/05/28 11:39:59 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\Ims Tcpip Server.LNK
    [2010/05/28 11:39:59 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\PC Inquiry.LNK
    [2010/05/26 16:06:10 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\Skype.lnk
    [2010/05/26 09:36:13 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\Start IMS System Daemon.lnk
    [2010/05/24 15:09:13 | 000,001,728 | -H-- | M] () -- C:\Documents and Settings\Bill Wilson\My Documents\Default.rdp
    [2010/05/24 14:44:57 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Start IMS System Daemon (Display).lnk
    [2010/05/24 11:06:49 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IMS Administrator Console.lnk
    [2010/05/24 10:59:50 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\End IMS System Daemon.lnk
    [2010/05/24 10:59:50 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Start Batch Subsystem.lnk
    [2010/05/24 10:59:50 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\End Batch Subsystem.lnk
    [2010/05/08 08:43:50 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\CaddieSync.lnk
    [2010/05/07 16:57:29 | 004,955,791 | ---- | M] (Bernard D&G) -- C:\Documents and Settings\Bill Wilson\Desktop\Dashboards and Widgets_908x727.exe
    [2010/05/05 10:28:22 | 000,009,748 | ---- | M] () -- C:\WINDOWS\System32\oleguids3.tlb
    [2010/05/04 08:00:59 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\My Documents\spider.sav
    [2010/05/03 16:52:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/05/03 14:59:57 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\g2mdlhlpx.exe
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/27 10:44:07 | 000,009,972 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8y5bj8
    [2010/04/27 10:44:06 | 000,009,972 | -HS- | M] () -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\8y5bj8
    [2010/04/23 15:02:12 | 000,002,108 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\My Documents\ii.SIG
    [2010/04/23 14:58:27 | 000,004,455 | ---- | M] () -- C:\WINDOWS\sigplus.bak2
    [2010/04/21 12:52:38 | 000,435,027 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\ParatureWhitePaper_WhatToSayToAPorcupine(2).pdf
    [2010/04/15 15:19:55 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\Vanguard Systems Local.lnk
    [2010/04/15 12:14:17 | 000,108,920 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\g2ax_customer_downloadhelper_win32_x86.exe
    [2010/04/14 22:36:54 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2010/04/05 22:31:07 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\Vanguard Systems Remote.lnk
    [2010/04/04 23:25:02 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/03/29 11:32:20 | 000,004,822 | ---- | M] () -- C:\WINDOWS\sigplus.ini
    [2010/03/25 09:46:21 | 059,085,824 | ---- | M] () -- C:\Documents and Settings\Bill Wilson\Desktop\Digidoc Presentation2.ppt
    [2010/03/22 00:50:37 | 000,001,254 | RHS- | M] () -- C:\Documents and Settings\Bill Wilson\ntuser.pol
    [2010/03/21 22:15:39 | 000,016,032 | -HS- | M] () -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\VH56DJI7u87yo
    [2010/03/21 22:15:39 | 000,016,032 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
    [2010/03/17 23:04:34 | 000,017,332 | -HS- | M] () -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\6hLKd4ygtd
    [2010/03/17 23:04:34 | 000,017,332 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6hLKd4ygtd
    [2010/03/16 23:39:57 | 000,013,082 | -HS- | M] () -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\7tG7Er4h
    [2010/03/16 23:39:57 | 000,013,082 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7tG7Er4h
    [65 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/06/08 16:50:09 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Standard.lnk
    [2010/06/08 07:26:15 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\hgdeed.dll
    [2010/06/08 07:20:39 | 2146,914,304 | -HS- | C] () -- C:\hiberfil.sys
    [2010/06/06 19:12:23 | 000,086,528 | -H-- | C] ($t@t1c_V()1D) -- C:\WINDOWS\System32\qonllk.dll
    [2010/06/05 23:22:17 | 000,093,696 | -H-- | C] () -- C:\WINDOWS\System32\ljihgh.dll
    [2010/06/05 23:17:11 | 000,080,384 | -H-- | C] ($t@t1c_V()1D) -- C:\WINDOWS\System32\byvwtq.dll
    [2010/06/02 17:25:20 | 000,196,650 | ---- | C] () -- C:\Documents and Settings\Bill Wilson\Desktop\Deductible memo.pdf
    [2010/05/28 11:41:40 | 000,001,527 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IMS21 Windows Screen Scrape.lnk
    [2010/05/28 11:39:59 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Bill Wilson\Desktop\Ims Tcpip Server.LNK
    [2010/05/26 09:36:13 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\Bill Wilson\Desktop\Start IMS System Daemon.lnk
    [2010/05/24 11:06:49 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IMS Administrator Console.lnk
    [2010/05/24 10:59:50 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Start IMS System Daemon (Display).lnk
    [2010/05/24 10:59:50 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\End IMS System Daemon.lnk
    [2010/05/24 10:59:50 | 000,001,562 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Start Batch Subsystem.lnk
    [2010/05/24 10:59:50 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\End Batch Subsystem.lnk
    [2010/05/24 10:59:46 | 000,000,422 | ---- | C] () -- C:\WINDOWS\System32\SmtpX.LIC
    [2010/05/08 08:43:50 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Bill Wilson\Desktop\CaddieSync.lnk
    [2010/05/05 10:28:22 | 000,009,748 | ---- | C] () -- C:\WINDOWS\System32\oleguids3.tlb
    [2010/04/30 23:06:57 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/04/27 10:37:27 | 000,009,972 | -HS- | C] () -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\8y5bj8
    [2010/04/27 10:37:27 | 000,009,972 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8y5bj8
    [2010/04/23 15:02:12 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Bill Wilson\My Documents\ii.SIG
    [2010/04/21 12:52:38 | 000,435,027 | ---- | C] () -- C:\Documents and Settings\Bill Wilson\Desktop\ParatureWhitePaper_WhatToSayToAPorcupine(2).pdf
    [2010/04/15 12:14:12 | 000,108,920 | ---- | C] () -- C:\Documents and Settings\Bill Wilson\g2ax_customer_downloadhelper_win32_x86.exe
    [2010/04/14 22:36:54 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/04/04 23:25:02 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/03/25 09:46:15 | 059,085,824 | ---- | C] () -- C:\Documents and Settings\Bill Wilson\Desktop\Digidoc Presentation2.ppt
    [2010/03/21 22:12:45 | 000,016,032 | -HS- | C] () -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\VH56DJI7u87yo
    [2010/03/21 22:12:45 | 000,016,032 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
    [2010/03/17 22:04:22 | 000,017,332 | -HS- | C] () -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\6hLKd4ygtd
    [2010/03/17 22:04:22 | 000,017,332 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6hLKd4ygtd
    [2010/03/16 22:20:33 | 000,013,082 | -HS- | C] () -- C:\Documents and Settings\Bill Wilson\Local Settings\Application Data\7tG7Er4h
    [2010/03/16 22:20:33 | 000,013,082 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7tG7Er4h
