Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect plus blocked access to Malwarebytes and other sites -


  • Please log in to reply

#1
littlewilson

littlewilson

    New Member

  • Member
  • Pip
  • 2 posts
Hi!

I noticed last night that Google and Yahoo results were being redirected to spam sites, and when I attempted to run MalwareBytes, I wasn't able to update (error 732). Access is also blocked to the entire malwarebytes.org site, as well as other virus cleaning sites.

A full scan with my (company-standard) McAfee found no problems, as did Malwarebytes with the old virus definitions.

I ran TDSSKiller, which found and cured a rootkit, and since then the redirect problem seems to be gone (yay! and thank you).

09:24:24:375 8668 File C:\WINDOWS\system32\DRIVERS\iaStor.sys infected by TDSS rootkit ... 09:24:24:375 8668 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\iaStor.sys


However, I am having major trouble getting rid of the Malwarebytes access problem, and am desperate for some help.

GMER wouldn't run to completion (BSOD), and my OTL logs are posted below.

Thanks in advance for your help!!


OTL logfile created on: 2/15/2010 10:50:43 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\CW System Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.47 Gb Total Space | 56.14 Gb Free Space | 39.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: cwilson-t61
Current User Name: CWILSON
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/15 10:49:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\CW System Tools\OTL.exe
PRC - [2009/12/28 20:35:00 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 10:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/10/22 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/10/20 13:25:26 | 000,979,104 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
PRC - [2009/10/20 13:25:22 | 001,489,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
PRC - [2009/10/13 14:18:12 | 000,470,016 | ---- | M] (Oracle) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe
PRC - [2009/10/07 14:15:34 | 001,022,464 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe
PRC - [2009/09/22 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/22 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/22 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/09/02 17:59:20 | 000,035,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/11 23:01:34 | 000,012,288 | ---- | M] () -- C:\bea\tuxedo10gR3_VS2005\bin\tuxipc.exe
PRC - [2009/01/20 18:42:34 | 000,340,043 | ---- | M] (Array Networks, Inc.) -- C:\Program Files\Array Networks\Common\8,2,2,79\arr_isrv.exe
PRC - [2009/01/20 18:42:26 | 000,192,587 | ---- | M] (Array Networks, Inc.) -- C:\Program Files\Array Networks\Array SSL VPN\8,2,2,79\arr_srvs.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/10 21:17:48 | 000,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/10/07 16:53:53 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\j2 Messenger 4.4\J2GDllCmd.exe
PRC - [2008/08/29 12:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/08/08 16:26:06 | 000,055,856 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2008/08/01 22:07:44 | 000,069,632 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe
PRC - [2008/06/15 18:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/13 19:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 19:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 16:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 16:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 16:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/04/23 09:10:42 | 002,266,712 | ---- | M] (Hyperionics Technology LLC) -- C:\Program Files\HyperSnap 6\HprSnap6.exe
PRC - [2007/04/16 14:33:18 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/04/16 14:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/04/16 14:14:24 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/04/09 18:23:56 | 001,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/29 21:40:48 | 000,181,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/03/28 21:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/03/23 04:02:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2007/03/09 09:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 08:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/02 20:49:00 | 000,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/02/26 14:34:28 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/02/26 14:33:56 | 000,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/02/26 14:33:46 | 000,245,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2006/11/16 13:56:24 | 060,030,976 | ---- | M] (Oracle Corporation) -- c:\oracle\product\10.2.0\db_1\BIN\oracle.exe
PRC - [2006/10/12 01:35:06 | 000,053,248 | ---- | M] (Oracle) -- C:\oracle\product\10.2.0\db_1\BIN\isqlplussvc.exe
PRC - [2006/10/10 06:03:22 | 000,208,896 | ---- | M] () -- C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.EXE
PRC - [2006/09/22 16:46:34 | 000,033,792 | ---- | M] (Oracle) -- C:\Program Files\Oracle\ODrive\XfsSvcCon.exe
PRC - [2006/09/06 11:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/02/14 09:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 09:16:28 | 000,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/04/08 18:09:00 | 000,045,161 | ---- | M] () -- C:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
PRC - [2004/08/09 09:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/10/13 17:55:14 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2001/10/08 15:59:36 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2010/02/15 10:49:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\CW System Tools\OTL.exe
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2007/04/23 09:10:45 | 000,636,536 | ---- | M] (Hyperionics Technology LLC) -- C:\Program Files\HyperSnap 6\HSTxtCap.dll
MOD - [2007/01/25 10:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006/02/14 09:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WMDM PMSP Service)
