Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 2008 Virus Removal


  • This topic is locked This topic is locked
40 replies to this topic

#1 HotelEklund

HotelEklund

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 21 November 2011 - 09:55 PM

Hello, I am the IT guy for a small privately run restaurant. We run a Windows 2008 server to maintain a few on site systems, our Point of Sale(PixelPOS) and Hotel Management(AutoClerk) suites. We noticed that all our windows share based services where crashing at once, including both PixelPoint and AutoClerk. I found a virus on the task list so I changed our virus provider from ClamWin to Malwarebytes. We are seeing the same insability. The problem goes away with a server restart, but comes back after a few hours. Malwarebites, adware and hyjack this all scan clear. Two things are happening though. Whenever I log into the server I get a quick install dialogue that disappears and Malwarebites keeps blocking DNS requests to IPs associated with malware. I'll attach both the hyjackthis log and the Malwarebytes IP blocking. Thank you in advance for your help!

Malwarebytes:
18:59:50 Administrator IP-BLOCK 194.85.61.20 (Type: outgoing, Port: 62458, Process: dns.exe)
18:59:50 Administrator IP-BLOCK 194.85.61.20 (Type: outgoing, Port: 63156, Process: dns.exe)
18:59:58 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 63698, Process: dns.exe)
18:59:58 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 61969, Process: dns.exe)
19:00:30 Administrator IP-BLOCK 194.85.61.20 (Type: outgoing, Port: 63588, Process: dns.exe)
19:00:38 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 61773, Process: dns.exe)
19:00:38 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 62596, Process: dns.exe)
19:00:46 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 62596, Process: dns.exe)
19:01:10 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 61881, Process: dns.exe)
19:02:30 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 62300, Process: dns.exe)
19:02:38 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 62300, Process: dns.exe)
19:03:50 Administrator IP-BLOCK 195.39.196.43 (Type: outgoing, Port: 61795, Process: dns.exe)
19:05:18 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 63962, Process: dns.exe)
19:10:39 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 62130, Process: dns.exe)
19:10:47 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 62130, Process: dns.exe)
19:12:23 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 63163, Process: dns.exe)
19:12:31 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 63607, Process: dns.exe)
19:12:39 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 63607, Process: dns.exe)
19:12:55 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 63846, Process: dns.exe)
19:13:03 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 63846, Process: dns.exe)
19:13:51 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 63876, Process: dns.exe)
19:15:11 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 63511, Process: dns.exe)
19:17:51 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 64105, Process: dns.exe)
19:17:59 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 64105, Process: dns.exe)
19:21:19 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 63914, Process: dns.exe)
19:21:27 Administrator IP-BLOCK 92.241.168.200 (Type: outgoing, Port: 61816, Process: dns.exe)
19:21:35 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 61816, Process: dns.exe)
19:21:43 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 62098, Process: dns.exe)
19:22:15 Administrator IP-BLOCK 92.241.169.200 (Type: outgoing, Port: 63746, Process: dns.exe)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:13 AM, on 11/19/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\LocalSM\jbDetect.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\PSU\Scan2pc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\pixelpos\DataMiner\ReportServer\PxRepSrv.exe
C:\Program Files\CompeatWSClient-Pixelpoint\CompeatWSClient.exe
C:\Program Files\Datacap Systems\NETePay\DSINetConnectIP_TermSL.exe
C:\Program Files\SQL Anywhere 10\win32\dbsrv10.exe
\posserver\pixelpos\LicenseManager.exe
C:\PixelPOS\DataMiner\ReportServer\DataMinerListener.exe
C:\QSRAuto\KDS\Bin\KDS.exe
C:\pixelpos\PixelKDS.exe
C:\pixelpos\PixelAuthorizeManager.exe
\posserver\pixelpos\PixelBackUpServer.exe
C:\Windows\system32\rdpclip.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\Downloads\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\PixelPOS\DataMiner\client\DataMinerClient.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Delayer.exe" /LaunchType=Auto /LaunchApps=Common
O4 - HKLM\..\Run: [Dell Laser MFP 1600n SM_JB] C:\Program Files\DELL\Dell Laser MFP 1600n\LocalSM\jbDetect.exe
O4 - HKLM\..\Run: [P3000x_S2P] C:\PROGRAM FILES\DELL\DELL LASER MFP 1600N\PSU\scan2pc.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - Startup: CompeatWSClient.exe - Shortcut.lnk = ?
O4 - Startup: NETePay.lnk = ?
O4 - Startup: PixelSQL Engine 10.lnk = ?
O4 - Global Startup: DataMiner Report Server.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.datacapepay.com
O15 - ESC Trusted Zone: http://www.datacapsystems.com
O15 - ESC Trusted Zone: http://*.get.adobe
O15 - ESC Trusted Zone: http://www.google-analytics.com
O15 - ESC Trusted Zone: http://www.mozilla.com
O15 - ESC Trusted Zone: http://mozcom-cdn.mozilla.net
O15 - ESC Trusted Zone: http://www.mozilla.org
O15 - ESC Trusted Zone: http://tg4h89so7w.pixelpointpos.com
O15 - ESC Trusted Zone: http://www.r2.com.au
O15 - ESC Trusted Zone: http://www.statcounter.com
O15 - ESC Trusted Zone: http://*.vigilix.com
O15 - ESC Trusted Zone: http://download.support.xerox.com
O15 - ESC Trusted Zone: http://www.support.xerox.com
O15 - ESC Trusted IP range: http://192.168.3.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eklund-local.com
O17 - HKLM\Software\..\Telephony: DomainName = eklund-local.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4E9E9FC-A61E-41F4-9F21-C2C14FDA0786}: NameServer = 127.0.0.1,192.168.3.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8B03A6C-BFB6-4E0B-9408-45B958734BCD}: NameServer = 192.168.3.200,127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eklund-local.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AutoClerk Server 059 (AutoServ059) - AutoClerk Inc - c:\app\AutoClerk\059.001\bin\autoserv059.exe
O23 - Service: AutoClerk Interface Manager 059 (Chron059) - Unknown owner - c:\app\AutoClerk\059.001\bin\chron059.exe
O23 - Service: Shift4 UTG (v2) (frmUtg2Service) - Shift4 Corporation - C:\Shift4\UTG2\UTG2Svc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pervasive PSQL Workgroup Engine (psqlWGE) - Unknown owner - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Vigilix Agent Service (VxAgent) - Vigilix, LLC - C:\Program Files\Vigilix\BIN\VxAgent.EXE
O23 - Service: Vigilix Agent Guardian (VxAgentGuardian) - Vigilix, LLC - C:\Program Files\Vigilix\BIN\VxAgentGuardian.exe
O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

Edit: Moved topic from Windows NT/2000/2003/2008 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 26 November 2011 - 10:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/428832 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 29 November 2011 - 08:47 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please carry out HelpBot's instructions above and we can take it from there.
Posted Image
m0le is a proud member of UNITE

#4 HotelEklund

HotelEklund
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 30 November 2011 - 03:28 AM

m0le,
Thanks so much for helping out!
We are running a windows server 2008 SP2 server 32 bit version. I could track down the Windows 2008 CD if I need to.
DDS does not run on windows server boxes so I cannot post a log here.
GMER causes my server to reboot part way through the scan, before it puts out a log. I'm not sure what to do about that.
I've noticed one other oddity. A printer called "fax" keeps appearing even after I delete it. Its not easy to delete since its created and owned by an unknown account every time. I have to actually change the printer's ownership to delete it. (pic of that at http://tinypic.com/r/vdd7oo/5) My backkup drive complains that its full, but only has 2g of visible data.
I think thats all I have for now. If you need me to run any other scans for get you anything else, please let me know. If you think we can keep the server from crashing part way through a GMER scan that would be great too!

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 30 November 2011 - 05:38 PM

Okay, first run OTL, like DDS but more flexible with the more unusual operating systems.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Please rerun Gmer again but uncheck Devices first. Post the log if you get one.
Posted Image
m0le is a proud member of UNITE

#6 HotelEklund

HotelEklund
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 02 December 2011 - 12:33 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-01 22:30:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000007c DELL____ rev.1.22
Running: lw9fw7kz.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\1\uftyipoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\pixelpos\PixelAuthorizeManager.exe[388] kernel32.dll!CreateThread + 1A 7747CB48 4 Bytes CALL 0044F3A5 C:\pixelpos\PixelAuthorizeManager.exe
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtCreateFile + 6 776D422A 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtCreateFile + B 776D422F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + 6 776D497A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + 6 776D497A 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + B 776D497F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenFile + 6 776D4A0A 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenFile + B 776D4A0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcess + 6 776D4A8A 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcess + B 776D4A8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessToken + B 776D4A9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessTokenEx + 6 776D4AAA 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessTokenEx + B 776D4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThread + 6 776D4AFA 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThread + B 776D4AFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadToken + 6 776D4B0A 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadToken + B 776D4B0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadTokenEx + B 776D4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryAttributesFile + 6 776D4BAA 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryAttributesFile + B 776D4BAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryFullAttributesFile + B 776D4C5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationFile + 6 776D513A 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationFile + B 776D513F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationThread + 6 776D518A 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationThread + B 776D518F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + 6 776D542A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + 6 776D542A 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + B 776D542F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtCreateFile + 6 776D422A 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtCreateFile + B 776D422F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtMapViewOfSection + 6 776D497A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtMapViewOfSection + 6 776D497A 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtMapViewOfSection + B 776D497F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenFile + 6 776D4A0A 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenFile + B 776D4A0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenProcess + 6 776D4A8A 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenProcess + B 776D4A8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenProcessToken + B 776D4A9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenProcessTokenEx + 6 776D4AAA 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenProcessTokenEx + B 776D4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenThread + 6 776D4AFA 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenThread + B 776D4AFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenThreadToken + 6 776D4B0A 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenThreadToken + B 776D4B0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtOpenThreadTokenEx + B 776D4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtQueryAttributesFile + 6 776D4BAA 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtQueryAttributesFile + B 776D4BAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtQueryFullAttributesFile + B 776D4C5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtSetInformationFile + 6 776D513A 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtSetInformationFile + B 776D513F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtSetInformationThread + 6 776D518A 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtSetInformationThread + B 776D518F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtUnmapViewOfSection + 6 776D542A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtUnmapViewOfSection + 6 776D542A 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4480] ntdll.dll!NtUnmapViewOfSection + B 776D542F 1 Byte [E2]
.text C:\Pixelpos\DataMiner\ReportServer\PxRepSrv.exe[5068] kernel32.dll!CreateThread + 1A 7747CB48 4 Bytes CALL 0044CD1D C:\Pixelpos\DataMiner\ReportServer\PxRepSrv.exe (Report Application Server/PixelPoint)
.text C:\pixelpos\PixelKDS.exe[5156] kernel32.dll!CreateThread + 1A 7747CB48 4 Bytes CALL 0044DE1D C:\pixelpos\PixelKDS.exe
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtCreateFile + 6 776D422A 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtCreateFile + B 776D422F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + 6 776D497A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + 6 776D497A 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + B 776D497F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenFile + 6 776D4A0A 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenFile + B 776D4A0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcess + 6 776D4A8A 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcess + B 776D4A8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessToken + B 776D4A9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessTokenEx + 6 776D4AAA 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessTokenEx + B 776D4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThread + 6 776D4AFA 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThread + B 776D4AFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadToken + 6 776D4B0A 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadToken + B 776D4B0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadTokenEx + B 776D4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryAttributesFile + 6 776D4BAA 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryAttributesFile + B 776D4BAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryFullAttributesFile + B 776D4C5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationFile + 6 776D513A 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationFile + B 776D513F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationThread + 6 776D518A 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationThread + B 776D518F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + 6 776D542A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + 6 776D542A 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + B 776D542F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtCreateFile + 6 776D422A 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtCreateFile + B 776D422F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtMapViewOfSection + 6 776D497A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtMapViewOfSection + 6 776D497A 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtMapViewOfSection + B 776D497F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenFile + 6 776D4A0A 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenFile + B 776D4A0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcess + 6 776D4A8A 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcess + B 776D4A8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcessToken + B 776D4A9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcessTokenEx + 6 776D4AAA 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcessTokenEx + B 776D4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThread + 6 776D4AFA 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThread + B 776D4AFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThreadToken + 6 776D4B0A 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThreadToken + B 776D4B0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThreadTokenEx + B 776D4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtQueryAttributesFile + 6 776D4BAA 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtQueryAttributesFile + B 776D4BAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtQueryFullAttributesFile + B 776D4C5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtSetInformationFile + 6 776D513A 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtSetInformationFile + B 776D513F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtSetInformationThread + 6 776D518A 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtSetInformationThread + B 776D518F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtUnmapViewOfSection + 6 776D542A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtUnmapViewOfSection + 6 776D542A 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtUnmapViewOfSection + B 776D542F 1 Byte [E2]
.text C:\PixelPOS\DataMiner\client\DataMinerClient.exe[7344] kernel32.dll!CreateThread + 1A 7747CB48 4 Bytes CALL 0044FC29 C:\PixelPOS\DataMiner\client\DataMinerClient.exe (PixelPoint Technologies)