    [2010/02/08 15:07:51 | 000,031,780 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2009/09/11 12:06:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vcdem32p.INI
    [2009/08/20 23:14:01 | 000,015,612 | ---- | C] () -- C:\WINDOWS\System32\calira.sys
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/06/17 08:35:04 | 000,000,154 | ---- | C] () -- C:\WINDOWS\System32\PJPMON.INI
    [2009/05/10 15:31:28 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\TEVPXCW60.DLL
    [2009/05/10 15:31:28 | 000,000,039 | ---- | C] () -- C:\WINDOWS\TDEVXCW60.DLL
    [2009/05/10 15:31:27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2009/02/03 12:58:22 | 000,001,249 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
    [2009/01/22 10:10:46 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuMResNT.dll
    [2009/01/22 10:10:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
    [2009/01/13 11:29:00 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2009/01/13 11:28:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2008/11/17 21:51:51 | 000,004,781 | ---- | C] () -- C:\WINDOWS\SigPlus.inicy
    [2008/04/08 13:36:57 | 000,000,377 | ---- | C] () -- C:\WINDOWS\kofax200.ini
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0c0a.dll
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0419.dll
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0410.dll
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex040c.dll
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0409.dll
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0407.dll
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0c0a.dll
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0419.dll
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0410.dll
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex040c.dll
    [2008/02/13 13:19:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0409.dll
    [2008/02/13 13:19:29 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0412.dll
    [2008/02/13 13:19:29 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0411.dll
    [2008/02/13 13:19:29 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0412.dll
    [2008/02/13 13:19:29 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0411.dll
    [2008/02/13 13:19:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0804.dll
    [2008/02/13 13:19:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0404.dll
    [2008/02/13 13:19:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0804.dll
    [2008/02/13 13:19:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0407.dll
    [2008/02/13 13:19:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60fex0419.dll
    [2008/02/13 13:19:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0404.dll
    [2008/02/13 13:19:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0C0A.dll
    [2008/02/13 13:19:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0419.dll
    [2008/02/13 13:19:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0410.dll
    [2008/02/13 13:19:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex040C.dll
    [2008/02/13 13:19:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0C0A.dll
    [2008/02/13 13:19:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0419.dll
    [2008/02/13 13:19:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0410.dll
    [2008/02/13 13:19:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex040C.dll
    [2008/02/13 13:19:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0407.dll
    [2008/02/13 13:19:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0412.dll
    [2008/02/13 13:19:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0411.dll
    [2008/02/13 13:19:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0412.dll
    [2008/02/13 13:19:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0411.dll
    [2008/02/13 13:19:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0409.dll
    [2008/02/13 13:19:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0804.dll
    [2008/02/13 13:19:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0804.dll
    [2008/02/13 13:19:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0407.dll
    [2008/02/13 13:19:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0419.dll
    [2008/02/13 13:19:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0409.dll
    [2008/02/13 13:19:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0419.dll
    [2008/02/13 13:19:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0C0A.dll
    [2008/02/13 13:19:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0419.dll
    [2008/02/13 13:19:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0410.dll
    [2008/02/13 13:19:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex040C.dll
    [2008/02/13 13:19:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0409.dll
    [2008/02/13 13:19:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0407.dll
    [2008/02/13 13:19:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0412.dll
    [2008/02/13 13:19:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0411.dll
    [2008/02/13 13:19:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0804.dll
    [2008/02/13 13:19:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0419.dll
    [2008/02/13 13:19:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5015ex0C0A.dll
    [2008/02/13 13:19:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5015ex0419.dll
    [2008/02/13 13:19:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5015ex0410.dll
    [2008/02/13 13:19:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5015ex040C.dll
    [2008/02/13 13:19:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5015ex0409.dll
    [2008/02/13 13:19:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5015ex0407.dll
    [2008/02/13 13:19:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5015ex0412.dll
    [2008/02/13 13:19:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5015ex0411.dll
    [2008/02/13 13:19:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5015ex0804.dll
    [2008/02/13 13:19:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0419.dll
    [2008/02/13 13:18:41 | 000,000,656 | ---- | C] () -- C:\WINDOWS\System32\FJOEMINF.ini
    [2007/08/21 15:40:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cmbmsgls817.dll
    [2007/08/21 11:47:05 | 000,000,701 | ---- | C] () -- C:\WINDOWS\IIAAU2DD.ini
    [2007/07/02 13:14:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\cmbmsgicm8171d.dll
    [2007/07/02 13:14:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\cmbmsgicm817d.dll
    [2007/07/02 13:14:43 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cmbwodbr.dll
    [2007/07/02 13:14:43 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cmbmsgls8171d.dll
    [2007/07/02 13:14:43 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\cmbmsgls817d.dll
    [2007/07/02 13:14:43 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\cmbmsg8171d.dll
    [2007/07/02 13:14:43 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\cmbmsg817d.dll
    [2007/07/02 13:14:43 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\cmbmsgicm8171.dll
    [2007/07/02 13:14:43 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\cmbmsgicm817.dll
    [2007/07/02 13:14:43 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cmbmsgls8171.dll