SRV - [2009/12/28 20:35:00 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [On_Demand | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/10/20 13:25:22 | 001,489,984 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV - [2009/10/13 14:18:12 | 000,470,016 | ---- | M] (Oracle) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)
SRV - [2009/10/07 14:15:34 | 001,022,464 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)
SRV - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/09/02 17:59:20 | 000,035,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe -- (hips)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 13:51:00 | 000,349,528 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2009/05/11 23:01:34 | 000,012,288 | ---- | M] () [Auto | Running] -- C:\bea\tuxedo10gR3_VS2005\bin\tuxipc.exe -- (ORACLE ProcMGR V10gR3 with VS2005)
SRV - [2009/05/11 23:01:30 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\bea\tuxedo10gR3_VS2005\bin\slisten.exe -- (TUXEDO 10gR3 with VS2005 Listener on Port 3050) TListen 10gR3 with VS2005 (Port: 3050)
SRV - [2009/01/20 18:42:34 | 000,340,043 | ---- | M] (Array Networks, Inc.) [Auto | Running] -- C:\Program Files\Array Networks\Common\8,2,2,79\arr_isrv.exe -- (Array_Utility_Service8.2.2.79)
SRV - [2009/01/20 18:42:26 | 000,192,587 | ---- | M] (Array Networks, Inc.) [Auto | Running] -- C:\Program Files\Array Networks\Array SSL VPN\8,2,2,79\arr_srvs.exe -- (ArraySSL_VPN_Service8.2.2.79)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/10 21:17:48 | 000,573,440 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/29 12:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/08/08 16:27:24 | 000,109,104 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/08/08 16:26:52 | 000,121,392 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/08/08 16:25:54 | 000,150,064 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/08/01 22:07:44 | 000,069,632 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe -- (ocautoupds)
SRV - [2008/06/15 18:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/13 15:11:56 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/04/10 05:15:50 | 000,012,288 | ---- | M] () [On_Demand | Stopped] -- C:\bea\tuxedo9.1_VS2005_v2\bin\tuxipc.exe -- (BEA ProcMGR V9.1 with VS2005 v2)
SRV - [2008/04/10 05:15:45 | 000,061,440 | ---- | M] () [On_Demand | Stopped] -- C:\bea\tuxedo9.1_VS2005_v2\bin\slisten.exe -- (TUXEDO 9.1 with VS2005 v2 Listener on Port 3050) TListen 9.1 with VS2005 v2 (Port: 3050)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/09/19 20:11:58 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\bea\Tuxedo9.1\bin\slisten.exe -- (TUXEDO 9.1 Listener on Port 3050) TListen 9.1 (Port: 3050)
SRV - [2007/09/19 18:58:34 | 000,020,480 | ---- | M] () [On_Demand | Stopped] -- C:\bea\Tuxedo8.1\bin\tuxipc.exe -- (BEA ProcMGR V8.1)
SRV - [2007/09/19 18:56:58 | 000,069,632 | ---- | M] () [On_Demand | Stopped] -- C:\bea\Tuxedo8.1\bin\slisten.exe -- (TUXEDO 8.1 Listener on Port 3050) TListen 8.1 (Port: 3050)
SRV - [2007/09/19 17:46:22 | 000,061,440 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker)
SRV - [2007/04/16 14:33:18 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/04/16 14:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/04/16 14:14:24 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/03/23 10:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/03/02 20:49:00 | 000,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/01/22 09:10:14 | 000,010,240 | ---- | M] () [On_Demand | Stopped] -- C:\bea\Tuxedo9.1\bin\tuxipc.exe -- (BEA ProcMGR V9.1)
SRV - [2006/12/02 09:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/11/16 13:56:24 | 060,030,976 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE -- (OracleServiceCWT207)
SRV - [2006/11/16 13:56:24 | 060,030,976 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE -- (OracleServiceCWT206)
SRV - [2006/11/16 12:41:46 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oracle\product\10.2.0\db_1\Bin\extjob.exe -- (OracleJobSchedulerCWT207)
SRV - [2006/11/16 12:41:46 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oracle\product\10.2.0\db_1\Bin\extjob.exe -- (OracleJobSchedulerCWT206)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/12 01:35:06 | 000,053,248 | ---- | M] (Oracle) [Auto | Running] -- C:\oracle\product\10.2.0\db_1\BIN\isqlplussvc.exe -- (OracleOraDb10g_home1iSQL*Plus)
SRV - [2006/10/10 06:03:22 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe -- (OracleOraDb10g_home1TNSListener)
SRV - [2006/09/22 16:46:34 | 000,033,792 | ---- | M] (Oracle) [Auto | Running] -- C:\Program Files\Oracle\ODrive\XfsSvcCon.exe -- (OdService)
SRV - [2006/09/02 19:36:34 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/05/11 18:15:50 | 000,052,736 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/01/24 03:22:04 | 000,029,816 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\SQLLIB\BIN\db2sec.exe -- (DB2NTSECSERVER)
SRV - [2004/01/24 03:20:34 | 000,193,656 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\SQLLIB\BIN\db2jds.exe -- (DB2JDS)
SRV - [2003/10/13 17:55:14 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2003/06/17 20:12:42 | 000,012,800 | ---- | M] () [On_Demand | Stopped] -- c:\Apps\tux65\bin\tuxipc.exe -- (TUXEDO IPC Helper)
SRV - [2003/06/17 20:12:40 | 000,058,880 | ---- | M] () [On_Demand | Stopped] -- c:\Apps\tux65\bin\slisten.exe -- (TUXEDO Listener on Port 3050) TListen (Port: 3050)
SRV - [2002/08/08 08:20:00 | 000,057,392 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ebizsrv.us.or...home/overview/"
FF - prefs.js..network.proxy.autoconfig_url: "http://wpad/wpad.dat"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/19 21:34:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/12 21:01:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/19 21:34:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/12 21:01:58 | 000,000,000 | ---D | M]