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 11/30/2011 9:17:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Downloads
Windows Vista Server Standard Edition (full installation) Service Pack 2 (Version = 6.0.6002) - Type = NTDomainController
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 48.16% Memory free
8.14 Gb Paging File | 5.98 Gb Available in Paging File | 73.42% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 15.34 Gb Free Space | 38.35% Space Free | Partition Type: NTFS
Drive D: | 464.50 Gb Total Space | 423.59 Gb Free Space | 91.19% Space Free | Partition Type: NTFS
Drive E: | 189.21 Gb Total Space | 169.04 Gb Free Space | 89.34% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.10% Space Free | Partition Type: NTFS

Computer Name: POSSERVER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - \\posserver\pixelpos\PixelBackUpServer.exe ()
PRC - \\posserver\pixelpos\LicenseManager.exe ()
PRC - C:\Windows\System32\dns.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Shift4\UTG2\UTG2Svc.exe (Shift4 Corporation)
PRC - C:\Pixelpos\PixelAuthorizeManager.exe ()
PRC - C:\Program Files\Vigilix\BIN\VxAgent.EXE (Vigilix, LLC)
PRC - C:\Program Files\Vigilix\BIN\VxAgentGuardian.exe (Vigilix, LLC)
PRC - C:\Program Files\SQL Anywhere 10\win32\dbsrv10.exe (iAnywhere Solutions, Inc.)
PRC - C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Pixelpos\PixelKDS.exe ()
PRC - c:\app\AutoClerk\059.001\bin\resonweb.exe (AutoClerk)
PRC - C:\QSRAuto\KDS\Bin\KDS.exe (QSR Automations, Inc.)
PRC - C:\Program Files\Datacap Systems\NETePay\DSINetConnectIP_TermSL.exe (Datcap Systems, Inc.)
PRC - C:\Program Files\CompeatWSClient-Pixelpoint\CompeatWSClient.exe ( )
PRC - c:\app\AutoClerk\059.001\bin\chron059.exe ()
PRC - c:\app\AutoClerk\059.001\bin\autoserv059.exe (AutoClerk Inc)
PRC - C:\Pixelpos\DataMiner\ReportServer\PxRepSrv.exe (PixelPoint)
PRC - C:\Pixelpos\DataMiner\Client\DataMinerClient.exe (PixelPoint Technologies)
PRC - C:\Program Files\Update Services\service\bin\wsusservice.exe (Microsoft Corporation)
PRC - c:\app\AutoClerk\059.001\bin\notifier.exe ()
PRC - C:\Windows\System32\rdpclip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dfssvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dfsrs.exe (Microsoft Corporation)
PRC - C:\Program Files\Datacap Systems\MSSQL$DATACAPINSTANCE\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Pixelpos\DataMiner\ReportServer\DataMinerListener.exe (PixelPoint)
PRC - C:\Windows\System32\ismserv.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe ()
PRC - C:\Program Files\DELL\Dell Laser MFP 1600n\LocalSM\jbDetect.exe ()
PRC - C:\Program Files\DELL\Dell Laser MFP 1600n\PSU\Scan2pc.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fe99119d\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b3ff7585\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.design\1.0.5000.0__b03f5f7f11d50a3a_f2d249e1\system.design.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_9f0a75aa\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e4f6b00f\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_273e46d9\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - \\posserver\pixelpos\PixelBackUpServer.exe ()
MOD - \\posserver\pixelpos\LicenseManager.exe ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll ()
MOD - c:\windows\assembly\gac\system.design\1.0.5000.0__b03f5f7f11d50a3a\system.design.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\Pixelpos\PixelAuthorizeManager.exe ()
MOD - C:\Pixelpos\PixelKDS.exe ()
MOD - C:\Program Files\DELL\Dell Laser MFP 1600n\LocalSM\jbDetect.exe ()
MOD - C:\Program Files\DELL\Dell Laser MFP 1600n\PSU\Scan2pc.exe ()
MOD - C:\Program Files\DELL\Dell Laser MFP 1600n\PSU\IMFilter.dll ()
MOD - C:\Program Files\DELL\Dell Laser MFP 1600n\PSU\SSOle.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WPFFontCache_v0400) -- File not found
SRV - (RHDCStarter) -- File not found
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (bomgar-ps-1305579212-1317204911) -- C:\ProgramData\bomgar-scc-4DD18ECC\bomgar-scc.exe (Bomgar)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (DNS) -- C:\Windows\System32\dns.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (frmUtg2Service) Shift4 UTG (v2) -- C:\Shift4\UTG2\UTG2Svc.exe (Shift4 Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (VxAgent) -- C:\Program Files\Vigilix\BIN\VxAgent.EXE (Vigilix, LLC)
SRV - (VxAgentGuardian) -- C:\Program Files\Vigilix\BIN\VxAgentGuardian.exe (Vigilix, LLC)
SRV - (MSSQL$MICROSOFT##SSEE) Windows Internal Database (MICROSOFT##SSEE) -- C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (Chron059) -- c:\app\AutoClerk\059.001\bin\chron059.exe ()
SRV - (AutoServ059) -- c:\app\AutoClerk\059.001\bin\autoserv059.exe (AutoClerk Inc)
SRV - (WsusService) -- C:\Program Files\Update Services\Service\bin\WsusService.exe (Microsoft Corporation)
SRV - (WSusCertServer) -- C:\Program Files\Update Services\Service\bin\WsusCertServer.exe (Microsoft Corporation)
SRV - (RPCHTTPLBS) -- C:\Windows\System32\RpcProxy\LBService.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (RSoPProv) -- C:\Windows\System32\rsopprov.exe (Microsoft Corporation)
SRV - (NtFrs) -- C:\Windows\System32\ntfrs.exe (Microsoft Corporation)
SRV - (DHCPServer) -- C:\Windows\System32\dhcpssvc.dll (Microsoft Corporation)
SRV - (Dfs) -- C:\Windows\System32\dfssvc.exe (Microsoft Corporation)
SRV - (DFSR) -- C:\Windows\System32\dfsrs.exe (Microsoft Corporation)
SRV - (MSSQL$DATACAPINSTANCE) SQL Server (DATACAPINSTANCE) -- C:\Program Files\Datacap Systems\MSSQL$DATACAPINSTANCE\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$DATACAPINSTANCE) SQL Server Agent (DATACAPINSTANCE) -- C:\Program Files\Datacap Systems\MSSQL$DATACAPINSTANCE\MSSQL.1\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (Rqs) -- C:\Windows\System32\rqs.exe (Microsoft Corporation)
SRV - (IsmServ) -- C:\Windows\System32\ismserv.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFTPSVC) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (sacsvr) -- C:\Windows\System32\sacsvr.dll (Microsoft Corporation)
SRV - (FCRegSvc) -- C:\Windows\System32\FCRegSvc.dll (Microsoft Corporation)
SRV - (psqlWGE) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe ()


========== Driver Services (SafeList) ==========

DRV - (SDTHelper) -- C:\Users\Administrator\Downloads\radix_installer_trial\SDTHLPR.sys ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RemotePCHelpDesk) -- C:\Windows\System32\drivers\RemotePCHelpDesk.sys (Pro Softnet Crop provider)
DRV - (l2nd) -- C:\Windows\System32\drivers\bxnd60x.sys (Broadcom Corporation)
DRV - (bccfg) -- C:\Windows\system32\drivers\bccfg.sys (Dell Inc.)
DRV - (bcraid) -- C:\Windows\system32\drivers\bcraid.sys (Dell Inc.)
DRV - (b06diag) -- C:\Windows\system32\drivers\bxdiagx.sys (Broadcom Corporation)
DRV - (BXOIS) -- C:\Windows\system32\drivers\bxois.sys (Broadcom Corporation)
DRV - (PCISys) -- C:\Windows\System32\drivers\pcisys.sys (NetSupport Ltd)
DRV - (gdihook5) -- C:\Windows\System32\drivers\gdihook5.sys (NetSupport Ltd)
DRV - (G200eW) -- C:\Windows\System32\drivers\G200eWm.sys (Matrox Graphics Inc.)
DRV - (tcm) -- C:\Windows\system32\drivers\tcm.sys ()
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (DfsDriver) -- C:\Windows\System32\drivers\dfs.sys (Microsoft Corporation)
DRV - (sacdrv) -- C:\Windows\system32\DRIVERS\sacdrv.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\storflt.sys (Microsoft Corporation)
DRV - (ioatdma) Intel® -- C:\Windows\system32\drivers\qd26032.sys (Intel Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\s3cap.sys (Microsoft Corporation)
DRV - (nskbfltr) -- C:\Windows\System32\drivers\nskbfltr.sys (Windows ® Codename Longhorn DDK provider)
DRV - (SSPORT) -- C:\Windows\System32\drivers\ssport.sys (Samsung Electronics)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1625980324-303547651-2260703478-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:
IE - HKU\S-1-5-21-1625980324-303547651-2260703478-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-1625980324-303547651-2260703478-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-1625980324-303547651-2260703478-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1625980324-303547651-2260703478-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1625980324-303547651-2260703478-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-1625980324-303547651-2260703478-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-1625980324-303547651-2260703478-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1625980324-303547651-2260703478-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/06/21 02:00:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1.0\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2011/09/06 23:56:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1.0\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins

[2011/09/07 08:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/09/06 23:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/06 23:56:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/09/06 23:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\en-US\locale\en-US\mozapps\extensions
[2011/09/06 23:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\content\mozapps\extensions
[2011/09/06 23:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\skin\classic\aero\mozapps\extensions
[2011/09/06 23:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\skin\classic\mozapps\extensions
[2011/06/21 02:00:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/30 16:59:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/30 13:41:02 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/08/30 13:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/30 13:41:02 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/08/30 13:41:02 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/08/30 13:41:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/08/30 13:41:02 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/09 21:38:00 | 000,437,861 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15062 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell Laser MFP 1600n SM_JB] C:\Program Files\DELL\Dell Laser MFP 1600n\LocalSM\jbDetect.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P3000x_S2P] C:\Program Files\DELL\Dell Laser MFP 1600n\PSU\Scan2pc.exe ()
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Delayer.exe (r2 Studios)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CompeatWSClient.exe - Shortcut.lnk = C:\Program Files\CompeatWSClient-Pixelpoint\CompeatWSClient.exe ( )
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NETePay.lnk = C:\Program Files\Datacap Systems\NETePay\DSINetConnectIP_TermSL.exe (Datcap Systems, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PixelSQL Engine 10.lnk = C:\Program Files\SQL Anywhere 10\win32\dbsrv10.exe (iAnywhere Solutions, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eklund-local.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E9E9FC-A61E-41F4-9F21-C2C14FDA0786}: NameServer = 127.0.0.1,192.168.3.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8B03A6C-BFB6-4E0B-9408-45B958734BCD}: NameServer = 192.168.3.200,127.0.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) -C:\Windows\System32\PwdSSP.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/16 11:17:07 | 000,000,000 | ---D | M] - C:\AutoClerk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ed705107-70f1-11e0-a974-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed705107-70f1-11e0-a974-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 22:26:24 | 000,000,000 | ---D | C] -- C:\Pixelpos
[2011/11/17 14:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Vigilix
[2011/11/17 14:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Vigilix
[2011/11/09 04:12:34 | 001,950,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdsai.dll