    [2007/07/02 13:14:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cmbmsinso81.dll
    [2007/07/02 13:14:43 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\cmbicmfac8171d.dll
    [2007/07/02 13:14:43 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\cmbmsg8171.dll
    [2007/07/02 13:14:43 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\cmbmsg817.dll
    [2007/07/02 13:14:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cmbicmfac817d.dll
    [2007/07/02 13:14:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\frnwwiga.dll
    [2007/07/02 13:14:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lrgobjparse.dll
    [2007/07/02 13:14:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cmbicmfac8171.dll
    [2007/07/02 13:14:43 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\cmbicmfac817.dll
    [2007/07/02 13:14:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cmbcmora8171d.dll
    [2007/07/02 13:14:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\cmbcmora8171.dll
    [2007/07/02 13:14:39 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\cmbcmdb28171d.dll
    [2007/07/02 13:14:39 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\cmbcmora817d.dll
    [2007/07/02 13:14:39 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cmbcmdb2817d.dll
    [2007/07/02 13:14:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\cmbcmdbci8171d.dll
    [2007/07/02 13:14:39 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\cmbcmdbci817d.dll
    [2007/07/02 13:14:39 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\cmbcmora817.dll
    [2007/07/02 13:14:39 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\cmbcmdb28171.dll
    [2007/07/02 13:14:39 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\cmbcmdb2817.dll
    [2007/07/02 13:14:39 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cmbcmdbci8171.dll
    [2007/07/02 13:14:39 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\cmbcmdbci817.dll
    [2007/07/02 13:14:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\afp2html.dll
    [2007/04/20 13:52:21 | 000,004,822 | ---- | C] () -- C:\WINDOWS\sigplus.ini
    [2006/10/27 16:31:30 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\xnmba500.dll
    [2006/10/27 16:31:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\xnmte500.dll
    [2006/10/27 16:31:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ximul550.dll
    [2006/10/10 16:19:17 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
    [2006/06/12 10:19:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2006/06/07 14:58:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\setscan.ini.old2
    [2006/04/30 00:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
    [2006/04/13 23:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
    [2006/04/13 23:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
    [2006/04/13 23:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
    [2006/04/13 08:14:10 | 000,000,070 | ---- | C] () -- C:\WINDOWS\bi_group.ini
    [2006/04/06 14:48:36 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/03/28 15:18:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\KofaxKim.ini
    [2006/03/28 15:08:03 | 000,027,020 | ---- | C] () -- C:\WINDOWS\pixcache.ini
    [2006/03/28 14:57:28 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\FsipDCBW.dll
    [2006/03/28 14:57:28 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\FjDeskew.ini
    [2006/03/28 14:57:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0C0A.dll
    [2006/03/28 14:57:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0410.dll
    [2006/03/28 14:57:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex040C.dll
    [2006/03/28 14:57:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0407.dll
    [2006/03/28 14:57:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0C0A.dll
    [2006/03/28 14:57:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0410.dll
    [2006/03/28 14:57:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex040C.dll
    [2006/03/28 14:57:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0407.dll
    [2006/03/28 14:57:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0C0A.dll
    [2006/03/28 14:57:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0409.dll
    [2006/03/28 14:57:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0409.dll
    [2006/03/28 14:57:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0804.dll
    [2006/03/28 14:57:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0411.dll
    [2006/03/28 14:57:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0804.dll
    [2006/03/28 14:57:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0411.dll
    [2006/03/28 14:57:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0804.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0410.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex040C.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0407.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0C0A.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0419.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0410.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex040C.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0409.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0407.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0C0A.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0419.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0410.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex040C.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0409.dll
    [2006/03/28 14:57:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0407.dll
    [2006/03/28 14:57:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0409.dll
    [2006/03/28 14:57:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0412.dll
    [2006/03/28 14:57:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0411.dll
    [2006/03/28 14:57:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0412.dll
    [2006/03/28 14:57:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0411.dll
    [2006/03/28 14:57:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0411.dll
    [2006/03/28 14:57:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0804.dll
    [2006/03/28 14:57:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0804.dll
    [2006/03/28 14:57:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0C0A.dll
    [2006/03/28 14:57:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0419.dll
    [2006/03/28 14:57:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0410.dll
    [2006/03/28 14:57:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex040C.dll
    [2006/03/28 14:57:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0409.dll
    [2006/03/28 14:57:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0407.dll
    [2006/03/28 14:57:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0412.dll
    [2006/03/28 14:57:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0411.dll
    [2006/03/28 14:57:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0804.dll
    [2006/03/28 14:57:23 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex.dll
    [2006/03/28 14:57:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0C0A.dll