[2009/11/11 09:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Mozilla\Firefox\Profiles\eid50wk9.default\extensions
[2009/01/13 13:34:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/12 07:51:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2009/01/13 13:34:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/10/30 12:54:52 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/10/30 12:54:52 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/10/30 12:54:52 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009/10/22 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/10/30 12:54:54 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/10/30 12:54:54 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

O1 HOSTS File: ([2010/02/15 07:59:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ODriveAdvPropHelper Class) - {5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2} - C:\WINDOWS\system32\ODriveHelper.DLL ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.317.0\npchrome_frame.dll (@[email protected])
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AutoProfileRepair] C:\Program Files\Oracle\Outlook Connector\profilerepair.exe ()
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [j2 4.4] C:\Program Files\j2 Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PC-Duo System Snapshot] C:\PCD32\CLBOOT32.EXE (Vector Networks Limited)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\gdswsuspatch_soon.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HyperSnap 6.lnk = C:\Program Files\HyperSnap 6\HprSnap6.exe (Hyperionics Technology LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = c:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\microsoft office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\NPJPI150_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\microsoft office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: jdedwards.com ([] in Local intranet)
O15 - HKCU\..Trusted Domains: jdedwards.com ([]HTTP in Local intranet)
O15 - HKCU\..Trusted Domains: jdedwards.com ([]HTTPS in Local intranet)
O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)
O15 - HKCU\..Trusted Domains: peoplesoft.com ([] in Local intranet)
O15 - HKCU\..Trusted Domains: peoplesoft.com ([]HTTP in Local intranet)
O15 - HKCU\..Trusted Domains: peoplesoft.com ([]HTTPS in Local intranet)
O15 - HKCU\..Trusted Domains: sleepdivas.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} https://conference.o...jar/cnsload.cab (Reg Error: Value error.)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} https://strtc.oracle...jar/cnsload.cab (Reg Error: Value error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} http://pleqcap03.us....in/Spider80.ocx (Loader Class v2)
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} http://www.priv.njml...ch/XMLCache.CAB (Cacher Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190406769781 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9260BE6A-E32D-4A12-8551-BF75F6A54B6C} https://ml3-callcent...x_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} https://adc-tele-ssl...lhost/arr_x.cab (ArrVPNAX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://boeing.webex...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E5CA65F7-2715-4D51-AD85-03BD9CBEE7CE} https://ml3-callcent...tBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = peoplesoft.com
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.317.0\npchrome_frame.dll (@[email protected])
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\oracle1280x1024.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\oracle1280x1024.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/02/04 12:52:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/02/04 12:44:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55172432624877568)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/15 10:43:13 | 000,039,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\HIPIS0e011af.dll
[2010/02/15 09:24:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/15 07:44:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/15 07:36:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/15 07:36:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/15 07:36:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/15 07:36:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/15 01:31:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/15 00:09:19 | 000,000,000 | ---D | C] -- C:\Quarantine
[2010/02/12 21:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/12/28 20:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/28 20:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/13 15:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/05/29 08:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2009/02/16 19:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/04/24 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Oracle
[2003/02/04 12:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2003/02/04 12:46:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2003/02/04 12:46:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/15 10:48:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\api_hook_list.dat
[2010/02/15 10:48:37 | 000,490,328 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/15 10:48:37 | 000,415,020 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/15 10:48:37 | 000,067,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/15 10:45:18 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/02/15 10:44:53 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/02/15 10:44:14 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/15 10:43:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/15 10:42:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/15 10:42:10 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\ntuser.dat
[2010/02/15 10:42:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\ntuser.ini
[2010/02/15 10:40:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/15 10:35:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/15 09:18:27 | 000,016,543 | ---- | M] () -- C:\WINDOWS\uedit32.INI
[2010/02/15 08:02:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/15 07:59:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/15 07:44:27 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010/02/15 05:16:15 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C546B111-81C6-442B-BED5-A1B46DAF9CF3}.job
[2010/02/15 00:27:52 | 003,857,112 | R--- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\ComboFix.exe
[2010/02/13 15:24:48 | 000,090,984 | ---- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/13 15:24:20 | 000,334,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/12 23:12:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/12 21:08:01 | 000,000,693 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/11 09:59:08 | 008,888,074 | ---- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\HCM_CRM_Self_Service_Synergy_92.zip
[2010/02/10 23:18:11 | 001,564,160 | ---- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\HCM_CRM_Self_Service_Synergy_92 (ELM).ppt
[2010/02/10 18:57:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/02/10 18:57:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/02/10 14:53:20 | 000,430,592 | ---- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\HCM_CRM_Self_Service_Req (CW - ELM).ppt
[2010/02/05 00:18:59 | 000,031,196 | ---- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\CW-Oracle_LM_OiL_ELM_UPKpro_Comparison_etc.docx
[2010/02/04 23:49:30 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\KevlarSigs.dll
[2010/02/03 23:02:36 | 001,440,054 | ---- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\cw.bmp
[2010/02/03 00:25:33 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\Business Case.doc
[2010/02/02 13:50:07 | 000,022,542 | ---- | M] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\ELM - workcenter brd tools ranking.xlsx