========== Files - Modified Within 30 Days ==========

[2011/11/30 21:18:24 | 001,050,356 | ---- | M] () -- C:\U4850.TRC
[2011/11/30 21:18:24 | 000,008,120 | ---- | M] () -- C:\U4851.TRC
[2011/11/30 21:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/30 21:08:15 | 001,050,629 | ---- | M] () -- C:\U4849.TRC
[2011/11/30 20:57:56 | 001,050,777 | ---- | M] () -- C:\U4848.TRC
[2011/11/30 20:47:46 | 001,050,392 | ---- | M] () -- C:\U4847.TRC
[2011/11/30 20:46:00 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/11/30 20:37:14 | 001,050,456 | ---- | M] () -- C:\U4846.TRC
[2011/11/30 20:26:53 | 001,050,705 | ---- | M] () -- C:\U4845.TRC
[2011/11/30 20:16:37 | 001,050,773 | ---- | M] () -- C:\U4844.TRC
[2011/11/30 20:08:54 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 20:08:54 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 20:06:27 | 001,050,593 | ---- | M] () -- C:\U4843.TRC
[2011/11/30 19:56:07 | 001,050,631 | ---- | M] () -- C:\U4842.TRC
[2011/11/30 19:45:48 | 001,050,543 | ---- | M] () -- C:\U4841.TRC
[2011/11/30 19:35:20 | 001,050,613 | ---- | M] () -- C:\U4840.TRC
[2011/11/30 19:24:59 | 001,050,431 | ---- | M] () -- C:\U4839.TRC
[2011/11/30 19:14:29 | 001,050,665 | ---- | M] () -- C:\U4838.TRC
[2011/11/30 19:04:21 | 001,050,637 | ---- | M] () -- C:\U4837.TRC
[2011/11/30 18:54:03 | 001,050,765 | ---- | M] () -- C:\U4836.TRC
[2011/11/30 18:43:52 | 001,050,462 | ---- | M] () -- C:\U4835.TRC
[2011/11/30 18:33:27 | 001,049,962 | ---- | M] () -- C:\U4834.TRC
[2011/11/30 18:22:57 | 001,050,393 | ---- | M] () -- C:\U4833.TRC
[2011/11/30 18:12:24 | 001,050,571 | ---- | M] () -- C:\U4832.TRC
[2011/11/30 18:02:04 | 001,050,519 | ---- | M] () -- C:\U4831.TRC
[2011/11/30 17:51:38 | 000,664,803 | ---- | M] () -- C:\U0136.ZIP
[2011/11/30 16:18:37 | 000,984,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/30 16:18:37 | 000,244,638 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/30 16:09:58 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/30 16:09:58 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/11/30 16:09:30 | 000,000,031 | ---- | M] () -- C:\DEFAULT.U2B
[2011/11/30 16:08:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/30 16:07:47 | 000,000,008 | ---- | M] () -- C:\Windows\System32\pcisys.ntk
[2011/11/30 15:47:38 | 000,848,728 | ---- | M] () -- C:\U0135.ZIP
[2011/11/30 14:22:16 | 000,661,879 | ---- | M] () -- C:\U0134.ZIP
[2011/11/30 12:23:40 | 000,661,160 | ---- | M] () -- C:\U0133.ZIP
[2011/11/30 10:26:04 | 000,656,111 | ---- | M] () -- C:\U0132.ZIP
[2011/11/30 08:30:26 | 000,662,369 | ---- | M] () -- C:\U0131.ZIP
[2011/11/30 06:33:26 | 000,658,151 | ---- | M] () -- C:\U0130.ZIP
[2011/11/30 04:37:52 | 000,663,191 | ---- | M] () -- C:\U0129.ZIP
[2011/11/30 02:42:40 | 000,662,425 | ---- | M] () -- C:\U0128.ZIP
[2011/11/30 00:44:22 | 000,632,068 | ---- | M] () -- C:\U0127.ZIP
[2011/11/29 22:48:52 | 000,667,001 | ---- | M] () -- C:\U0126.ZIP
[2011/11/29 20:43:44 | 000,722,322 | ---- | M] () -- C:\U0125.ZIP
[2011/11/29 18:27:44 | 000,656,769 | ---- | M] () -- C:\U0124.ZIP
[2011/11/29 16:28:58 | 000,619,445 | ---- | M] () -- C:\U0123.ZIP
[2011/11/29 14:37:26 | 000,786,467 | ---- | M] () -- C:\U0122.ZIP
[2011/11/29 13:20:10 | 000,719,804 | ---- | M] () -- C:\U0121.ZIP
[2011/11/29 11:11:12 | 000,662,187 | ---- | M] () -- C:\U0120.ZIP
[2011/11/29 09:14:12 | 000,661,171 | ---- | M] () -- C:\U0119.ZIP
[2011/11/29 07:17:34 | 000,657,533 | ---- | M] () -- C:\U0118.ZIP
[2011/11/29 05:22:22 | 000,653,969 | ---- | M] () -- C:\U0117.ZIP
[2011/11/29 03:26:50 | 000,655,716 | ---- | M] () -- C:\U0116.ZIP
[2011/11/29 01:31:40 | 000,660,180 | ---- | M] () -- C:\U0115.ZIP
[2011/11/28 23:34:56 | 000,659,681 | ---- | M] () -- C:\U0114.ZIP
[2011/11/28 23:28:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/28 21:39:22 | 000,665,387 | ---- | M] () -- C:\U0113.ZIP
[2011/11/28 19:38:04 | 000,659,326 | ---- | M] () -- C:\U0112.ZIP
[2011/11/28 17:37:30 | 000,666,377 | ---- | M] () -- C:\U0111.ZIP
[2011/11/28 15:32:20 | 000,671,039 | ---- | M] () -- C:\U0110.ZIP
[2011/11/28 13:26:40 | 000,669,272 | ---- | M] () -- C:\U0109.ZIP
[2011/11/28 11:21:36 | 000,665,937 | ---- | M] () -- C:\U0108.ZIP
[2011/11/28 09:16:42 | 000,668,053 | ---- | M] () -- C:\U0107.ZIP
[2011/11/28 07:08:40 | 000,668,227 | ---- | M] () -- C:\U0106.ZIP
[2011/11/28 05:00:20 | 000,667,936 | ---- | M] () -- C:\U0105.ZIP
[2011/11/28 02:52:28 | 000,668,321 | ---- | M] () -- C:\U0104.ZIP
[2011/11/28 00:44:20 | 000,671,723 | ---- | M] () -- C:\U0103.ZIP
[2011/11/27 22:37:08 | 000,665,751 | ---- | M] () -- C:\U0102.ZIP
[2011/11/27 20:30:12 | 000,672,732 | ---- | M] () -- C:\U0101.ZIP
[2011/11/27 18:24:04 | 000,661,588 | ---- | M] () -- C:\U0100.ZIP
[2011/11/27 16:21:44 | 000,660,451 | ---- | M] () -- C:\U0099.ZIP
[2011/11/27 14:17:54 | 000,668,171 | ---- | M] () -- C:\U0098.ZIP
[2011/11/27 12:12:36 | 000,669,123 | ---- | M] () -- C:\U0097.ZIP
[2011/11/27 10:08:48 | 000,668,542 | ---- | M] () -- C:\U0096.ZIP
[2011/11/27 08:05:12 | 000,668,250 | ---- | M] () -- C:\U0095.ZIP
[2011/11/27 06:02:36 | 000,664,045 | ---- | M] () -- C:\U0094.ZIP
[2011/11/27 04:00:48 | 000,668,409 | ---- | M] () -- C:\U0093.ZIP
[2011/11/27 01:58:26 | 000,673,172 | ---- | M] () -- C:\U0092.ZIP
[2011/11/26 23:55:04 | 000,671,279 | ---- | M] () -- C:\U0091.ZIP
[2011/11/26 21:50:42 | 000,670,390 | ---- | M] () -- C:\U0090.ZIP
[2011/11/26 19:47:08 | 000,664,161 | ---- | M] () -- C:\U0089.ZIP
[2011/11/26 17:43:26 | 000,668,505 | ---- | M] () -- C:\U0088.ZIP
[2011/11/26 15:38:48 | 000,668,706 | ---- | M] () -- C:\U0087.ZIP
[2011/11/26 13:37:30 | 000,636,284 | ---- | M] () -- C:\U0086.ZIP
[2011/11/26 11:43:18 | 000,669,416 | ---- | M] () -- C:\U0085.ZIP
[2011/11/26 09:38:24 | 000,673,284 | ---- | M] () -- C:\U0084.ZIP
[2011/11/26 07:27:00 | 000,680,578 | ---- | M] () -- C:\U0083.ZIP
[2011/11/26 05:24:26 | 000,672,063 | ---- | M] () -- C:\U0082.ZIP
[2011/11/26 03:20:02 | 000,669,528 | ---- | M] () -- C:\U0081.ZIP
[2011/11/26 01:14:42 | 000,675,057 | ---- | M] () -- C:\U0080.ZIP
[2011/11/25 23:10:26 | 000,676,413 | ---- | M] () -- C:\U0079.ZIP
[2011/11/25 21:06:46 | 000,671,854 | ---- | M] () -- C:\U0078.ZIP
[2011/11/25 19:03:56 | 000,674,590 | ---- | M] () -- C:\U0077.ZIP
[2011/11/25 17:01:04 | 000,675,920 | ---- | M] () -- C:\U0076.ZIP
[2011/11/25 14:55:44 | 000,674,526 | ---- | M] () -- C:\U0075.ZIP
[2011/11/25 12:51:46 | 000,673,457 | ---- | M] () -- C:\U0074.ZIP
[2011/11/25 10:47:28 | 000,669,090 | ---- | M] () -- C:\U0073.ZIP
[2011/11/25 08:42:02 | 000,672,154 | ---- | M] () -- C:\U0072.ZIP
[2011/11/25 06:37:34 | 000,669,320 | ---- | M] () -- C:\U0071.ZIP
[2011/11/25 04:33:34 | 000,668,564 | ---- | M] () -- C:\U0070.ZIP
[2011/11/25 02:29:40 | 000,666,932 | ---- | M] () -- C:\U0069.ZIP
[2011/11/25 00:27:42 | 000,660,772 | ---- | M] () -- C:\U0068.ZIP
[2011/11/24 22:30:44 | 000,603,081 | ---- | M] () -- C:\U0067.ZIP
[2011/11/24 22:20:04 | 386,964,665 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/24 20:33:40 | 000,666,642 | ---- | M] () -- C:\U0066.ZIP
[2011/11/24 18:29:18 | 000,667,684 | ---- | M] () -- C:\U0065.ZIP
[2011/11/24 16:26:18 | 000,657,093 | ---- | M] () -- C:\U0064.ZIP
[2011/11/24 14:24:50 | 000,814,504 | ---- | M] () -- C:\U0063.ZIP
[2011/11/24 13:00:58 | 000,630,748 | ---- | M] () -- C:\U0062.ZIP
[2011/11/24 11:49:16 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.exe
[2011/11/24 10:57:12 | 000,672,881 | ---- | M] () -- C:\U0061.ZIP
[2011/11/24 08:54:16 | 000,669,014 | ---- | M] () -- C:\U0060.ZIP
[2011/11/24 06:51:04 | 000,675,404 | ---- | M] () -- C:\U0059.ZIP
[2011/11/24 04:47:22 | 000,672,412 | ---- | M] () -- C:\U0058.ZIP
[2011/11/24 02:43:40 | 000,672,281 | ---- | M] () -- C:\U0057.ZIP
[2011/11/24 00:38:12 | 000,672,480 | ---- | M] () -- C:\U0056.ZIP
[2011/11/23 22:32:20 | 000,674,636 | ---- | M] () -- C:\U0055.ZIP
[2011/11/23 20:27:18 | 000,674,846 | ---- | M] () -- C:\U0054.ZIP
[2011/11/23 18:21:40 | 000,657,128 | ---- | M] () -- C:\U0053.ZIP
[2011/11/23 17:01:05 | 000,001,724 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp
[2011/11/23 16:19:40 | 000,692,881 | ---- | M] () -- C:\U0052.ZIP
[2011/11/23 14:17:12 | 000,672,953 | ---- | M] () -- C:\U0051.ZIP
[2011/11/23 12:13:22 | 000,667,992 | ---- | M] () -- C:\U0050.ZIP
[2011/11/23 10:08:04 | 000,670,426 | ---- | M] () -- C:\U0049.ZIP
[2011/11/23 08:03:14 | 000,670,923 | ---- | M] () -- C:\U0048.ZIP
[2011/11/23 05:57:56 | 000,670,235 | ---- | M] () -- C:\U0047.ZIP
[2011/11/23 03:53:08 | 000,667,416 | ---- | M] () -- C:\U0046.ZIP
[2011/11/23 01:48:36 | 000,668,744 | ---- | M] () -- C:\U0045.ZIP
[2011/11/22 23:41:42 | 000,608,189 | ---- | M] () -- C:\U0044.ZIP
[2011/11/22 22:37:35 | 000,001,077 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PixelSQL Engine 10.lnk
[2011/11/22 22:35:58 | 000,001,797 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DataMiner Report Server.lnk
[2011/11/22 22:35:12 | 000,000,022 | ---- | M] () -- C:\Windows\System32\PROTOCOL.INI
[2011/11/22 22:35:11 | 000,000,075 | ---- | M] () -- C:\Windows\PixelStation.INI
[2011/11/22 21:48:26 | 000,637,206 | ---- | M] () -- C:\U0043.ZIP
[2011/11/22 19:49:14 | 000,664,531 | ---- | M] () -- C:\U0042.ZIP
[2011/11/22 17:44:48 | 000,660,972 | ---- | M] () -- C:\U0041.ZIP
[2011/11/22 15:46:24 | 000,633,981 | ---- | M] () -- C:\U0040.ZIP
[2011/11/22 13:50:28 | 000,817,825 | ---- | M] () -- C:\U0039.ZIP
[2011/11/22 12:28:52 | 000,670,993 | ---- | M] () -- C:\U0038.ZIP
[2011/11/22 10:26:22 | 000,669,043 | ---- | M] () -- C:\U0037.ZIP
[2011/11/22 08:23:14 | 000,672,458 | ---- | M] () -- C:\U0036.ZIP
[2011/11/22 06:21:30 | 000,672,552 | ---- | M] () -- C:\U0035.ZIP
[2011/11/22 04:19:40 | 000,675,227 | ---- | M] () -- C:\U0034.ZIP
[2011/11/22 02:17:36 | 000,671,816 | ---- | M] () -- C:\U0033.ZIP
[2011/11/22 00:15:32 | 000,677,161 | ---- | M] () -- C:\U0032.ZIP
[2011/11/21 22:11:58 | 000,669,348 | ---- | M] () -- C:\U0031.ZIP
[2011/11/21 20:09:50 | 000,670,144 | ---- | M] () -- C:\U0030.ZIP
[2011/11/21 18:26:19 | 000,076,806 | ---- | M] () -- C:\Users\Administrator\Documents\sqlschedulebyemployee.pdf
[2011/11/21 18:07:12 | 000,621,877 | ---- | M] () -- C:\U0029.ZIP
[2011/11/21 16:11:06 | 000,654,110 | ---- | M] () -- C:\U0028.ZIP
[2011/11/21 14:14:46 | 000,671,403 | ---- | M] () -- C:\U0027.ZIP
[2011/11/21 12:11:40 | 000,669,069 | ---- | M] () -- C:\U0026.ZIP
[2011/11/21 10:08:16 | 000,669,588 | ---- | M] () -- C:\U0025.ZIP
[2011/11/21 08:05:38 | 000,667,276 | ---- | M] () -- C:\U0024.ZIP
[2011/11/21 06:02:28 | 000,667,468 | ---- | M] () -- C:\U0023.ZIP
[2011/11/21 03:59:58 | 000,669,838 | ---- | M] () -- C:\U0022.ZIP
[2011/11/21 01:57:26 | 000,666,737 | ---- | M] () -- C:\U0021.ZIP
[2011/11/20 23:54:58 | 000,672,216 | ---- | M] () -- C:\U0020.ZIP
[2011/11/20 21:51:34 | 000,671,575 | ---- | M] () -- C:\U0019.ZIP
[2011/11/20 19:47:32 | 000,677,953 | ---- | M] () -- C:\U0018.ZIP
[2011/11/20 17:44:08 | 000,659,530 | ---- | M] () -- C:\U0017.ZIP
[2011/11/20 17:40:56 | 000,099,656 | ---- | M] () -- C:\Users\Administrator\Documents\sqlemployeeshiftsbyjobpos110611-111811.pdf
[2011/11/20 15:47:16 | 000,651,830 | ---- | M] () -- C:\U0016.ZIP
[2011/11/20 13:45:50 | 000,841,060 | ---- | M] () -- C:\U0015.ZIP
[2011/11/20 12:20:12 | 000,669,255 | ---- | M] () -- C:\U0014.ZIP
[2011/11/20 10:16:30 | 000,670,404 | ---- | M] () -- C:\U0013.ZIP
[2011/11/20 08:12:36 | 000,671,286 | ---- | M] () -- C:\U0012.ZIP
[2011/11/20 06:08:36 | 000,668,629 | ---- | M] () -- C:\U0011.ZIP
[2011/11/20 04:05:46 | 000,668,140 | ---- | M] () -- C:\U0010.ZIP
[2011/11/20 02:02:44 | 000,668,712 | ---- | M] () -- C:\U0009.ZIP
[2011/11/19 23:59:02 | 000,671,391 | ---- | M] () -- C:\U0008.ZIP
[2011/11/19 21:56:16 | 000,665,739 | ---- | M] () -- C:\U0007.ZIP
[2011/11/19 19:51:10 | 000,668,635 | ---- | M] () -- C:\U0006.ZIP
[2011/11/19 17:45:54 | 000,670,757 | ---- | M] () -- C:\U0005.ZIP
[2011/11/19 15:41:18 | 000,666,382 | ---- | M] () -- C:\U0004.ZIP
[2011/11/19 13:34:46 | 000,669,742 | ---- | M] () -- C:\U0003.ZIP
[2011/11/19 11:30:30 | 000,279,505 | ---- | M] () -- C:\U0002.ZIP
[2011/11/19 09:31:54 | 000,000,022 | ---- | M] () -- C:\U0001.ZIP
[2011/11/16 14:40:50 | 000,007,362 | ---- | M] () -- C:\Windows\System32\pcimsg.err
[2011/11/14 23:28:58 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/11/14 23:28:58 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/11/08 10:54:57 | 000,053,109 | ---- | M] () -- C:\Users\Administrator\Desktop\sqlsalesbycategorybydayofweek 11-6.pdf