    [2006/03/28 14:57:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0410.dll
    [2006/03/28 14:57:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex040C.dll
    [2006/03/28 14:57:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0409.dll
    [2006/03/28 14:57:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0407.dll
    [2006/03/28 14:57:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0C0A.dll
    [2006/03/28 14:57:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0410.dll
    [2006/03/28 14:57:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex040C.dll
    [2006/03/28 14:57:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0407.dll
    [2006/03/28 14:57:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0411.dll
    [2006/03/28 14:57:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0c0a.dll
    [2006/03/28 14:57:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0410.dll
    [2006/03/28 14:57:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex040C.dll
    [2006/03/28 14:57:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0409.dll
    [2006/03/28 14:57:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0407.dll
    [2006/03/28 14:57:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0409.dll
    [2006/03/28 14:57:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0804.dll
    [2006/03/28 14:57:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0804.dll
    [2006/03/28 14:57:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0411.dll
    [2006/03/28 14:57:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0804.dll
    [2006/03/28 14:57:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0411.dll
    [2006/03/28 14:57:22 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex.dll
    [2006/03/28 14:57:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0C0A.dll
    [2006/03/28 14:57:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0410.dll
    [2006/03/28 14:57:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex040C.dll
    [2006/03/28 14:57:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0407.dll
    [2006/03/28 14:57:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0C0A.dll
    [2006/03/28 14:57:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0410.dll
    [2006/03/28 14:57:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex040C.dll
    [2006/03/28 14:57:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0409.dll
    [2006/03/28 14:57:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0407.dll
    [2006/03/28 14:57:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0409.dll
    [2006/03/28 14:57:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0C0A.dll
    [2006/03/28 14:57:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0410.dll
    [2006/03/28 14:57:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex040C.dll
    [2006/03/28 14:57:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0409.dll
    [2006/03/28 14:57:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0804.dll
    [2006/03/28 14:57:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0411.dll
    [2006/03/28 14:57:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0804.dll
    [2006/03/28 14:57:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0411.dll
    [2006/03/28 14:57:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0804.dll
    [2006/03/28 14:57:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0411.dll
    [2006/03/28 14:57:21 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex.dll
    [2006/03/28 14:57:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0C0A.dll
    [2006/03/28 14:57:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0410.dll
    [2006/03/28 14:57:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex040C.dll
    [2006/03/28 14:57:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0407.dll
    [2006/03/28 14:57:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0407.dll
    [2006/03/28 14:57:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0409.dll
    [2006/03/28 14:57:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0804.dll
    [2006/03/28 14:57:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0411.dll
    [2006/03/28 10:24:18 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2006/03/28 10:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    [2006/03/21 22:39:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2006/03/14 14:52:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\formsync.INI
    [2006/03/13 11:51:10 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
    [2006/03/13 11:49:52 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
    [2006/03/13 11:49:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
    [2006/03/13 11:49:52 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
    [2006/03/13 11:49:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
    [2006/03/13 11:49:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
    [2006/03/13 11:49:52 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
    [2006/03/13 11:49:52 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
    [2006/03/13 11:49:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
    [2006/03/09 12:37:35 | 000,001,428 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/02/28 02:53:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/02/28 02:48:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/02/28 02:27:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
    [2006/02/28 02:27:06 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2004/09/16 01:57:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
    [2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/04/23 15:17:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\uninstall.ini
    [2002/04/17 08:24:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\crdb218s.dll
    [2002/04/17 08:17:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sock18iv.dll
    [2002/04/17 08:17:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\drda18iv.dll
    [2002/04/17 08:16:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\prot18iv.dll
    [2002/04/17 08:16:32 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\xcpg18iv.dll
    [2002/04/17 08:15:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\bind18iv.dll
    [2002/04/17 08:15:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\memr18iv.dll
    [2002/04/17 08:15:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\clrt18iv.dll
    [2002/04/17 08:15:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\cosi18iv.dll
    [2002/04/17 08:15:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\appc18iv.dll
    [2002/04/03 16:01:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\crinfdtc18.dll
    [2001/09/26 11:09:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\Sx32w.dll
    [1999/02/05 18:29:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Avaspi32.dll
    [1999/01/21 15:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1997/10/31 03:54:44 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\DiIQDBNT.dll
    [1997/06/02 19:08:34 | 000,060,712 | ---- | C] () -- C:\WINDOWS\System32\BUICISIS.DLL
    [1994/09/30 16:34:54 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
    [1994/09/30 16:34:52 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL

    ========== LOP Check ==========

    [2009/04/16 00:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
    [2010/02/08 15:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
    [2009/09/12 12:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kofax
    [2009/04/15 22:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2010/02/08 15:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2008/06/15 20:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkyGolf
    [2010/06/09 11:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/02/29 14:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2008/11/10 14:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/02/08 15:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
    [2010/04/18 19:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/10 21:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/06/20 18:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/02/08 15:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\.oit
    [2008/08/21 22:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\acccore
    [2008/08/21 22:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\AIM
    [2009/06/29 11:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\AltiGen
    [2010/02/08 14:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\Canon Electronics
    [2009/06/18 15:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\CASIO
    [2009/04/15 22:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\DriverCure
    [2008/02/29 14:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\Fujitsu
    [2008/02/29 14:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\ISIS Drivers
    [2010/01/07 17:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\Kofax
    [2008/02/29 14:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\Leadertech
    [2009/10/12 09:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\looksoftware
    [2008/10/07 18:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\Meeting Center
    [2010/02/08 15:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\ScanSoft
    [2009/11/08 10:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\SkyGolf
    [2008/02/29 14:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\Smith Micro
    [2010/06/11 08:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\smkits
    [2009/10/31 23:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\visviva
    [2009/05/21 09:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\webex
    [2010/02/08 15:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill Wilson\Application Data\Zeon
    [2008/02/22 20:21:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
    [2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/09/17 08:53:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/09/17 08:53:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS

    < MD5 for: ATAPI.SYS >
    [2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
    [2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/09/17 08:53:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/09/17 08:53:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2010/04/29 15:43:53 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
    [2010/04/29 15:48:15 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
    [2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
    [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
    [2008/09/04 15:44:36 | 000,049,472 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
    [2008/09/04 15:45:18 | 000,107,840 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
    [2008/09/04 15:45:20 | 000,357,696 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
    [65 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bill Wilson\Desktop\Change Hosts V = Vanguard R=Remote.PIF:SummaryInformation
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >
     
    funshinepa,
    #5
  7. 2010/06/11
    funshinepa

    funshinepa Inactive Thread Starter

    Joined:
    2010/06/09
    Messages:
    9
    Likes Received:
    0
    Extras.txt