========== Files Created - No Company Name ==========

[2010/02/15 10:48:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\api_hook_list.dat
[2010/02/15 09:47:25 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\gmer.exe
[2010/02/15 07:36:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/15 07:36:49 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/15 07:36:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/15 07:36:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/15 07:36:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/15 00:27:50 | 003,857,112 | R--- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\ComboFix.exe
[2010/02/11 09:58:34 | 008,888,074 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\HCM_CRM_Self_Service_Synergy_92.zip
[2010/02/10 15:11:59 | 001,564,160 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\HCM_CRM_Self_Service_Synergy_92 (ELM).ppt
[2010/02/10 14:14:20 | 000,430,592 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\HCM_CRM_Self_Service_Req (CW - ELM).ppt
[2010/02/05 00:18:58 | 000,031,196 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\CW-Oracle_LM_OiL_ELM_UPKpro_Comparison_etc.docx
[2010/02/03 23:02:36 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\cw.bmp
[2010/02/03 00:25:37 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\Business Case.doc
[2010/02/02 13:01:21 | 000,022,542 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\ELM - workcenter brd tools ranking.xlsx
[2009/12/27 12:37:56 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/09/24 13:38:42 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/09/15 12:14:53 | 000,006,475 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\PrimoPDFSet.xml
[2009/07/08 13:49:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/06/01 20:49:29 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/09 15:01:45 | 000,016,543 | ---- | C] () -- C:\WINDOWS\uedit32.INI
[2009/03/08 23:23:16 | 000,000,281 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2009/02/19 17:26:37 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/02/18 19:13:40 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/13 13:10:15 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Local Settings\Application Data\fusioncache.dat
[2008/11/12 07:09:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/11/12 07:08:54 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2008/11/12 07:08:44 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/08/29 12:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 12:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/27 17:41:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/21 14:41:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/09/19 18:13:52 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2007/09/19 18:12:32 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2007/09/19 18:12:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2007/09/19 18:12:32 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2007/09/19 18:12:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2007/09/19 18:12:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2007/09/19 18:12:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2007/09/19 18:12:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2007/09/19 18:12:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2007/09/19 18:11:49 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2007/09/19 17:51:11 | 000,094,263 | ---- | C] () -- C:\WINDOWS\System32\pcimon.dll
[2007/09/19 17:51:11 | 000,069,688 | ---- | C] () -- C:\WINDOWS\System32\clhook4.dll
[2007/09/19 17:51:11 | 000,028,728 | ---- | C] () -- C:\WINDOWS\System32\pcigina.dll
[2007/09/19 17:51:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pcimsg.dll
[2007/09/19 17:51:11 | 000,020,535 | ---- | C] () -- C:\WINDOWS\System32\pcivdd.dll
[2007/09/19 17:51:07 | 000,003,726 | ---- | C] () -- C:\WINDOWS\System32\drivers\VNL1394.sys
[2007/09/19 17:51:07 | 000,002,788 | ---- | C] () -- C:\WINDOWS\System32\drivers\VNLPciMap.sys
[2007/09/19 17:50:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2007/09/19 17:45:39 | 000,000,532 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/04/24 16:11:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2007/04/24 15:40:08 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/04/24 13:37:06 | 000,000,495 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/24 13:37:06 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/04/24 13:37:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/03/05 16:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/09/22 16:46:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ODriveHelper.DLL
[2006/09/22 16:41:56 | 000,938,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdfsd.sys
[2006/08/31 12:46:13 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/01/30 13:54:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/31 11:49:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2003/01/31 11:49:26 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1980/01/01 03:00:00 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[1980/01/01 03:00:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[1980/01/01 03:00:00 | 000,010,287 | ---- | C] () -- C:\WINDOWS\System32\drivers\ibmpmdrv.sys