========== Files Created - No Company Name ==========

[2011/11/30 21:18:24 | 000,000,000 | ---- | C] () -- C:\U4851.TRC
[2011/11/30 21:08:15 | 001,050,356 | ---- | C] () -- C:\U4850.TRC
[2011/11/30 20:57:56 | 001,050,629 | ---- | C] () -- C:\U4849.TRC
[2011/11/30 20:47:46 | 001,050,777 | ---- | C] () -- C:\U4848.TRC
[2011/11/30 20:37:14 | 001,050,392 | ---- | C] () -- C:\U4847.TRC
[2011/11/30 20:27:01 | 000,664,803 | ---- | C] () -- C:\U0136.ZIP
[2011/11/30 20:26:53 | 001,050,456 | ---- | C] () -- C:\U4846.TRC
[2011/11/30 20:16:37 | 001,050,705 | ---- | C] () -- C:\U4845.TRC
[2011/11/30 20:06:27 | 001,050,773 | ---- | C] () -- C:\U4844.TRC
[2011/11/30 19:56:07 | 001,050,593 | ---- | C] () -- C:\U4843.TRC
[2011/11/30 19:45:48 | 001,050,631 | ---- | C] () -- C:\U4842.TRC
[2011/11/30 19:35:20 | 001,050,543 | ---- | C] () -- C:\U4841.TRC
[2011/11/30 19:24:59 | 001,050,613 | ---- | C] () -- C:\U4840.TRC
[2011/11/30 19:14:29 | 001,050,431 | ---- | C] () -- C:\U4839.TRC
[2011/11/30 19:04:21 | 001,050,665 | ---- | C] () -- C:\U4838.TRC
[2011/11/30 18:54:03 | 001,050,637 | ---- | C] () -- C:\U4837.TRC
[2011/11/30 18:43:52 | 001,050,765 | ---- | C] () -- C:\U4836.TRC
[2011/11/30 18:33:27 | 001,050,462 | ---- | C] () -- C:\U4835.TRC
[2011/11/30 18:22:59 | 000,848,728 | ---- | C] () -- C:\U0135.ZIP
[2011/11/30 18:22:57 | 001,049,962 | ---- | C] () -- C:\U4834.TRC
[2011/11/30 18:12:24 | 001,050,393 | ---- | C] () -- C:\U4833.TRC
[2011/11/30 18:02:04 | 001,050,571 | ---- | C] () -- C:\U4832.TRC
[2011/11/30 17:51:39 | 001,050,519 | ---- | C] () -- C:\U4831.TRC
[2011/11/30 16:19:49 | 000,661,879 | ---- | C] () -- C:\U0134.ZIP
[2011/11/30 16:09:30 | 000,000,031 | ---- | C] () -- C:\DEFAULT.U2B
[2011/11/30 14:39:20 | 000,661,160 | ---- | C] () -- C:\U0133.ZIP
[2011/11/30 12:53:05 | 000,656,111 | ---- | C] () -- C:\U0132.ZIP
[2011/11/30 10:54:40 | 000,662,369 | ---- | C] () -- C:\U0131.ZIP
[2011/11/30 08:59:34 | 000,658,151 | ---- | C] () -- C:\U0130.ZIP
[2011/11/30 07:02:24 | 000,663,191 | ---- | C] () -- C:\U0129.ZIP
[2011/11/30 05:06:48 | 000,662,425 | ---- | C] () -- C:\U0128.ZIP
[2011/11/30 03:11:42 | 000,632,068 | ---- | C] () -- C:\U0127.ZIP
[2011/11/30 01:14:55 | 000,667,001 | ---- | C] () -- C:\U0126.ZIP
[2011/11/29 23:16:37 | 000,722,322 | ---- | C] () -- C:\U0125.ZIP
[2011/11/29 21:04:47 | 000,656,769 | ---- | C] () -- C:\U0124.ZIP
[2011/11/29 18:59:13 | 000,619,445 | ---- | C] () -- C:\U0123.ZIP
[2011/11/29 16:58:17 | 000,786,467 | ---- | C] () -- C:\U0122.ZIP
[2011/11/29 15:00:47 | 000,719,804 | ---- | C] () -- C:\U0121.ZIP
[2011/11/29 13:41:14 | 000,662,187 | ---- | C] () -- C:\U0120.ZIP
[2011/11/29 11:40:08 | 000,661,171 | ---- | C] () -- C:\U0119.ZIP
[2011/11/29 09:43:14 | 000,657,533 | ---- | C] () -- C:\U0118.ZIP
[2011/11/29 07:46:51 | 000,653,969 | ---- | C] () -- C:\U0117.ZIP
[2011/11/29 05:51:45 | 000,655,716 | ---- | C] () -- C:\U0116.ZIP
[2011/11/29 03:56:08 | 000,660,180 | ---- | C] () -- C:\U0115.ZIP
[2011/11/29 02:01:02 | 000,659,681 | ---- | C] () -- C:\U0114.ZIP
[2011/11/29 00:04:09 | 000,665,387 | ---- | C] () -- C:\U0113.ZIP
[2011/11/28 22:08:33 | 000,659,326 | ---- | C] () -- C:\U0112.ZIP
[2011/11/28 20:09:38 | 000,666,377 | ---- | C] () -- C:\U0111.ZIP
[2011/11/28 18:06:32 | 000,671,039 | ---- | C] () -- C:\U0110.ZIP
[2011/11/28 16:04:40 | 000,669,272 | ---- | C] () -- C:\U0109.ZIP
[2011/11/28 13:58:04 | 000,665,937 | ---- | C] () -- C:\U0108.ZIP
[2011/11/28 11:53:02 | 000,668,053 | ---- | C] () -- C:\U0107.ZIP
[2011/11/28 09:48:30 | 000,668,227 | ---- | C] () -- C:\U0106.ZIP
[2011/11/28 07:40:53 | 000,667,936 | ---- | C] () -- C:\U0105.ZIP
[2011/11/28 05:33:16 | 000,668,321 | ---- | C] () -- C:\U0104.ZIP
[2011/11/28 03:24:36 | 000,671,723 | ---- | C] () -- C:\U0103.ZIP
[2011/11/28 01:16:59 | 000,665,751 | ---- | C] () -- C:\U0102.ZIP
[2011/11/27 23:08:52 | 000,672,732 | ---- | C] () -- C:\U0101.ZIP
[2011/11/27 21:02:16 | 000,661,588 | ---- | C] () -- C:\U0100.ZIP
[2011/11/27 18:55:08 | 000,660,451 | ---- | C] () -- C:\U0099.ZIP
[2011/11/27 16:52:39 | 000,668,171 | ---- | C] () -- C:\U0098.ZIP
[2011/11/27 14:49:05 | 000,669,123 | ---- | C] () -- C:\U0097.ZIP
[2011/11/27 12:44:03 | 000,668,542 | ---- | C] () -- C:\U0096.ZIP
[2011/11/27 10:40:33 | 000,668,250 | ---- | C] () -- C:\U0095.ZIP
[2011/11/27 08:36:02 | 000,664,045 | ---- | C] () -- C:\U0094.ZIP
[2011/11/27 06:33:35 | 000,668,409 | ---- | C] () -- C:\U0093.ZIP
[2011/11/27 04:31:38 | 000,673,172 | ---- | C] () -- C:\U0092.ZIP
[2011/11/27 02:29:11 | 000,671,279 | ---- | C] () -- C:\U0091.ZIP
[2011/11/27 00:26:12 | 000,670,390 | ---- | C] () -- C:\U0090.ZIP
[2011/11/26 22:22:12 | 000,664,161 | ---- | C] () -- C:\U0089.ZIP
[2011/11/26 20:18:13 | 000,668,505 | ---- | C] () -- C:\U0088.ZIP
[2011/11/26 18:14:43 | 000,668,706 | ---- | C] () -- C:\U0087.ZIP
[2011/11/26 16:10:13 | 000,636,284 | ---- | C] () -- C:\U0086.ZIP
[2011/11/26 14:06:12 | 000,669,416 | ---- | C] () -- C:\U0085.ZIP
[2011/11/26 12:10:03 | 000,673,284 | ---- | C] () -- C:\U0084.ZIP
[2011/11/26 10:11:34 | 000,680,578 | ---- | C] () -- C:\U0083.ZIP
[2011/11/26 08:00:20 | 000,672,063 | ---- | C] () -- C:\U0082.ZIP
[2011/11/26 05:55:48 | 000,669,528 | ---- | C] () -- C:\U0081.ZIP
[2011/11/26 03:51:19 | 000,675,057 | ---- | C] () -- C:\U0080.ZIP
[2011/11/26 01:46:16 | 000,676,413 | ---- | C] () -- C:\U0079.ZIP
[2011/11/25 23:41:44 | 000,671,854 | ---- | C] () -- C:\U0078.ZIP
[2011/11/25 21:37:44 | 000,674,590 | ---- | C] () -- C:\U0077.ZIP
[2011/11/25 19:34:45 | 000,675,920 | ---- | C] () -- C:\U0076.ZIP
[2011/11/25 17:32:19 | 000,674,526 | ---- | C] () -- C:\U0075.ZIP
[2011/11/25 15:26:46 | 000,673,457 | ---- | C] () -- C:\U0074.ZIP
[2011/11/25 13:22:45 | 000,669,090 | ---- | C] () -- C:\U0073.ZIP
[2011/11/25 11:18:44 | 000,672,154 | ---- | C] () -- C:\U0072.ZIP
[2011/11/25 09:13:42 | 000,669,320 | ---- | C] () -- C:\U0071.ZIP
[2011/11/25 07:09:10 | 000,668,564 | ---- | C] () -- C:\U0070.ZIP
[2011/11/25 05:05:09 | 000,666,932 | ---- | C] () -- C:\U0069.ZIP
[2011/11/25 03:01:10 | 000,660,772 | ---- | C] () -- C:\U0068.ZIP
[2011/11/25 00:56:41 | 000,603,081 | ---- | C] () -- C:\U0067.ZIP
[2011/11/24 23:01:33 | 000,666,642 | ---- | C] () -- C:\U0066.ZIP
[2011/11/24 21:05:09 | 000,667,684 | ---- | C] () -- C:\U0065.ZIP
[2011/11/24 19:00:37 | 000,657,093 | ---- | C] () -- C:\U0064.ZIP
[2011/11/24 16:56:36 | 000,814,504 | ---- | C] () -- C:\U0063.ZIP
[2011/11/24 14:55:41 | 000,630,748 | ---- | C] () -- C:\U0062.ZIP
[2011/11/24 13:02:57 | 000,672,881 | ---- | C] () -- C:\U0061.ZIP
[2011/11/24 11:28:59 | 000,669,014 | ---- | C] () -- C:\U0060.ZIP
[2011/11/24 09:24:58 | 000,675,404 | ---- | C] () -- C:\U0059.ZIP
[2011/11/24 07:22:00 | 000,672,412 | ---- | C] () -- C:\U0058.ZIP
[2011/11/24 05:18:30 | 000,672,281 | ---- | C] () -- C:\U0057.ZIP
[2011/11/24 03:15:31 | 000,672,480 | ---- | C] () -- C:\U0056.ZIP
[2011/11/24 01:10:29 | 000,674,636 | ---- | C] () -- C:\U0055.ZIP
[2011/11/23 23:04:25 | 000,674,846 | ---- | C] () -- C:\U0054.ZIP
[2011/11/23 20:58:52 | 000,657,128 | ---- | C] () -- C:\U0053.ZIP
[2011/11/23 18:55:05 | 000,692,881 | ---- | C] () -- C:\U0052.ZIP
[2011/11/23 16:50:54 | 000,672,953 | ---- | C] () -- C:\U0051.ZIP
[2011/11/23 14:47:56 | 000,667,992 | ---- | C] () -- C:\U0050.ZIP
[2011/11/23 12:44:59 | 000,670,426 | ---- | C] () -- C:\U0049.ZIP
[2011/11/23 10:39:25 | 000,670,923 | ---- | C] () -- C:\U0048.ZIP
[2011/11/23 08:34:54 | 000,670,235 | ---- | C] () -- C:\U0047.ZIP
[2011/11/23 06:29:21 | 000,667,416 | ---- | C] () -- C:\U0046.ZIP
[2011/11/23 04:24:49 | 000,668,744 | ---- | C] () -- C:\U0045.ZIP