    OTL Extras logfile created on: 6/11/2010 9:39:12 AM - Run 1
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Bill Wilson\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 128.00 Gb Total Space | 33.80 Gb Free Space | 26.41% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: BILLNB02
    Current User Name: wfw
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
    "C:\Jodi\IMSSystem\IMSPCDaemon.exe" = C:\Jodi\IMSSystem\IMSPCDaemon.exe:*:Enabled:IMSPCDaemon -- (Vanguard Systems, Inc.)
    "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
    "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server -- (SafeNet, Inc)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\1144351553\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1144351553\EE\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
    "C:\IMS21\IMSSystem\IMSSystemDaemon.exe" = C:\IMS21\IMSSystem\IMSSystemDaemon.exe:*:Enabled:Ims/21 System Daemon -- (Vanguard Systems, Inc.)
    "C:\IMS21\IMSSystem\IMSFlush.exe" = C:\IMS21\IMSSystem\IMSFlush.exe:*:Enabled:IMS/21 Cache Flush -- (Vanguard Systems, Inc.)
    "C:\IMS21\IMSSystem\IMSBatchSbs.exe" = C:\IMS21\IMSSystem\IMSBatchSbs.exe:*:Enabled:IMS/21 Batch Subsystem -- (Vanguard Systems, Inc.)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\AltiGen\JLIB15\jre\bin\java.exe" = C:\Program Files\AltiGen\JLIB15\jre\bin\java.exe:*:Enabled:java -- (Sun Microsystems, Inc.)
    "C:\Program Files\AltiGen\JLIB15\jre\bin\javaw.exe" = C:\Program Files\AltiGen\JLIB15\jre\bin\javaw.exe:*:Enabled:javaw -- (Sun Microsystems, Inc.)
    "C:\Program Files\AltiGen\MaxCommunicator\MaxCommunicator.exe" = C:\Program Files\AltiGen\MaxCommunicator\MaxCommunicator.exe:*:Enabled:MaxCommunicator -- (AltiGen)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
    "C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe" = C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe:*:Enabled:SkyCaddie Desktop -- (Skyhawke Technologies)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
    "{06A7EA72-0F00-4D53-A81C-A5D925711141}" = Microsoft SQL Server 2008 Full text search
    "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
    "{070ACA6C-3891-498A-8491-59F8A2A61C79}" = looksoftware suite 8.0
    "{09AE068D-6A0D-4257-9B65-F36E88A37191}_is1" = IMS/21 Application Server
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{0F61BDF1-3BBC-497C-92CD-0AE42CAAF1CD}_is1" = IMS/21 Applet - Work with Storage Servers Version 1.0.0
    "{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{14FCB277-4CCF-4956-B3F0-18418FC61EB6}" = ScanSoft PaperPort 11
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
    "{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
    "{22846D4E-57D6-4D25-8364-8A05FCE9E942}" = Ims21 Version 6.50 PTF02 - PortableBriefcase
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23F70562-02F4-4805-ACF5-6E52BAD167C2}" = Microsoft SQL Server 2008 Reporting Services
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{272253C3-D9DD-4C0C-A586-7E7ABC7E9AA2}" = Presto! BizCard 5
    "{275ABBA2-4817-4443-9AB8-ED43CA9AAA17}" = Microsoft SQL Server 2008 BI Development Studio
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2C5F4884-62AB-4B32-ADB2-BD3D71760CD6}" = OutlookAccessAddInSetup
    "{30C6798C-2BA6-47AC-AD99-F60F0EBF665D}" = MX-900 Editor
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{3431A7A3-6287-46B0-8AF1-BE2452A1FE62}" = Microsoft SQL Server 2008 Books Online (English)
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3659E623-EAAE-4AF4-AD37-07DD760D1B61}" = Ims21 Version 6.50 PTF02 - PortableBriefcase
    "{369985B3-D121-4C85-9B28-35AD87B75978}_is1" = IMS/21 Applet - Sets and Volumes 1.0.0
    "{38E8842E-3333-4AAA-8506-2579F64F9F01}" = VRS 4.00 OEM Licensing Update
    "{39C2AA16-4BCE-4B9B-ADA7-E12116DF2D5D}_is1" = IMS/21 Applet - Table Maintenance Version 1.0.0
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{40F34A1C-65A2-4163-98CE-A0D0646CABEF}" = Microsoft SQL Server 2008 Integration Services
    "{41B20968-B2E1-49C0-9508-CC1544D568F5}" = Presto! BizCard Component for Windows CE
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{49C27FB0-CEEF-4A11-8114-0BFE336D3884}" = Symantec Endpoint Protection
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{49E98741-B7A4-4A44-A536-6AFCA23106FE}" = Microsoft SQL Server 2008 Reporting Services
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4B07E034-8AC7-4960-83A2-98EC96750CD6}" = Fujitsu ISIS Drivers
    "{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}" = Microsoft SQL Server 2008 Client Tools
    "{52CAD7C7-1E41-43FE-8613-AB9D79B2DBBC}" = NETGEAR GA511 Gigabit Cardbus Adapter
    "{531012B4-DA5D-4032-994F-AE236E0D5EB1}" = Workpay Setup
    "{53A5ED18-6EF8-45BB-B520-21B1C0ADE16B}" = newlook 7.0
    "{547D4265-AF45-42E9-A62A-C58182AA35B9}" = Sentinel Protection Installer 7.0.0
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skypeâ„¢ 3.8
    "{5CBEAD34-993A-4C63-9931-44E1F870E5B7}" = Kofax VRS Update for 4.10 PFU PRO OEM
    "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
    "{60D46DEE-5221-47AA-B978-BA25C5D9F560}" = Microsoft SQL Server 2008 Client Tools
    "{60DEBDA8-0F2A-4F13-8C5D-7A9D0161275D}" = Monochrome Printer Driver User-Level
    "{6249567F-65C3-4EE7-B023-E4FA035B0520}" = Microsoft SQL Server 2008 Analysis Services
    "{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
    "{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A35E74B-68AD-4054-B93A-FEB7B687114C}" = Kofax VirtualReScan 4.20
    "{6A8E2D60-1BA2-4B00-9E84-2F0235D730D5}_is1" = IMS/21 Applet - Annotation Security Version 1.0.0
    "{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
    "{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{71A7D000-0D1F-4CF9-BB75-BB5920436F0C}" = Crystal Reports 9
    "{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{7FE1E97D-B93B-4817-8BC2-19C0347F4DB4}" = O2Micro Smartcard Driver