========== LOP Check ==========

[2009/02/16 21:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/12/18 22:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/08 14:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\j2 Messenger 4.4 Output
[2009/06/08 14:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\j2 Messenger 4.4 Setup
[2009/08/21 20:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008/11/12 07:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2008/11/13 03:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/24 20:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/15 10:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\.purple
[2009/02/16 14:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\.purple.bak.1
[2009/07/06 20:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\.purple.bak.2
[2009/04/13 13:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Embarcadero
[2009/09/01 11:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\gtk-2.0
[2009/06/08 14:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\j2 Global
[2009/06/08 14:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\j2 Messenger
[2009/02/16 14:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Jabber MomentIM
[2007/09/19 17:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Office
[2009/02/16 14:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\OfficeUpdate12
[2007/04/24 16:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Oracle
[2007/04/24 16:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Oracle Instant Chat
[2009/01/13 14:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Qarbon
[2009/11/28 21:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Quicken WillMaker
[2009/02/20 12:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Snapfish
[2010/02/10 21:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\TeraCopy
[2007/04/24 13:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Thunderbird
[2009/11/13 11:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CWILSON.PEOPLESOFT\Application Data\Xerox
[2010/02/15 10:44:53 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2010/02/15 05:16:15 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C546B111-81C6-442B-BED5-A1B46DAF9CF3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/12 09:19:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/11/12 09:19:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/10/19 16:43:34 | 000,020,656 | ---- | M] (Microsoft Corporation) MD5=EF0B06C91C81FB3AF3D31CF9EA5B2591 -- C:\Drivers\System\intl_chp\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/12 09:19:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/11/12 09:19:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/10/19 16:43:36 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\Drivers\System\intl_chp\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0028\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007/03/15 01:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Program Files\ThinkVantage Fingerprint Software\eventlog.dll
[2008/04/13 19:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/11/15 08:37:52 | 000,028,672 | ---- | M] () MD5=9937F303C344C00849E8E5CA26CED439 -- C:\oracle\product\10.2.0\db_1\perl\site\5.8.3\lib\MSWin32-x86-multi-thread\auto\Win32\EventLog\EventLog.dll
[2003/02/04 18:38:48 | 000,032,874 | ---- | M] () MD5=B479448E130CFA8C229997FDCAB10C68 -- C:\Perl\site\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\Misc\sata_hdd\iastor.sys
[2010/02/15 09:25:51 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/01/05 05:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/01/05 05:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2004/08/04 01:51:12 | 000,068,768 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mmsystem.dll
[2001/08/23 15:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/02/04 12:46:12 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/02/04 12:46:12 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/02/04 12:46:12 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >




OTL Extras logfile created on: 2/15/2010 10:50:49 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\CWILSON.PEOPLESOFT\Desktop\CW System Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.47 Gb Total Space | 56.14 Gb Free Space | 39.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: cwilson-t61
Current User Name: CWILSON
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.ini [@ = UltraEdit.ini] -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\microsoft office\Office12\OUTLOOK.EXE" = C:\Program Files\microsoft office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\ORCLOBI\config\firefoxconfig.exe" = C:\WINDOWS\ORCLOBI\config\firefoxconfig.exe:*:Enabled:Firefox Configurator -- ()
"\\gordway-gds\obi\_Installs\60400\odp_1.5.0.0.exe" = \\gordway-gds\obi\_Installs\60400\odp_1.5.0.0.exe:*:Enabled:odp_1.5.0.0.exe
"C:\WINDOWS\ORCLOBI\config\CKB95S6cfg.exe" = C:\WINDOWS\ORCLOBI\config\CKB95S6cfg.exe:*:Enabled:CKB95S6cfg -- ()
"C:\WINDOWS\orclobi\CONFIG\IE6cfg.exe" = C:\WINDOWS\orclobi\CONFIG\IE6cfg.exe:*:Enabled:Internet Explorer Configuration -- ()
"C:\Program Files\Oracle\ODrive\ODFWAgent.exe" = C:\Program Files\Oracle\ODrive\ODFWAgent.exe:*:Enabled:Oracle Drive Agent -- (Oracle)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F5C890B-D9B1-42EA-86A2-DCAFA73F02A3}" = PSPrintProject
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{12B769E9-7ED8-49C0-9D5D-6AE80F2EF214}" = Visual Studio 2005 Debug Assemblies
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1A4F594D-A904-41FF-B0AB-ECEB88950FA3}" = Oracle Connector for Outlook
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2BDFCEE7-68EC-4288-AEA3-4DB96841141B}" = j2 Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{32A3A4F4-B792-11D6-A78A-00B0D0150040}" = J2SE Development Kit 5.0 Update 4
"{34114F35-AA6C-47A0-990E-5D957BA6E3A6}" = Audit Central
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D027A4-57BA-4E59-94DB-DFB36FFFDC1E}" = Remote Desktop Connection
"{36526921-1CF8-4F95-92BA-85C77CB2D444}" = Oracle Drive 10.2.0.0.3
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4DA016C7-9AC2-4BA7-AD31-3EBA29BC21B1}" = Oracle Calendar
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{53D06156-48AE-49E3-9431-85D7306A6590}" = Rapid SQL 7.4.0
"{55C781E8-CCBD-11D7-82C2-AA0004001604}" = PC-Duo
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
"{60F31D3D-FCF2-4F9A-AD0E-ACBF4D53E547}" = Knowledge Pathways Tools
"{63F6DCD6-0D5C-4A07-B27C-3AE3E809D6E0}" = DB2 Run-Time Client
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}" = Powertoys For Windows XP
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74FF7C9F-6E1F-4D46-8E3C-4F8A0B47760D}" = ActivePerl 5.6.1 Build 635
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7E15C4B8-85FC-4539-94F2-8280C0B213A3}" = LeapFrog Tag Plugin
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{ED1F0A66-A716-4E6F-ACD4-20F42E547D45}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9A315CF2-DBBA-42AB-B3CB-95616040CC22}" = Cisco IP Communicator
"{9C7FD031-24E1-4496-AE98-F1ACE869E81F}" = prerequisite
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A634A2AF-2495-4F36-B88F-0B24B84A183C}" = Oracle Beehive Extensions for Outlook
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C28CFF9D-EFCB-4F2C-AA73-ED34565E377D}" = VisualStudio 2005
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CEFE3AEB-C5BA-4F15-B0D7-B54DD1322732}" = PSToolbar
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DF15059E-A356-47B2-B14B-6380ED32AB68}" = Microsoft Baseline Security Analyzer 1.2.1
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{E05F0409-0E9A-48A1-AC04-E35E3033604A}" = Visual Studio .NET Enterprise Architect 2003 - English
"{E3658925-C984-4C98-96CA-A4E3419E742C}" = CRRuntime_12_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"7-Zip" = 7-Zip 4.57
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat Reader 8.0.0" = Adobe Acrobat Reader 8.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer 3.0" = Adobe SVG Viewer 3.0