[2011/11/23 02:19:46 | 000,608,189 | ---- | C] () -- C:\U0044.ZIP
[2011/11/23 00:18:22 | 000,637,206 | ---- | C] () -- C:\U0043.ZIP
[2011/11/22 22:22:17 | 000,664,531 | ---- | C] () -- C:\U0042.ZIP
[2011/11/22 20:21:11 | 000,660,972 | ---- | C] () -- C:\U0041.ZIP
[2011/11/22 18:16:10 | 000,633,981 | ---- | C] () -- C:\U0040.ZIP
[2011/11/22 16:15:43 | 000,817,825 | ---- | C] () -- C:\U0039.ZIP
[2011/11/22 14:18:43 | 000,670,993 | ---- | C] () -- C:\U0038.ZIP
[2011/11/22 12:57:21 | 000,669,043 | ---- | C] () -- C:\U0037.ZIP
[2011/11/22 10:56:58 | 000,672,458 | ---- | C] () -- C:\U0036.ZIP
[2011/11/22 08:54:30 | 000,672,552 | ---- | C] () -- C:\U0035.ZIP
[2011/11/22 06:52:34 | 000,675,227 | ---- | C] () -- C:\U0034.ZIP
[2011/11/22 04:50:06 | 000,671,816 | ---- | C] () -- C:\U0033.ZIP
[2011/11/22 02:48:40 | 000,677,161 | ---- | C] () -- C:\U0032.ZIP
[2011/11/22 00:46:45 | 000,669,348 | ---- | C] () -- C:\U0031.ZIP
[2011/11/21 22:42:44 | 000,670,144 | ---- | C] () -- C:\U0030.ZIP
[2011/11/21 20:40:49 | 000,621,877 | ---- | C] () -- C:\U0029.ZIP
[2011/11/21 18:38:21 | 000,654,110 | ---- | C] () -- C:\U0028.ZIP
[2011/11/21 18:26:19 | 000,076,806 | ---- | C] () -- C:\Users\Administrator\Documents\sqlschedulebyemployee.pdf
[2011/11/21 16:34:36 | 000,671,403 | ---- | C] () -- C:\U0027.ZIP
[2011/11/21 14:44:33 | 000,669,069 | ---- | C] () -- C:\U0026.ZIP
[2011/11/21 12:42:58 | 000,669,588 | ---- | C] () -- C:\U0025.ZIP
[2011/11/21 10:39:18 | 000,667,276 | ---- | C] () -- C:\U0024.ZIP
[2011/11/21 08:36:27 | 000,667,468 | ---- | C] () -- C:\U0023.ZIP
[2011/11/21 06:33:37 | 000,669,838 | ---- | C] () -- C:\U0022.ZIP
[2011/11/21 04:30:46 | 000,666,737 | ---- | C] () -- C:\U0021.ZIP
[2011/11/21 02:28:26 | 000,672,216 | ---- | C] () -- C:\U0020.ZIP
[2011/11/21 00:26:17 | 000,671,575 | ---- | C] () -- C:\U0019.ZIP
[2011/11/20 22:23:28 | 000,677,953 | ---- | C] () -- C:\U0018.ZIP
[2011/11/20 20:18:44 | 000,659,530 | ---- | C] () -- C:\U0017.ZIP
[2011/11/20 18:14:42 | 000,651,830 | ---- | C] () -- C:\U0016.ZIP
[2011/11/20 17:40:55 | 000,099,656 | ---- | C] () -- C:\Users\Administrator\Documents\sqlemployeeshiftsbyjobpos110611-111811.pdf
[2011/11/20 16:17:23 | 000,841,060 | ---- | C] () -- C:\U0015.ZIP
[2011/11/20 14:16:44 | 000,669,255 | ---- | C] () -- C:\U0014.ZIP
[2011/11/20 12:51:16 | 000,670,404 | ---- | C] () -- C:\U0013.ZIP
[2011/11/20 10:47:47 | 000,671,286 | ---- | C] () -- C:\U0012.ZIP
[2011/11/20 08:43:47 | 000,668,629 | ---- | C] () -- C:\U0011.ZIP
[2011/11/20 06:39:46 | 000,668,140 | ---- | C] () -- C:\U0010.ZIP
[2011/11/20 04:36:47 | 000,668,712 | ---- | C] () -- C:\U0009.ZIP
[2011/11/20 02:34:20 | 000,671,391 | ---- | C] () -- C:\U0008.ZIP
[2011/11/20 00:30:50 | 000,665,739 | ---- | C] () -- C:\U0007.ZIP
[2011/11/19 22:26:50 | 000,668,635 | ---- | C] () -- C:\U0006.ZIP
[2011/11/19 20:22:50 | 000,670,757 | ---- | C] () -- C:\U0005.ZIP
[2011/11/19 18:17:16 | 000,666,382 | ---- | C] () -- C:\U0004.ZIP
[2011/11/19 16:12:45 | 000,669,742 | ---- | C] () -- C:\U0003.ZIP
[2011/11/19 14:06:40 | 000,279,505 | ---- | C] () -- C:\U0002.ZIP
[2011/11/19 12:01:38 | 000,000,022 | ---- | C] () -- C:\U0001.ZIP
[2011/11/16 14:53:04 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/08 10:54:57 | 000,053,109 | ---- | C] () -- C:\Users\Administrator\Desktop\sqlsalesbycategorybydayofweek 11-6.pdf
[2011/11/01 16:31:53 | 000,381,497 | ---- | C] () -- C:\hhreg.zip
[2011/10/24 22:33:19 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/24 22:33:19 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/04 13:00:43 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011/05/28 23:38:21 | 000,091,016 | ---- | C] () -- C:\Windows\wiainst.exe
[2011/05/28 23:38:19 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2011/05/28 23:38:19 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2011/05/28 23:38:19 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2011/05/28 23:38:19 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2011/05/28 23:37:50 | 000,022,723 | ---- | C] () -- C:\Windows\System32\DELR1LM.DLL
[2011/05/28 23:37:50 | 000,022,723 | ---- | C] () -- C:\Windows\System32\DELR1L3.DLL
[2011/05/16 14:12:03 | 000,000,442 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/16 09:12:23 | 000,001,249 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/16 08:40:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/15 09:58:02 | 000,032,822 | ---- | C] () -- C:\Windows\System32\pcimsg.dll
[2011/05/15 09:58:02 | 000,020,542 | ---- | C] () -- C:\Windows\System32\pcivdd.dll
[2011/05/04 08:21:01 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PROTOCOL.INI
[2011/05/04 08:21:00 | 000,000,075 | ---- | C] () -- C:\Windows\PixelStation.INI
[2011/05/04 08:07:47 | 000,000,405 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/04 08:02:18 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/04/27 11:12:30 | 000,012,952 | ---- | C] () -- C:\Windows\System32\drivers\tcm.sys
[2009/07/19 10:46:56 | 000,799,016 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2009/04/11 05:57:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 05:57:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 05:57:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/01/19 04:43:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2008/01/19 04:35:10 | 000,228,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/01/19 04:24:40 | 000,040,774 | ---- | C] () -- C:\Windows\System32\ntfrsrep.ini
[2008/01/19 04:24:40 | 000,011,196 | ---- | C] () -- C:\Windows\System32\ntfrscon.ini
[2008/01/19 04:24:27 | 001,622,022 | ---- | C] () -- C:\Windows\System32\schema.ini
[2008/01/19 04:24:26 | 000,001,702 | ---- | C] () -- C:\Windows\System32\StorageMgmt.dll.config
[2008/01/19 04:24:26 | 000,001,048 | ---- | C] () -- C:\Windows\System32\SetupNfsIdMap.exe.config
[2008/01/19 04:24:26 | 000,000,989 | ---- | C] () -- C:\Windows\System32\NfsConfigGuide.exe.config
[2008/01/19 04:24:26 | 000,000,940 | ---- | C] () -- C:\Windows\System32\ProvisionShare.exe.config
[2008/01/19 04:24:26 | 000,000,933 | ---- | C] () -- C:\Windows\System32\ProvisionStorage.exe.config
[2008/01/19 01:56:38 | 000,984,650 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2008/01/19 01:56:38 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2008/01/19 01:56:38 | 000,244,638 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2008/01/19 01:56:38 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2008/01/19 01:45:36 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2008/01/18 22:56:52 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2008/01/18 21:34:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2008/01/03 12:04:28 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2008/01/03 11:57:53 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/09/05 12:44:42 | 000,000,392 | ---- | C] () -- C:\Windows\System32\BTRDRVR.SYS
[2007/08/16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005/12/21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005/12/21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2005/07/26 00:13:52 | 000,099,965 | ---- | C] () -- C:\Windows\UninstallThunderbird.exe
[2005/07/26 00:13:46 | 000,003,669 | ---- | C] () -- C:\Windows\mozver.dat
[1999/09/30 05:00:00 | 000,040,028 | ---- | C] () -- C:\Windows\System32\MSQKS.DLL
[1997/11/12 03:00:00 | 000,177,664 | ---- | C] () -- C:\Windows\System32\CP30FWM.DLL
[1996/11/18 13:00:00 | 000,978,432 | ---- | C] () -- C:\Windows\System32\pg32.dll
[1995/02/14 22:11:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll

========== LOP Check ==========

[2011/05/16 11:07:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\autoclerk
[2011/05/23 17:09:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BACS.exe
[2011/10/11 21:46:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GlarySoft
[2011/10/20 23:43:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Process Hacker 2
[2011/08/11 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2011/05/28 10:47:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TightVNC
[2011/06/23 14:15:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xerox
[2011/11/28 23:28:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/11/30 16:09:58 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/11/30 16:05:42 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 11/30/2011 9:17:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Downloads
Windows Vista Server Standard Edition (full installation) Service Pack 2 (Version = 6.0.6002) - Type = NTDomainController
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 48.16% Memory free
8.14 Gb Paging File | 5.98 Gb Available in Paging File | 73.42% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 15.34 Gb Free Space | 38.35% Space Free | Partition Type: NTFS
Drive D: | 464.50 Gb Total Space | 423.59 Gb Free Space | 91.19% Space Free | Partition Type: NTFS
Drive E: | 189.21 Gb Total Space | 169.04 Gb Free Space | 89.34% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.10% Space Free | Partition Type: NTFS

Computer Name: POSSERVER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = IE.AssocFile.HTM] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = IE.AssocFile.HTM] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisabledInterfaces" = {E8B03A6C-BFB6-4E0B-9408-45B958734BCD}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098BF0C5-BF41-4800-A505-1DF130900B58}" = lport=137 | protocol=17 | dir=in | app=system |
"{0A15FC2F-5244-42A8-8F39-B3A45EAA9512}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0B25934B-AA3C-446A-A0C0-B0E4546BA3EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F0862FA-2C1F-42C2-BA0E-838636A34DC9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0FDD2CBA-73C3-414C-BCD1-895B3C117553}" = rport=5358 | protocol=6 | dir=out | app=system |
"{126C643D-A8BE-4E0C-9B1D-E95791AB2F4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D8F1B4A-99D0-4DFD-8A28-F961938BCADA}" = rport=138 | protocol=17 | dir=out | app=system |
"{2ED16D1F-CAB9-45A8-BD36-7E58B8A1CD3D}" = lport=137 | protocol=17 | dir=in | app=system |
"{30633EA7-038D-40DA-B24E-F783534A17A9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{356158A4-C5F1-4D2A-A019-397EDFE3B4CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{364DFD24-3C37-4896-A1D9-A90D90581575}" = rport=137 | protocol=17 | dir=out | app=system |
"{44F6F605-CABC-4981-ACA1-AF09C3BBCA06}" = rport=5357 | protocol=6 | dir=out | app=system |
"{45098E49-2D09-45E4-877B-56B3F20A9D4A}" = lport=138 | protocol=17 | dir=in | app=system |
"{451A5F3D-ACBE-4500-A7DA-81319C53CA14}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B3571B0-D3A1-47AD-8C39-ACAE4BAC9422}" = lport=3389 | protocol=6 | dir=in | app=system |
"{5617D428-1EF9-46C1-8419-74FCC32A96DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{5E795C97-5503-4814-80A2-A96A1A551642}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60DB4B09-8ACF-461F-9BF6-18F30FAD9011}" = lport=5357 | protocol=6 | dir=in | app=system |
"{67124E94-76E1-4A5A-965E-289E5BFBECB1}" = lport=5358 | protocol=6 | dir=in | app=system |
"{688B5AE7-A813-4DD6-9EF3-AD8AFAEA34C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{6894F3D3-D4C9-442B-9673-6538A6210023}" = lport=80 | protocol=6 | dir=in | name=http |
"{6940D2A2-4F9B-4890-A58D-FA8A5F914529}" = rport=139 | protocol=6 | dir=out | app=system |
"{6C79EE65-4D24-4FBD-B7BE-A6AFCBAB4B42}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{733A4622-B010-4A01-B0FE-8524440F5AD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75B6D28E-929A-475F-AA7F-B94FB48624E6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{76AB8C8C-6B79-4E35-9237-0B36CD8C3DFD}" = lport=5357 | protocol=6 | dir=in | app=system |
"{87CB886C-30AB-4B21-841E-DD082866F28D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8891B170-5BC6-4211-8E2E-85CB5A379021}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E601FB3-F7B0-42B5-8E3B-FCF12E0EFDE4}" = rport=137 | protocol=17 | dir=out | app=system |
"{923422D1-3AF4-472E-9AE7-25BFDBB9A62C}" = lport=139 | protocol=6 | dir=in | app=system |
"{9A26BB2F-ACF5-469D-AE82-030070354067}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A244347C-1C58-41D6-ADFB-5F7B5C34AC66}" = lport=137 | protocol=17 | dir=in | app=system |
"{AAF8E415-2A40-4571-9A92-7D4461713171}" = rport=5358 | protocol=6 | dir=out | app=system |
"{AE51D671-C9A3-424C-ABC0-3E568E37388A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B4AD43DB-FCC6-438B-9445-80EF315272A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5F39973-2B97-4FAC-8450-26DCFCC607B6}" = lport=10060 | protocol=6 | dir=in | name=autoclerk local |
"{C4816966-01D6-4B84-B0BE-533518AF5F8F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C5BBF5FB-0F9C-4165-86A9-0B291E546649}" = rport=5357 | protocol=6 | dir=out | app=system |
"{C6585123-BD2E-46D9-9DC3-EC2C7013E614}" = lport=443 | protocol=6 | dir=in | name=port 443 |
"{CB4E0D77-4E40-4256-ABB5-D71F9E7F59AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE7A3798-3089-48E6-A1F8-FFF74B7BB3DD}" = lport=11189 | protocol=6 | dir=in | name=autoclerk |
"{CFD3314E-A3EA-4642-832C-A62B84491654}" = rport=445 | protocol=6 | dir=out | app=system |
"{D1EA34B1-103E-4C02-B7FD-9E5995F6B2BF}" = rport=138 | protocol=17 | dir=out | app=system |
"{D6B950A1-8949-4EF5-A85A-9210CFC9151A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |
"{D8ED67E0-30FF-485A-9C04-1E804F9CD7F1}" = lport=138 | protocol=17 | dir=in | app=system |
"{DF1EF501-CA0B-4229-A916-8D6925EE1CB1}" = lport=138 | protocol=17 | dir=in | app=system |
"{EAD3D014-2E20-46A4-A853-8984C71BCC20}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F67DAC39-181A-439C-8A61-31860C872B29}" = lport=5358 | protocol=6 | dir=in | app=system |
"{F773ABA5-7954-46A7-8D14-76E574413B8B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F8D2100B-F1E4-4611-A22A-9AE1D43E2C9F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0456E5D8-27DB-4506-B494-2FF85B2DAF4A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{06AA3535-B461-45A0-86EC-E6049B6FCD03}" = protocol=6 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{102BE4D1-A131-4247-BC34-FA5F91046815}" = protocol=17 | dir=in | app=c:\program files\netsupport\netsupport manager\client32.exe |
"{21A4BE6E-4897-4B2D-A4B5-3F8F9BAAA8A0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{2D2646D6-734B-4D31-87D1-A5171058DDDF}" = protocol=6 | dir=in | app=c:\program files\tightvnc\vncviewer.exe |
"{3A8A6019-B490-4808-91DE-0C91F05EB21F}" = protocol=17 | dir=in | app=c:\qsrauto\alertmanager\bin\alertbuilderlite.exe |
"{3CAB6643-2CD6-4A3F-ABE7-59651B818289}" = protocol=6 | dir=in | app=c:\program files\netsupport\netsupport manager\client32.exe |
"{507695F0-1559-4C56-9449-C9BAA3A4582C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{57F9527C-2860-4DA3-B900-D116338C1083}" = protocol=6 | dir=out | app=system |
"{6D9B7C56-5D0E-48E6-A2DE-9420C2735468}" = protocol=17 | dir=in | app=c:\program files\tightvnc\vncviewer.exe |
"{7818396C-A1CB-4234-AFD7-EC9A98480794}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C35D035-48E4-4FA3-9499-20188C9FCF38}" = protocol=17 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{7FA26726-74EF-478C-9E6A-F898F7211BA6}" = protocol=17 | dir=in | app=c:\program files\autoclerk\bin\accredit.exe |
"{823625D9-7597-46D8-A5C3-E1DA0631C177}" = protocol=6 | dir=out | app=system |
"{86AB9861-AA5D-476C-9103-AC82CE6DCAC2}" = protocol=6 | dir=in | app=c:\program files\netsupport\netsupport manager\client32.exe |
"{8A1BBAD5-3660-415A-BFDB-C0A9798B3D87}" = protocol=17 | dir=in | app=c:\program files\netsupport\netsupport manager\client32.exe |
"{9D7B475A-50A2-479F-9F5A-F95E993D46ED}" = protocol=6 | dir=in | app=c:\program files\autoclerk\bin\acadmin.exe |
"{AB39D6FE-9AE5-4524-AFCF-E1CEA2FB01D4}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{BB829ED5-3C59-4627-AEF9-8225D317A5C5}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{CB940FE8-92D9-4550-8FAD-5A0788C61C5B}" = protocol=6 | dir=in | app=c:\qsrauto\alertmanager\bin\alertbuilderlite.exe |
"{CE656E24-DD7E-4B71-B6BC-57990D497859}" = protocol=17 | dir=in | app=c:\program files\autoclerk\bin\acadmin.exe |
"{D6F4EA97-78C0-47C7-8B82-589D417B9526}" = protocol=17 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe |
"{E2CE2E90-63FB-4523-AEC2-805BB578A29D}" = protocol=6 | dir=in | app=c:\program files\autoclerk\bin\ac2g.exe |
"{E3AF9ED5-52B0-42E9-8DFA-7F9B72379293}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{EC8741D6-EDF0-4D78-A255-FDA1A83F9D19}" = protocol=17 | dir=in | app=c:\program files\autoclerk\bin\ac2g.exe |
"{F5E5BAE7-410D-492D-B6C1-2B56094CEE70}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{F7639472-2490-4EA9-B397-9B7586D98EE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FCD44206-BE67-4329-B5E0-6AED839297C3}" = protocol=6 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe |
"{FEFAB1FC-3E0F-4B70-8B99-FC48C3ADAD55}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{FF223864-A54F-4B31-B1DD-4E42A4E41376}" = protocol=6 | dir=in | app=c:\program files\autoclerk\bin\accredit.exe |
"TCP Query User{06F0D794-92C5-4FF3-84B6-BCBE209C0A95}C:\qsrauto\kds\bin\kdsdemopos.exe" = protocol=6 | dir=in | app=c:\qsrauto\kds\bin\kdsdemopos.exe |
"TCP Query User{74171A9A-F547-4712-B4B8-0A75367E1B64}C:\pixelpos\dataminer\reportserver\dataminerlistener.exe" = protocol=6 | dir=in | app=c:\pixelpos\dataminer\reportserver\dataminerlistener.exe |
"TCP Query User{7D35B889-9E04-4EC4-A3C6-C926D5CE8838}C:\program files\datacap systems\netepay\dsinetconnectip_termsl.exe" = protocol=6 | dir=in | app=c:\program files\datacap systems\netepay\dsinetconnectip_termsl.exe |
"TCP Query User{7EA2122C-7C7E-423B-9979-EC427279284D}C:\qsrauto\kds\bin\socketmon.exe" = protocol=6 | dir=in | app=c:\qsrauto\kds\bin\socketmon.exe |
"TCP Query User{87EF8266-E062-4081-B57A-6C19B5CE4B49}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{B054DCEA-AD28-4502-AB71-F9C959B8BB6A}C:\pixelpos\pixelkds.exe" = protocol=6 | dir=in | app=c:\pixelpos\pixelkds.exe |
"TCP Query User{B06CF773-7420-417B-9C2A-D85FC90D1C7D}C:\program files\sql anywhere 10\win32\dbsrv10.exe" = protocol=6 | dir=in | app=c:\program files\sql anywhere 10\win32\dbsrv10.exe |
"TCP Query User{BA60308E-5B7E-4BC7-BAC3-906559C1CF11}C:\shift4\utg2\utg2.exe" = protocol=6 | dir=in | app=c:\shift4\utg2\utg2.exe |
"TCP Query User{F90EB179-022A-42F1-8E6B-AE8A7255D4C1}C:\qsrauto\kds\bin\kdsconsole.exe" = protocol=6 | dir=in | app=c:\qsrauto\kds\bin\kdsconsole.exe |
"TCP Query User{FB2F4F8A-36B9-4029-8590-902828F3DA8E}C:\program files\datacap systems\netepay\dsinetconnectip_term.exe" = protocol=6 | dir=in | app=c:\program files\datacap systems\netepay\dsinetconnectip_term.exe |
"UDP Query User{11E2A58D-2B41-4535-B61E-DC6EEF5A00BD}C:\qsrauto\kds\bin\kdsconsole.exe" = protocol=17 | dir=in | app=c:\qsrauto\kds\bin\kdsconsole.exe |
"UDP Query User{17D14A2A-6526-4AC0-8CB2-C122911CA964}C:\qsrauto\kds\bin\socketmon.exe" = protocol=17 | dir=in | app=c:\qsrauto\kds\bin\socketmon.exe |
"UDP Query User{1CF7EB70-9200-48A0-A978-AB7B5AEB47E3}C:\qsrauto\kds\bin\kdsdemopos.exe" = protocol=17 | dir=in | app=c:\qsrauto\kds\bin\kdsdemopos.exe |
"UDP Query User{3548D339-33ED-41F5-98F9-5C36A706C996}C:\program files\datacap systems\netepay\dsinetconnectip_termsl.exe" = protocol=17 | dir=in | app=c:\program files\datacap systems\netepay\dsinetconnectip_termsl.exe |
"UDP Query User{37D994A3-D8F3-4A7C-A7D1-65C93F623E35}C:\pixelpos\pixelkds.exe" = protocol=17 | dir=in | app=c:\pixelpos\pixelkds.exe |
"UDP Query User{55381AC5-4871-4E97-B150-3C141278BEB7}C:\pixelpos\dataminer\reportserver\dataminerlistener.exe" = protocol=17 | dir=in | app=c:\pixelpos\dataminer\reportserver\dataminerlistener.exe |
"UDP Query User{5788F955-084F-4C0A-9A65-CBF8CC5F8355}C:\program files\sql anywhere 10\win32\dbsrv10.exe" = protocol=17 | dir=in | app=c:\program files\sql anywhere 10\win32\dbsrv10.exe |
"UDP Query User{EACA9F09-39E6-44BD-856A-491218DBB0EA}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{ED09BB65-4A6D-4660-853C-8BB97465692C}C:\shift4\utg2\utg2.exe" = protocol=17 | dir=in | app=c:\shift4\utg2\utg2.exe |
"UDP Query User{FC9B5C68-D762-4D16-BF6C-517A8B048307}C:\program files\datacap systems\netepay\dsinetconnectip_term.exe" = protocol=17 | dir=in | app=c:\program files\datacap systems\netepay\dsinetconnectip_term.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 Workgroup (32-bit)
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1EB9429A-A874-4BF0-961D-BDAAFB1641A6}" = Microsoft SQL Server 2005 Backward compatibility
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (DATACAPINSTANCE)
"{2C0D7E35-EE6E-4DC7-BA13-2C68AEDEB59D}" = Windows Server Update Services 3.0 SP2
"{2C7C7B9F-D306-4B47-96B5-230E9A65442E}" = PAR PixelPoint POS v11.0 Server
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{3F2C98A7-6585-46E3-9FDD-93C6DB8F0B23}" = SQL Express 2008-DatacapInstance
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CD4EE21-1762-4E29-A5AA-DEE1E7B3E775}" = Broadcom Drivers and Management Applications
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{54DF35BD-4A36-35DA-B029-A0C083C88614}" = Google Chrome
"{54F1AA8B-8AC4-48EC-9038-9D5F590FD235}" = Virtual Serial Port Kit 5.2.2
"{55B3160B-1F52-4BA2-ABF6-7281876911AD}" = Mozilla Thunderbird (1.0.6 en_US)
"{60C0EF58-F014-4A05-8DF1-D4A867D54167}" = NETePay XML 4.0 (SL PT 4.14) Paymentech
"{63BC9E3D-98CB-43D5-B80A-066AD58D62E1}" = EPAYAdmin 4.00
"{685133DD-3E68-45F0-9136-528AB8FA12CF}" = PAR PixelPoint POS v11.0 Station
"{6A4137A0-02FC-11DC-6784-1AFF5E3D18BE}" = QSR ePic KDS
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7C9B83FA-6DAA-4632-9312-E63D9EF56795}" = NetSupport Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95910CFB-C1FE-4AAF-9E5D-E2A4FBC31C58}" = DSIClient Version 2.50.3853 - DSIClientX 3.85
"{9ABBC900-E038-4BBF-95CE-48E7697F841F}" = Shift4 Universal Transaction Gateway
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{B94FF5E4-75F7-4A69-A71A-DF397BCBFFEF}" = Mozilla Firefox (en-US)
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BDF6B4B2-803D-44C6-8495-1ED3A30128D8}" = PAR PixelPoint DataMiner for POS v7.1 Server
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C7417265-7B3E-4BE0-9C35-463761AB6A5B}" = Vigilix Agent
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB}" = Windows Internal Database (MICROSOFT##SSEE)
"{DE865499-B939-4012-9EDF-6006BEF8EF89}" = PAR PixelPoint Station Install v10.0
"{EFE700CC-3D9B-4BAF-8F97-E8398A762879}" = PAR PixelPoint Server SQL Install v10.0
"{F2241F8E-55A7-4D62-ADFF-88CD4F772E9D}" = PixelPoint DataMiner for POS v7 (Server Install)
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}" = Sentinel System Driver Installer 7.5.0
"Adobe AIR" = Adobe AIR
"Bomgar Jump Client [esupport.autoclerk.com-1305579212]" = Bomgar Jump Client 11.1.2 [esupport.autoclerk.com] [1305579212]
"Dell Laser MFP 1600n" = Dell Laser MFP 1600n Software Uninstall
"Glary Utilities_is1" = Glary Utilities 2.38.0.1288
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Process_Hacker2_is1" = Process Hacker 2.22
"Startup Delayer" = Startup Delayer v3.0 (build 294)
"TeamViewer 6" = TeamViewer 6
"Universal Transaction Gateway™" = Universal Transaction Gateway™
"Unlocker" = Unlocker 1.9.1
"VCOM2USB_is1" = VCOM2USB V1.02
"Windows Server Update Services 3.0 SP2" = Windows Server Update Services 3.0 SP2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2011 7:40:50 PM | Computer Name = POSSERVER.eklund-local.com | Source = PixelBackUpExec.exe | ID = 0
Description =