    "{815C228C-FE37-4A8C-A541-462170F617FD}_is1" = IMS/21 Applet - Configure Storage Servers Version 1.0.0
    "{81750C0E-BF20-44A6-B4EA-5AFB45232F51}_is1" = IMS/21 Applet - User Maintenance Version 1.0.0
    "{8265A0B4-D9AF-4603-94B1-51452E4F9611}" = Canon P-150 Driver
    "{830A688B-A7DB-46D8-9CDD-515711EEBD8F}_is1" = Vanguard Systems Help Desk Customer Maintenance Contract Paymen
    "{83CF23A7-B6AE-4358-8DDF-918DBD5C635D}" = Kofax VRS Component Fujitsu fi-6140
    "{8552FD97-5A8E-46F4-9AD8-72A275F1ACCB}" = Microsoft Unified Communications Client API SDK
    "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{937577C7-225A-4E14-82C5-53B82F713973}" = Presto! BizCard 5
    "{93B6A615-555D-49FD-95DE-D8B7192F9A85}" = AltiGenJLIB
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
    "{99C78594-049E-4762-8AFC-44EC44D100DF}" = 99C78594-049E-4762-8AFC-44EC44D100DF
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
    "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
    "{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
    "{AB36A282-018D-4D12-8149-AB79D07DFA3E}" = EdmsNet Image Viewer
    "{AC54DC1F-EDA7-448C-BA4C-218A92F5E985}" = Microsoft SQL Server 2008 BI Development Studio
    "{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
    "{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{AE840050-8473-4B45-A4CE-09E83CEB1186}" = Kofax VRS Update 2 for 4.10
    "{AEB03FAF-90EB-4B4F-BA32-9C4DDE2C9804}" = Microsoft SQL Server 2008 Integration Services
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{B762B2A5-883B-454B-A586-1DF6C4528262}" = MX-950 Editor
    "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
    "{C07C4A6B-8631-46B5-B53E-DEAEA0BA13E6}" = MaxCommunicator 6.0 Update2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C266FAA8-301D-4E44-937C-329627F27D57}_is1" = IMS/21 Applet - RunSQL Version 1.0.0
    "{C308DFD1-3239-42BF-A4E5-1A8EDAA6E310}_is1" = IMS/21 Applet - User Codes Version 1.0.0
    "{C33EEC9D-185E-4D45-8CD3-7F4169BC0970}_is1" = IMS/21 Windows Screen Scrape 6.5.0
    "{C4CFCA86-3E7E-4BAD-AE02-148FB4AAE7F7}" = Ims21 Version 6.50 PTF02 - Client
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C89B00A2-B72A-4935-96FC-38796E9554EC}" = Microsoft Sync Services for ADO.NET v2.0 (x86)
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
    "{CB1CCFDD-E1A0-4975-BEDE-03ECE37E57DD}" = EdmsNet Image Viewer
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D24767E3-1F2D-469C-BB75-9B9C43E436BD}" = Ims21 Version 6.50 PTF02 - Client
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D5E1BC1D-5955-44D2-A5F2-6BFCA659DDA1}" = Kofax TWAIN Data Source
    "{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
    "{DAA6744C-696B-46A9-9E1A-08801B516AC1}_is1" = IMS/21 Applet - Overlay Maintenance 1.0.0
    "{DAA8590D-D93E-4697-9CBE-D96A7590A8E3}" = Microsoft SQL Server 2008 Analysis Services
    "{DD0A3754-E6F6-4E49-A4FB-2DDB5F023118}_is1" = IMS/21 Applet - Manage Batch Subsystems Version 1.0.0
    "{DD939110-6199-4AA8-B850-4BA61BE21B6F}_is1" = IMS/21 Administrator Console
    "{DE9145F3-2528-4449-8F27-D33661D9F3F3}" = Lotus Notes 8.0.2 (Basic)
    "{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
    "{E0F46925-2F25-45B7-895D-AF26C264C2EC}" = Meeting Center
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F17BC6E1-8AC4-4EA5-BE19-5A09EF172716}_is1" = IMS/21 Applet - Cache Management Version 1.0.0
    "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{F96288A4-B5E9-43A4-9F00-AF6D0BCA11F9}" = MAPICS SyteLine ERP
    "{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AOL Spyware Protection" = AOL Spyware Protection
    "ATI Display Driver" = ATI Display Driver
    "ClientAccessExpress" = IBM iSeries Access for Windows
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
    "DAO" = DAO
    "Fujitsu ISIS Drivers" = Fujitsu ISIS Drivers
    "HijackThis" = HijackThis 2.0.2
    "IBM_HostCD" = IBM Software Uninstall
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "IMS WORKFLOW 8-1" = IMS WORKFLOW 8-1
    "IMS21 WORKFLOW Ver. 8-2" = IMS21 WORKFLOW Ver. 8-2
    "InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
    "InstallShield_{52CAD7C7-1E41-43FE-8613-AB9D79B2DBBC}" = NETGEAR GA511 Smart Wizard Utility
    "InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
    "InstallShield_{7FE1E97D-B93B-4817-8BC2-19C0347F4DB4}" = O2Micro Smartcard Driver
    "J Walk Windows Client" = SYSTEM 2000
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Merlin V620 CDMA EV-DO PC Card Device Driver" = Merlin V620 CDMA EV-DO PC Card Device Driver
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft SQL Server 2000" = Microsoft SQL Server 2000
    "Monarch 5.02" = Monarch 5.02
    "MSN Music Assistant" = MSN Music Assistant
    "ProInst" = Intel(R) PROSet/Wireless Software
    "QuickTime" = QuickTime
    "RealPlayer 6.0" = RealPlayer Basic
    "S2K50" = S2K50 Client
    "Sametime Client v7.0" = Sametime Client v7.0
    "ScMgr30Uninstall" = Caere Scan Manager 4.01
    "Selling Chain 3.1" = Selling Chain 3.1
    "SkyCaddieDesktop" = SkyCaddie Desktop
    "Software Operation Panel" = Software Operation Panel
    "ST5UNST #1" = Work Flow
    "ST6UNST #1" = WorkFlow Lookup
    "ST6UNST #2" = VsXmlDll
    "ST6UNST #3" = WorkFlow Lookup (c:\Ims_VerL\)
    "The Regex Coach_is1" = The Regex Coach 0.9.1
    "Topaz e-Signatures SigPlus 3.74" = Topaz e-Signatures SigPlus 3.74
    "Topaz SigPlus Basic 3.74" = Topaz SigPlus Basic 3.74
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Windows CE Services" = Microsoft ActiveSync 3.7
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/9/2010 9:15:41 PM | Computer Name = BILLNB02 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/10/2010 9:12:21 AM | Computer Name = BILLNB02 | Source = RSTaskMan | ID = 100
    Description =