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BEA Products" = BEA Products
"BEA TUXEDO System v6.5" = BEA TUXEDO System v6.5 Patches
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"Cisco IP Communicator" = Cisco IP Communicator
"Cisco VPN Client 5.0.04.0300" = Cisco VPN Client 5.0.04.0300
"ClientAccessExpress" = IBM iSeries Access for Windows
"ClientAccessExpressSP" = IBM iSeries Access for Windows SI14294
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"ConTEXTEditor_is1" = ConTEXT
"ERUNT_is1" = ERUNT 1.1j
"E-Tools_with_Visual_Studio" = E-Tools
"Google Chrome Frame" = Google Chrome Frame
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HyperSnap 6" = HyperSnap 6
"HyperSnap-DX 5.62.05" = HyperSnap-DX 5.62.05
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Internet Explorer" = Internet Explorer
"Jabber MomentIM" = Jabber MomentIM
"Java Runtime Environment v1.5.0_10" = Java Runtime Environment v1.5.0_10
"Java Runtime Environment v1.5.0_15" = Java Runtime Environment v1.5.0_15
"KVS_AvailabilityTool" = KVS Availability Tool [5.1.0]
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Lotus Notes" = Lotus Notes
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Mediaplayer Configurationscript" = Microsoft Mediaplayer Configurationscript
"Microsoft Outlook 2000 SR-1" = Microsoft Outlook 2000 SR-1
"Microsoft Visio Viewer" = Microsoft Visio Viewer
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"MigrationAssistant 2.1.3" = MigrationAssistant 2.1.3
"Mozilla Firefox (2.0.0.18)" = Mozilla Firefox (2.0.0.18)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"Oracle Beehive for Outlook" = Oracle Beehive for Outlook
"Oracle Calendar 10.1.2.3" = Oracle Calendar 10.1.2.3
"Oracle Connector for Outlook" = Oracle Connector for Outlook
"Oracle Data Protection 1.6.0.0" = Oracle Data Protection 1.6.0.0
"Oracle WebLogic" = Oracle WebLogic
"Oracle WebLogic (BEAHOME 1)" = Oracle WebLogic (BEAHOME 1)
"OracleRTCClient" = Oracle Web Conferencing Console
"PeopleSoft Edition of BEA TUXEDO v6.5 / BEA Jolt 1.2" = PeopleSoft Edition of BEA TUXEDO v6.5 / BEA Jolt 1.2
"Pidgin" = Pidgin
"PrimoPDF3.0" = PrimoPDF
"PrimoPDF4.1.0.9" = PrimoPDF
"ProInst" = Intel® PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Connections Drivers
"PuTTY .58 with WinSCP3" = PuTTY .58 with WinSCP3
"PX: {CD4C7DA8-5C67-4320-A86F-564D31710451}" = Windows Grep 2.2
"Qarbon Viewlet Builder 4.5.3" = Qarbon Viewlet Builder 4.5.3
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"RealPlayer" = RealPlayer
"RealPlayer 6.0" = RealPlayer
"ST5UNST #1" = PSWSLib
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"TeraCopy_is1" = TeraCopy 1.22
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"Tuxedo 10gR3 with VS2005" = Tuxedo 10gR3 with VS2005
"Tuxedo 8.1" = Tuxedo 8.1
"Tuxedo 8.1 RP" = Tuxedo 8.1 RP
"Tuxedo 9.1" = Tuxedo 9.1
"Tuxedo 9.1 RP" = Tuxedo 9.1 RP
"Tuxedo 9.1 with VS2005 v2" = Tuxedo 9.1 with VS2005 v2
"Tuxedo 9.1 with VS2005 v2 RP" = Tuxedo 9.1 with VS2005 v2 RP
"Unlocker" = Unlocker 1.8.7
"UPCShell" = LeapFrog Connect
"ViewletBuilder6 Professional" = ViewletBuilder6 Professional
"Visual Studio .NET Enterprise Architect 2003 - English" = Microsoft Visual Studio .NET Enterprise Architect 2003 - English
"VMware Player" = VMware Player
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinINSTALL 32-Bit Installer" = WinINSTALL 32-Bit Installer
"WinZip 11.2" = WinZip 11.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2010 11:33:03 AM | Computer Name = cwilson-t61 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/15/2010 11:33:04 AM | Computer Name = cwilson-t61 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/15/2010 11:34:40 AM | Computer Name = cwilson-t61 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/15/2010 11:35:45 AM | Computer Name = cwilson-t61 | Source = UserInit | ID = 1000
Description = Could not execute the following script ie_setup.vbs. The system cannot
find the file specified. .