Error - 11/20/2011 7:43:09 PM | Computer Name = POSSERVER.eklund-local.com | Source = PixelBackUpExec.exe | ID = 0
Description =

Error - 11/20/2011 10:13:19 PM | Computer Name = POSSERVER.eklund-local.com | Source = PixelBackUpExec.exe | ID = 0
Description =

Error - 11/21/2011 12:58:10 AM | Computer Name = POSSERVER.eklund-local.com | Source = PixelBackUpExec.exe | ID = 0
Description =

Error - 11/21/2011 4:01:23 AM | Computer Name = POSSERVER.eklund-local.com | Source = PixelBackUpExec.exe | ID = 0
Description =

Error - 11/22/2011 4:00:57 AM | Computer Name = POSSERVER.eklund-local.com | Source = PixelBackUpExec.exe | ID = 0
Description =

Error - 11/22/2011 3:59:34 PM | Computer Name = POSSERVER.eklund-local.com | Source = UTG2Svc.exe | ID = 0
Description =

Error - 11/22/2011 11:21:41 PM | Computer Name = POSSERVER.eklund-local.com | Source = PixelBackUpExec.exe | ID = 0
Description =

Error - 11/22/2011 11:24:51 PM | Computer Name = POSSERVER.eklund-local.com | Source = PixelBackUpExec.exe | ID = 0
Description =

Error - 11/23/2011 1:46:19 AM | Computer Name = POSSERVER.eklund-local.com | Source = Application Hang | ID = 1002
Description = The program PixelPointPOS.exe version 11.0.1.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 163c Start Time: 01cca9a32f55a1b1 Termination Time: 2

[ DFS Replication Events ]
Error - 5/22/2011 8:36:36 PM | Computer Name = POSSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.)

[ Directory Service Events ]
Error - 9/29/2011 1:47:23 AM | Computer Name = POSSERVER.eklund-local.com | Source = NTDS General | ID = 2840
Description = Active Directory Domain Services backup and restore support requires
the COM+ Event System to be started. Backup or restore will not succeed until
this is corrected. User Action Resolve the issue with COM+ Event System service startup
failure. One possible cause is the COM+ Event System is not configured to auto-start.



Additional
Data Error value: 1084 This service cannot be started in Safe Mode

Error - 9/29/2011 1:47:25 AM | Computer Name = POSSERVER.eklund-local.com | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory Domain Services error has occurred.



Additional
Data Error value (decimal): 1053 Error value (hex): 41d Internal ID: 300067c

Error - 9/29/2011 1:47:25 AM | Computer Name = POSSERVER.eklund-local.com | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory Domain Services error has occurred.



Additional
Data Error value (decimal): 1053 Error value (hex): 41d Internal ID: 300068c

[ DNS Server Events ]
Error - 5/24/2011 5:10:45 PM | Computer Name = POSSERVER.eklund-local.com | Source = DNS | ID = 404
Description = The DNS server could not bind a Transmission Control Protocol (TCP)
socket to address 192.168.3.200. The event data is the error code. An IP address
of 0.0.0.0 can indicate a valid "any address" configuration in which all configured
IP addresses on the computer are available for use. Restart the DNS server or reboot
the computer.

Error - 5/24/2011 5:10:45 PM | Computer Name = POSSERVER.eklund-local.com | Source = DNS | ID = 408
Description = The DNS server could not open socket for address 192.168.3.200. Verify
that this is a valid IP address for the server computer. If it is NOT valid use
the Interfaces dialog under Server Properties in the DNS Manager to remove it from
the list of IP interfaces. Then stop and restart the DNS server. (If this was
the only IP interface on this machine and the DNS server may not have started as
a result of this error. In that case remove the DNS\Parameters\ ListenAddress
value in the services section of the registry and restart.) If this is a valid
IP address for this machine, make sure that no other application (e.g. another DNS
server) is running that would attempt to use the DNS port. For more information,
see "DNS server log reference" in the online Help.

Error - 5/28/2011 10:42:22 PM | Computer Name = POSSERVER.eklund-local.com | Source = DNS | ID = 407
Description = The DNS server could not bind a User Datagram Protocol (UDP) socket
to 169.254.166.133. The event data is the error code. Restart the DNS server or
reboot your computer.

Error - 5/28/2011 10:42:22 PM | Computer Name = POSSERVER.eklund-local.com | Source = DNS | ID = 408
Description = The DNS server could not open socket for address 169.254.166.133.
Verify that this is a valid IP address for the server computer. If it is NOT valid
use the Interfaces dialog under Server Properties in the DNS Manager to remove
it from the list of IP interfaces. Then stop and restart the DNS server. (If this
was the only IP interface on this machine and the DNS server may not have started
as a result of this error. In that case remove the DNS\Parameters\ ListenAddress
value in the services section of the registry and restart.) If this is a valid
IP address for this machine, make sure that no other application (e.g. another
DNS server) is running that would attempt to use the DNS port. For more information,
see "DNS server log reference" in the online Help.

Error - 5/28/2011 10:42:22 PM | Computer Name = POSSERVER.eklund-local.com | Source = DNS | ID = 404
Description = The DNS server could not bind a Transmission Control Protocol (TCP)
socket to address 169.254.166.133. The event data is the error code. An IP address
of 0.0.0.0 can indicate a valid "any address" configuration in which all configured
IP addresses on the computer are available for use. Restart the DNS server or reboot
the computer.

Error - 5/28/2011 10:42:22 PM | Computer Name = POSSERVER.eklund-local.com | Source = DNS | ID = 408
Description = The DNS server could not open socket for address 169.254.166.133.
Verify that this is a valid IP address for the server computer. If it is NOT valid
use the Interfaces dialog under Server Properties in the DNS Manager to remove
it from the list of IP interfaces. Then stop and restart the DNS server. (If this
was the only IP interface on this machine and the DNS server may not have started
as a result of this error. In that case remove the DNS\Parameters\ ListenAddress
value in the services section of the registry and restart.) If this is a valid
IP address for this machine, make sure that no other application (e.g. another
DNS server) is running that would attempt to use the DNS port. For more information,
see "DNS server log reference" in the online Help.

Error - 5/28/2011 10:46:24 PM | Computer Name = POSSERVER.eklund-local.com | Source = DNS | ID = 407
Description = The DNS server could not bind a User Datagram Protocol (UDP) socket
to 10.10.10.15. The event data is the error code. Restart the DNS server or reboot
your computer.

Error - 5/28/2011 10:46:24 PM | Computer Name = POSSERVER.eklund-local.com | Source = DNS | ID = 408
Description = The DNS server could not open socket for address 10.10.10.15. Verify
that this is a valid IP address for the server computer. If it is NOT valid use
the Interfaces dialog under Server Properties in the DNS Manager to remove it from
the list of IP interfaces. Then stop and restart the DNS server. (If this was
the only IP interface on this machine and the DNS server may not have started as
a result of this error. In that case remove the DNS\Parameters\ ListenAddress
value in the services section of the registry and restart.) If this is a valid
IP address for this machine, make sure that no other application (e.g. another DNS
server) is running that would attempt to use the DNS port. For more information,
see "DNS server log reference" in the online Help.

Error - 5/28/2011 10:46:24 PM | Computer Name = POSSERVER.eklund-local.com | Source = DNS | ID = 404
Description = The DNS server could not bind a Transmission Control Protocol (TCP)
socket to address 10.10.10.15. The event data is the error code. An IP address
of 0.0.0.0 can indicate a valid "any address" configuration in which all configured
IP addresses on the computer are available for use. Restart the DNS server or reboot
the computer.

Error - 5/28/2011 10:46:24 PM | Computer Name = POSSERVER.eklund-local.com | Source = DNS | ID = 408
Description = The DNS server could not open socket for address 10.10.10.15. Verify
that this is a valid IP address for the server computer. If it is NOT valid use
the Interfaces dialog under Server Properties in the DNS Manager to remove it from
the list of IP interfaces. Then stop and restart the DNS server. (If this was
the only IP interface on this machine and the DNS server may not have started as
a result of this error. In that case remove the DNS\Parameters\ ListenAddress
value in the services section of the registry and restart.) If this is a valid
IP address for this machine, make sure that no other application (e.g. another DNS
server) is running that would attempt to use the DNS port. For more information,
see "DNS server log reference" in the online Help.

[ System Events ]
Error - 11/30/2011 11:42:52 PM | Computer Name = POSSERVER.eklund-local.com | Source = UmrdpService | ID = 1111
Description = Driver Xerox Global Print Driver PCL required for printer WorkCentre
7428 is unknown. Contact the administrator to install the driver before you log
in again.

Error - 11/30/2011 11:42:54 PM | Computer Name = POSSERVER.eklund-local.com | Source = UmrdpService | ID = 1111
Description = Driver Brother HL-2270DW series required for printer Brother HL-2270DW
series Printer is unknown. Contact the administrator to install the driver before
you log in again.

Error - 11/30/2011 11:42:55 PM | Computer Name = POSSERVER.eklund-local.com | Source = UmrdpService | ID = 1111
Description = Driver Brother HL-2270DW series required for printer Brother HL-2270DW
series Printer (Copy 1) is unknown. Contact the administrator to install the driver
before you log in again.

Error - 11/30/2011 11:42:56 PM | Computer Name = POSSERVER.eklund-local.com | Source = UmrdpService | ID = 1111
Description = Driver HP LaserJet 8150 Series PCL6 required for printer !!SERVER!HP
LaserJet 8150 Series PCL6 is unknown. Contact the administrator to install the
driver before you log in again.

Error - 11/30/2011 11:42:57 PM | Computer Name = POSSERVER.eklund-local.com | Source = UmrdpService | ID = 1111
Description = Driver CutePDF Writer required for printer CutePDF Writer is unknown.
Contact the administrator to install the driver before you log in again.

Error - 11/30/2011 11:43:00 PM | Computer Name = POSSERVER.eklund-local.com | Source = UmrdpService | ID = 1111
Description = Driver Microsoft Office Document Image Writer Driver required for
printer Microsoft Office Document Image Writer is unknown. Contact the administrator
to install the driver before you log in again.

Error - 11/30/2011 11:43:02 PM | Computer Name = POSSERVER.eklund-local.com | Source = UmrdpService | ID = 1111
Description = Driver Universal Document Converter required for printer Universal
Document Converter is unknown. Contact the administrator to install the driver
before you log in again.

Error - 12/1/2011 12:17:14 AM | Computer Name = POSSERVER.eklund-local.com | Source = UmrdpService | ID = 1111
Description = Driver Brother PCL5e Driver required for printer Brother PCL5e Driver
is unknown. Contact the administrator to install the driver before you log in again.

Error - 12/1/2011 12:17:15 AM | Computer Name = POSSERVER.eklund-local.com | Source = UmrdpService | ID = 1111
Description = Driver HP LaserJet 8150 Series PCL6 required for printer !!192.168.4.250!HP
LaserJet 8150 Series PCL6 is unknown. Contact the administrator to install the
driver before you log in again.

Error - 12/1/2011 12:17:22 AM | Computer Name = POSSERVER.eklund-local.com | Source = UmrdpService | ID = 1111
Description = Driver OXPDFCreator required for printer OXPDFCreator is unknown.
Contact the administrator to install the driver before you log in again.


< End of report >

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 03 December 2011 - 11:12 AM

Please run the ESET online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#8 HotelEklund

HotelEklund
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 04 December 2011 - 01:06 AM

Thanks again for your help. Good news I hope.

C:\Users\Administrator\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application deleted - quarantined
E:\Roaming Users\Ida\My Documents\Downloads\gimp-setup.exe Win32/DownloadAdmin.A.Gen application deleted - quarantined
I couldn't find the "Enable Anti-Stealth technology" button.

Edited by HotelEklund, 04 December 2011 - 03:09 PM.


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 04 December 2011 - 05:19 PM

Just need to check where the second infection is coming from. Do you know what your E drive is?
Posted Image
m0le is a proud member of UNITE

#10 HotelEklund

HotelEklund
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 December 2011 - 01:11 AM

The E: has three directories:
E:\Network Installs - Network MSI installs using group policy
E:\Network Scans - Scans, in pdf format uploaded from our XEROX
E:\Roaming Users - This is where our windows roaming profiles are stored. Not supprising that there is a virus here.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 05 December 2011 - 07:49 PM

Well, it was a gen detection so it may not have been malicious but, yes, that's where the infections are likely to have been :whistle: .

Any change to the server so far?
Posted Image
m0le is a proud member of UNITE

#12 HotelEklund

HotelEklund
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 06 December 2011 - 03:29 PM

Still getting dns callouts to trojan dump sites
02:36:36 (null) IP-BLOCK 208.91.207.17 (Type: outgoing, Port: 54659, Process: dns.exe)
02:36:36 (null) IP-BLOCK 208.91.207.17 (Type: outgoing, Port: 55259, Process: dns.exe)
06:56:06 Administrator MESSAGE Protection started successfully
06:56:11 Administrator MESSAGE IP Protection started successfully
12:52:21 (null) IP-BLOCK 91.223.82.64 (Type: outgoing, Port: 56967, Process: dns.exe)
12:52:29 (null) IP-BLOCK 91.223.82.65 (Type: outgoing, Port: 56967, Process: dns.exe)
12:52:29 (null) IP-BLOCK 91.223.82.64 (Type: outgoing, Port: 56967, Process: dns.exe)
12:52:29 (null) IP-BLOCK 91.223.82.65 (Type: outgoing, Port: 56835, Process: dns.exe)
13:17:17 Administrator IP-BLOCK 208.91.207.17 (Type: outgoing, Port: 57727, Process: dns.exe)
13:18:13 Administrator IP-BLOCK 208.91.207.18 (Type: outgoing, Port: 56398, Process: dns.exe)
13:19:01 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 56601, Process: dns.exe)
13:19:09 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 56601, Process: dns.exe)
13:19:09 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 56601, Process: dns.exe)
13:19:17 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 56878, Process: dns.exe)
13:19:25 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 57394, Process: dns.exe)
13:19:33 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 57394, Process: dns.exe)
13:19:41 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 56732, Process: dns.exe)
13:19:49 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 56732, Process: dns.exe)
13:19:57 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 55963, Process: dns.exe)
13:20:29 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 57551, Process: dns.exe)
13:21:57 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 57130, Process: dns.exe)
13:24:45 Administrator IP-BLOCK 109.201.131.5 (Type: outgoing, Port: 57693, Process: dns.exe)

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:54 AM

Posted 06 December 2011 - 06:53 PM

There's an implication of a rootkit here. Can you run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#14 HotelEklund

HotelEklund
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 06 December 2011 - 08:59 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-06 18:37:43
-----------------------------
18:37:43.296 OS Version: Windows 6.0.6002 Service Pack 2
18:37:43.296 Number of processors: 8 586 0x2C02
18:37:43.297 ComputerName: POSSERVER UserName:
18:37:46.331 Initialze error C000010E - driver not loaded
18:54:20.650 AVAST engine defs: 11120602
18:54:46.060 Scan error: Incorrect function.
18:54:53.524 The log file has been saved successfully to "C:\Users\Administrator\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-06 18:55:39
-----------------------------
18:55:39.319 OS Version: Windows 6.0.6002 Service Pack 2
18:55:39.319 Number of processors: 8 586 0x2C02
18:55:39.320 ComputerName: POSSERVER UserName:
18:55:39.522 Initialize success
18:55:43.004 AVAST engine defs: 11120602
18:55:47.913 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007c
18:55:47.914 Disk 0 Vendor: DELL____ 1.22 Size: 237824MB BusType: 8
18:55:47.916 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007d
18:55:47.919 Disk 1 Vendor: DELL____ 1.22 Size: 475648MB BusType: 8
18:55:49.931 Disk 0 MBR read successfully
18:55:49.933 Disk 0 MBR scan
18:55:49.937 Disk 0 Windows VISTA default MBR code
18:55:49.940 Disk 0 scanning sectors +487061504
18:55:49.986 Disk 0 scanning C:\Windows\system32\drivers
18:55:54.409 Service scanning
18:55:55.357 Modules scanning
18:55:58.762 Disk 0 trace - called modules:
18:55:58.776 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys hal.dll megasas.sys
18:55:58.777 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85735968]
18:55:58.777 3 CLASSPNP.SYS[8cd7e8b3] -> nt!IofCallDriver -> \Device\0000007c[0x85508b88]
18:55:58.991 AVAST engine scan C:\Windows
18:56:00.160 AVAST engine scan C:\Windows\system32
18:56:54.687 AVAST engine scan C:\Windows\system32\drivers
18:56:59.031 AVAST engine scan C:\Users\Administrator
18:57:21.945 AVAST engine scan C:\ProgramData
18:57:30.485 Scan finished successfully
18:58:28.626 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Downloads\MBR.dat"
18:58:28.629 The log file has been saved successfully to "C:\Users\Administrator\Downloads\aswMBR.txt"

#15 HotelEklund

HotelEklund
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 06 December 2011 - 09:00 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-06 18:37:43
-----------------------------
18:37:43.296 OS Version: Windows 6.0.6002 Service Pack 2
18:37:43.296 Number of processors: 8 586 0x2C02
18:37:43.297 ComputerName: POSSERVER UserName:
18:37:46.331 Initialze error C000010E - driver not loaded
18:54:20.650 AVAST engine defs: 11120602
18:54:46.060 Scan error: Incorrect function.
18:54:53.524 The log file has been saved successfully to "C:\Users\Administrator\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-06 18:55:39
-----------------------------
18:55:39.319 OS Version: Windows 6.0.6002 Service Pack 2
18:55:39.319 Number of processors: 8 586 0x2C02
18:55:39.320 ComputerName: POSSERVER UserName:
18:55:39.522 Initialize success
18:55:43.004 AVAST engine defs: 11120602
18:55:47.913 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007c
18:55:47.914 Disk 0 Vendor: DELL____ 1.22 Size: 237824MB BusType: 8
18:55:47.916 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007d
18:55:47.919 Disk 1 Vendor: DELL____ 1.22 Size: 475648MB BusType: 8
18:55:49.931 Disk 0 MBR read successfully
18:55:49.933 Disk 0 MBR scan
18:55:49.937 Disk 0 Windows VISTA default MBR code
18:55:49.940 Disk 0 scanning sectors +487061504
18:55:49.986 Disk 0 scanning C:\Windows\system32\drivers
18:55:54.409 Service scanning
18:55:55.357 Modules scanning
18:55:58.762 Disk 0 trace - called modules:
18:55:58.776 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys hal.dll megasas.sys
18:55:58.777 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85735968]
18:55:58.777 3 CLASSPNP.SYS[8cd7e8b3] -> nt!IofCallDriver -> \Device\0000007c[0x85508b88]
18:55:58.991 AVAST engine scan C:\Windows
18:56:00.160 AVAST engine scan C:\Windows\system32
18:56:54.687 AVAST engine scan C:\Windows\system32\drivers
18:56:59.031 AVAST engine scan C:\Users\Administrator
18:57:21.945 AVAST engine scan C:\ProgramData
18:57:30.485 Scan finished successfully
18:58:28.626 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Downloads\MBR.dat"
18:58:28.629 The log file has been saved successfully to "C:\Users\Administrator\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-06 19:00:36
-----------------------------
19:00:36.094 OS Version: Windows 6.0.6002 Service Pack 2
19:00:36.094 Number of processors: 8 586 0x2C02
19:00:36.096 ComputerName: POSSERVER UserName:
19:00:36.271 Initialize success
19:00:39.588 AVAST engine defs: 11120602
19:00:47.346 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007c
19:00:47.347 Disk 0 Vendor: DELL____ 1.22 Size: 237824MB BusType: 8
19:00:47.349 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007d
19:00:47.351 Disk 1 Vendor: DELL____ 1.22 Size: 475648MB BusType: 8
19:00:49.358 Disk 0 MBR read successfully
19:00:49.360 Disk 0 MBR scan
19:00:49.362 Disk 0 Windows VISTA default MBR code
19:00:49.366 Disk 0 scanning sectors +487061504
19:00:49.420 Disk 0 scanning C:\Windows\system32\drivers
19:00:54.159 Service scanning
19:00:55.078 Modules scanning
19:00:58.286 Disk 0 trace - called modules:
19:00:58.304 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys hal.dll megasas.sys
19:00:58.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85735968]
19:00:58.310 3 CLASSPNP.SYS[8cd7e8b3] -> nt!IofCallDriver -> \Device\0000007c[0x85508b88]
19:00:58.896 AVAST engine scan E:\
19:01:07.314 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Downloads\MBR.dat"
19:01:07.317 The log file has been saved successfully to "C:\Users\Administrator\Downloads\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users