    Error - 6/11/2010 7:10:32 AM | Computer Name = BILLNB02 | Source = RSTaskMan | ID = 100
    Description =

    Error - 6/11/2010 7:21:34 AM | Computer Name = BILLNB02 | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Startup
    scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
    file was deleted successfully.

    Error - 6/11/2010 7:48:55 AM | Computer Name = BILLNB02 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/11/2010 7:48:55 AM | Computer Name = BILLNB02 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2203

    Error - 6/11/2010 7:48:55 AM | Computer Name = BILLNB02 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2203

    Error - 6/11/2010 8:25:45 AM | Computer Name = BILLNB02 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/11/2010 8:25:45 AM | Computer Name = BILLNB02 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2212328

    Error - 6/11/2010 8:25:45 AM | Computer Name = BILLNB02 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2212328

    [ System Events ]
    Error - 6/10/2010 10:24:32 PM | Computer Name = BILLNB02 | Source = Service Control Manager | ID = 7022
    Description = The SQL Server Reporting Services (MSSQLSERVER2008) service hung on
    starting.

    Error - 6/11/2010 12:32:56 AM | Computer Name = BILLNB02 | Source = DCOM | ID = 10010
    Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
    with DCOM within the required timeout.

    Error - 6/11/2010 7:10:48 AM | Computer Name = BILLNB02 | Source = Service Control Manager | ID = 7000
    Description = The Parallel port driver service failed to start due to the following
    error: %%1058

    Error - 6/11/2010 7:10:48 AM | Computer Name = BILLNB02 | Source = Service Control Manager | ID = 7001
    Description = The Sentinel service depends on the Parallel port driver service which
    failed to start because of the following error: %%1058

    Error - 6/11/2010 7:12:29 AM | Computer Name = BILLNB02 | Source = Service Control Manager | ID = 7022
    Description = The SQL Server Reporting Services (MSSQLSERVER2008) service hung on
    starting.

    Error - 6/11/2010 7:28:44 AM | Computer Name = BILLNB02 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1068" attempting to start the service upnphost with
    arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

    Error - 6/11/2010 7:28:44 AM | Computer Name = BILLNB02 | Source = Service Control Manager | ID = 7001
    Description = The Universal Plug and Play Device Host service depends on the SSDP
    Discovery Service service which failed to start because of the following error:
    %%1058

    Error - 6/11/2010 8:25:50 AM | Computer Name = BILLNB02 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.5 for the Network Card with network
    address 00166F494E2F has been denied by the DHCP server 192.168.10.2 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/11/2010 9:39:53 AM | Computer Name = BILLNB02 | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 6/11/2010 9:39:54 AM | Computer Name = BILLNB02 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2


    < End of report >
     
    funshinepa,
    #6
  8. 2010/06/11
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    The MBA-M log you posted does not reflect that you took any action. You may have posted the incorrect log, so please follow these instructions;

    Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Download the update from here if you have problems.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    Make sure that you restart the computer.
     
    crunchie,
    #7
  9. 2010/06/14
    funshinepa

    funshinepa Inactive Thread Starter

    Joined:
    2010/06/09
    Messages:
    9
    Likes Received:
    0
    I would love to give you a MBA-M log file, but it refuses to let me get one. I can tell you we CLICKED REMOVE, but it comes back after every reboot. The log file is NOT in any of the suggested folders. I also have to say, I have extensive experience in computers and troubleshooting, So I know what is being asked of me. Again, I can not get you a log file, it won't create one!!! I do however have a screen shot of what was found. Let me know if you want that or if we should just move on from here.

    I appreciate your help. Thanks!!
     
    funshinepa,
    #8
  10. 2010/06/14
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Here is the log you posted previously showing that no action was taken. That is the information I am going off. What program is now flagging the entries and can you give the full file name and path please so that we can try using another tool to remove them.

     
    crunchie,
    #9
  11. 2010/06/21
    funshinepa

    funshinepa Inactive Thread Starter

    Joined:
    2010/06/09
    Messages:
    9
    Likes Received:
    0
    I'm not sure where we're suppose to "take action," but everytime, those items are checked and clicked to remove and this is the log file we get!
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4197

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    6/19/2010 10:49:30 PM
    mbam-log-2010-06-19 (22-49-30).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 584985
    Time elapsed: 2 hour(s), 50 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 7
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mlkihedrv (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\khgefdsys (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvvttudrv (Trojan.Vundo) -> No action taken.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ddddbasys (Trojan.Vundo) -> No action taken.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssqqqpdrv (Trojan.Vundo) -> No action taken.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ddddbasys (Trojan.Vundo) -> No action taken.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssqqqpdrv (Trojan.Vundo) -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    funshinepa,
    #10
  12. 2010/06/21
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    crunchie,
    #11
  13. 2010/07/08
    funshinepa

    funshinepa Inactive Thread Starter

    Joined:
    2010/06/09
    Messages:
    9
    Likes Received:
    0
    We done the steps... There are no options to change action to remove the registry entries. And even when we do it manually in safe mode, they are back as soon as we delete them. Any suggestions from this point on?

    PS, sorry I was on vacation and he's getting ready to go on vacation now, but I can tell him what to do while he is away. :)
     
    funshinepa,
    #12
  14. 2010/07/08
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    There is an option to Remove selected after you have done the scan. That is the option you need to select after you select the show results option.
     
    crunchie,
    #13
  15. 2010/07/08
    funshinepa

    funshinepa Inactive Thread Starter

    Joined:
    2010/06/09
    Messages:
    9
    Likes Received:
    0
    We did that everytime!!! The log file after is what is posted. I know it says NO ACTION taken, because it doesn't give us an action to take. We've tried to do the pull down and there is nothing there to select or it is grayed out. Believe me when I say I know computers and what I am doing. I have removed this virus/trojan from other computers wth no problem. This time it seems very SUPER TROJAN hahaha I was hoping someone here could point me in another direction. I'm ready to move on past Malwarebytes as if I can't get it to run, if you know what I mean. Something else has to be TRIED. I'm done trying Malwarebytes. it is not working.
     
    funshinepa,
    #14
  16. 2010/07/08
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click the file to run it and when asked if you want to merge with your registry, answer yes.
    Reboot when done and run MBA-M again to see if they are still found.

    View attachment Fixme.zip

    =========

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
     
    crunchie,
    #15
  17. 2010/07/12
    funshinepa

    funshinepa Inactive Thread Starter

    Joined:
    2010/06/09
    Messages:
    9
    Likes Received:
    0
    The first one did not work, same thing comes up in MBA-M log. Running Combofix now. Thanks for your help, I really appreciate it. Will post log file from combofix when boss gets it done and sent. He's on vacation :)
     
    funshinepa,
    #16

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...