Error - 2/15/2010 11:38:02 AM | Computer Name = cwilson-t61 | Source = Application Error | ID = 1000
Description = Faulting application pidgin.exe, version 2.5.1.0, faulting module
libglib-2.0-0.dll, version 2.14.6.0, fault address 0x00012460.

Error - 2/15/2010 11:43:07 AM | Computer Name = cwilson-t61 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 2/15/2010 11:43:10 AM | Computer Name = cwilson-t61 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/15/2010 11:44:01 AM | Computer Name = cwilson-t61 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/15/2010 11:47:35 AM | Computer Name = cwilson-t61 | Source = UserInit | ID = 1000
Description = Could not execute the following script ie_setup.vbs. The system cannot
find the file specified. .

Error - 2/15/2010 11:48:37 AM | Computer Name = cwilson-t61 | Source = Application Error | ID = 1000
Description = Faulting application pidgin.exe, version 2.5.1.0, faulting module
libglib-2.0-0.dll, version 2.14.6.0, fault address 0x00012460.

[ System Events ]
Error - 10/1/2009 4:50:57 PM | Computer Name = cwilson-t61 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 10/1/2009 6:07:49 PM | Computer Name = cwilson-t61 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/1/2009 6:08:23 PM | Computer Name = cwilson-t61 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the W32Time service.

Error - 10/1/2009 6:08:54 PM | Computer Name = cwilson-t61 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the wuauserv service.

Error - 10/1/2009 6:09:00 PM | Computer Name = cwilson-t61 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/1/2009 6:09:20 PM | Computer Name = cwilson-t61 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 10/1/2009 6:09:20 PM | Computer Name = cwilson-t61 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 10/1/2009 6:09:20 PM | Computer Name = cwilson-t61 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 10/1/2009 6:09:20 PM | Computer Name = cwilson-t61 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/1/2009 6:09:32 PM | Computer Name = cwilson-t61 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >

Edited by littlewilson, 15 February 2010 - 10:47 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,711 posts
  • MVP
I see you have already run combofix but let's run it again:

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#3
littlewilson

littlewilson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks Ron. I actually just finished getting the issue cleared up; this topic can be closed out.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP