Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Fake.Alert keeps coming back

Started by FaMaK , Apr 19 2011 06:58 AM

  • This topic is locked This topic is locked

#1
FaMaK
Posted 19 April 2011 - 06:58 AM

FaMaK

    Member

  • Member
  • PipPip
  • 64 posts
Please help - I picked up a trojan, ran MBE multiple times but on reboot it keeps coming back. The original problem was the MS Removal tool which I thought I was able to get rid of but this keeps coming back.

Thanks

OTL logfile created on: 4/19/2011 8:47:33 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\mcmahfr\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 119.05 Gb Total Space | 49.72 Gb Free Space | 41.77% Space Free | Partition Type: NTFS

Computer Name: US011031032-01 | User Name: mcmahfr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 08:46:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
PRC - [2011/03/23 12:24:29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/20 19:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/12 14:50:16 | 000,240,816 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
PRC - [2010/06/09 02:28:22 | 000,931,184 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odTray.exe
PRC - [2010/06/09 02:28:18 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
PRC - [2010/06/09 01:58:00 | 000,152,944 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
PRC - [2010/06/08 19:54:12 | 000,398,704 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\Endpoint Defense\dsEES.exe
PRC - [2010/05/31 13:28:10 | 000,344,064 | ---- | M] () -- C:\Program Files\Polar\Daemon\polard.exe
PRC - [2010/05/21 02:05:10 | 000,198,000 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/01 13:15:56 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/01 13:15:50 | 000,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2009/09/01 13:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/01 13:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/03 13:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 13:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 13:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/12/11 09:45:28 | 000,292,136 | ---- | M] () -- C:\Program Files\CheckPoint\Tray\DNTray.exe
PRC - [2008/12/11 09:45:06 | 000,530,728 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe
PRC - [2008/12/03 14:40:26 | 000,674,368 | ---- | M] (Check Point Software Tech Ltd) -- C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
PRC - [2008/12/03 14:40:14 | 000,154,176 | ---- | M] () -- C:\WINDOWS\system32\pstartSr.exe
PRC - [2008/12/03 14:40:12 | 000,621,120 | ---- | M] () -- C:\WINDOWS\system32\Prot_srv.exe
PRC - [2008/11/25 16:38:12 | 000,114,688 | ---- | M] (Ernst & Young) -- C:\Program Files\RBManager\RBManager.exe
PRC - [2008/11/09 21:38:40 | 006,608,192 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
PRC - [2008/11/09 21:38:40 | 000,244,536 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
PRC - [2008/10/23 21:09:18 | 001,607,208 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/10/23 21:07:02 | 003,298,856 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/02 16:34:20 | 000,081,920 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcshelp.exe
PRC - [2008/10/02 15:04:50 | 000,954,416 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcs.exe
PRC - [2008/10/02 14:56:14 | 000,077,824 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\casvc.exe
PRC - [2008/09/29 10:15:56 | 000,093,472 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
PRC - [2008/09/22 13:08:46 | 000,065,536 | ---- | M] (Ernst & Young) -- C:\Program Files\eyutils\SMSTOOLS\EYSelectTrayApp.exe
PRC - [2008/05/08 18:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2008/05/08 18:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2008/04/26 01:06:22 | 000,049,152 | ---- | M] (Documentum, a division of EMC Corporation) -- c:\Program Files\Documentum\AppConnector\Documentum.AppConnector.CredentialService.exe
PRC - [2008/04/26 01:06:22 | 000,045,056 | ---- | M] (Documentum, a division of EMC Corporation) -- C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 15:12:24 | 000,102,400 | ---- | M] (Configuresoft, Inc.) -- C:\Program Files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe
PRC - [2007/11/03 11:01:28 | 000,032,768 | ---- | M] (Configuresoft, Inc) -- C:\WINDOWS\ECM4\Installer\CFC\2.0\bin\CsiWin32SocketListener.exe
PRC - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/12/05 09:36:10 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcqcoms.exe
PRC - [2006/01/25 13:55:04 | 000,495,616 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2006/01/10 13:30:04 | 000,491,520 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2004/03/19 05:21:38 | 000,208,967 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Timbuktu Pro\tb2launch.exe
PRC - [2002/08/29 08:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 08:46:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/01 10:38:58 | 000,151,552 | ---- | M] (InfoExpress) -- C:\WINDOWS\system32\cahooknt.dll
MOD - [2008/07/01 10:38:56 | 000,163,840 | ---- | M] (InfoExpress) -- C:\WINDOWS\system32\cahookd.dll
MOD - [2008/04/14 05:42:12 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/18 09:34:58 | 000,073,728 | ---- | M] (Ernst & Young) [On_Demand | Stopped] -- C:\Program Files\Ernst & Young\EY Tune Up\EYTuneUpService.exe -- (EY Tune Up Service)
SRV - [2010/07/12 14:50:16 | 000,240,816 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\system32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2010/06/09 02:28:18 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) [Auto | Running] -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -- (odClientService)
SRV - [2010/06/09 01:58:00 | 000,152,944 | ---- | M] (Juniper Networks) [On_Demand | Running] -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -- (EacService)
SRV - [2010/05/31 13:28:10 | 000,344,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2010/05/21 02:05:10 | 000,198,000 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/01 13:15:50 | 000,116,664 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/01 13:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/01 13:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/03 13:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2009/08/03 13:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2009/07/06 19:12:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/17 15:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/12/11 09:45:06 | 000,530,728 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe -- (DisknetClient)
SRV - [2008/12/03 14:40:14 | 000,154,176 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\pstartSr.exe -- (Pointsec_start)
SRV - [2008/12/03 14:40:12 | 000,621,120 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Prot_srv.exe -- (Pointsec)
SRV - [2008/11/09 21:38:40 | 006,608,192 | ---- | M] (Iron Mountain Incorporated) [Auto | Running] -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService)
SRV - [2008/10/23 21:07:02 | 003,298,856 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/10/02 14:56:14 | 000,077,824 | ---- | M] (InfoExpress) [Auto | Running] -- C:\Program Files\CyberArmor\casvc.exe -- (CyberArmorRunService)
SRV - [2008/08/08 15:53:16 | 000,031,624 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2008/06/12 22:57:44 | 001,720,320 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2008/05/09 06:53:32 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Disabled | Stopped] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/05/08 18:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2008/05/08 18:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2008/04/26 01:06:22 | 000,049,152 | ---- | M] (Documentum, a division of EMC Corporation) [Auto | Running] -- c:\Program Files\Documentum\AppConnector\Documentum.AppConnector.CredentialService.exe -- (Documentum Application Connector Credential Service)
SRV - [2008/03/14 15:12:24 | 000,102,400 | ---- | M] (Configuresoft, Inc.) [Auto | Running] -- C:\Program Files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe -- (CSIRemoteC)
SRV - [2007/11/03 11:01:28 | 000,032,768 | ---- | M] (Configuresoft, Inc) [Auto | Running] -- C:\WINDOWS\ECM4\Installer\CFC\2.0\bin\CsiWin32SocketListener.exe -- (CSI Socket Listener)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/12/05 09:36:10 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcqcoms.exe -- (lxcq_device)
SRV - [2004/03/19 05:21:38 | 000,208,967 | ---- | M] (Netopia, Inc.) [Auto | Running] -- C:\Program Files\Timbuktu Pro\tb2launch.exe -- (Tb2Launch)
SRV - [2000/01/25 18:00:16 | 000,408,568 | ---- | M] () [On_Demand | Stopped] -- C:\Oracle\Ora81\bin\ONRSD.EXE -- (OracleOraHome81ClientCache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (Tb2MirrorSys)
DRV - File not found [Kernel | System | Running] -- -- (Tb2Device)
DRV - [2011/03/04 17:49:53 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110417.004\navex15.sys -- (NAVEX15)
DRV - [2011/03/04 17:49:49 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110417.004\naveng.sys -- (NAVENG)
DRV - [2010/11/17 12:31:08 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/12 14:49:30 | 000,025,160 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2010/07/12 14:49:20 | 000,022,600 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2010/07/12 14:49:10 | 000,079,944 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2010/07/12 14:47:00 | 000,027,208 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nglog.sys -- (NgLog)
DRV - [2010/06/17 07:28:15 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/09 01:40:12 | 000,282,496 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFips2.sys -- (odFips2)
DRV - [2010/06/09 01:40:12 | 000,009,856 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFips.sys -- (odFips)
DRV - [2010/05/21 18:41:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/21 00:01:34 | 000,420,336 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprna.sys -- (jnprna)
DRV - [2010/04/21 00:01:34 | 000,029,312 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
DRV - [2010/04/21 00:01:34 | 000,012,288 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jnprva.sys -- (jnprva)
DRV - [2009/07/06 18:58:52 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
DRV - [2009/06/14 10:47:12 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2009/06/14 10:47:10 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2009/03/31 11:08:50 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/02/16 10:32:32 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/02/06 11:39:02 | 000,809,984 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/12/17 15:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/12/11 09:36:30 | 000,045,696 | ---- | M] (Check Point Software Technologies Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PSG.sys -- (PSG)
DRV - [2008/12/11 09:36:26 | 000,019,072 | ---- | M] (Check Point Software Technologies Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\rmm.sys -- (rmm)
DRV - [2008/12/11 09:36:22 | 000,029,312 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kaeon.sys -- (KAEON)
DRV - [2008/12/11 09:36:18 | 000,056,960 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dvrem.sys -- (dvrem)
DRV - [2008/12/11 09:36:16 | 000,027,136 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DNPFW.sys -- (DNPFW)
DRV - [2008/12/11 09:34:50 | 000,046,592 | ---- | M] (Reflex Magnetics Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rxaes100.sys -- (rxAES100)
DRV - [2008/12/03 14:39:08 | 000,218,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prot_2k.sys -- (prot_2k)
DRV - [2008/11/09 21:38:40 | 000,045,384 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV_Tracker.sys -- (LV_Tracker)
DRV - [2008/10/03 14:09:16 | 000,424,495 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\viexpf2k.sys -- (Viexpf2k)
DRV - [2008/09/19 17:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/07/01 10:50:34 | 000,021,504 | ---- | M] (InfoExpress) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\viexca2k.sys -- (Viexca2k)
DRV - [2008/04/09 07:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 07:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 07:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 02:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 02:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/13 03:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/08/17 09:51:04 | 000,217,216 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2001/08/17 08:11:36 | 000,065,278 | ---- | M] (Compaq Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetFlx3.sys -- (netflx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.iweb.ey.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=USWEB:80;http=USWEB:80;https=USWEB:443

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...50CLie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.aol.co...B50CLab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 12:24:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 12:24:33 | 000,000,000 | ---D | M]

[2009/07/16 21:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Extensions
[2009/10/28 11:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\eclipse\extensions
[2009/07/15 13:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\eclipse1\extensions
[2011/04/18 21:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions
[2010/09/03 13:49:06 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/08/23 11:11:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/19 17:49:01 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions\[email protected]
[2009/09/01 13:24:31 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\searchplugins\aol-search.xml
[2011/04/18 21:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/07 09:48:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/07 09:47:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/07 09:47:54 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/18 11:26:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (LexLink IE ToolBar) - {CBAA6F21-985C-11D4-A02B-00B0D073E889} - C:\Program Files\LexisNexis\CheckCite\llieobj.dll (LexisNexis)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Iron Mountain Incorporated)
O4 - HKLM..\Run: [AppConnectorLocaleMgr] C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe (Documentum, a division of EMC Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe (InfoExpress)
O4 - HKLM..\Run: [DN4TRAY] C:\Program Files\CheckPoint\Tray\DNTray.exe ()
O4 - HKLM..\Run: [ey_kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [LXCQCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (Juniper Networks, Inc.)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)
O4 - HKLM..\Run: [Recycle Bin Manager] C:\Program Files\RBManager\RBManager.exe (Ernst & Young)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZEYViewer] C:\Program Files\eyutils\SMSTOOLS\EYSelectTrayApp.exe (Ernst & Young)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKLM\..Trusted Domains: com.mx ([www.tuproteccion] https in Trusted sites)
O15 - HKLM\..Trusted Domains: eformRS.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: elementk.com ([contentserver] http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eygtt.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eyleads.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eylink.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyqa.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyqa.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eyua.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyua.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: fasttax.com ([gosystemrs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: fincad.com ([ey] http in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex-asp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: lexis.com ([web] http in Trusted sites)
O15 - HKLM\..Trusted Domains: raindance.com ([intellinex] http in Trusted sites)
O15 - HKLM\..Trusted Domains: riahome.com ([insourcers] https in Trusted sites)
O15 - HKLM\..Trusted Domains: riahome.com ([support2] https in Trusted sites)
O15 - HKLM\..Trusted Domains: smarttrainer4.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: surveymonkey.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: taleo.net ([ey] http in Trusted sites)
O15 - HKLM\..Trusted Domains: thomson.com ([gosystem] https in Trusted sites)
O15 - HKLM\..Trusted Domains: thomsonib.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: xtremelearning.com ([cserver] http in Trusted sites)
O16 - DPF: {12BE5614-761F-42A0-8458-ED2009EB1366} https://print-global...n/ADPrtCTRL.CAB (ADPrtCTRL.ucADPrtctrl)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {329ADA79-A81B-42DA-BFF4-DC124B075EF0} http://gfisclienteng...SZIPUtility.CAB (GFISZipUtility.GFISZIP)
O16 - DPF: {51B217FA-AA53-11D1-8295-006097970389} http://home.iweb.ey....b/notesuser.cab (NotesUserCtrl Class)
O16 - DPF: {759FD3DE-F0EF-4A76-909C-88CF840D4173} https://edocs.us.na....dkPluginCab.CAB (DmDragDrop Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BAC4A6B1-588F-495C-9074-B1C3A50AB3B7} https://gfis.iweb.ey...ex/AuthPost.CAB (AuthPost.Class1)
O16 - DPF: {C5A27D6A-4659-4351-9B7F-45E40BE42715} https://print-global...ugin/EYGPWS.CAB (gpwsx.plugin)
O16 - DPF: {CAFEEFAC-0011-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://bettycam.axis...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ey.webex.com...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.na.ey.net
O20 - AppInit_DLLs: (C:\WINDOWS\system32\cahooknt.dll) - C:\WINDOWS\system32\cahooknt.dll (InfoExpress)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (pssogina.dll) - C:\WINDOWS\System32\PssoGina.dll (Check Point Software Tech Ltd)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Juniper Networks, Inc.)
O20 - Winlogon\Notify\Timbuktu Pro: DllName - C:\Program Files\Timbuktu Pro\Hook32.dll - C:\Program Files\Timbuktu Pro\HOOK32.DLL (Netopia, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mcmahfr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mcmahfr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - Reg Error: Key error. File not found
O28 - HKCU ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\Program Files\Quick View Plus\Support\qvphook.dll (Stellent, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/15 20:54:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 08:46:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
[2011/04/18 11:26:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/18 08:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kBk06504aNdHo06504
[2011/04/15 10:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\TaxApps
[2011/04/15 09:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcmahfr\Desktop\Pictures April 2011
[2011/03/24 12:15:53 | 000,000,000 | ---D | C] -- C:\ProWin10
[2011/03/23 14:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2011/03/23 14:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ProSeries Basic Edition 2010
[2011/03/23 14:25:14 | 000,000,000 | ---D | C] -- C:\ProPDF
[2011/03/23 14:24:15 | 000,000,000 | ---D | C] -- C:\BasWin10
[2011/03/22 04:04:44 | 000,014,088 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP141.SYS
[2010/10/30 07:40:38 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqserv.dll
[2010/10/30 07:40:38 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqusb1.dll
[2010/10/30 07:40:38 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqhbn3.dll
[2010/10/30 07:40:38 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcomc.dll
[2010/10/30 07:40:38 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqpmui.dll
[2010/10/30 07:40:38 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqlmpm.dll
[2010/10/30 07:40:38 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcoms.exe
[2010/10/30 07:40:38 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcomm.dll
[2010/10/30 07:40:38 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqinpa.dll
[2010/10/30 07:40:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqiesc.dll
[2010/10/30 07:40:38 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqih.exe
[2010/10/30 07:40:38 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcfg.exe
[2010/10/30 07:40:38 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCQhcp.dll
[2010/10/30 07:40:38 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqprox.dll
[2010/10/30 07:40:38 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqpplc.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/19 08:46:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
[2011/04/19 07:54:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/19 04:03:03 | 000,014,088 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP141.SYS
[2011/04/19 01:55:35 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/04/18 22:58:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 22:58:10 | 000,000,495 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2011/04/18 22:55:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/18 22:55:10 | 2038,411,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 11:43:31 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1E966DD4-AA5B-4E9E-B973-2B8ED1C074AB}.job
[2011/04/18 11:32:41 | 000,026,917 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Desktop\McMahon Empire Correspondence 4.18.11.pdf
[2011/04/18 11:26:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/18 11:05:26 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/18 10:37:55 | 000,444,756 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/18 10:37:55 | 000,072,710 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/16 23:21:43 | 000,093,730 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Desktop\Eric Hodska Training- Enjoy the Journey.pdf
[2011/04/16 16:13:27 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/16 15:19:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/16 12:20:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/15 23:09:34 | 003,175,424 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/04/15 23:09:28 | 007,094,272 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/04/15 09:49:37 | 000,094,838 | ---- | M] () -- C:\Documents and Settings\mcmahfr\My Documents\ETU.pdf
[2011/04/13 13:43:55 | 000,025,244 | RHS- | M] () -- C:\Documents and Settings\mcmahfr\ntuser.pol
[2011/04/13 03:57:50 | 000,303,022 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/01 13:23:09 | 000,000,224 | ---- | M] () -- C:\WINDOWS\WTXI.INI
[2011/03/24 12:46:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/21 10:23:36 | 000,098,844 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Desktop\X5 tires Order Placed.pdf
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/18 11:32:41 | 000,026,917 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Desktop\McMahon Empire Correspondence 4.18.11.pdf
[2011/04/18 10:33:47 | 2038,411,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/16 23:21:43 | 000,093,730 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Desktop\Eric Hodska Training- Enjoy the Journey.pdf
[2011/04/15 09:49:37 | 000,094,838 | ---- | C] () -- C:\Documents and Settings\mcmahfr\My Documents\ETU.pdf
[2011/03/24 14:30:25 | 004,163,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/21 10:23:36 | 000,098,844 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Desktop\X5 tires Order Placed.pdf
[2010/10/30 07:41:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcqvs.dll
[2010/10/30 07:41:08 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcqcoin.dll
[2010/10/30 07:40:58 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcqdrs.dll
[2010/10/30 07:40:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcqcaps.dll
[2010/10/30 07:40:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcqcnv4.dll
[2010/10/30 07:40:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\lxcqrwrd.ini
[2010/10/30 07:40:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCQinst.dll
[2010/10/30 07:40:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxcqgrd.dll
[2010/10/28 03:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UnivMgr.INI
[2010/07/31 18:47:35 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\kodakpcd.ini
[2010/07/12 14:53:48 | 000,127,664 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2010/07/12 14:52:20 | 000,015,024 | ---- | C] () -- C:\WINDOWS\ngutil.exe
[2010/06/09 01:40:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\odFIPS2.sys.icv
[2010/03/27 08:02:03 | 000,000,224 | ---- | C] () -- C:\WINDOWS\WTXI.INI
[2010/03/13 19:14:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/01 08:04:34 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 05:35:08 | 000,167,252 | ---- | C] () -- C:\WINDOWS\Rem_EY_eDocs.EXE
[2009/10/28 01:09:14 | 000,047,633 | ---- | C] () -- C:\WINDOWS\System32\wuwuninst.exe
[2009/10/12 11:21:16 | 000,060,096 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/07 14:11:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tb2pro.INI
[2009/09/09 12:27:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/09/08 13:20:53 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/08/13 10:45:01 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/07/21 10:03:53 | 000,001,304 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/07/16 21:52:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/16 15:33:56 | 000,000,099 | ---- | C] () -- C:\WINDOWS\notesnsd.ini
[2009/07/06 20:36:19 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/07/06 20:36:13 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/07/06 19:17:48 | 000,000,070 | ---- | C] () -- C:\WINDOWS\init.ini
[2009/07/06 19:16:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WINMSG.INI
[2009/07/06 19:16:48 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\NCALLS.DLL
[2009/07/06 19:16:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\guidgen.dll
[2009/07/06 19:08:39 | 000,547,164 | ---- | C] () -- C:\WINDOWS\RemCFIT1137.EXE
[2009/07/06 19:06:22 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\fusioncache.dat
[2009/07/06 19:03:51 | 000,531,239 | ---- | C] () -- C:\WINDOWS\RemLNCT87.EXE
[2009/07/06 19:03:32 | 000,531,133 | ---- | C] () -- C:\WINDOWS\RemEYPeerConnectv1.0.EXE
[2009/07/06 19:01:04 | 000,154,152 | ---- | C] () -- C:\WINDOWS\RemRBMgr.EXE
[2009/07/06 18:58:52 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\iPassI5Installer.exe
[2009/07/06 18:56:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2009/07/06 18:45:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\eyprobe.exe
[2008/12/03 14:40:18 | 000,137,792 | ---- | C] () -- C:\WINDOWS\System32\NovPwd32.dll
[2008/12/03 14:40:14 | 000,154,176 | ---- | C] () -- C:\WINDOWS\System32\pstartSr.exe
[2008/12/03 14:40:12 | 000,621,120 | ---- | C] () -- C:\WINDOWS\System32\Prot_srv.exe
[2008/12/03 14:39:08 | 000,218,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\prot_2k.sys
[2008/11/09 21:38:40 | 000,045,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV_Tracker.sys
[2008/05/09 06:53:34 | 000,418,008 | ---- | C] () -- C:\WINDOWS\System32\WuWUI.exe
[2007/10/31 10:56:34 | 000,000,647 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dat
[2007/04/04 15:13:56 | 000,000,142 | ---- | C] () -- C:\WINDOWS\GemSignPdf.ini
[2006/08/21 15:45:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
[2005/05/18 14:16:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/17 20:18:46 | 000,000,495 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/17 19:32:15 | 000,146,432 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/05/16 20:27:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tb2Desk.INI
[2005/05/16 19:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/05/16 04:38:47 | 000,000,526 | ---- | C] () -- C:\WINDOWS\LOADSET.INI
[2005/05/16 04:38:00 | 000,444,756 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/05/16 04:38:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/05/16 04:38:00 | 000,072,710 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/05/16 04:38:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/05/16 04:37:58 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/05/16 04:37:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/05/16 04:37:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/16 04:37:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/05/16 04:37:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/05/16 04:37:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/05/16 04:37:18 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/05/15 21:53:06 | 000,568,493 | ---- | C] () -- C:\WINDOWS\REMKontiki.EXE
[2005/05/15 21:51:39 | 000,111,276 | ---- | C] () -- C:\WINDOWS\RemFF.EXE
[2005/05/15 21:48:19 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\Libjcc.dll
[2005/05/15 21:48:19 | 000,067,306 | ---- | C] () -- C:\WINDOWS\System32\pbodb70.ini
[2005/05/15 21:43:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/15 21:42:33 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/15 21:42:18 | 000,424,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\viexpf2k.sys
[2005/05/15 21:42:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vsctool.dll
[2005/05/15 21:33:07 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/05/15 21:15:11 | 000,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/15 21:13:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/15 21:02:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/15 20:49:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/04/29 14:09:30 | 000,004,743 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1999/05/24 03:26:42 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\FdfTk.dll
[1999/05/24 03:23:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\FdfAcX.dll

========== LOP Check ==========

[2010/12/05 09:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2010/08/26 19:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Email Backup Optimization
[2009/07/06 18:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPass
[2010/12/06 16:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/04/18 15:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kBk06504aNdHo06504
[2011/04/19 08:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/07/06 18:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pointsec
[2010/01/18 19:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/09/01 12:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/09 13:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/05 07:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/12 08:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/04 15:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\.oit
[2011/02/13 09:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Aventail
[2011/02/25 15:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Blackberry Desktop
[2009/07/16 08:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Documentum
[2009/07/06 18:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Ernst & Young
[2009/07/06 20:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Funk Software
[2010/09/03 13:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\GARMIN
[2009/07/06 18:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\InterVideo
[2009/08/05 09:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Kontiki
[2009/07/06 18:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Local Settings
[2010/12/06 16:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Polar WebSync
[2009/07/15 12:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Research in Motion
[2009/08/05 13:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Skinux
[2010/06/23 19:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Smith Micro
[2010/11/29 06:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Trondent Development Corp
[2009/09/09 21:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Viewpoint
[2010/09/10 08:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\webex
[2010/10/13 16:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Xerox
[2011/04/18 11:43:31 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1E966DD4-AA5B-4E9E-B973-2B8ED1C074AB}.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 4/19/2011 8:47:33 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\mcmahfr\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 119.05 Gb Total Space | 49.72 Gb Free Space | 41.77% Space Free | Partition Type: NTFS

Computer Name: US011031032-01 | User Name: mcmahfr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe" = C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe:*:Enabled:Connected Backup Agent -- (Iron Mountain Incorporated)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe" = C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe:*:Enabled:Connected Backup Agent -- (Iron Mountain Incorporated)
"C:\WINDOWS\system32\lxcqcoms.exe" = C:\WINDOWS\system32\lxcqcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20090219c-200908151410\jre\bin\notes2w.exe" = C:\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20090219c-200908151410\jre\bin\notes2w.exe:*:Enabled:Lotus Notes -- (IBM)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{050569C7-DA4C-49C7-B672-C435B7BCFFBC}" = Tax Screen Saver 3.0
"{0527509C-2381-48BA-87A0-DBC92A8FFE81}" = EY Workplace - At Your Service
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0608812E-E2BB-416B-AFB8-51F30CC78431}" = ZipMail V10 for Lotus Notes
"{0E040783-972F-4F83-A6FA-8C6001DCE715}" = Cassetica Software NotesMedic 5.0
"{0FC8BB98-79D2-4441-B9F8-8BD15F7AC2C8}" = Oracle LDAP Update 3.2009
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{12711EB8-DA8C-4378-A4C5-0EF8C778E072}" = BlackBerry Device Software v4.7.1 for the BlackBerry 9630 smartphone
"{140070AB-53AC-4B00-B818-0037791577A0}" = X1
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17E67191-2F5E-45D4-A8A7-BF7238818CBE}" = iPassConnect
"{18E46A14-0067-4362-BE12-980B90A23601}" = EY Peer Connect
"{236B146C-B504-411B-A993-5085235E9F5F}" = Time Tracker Excel Template P1
"{24EDE4DA-3852-4BCA-BE6C-04D43BBDB2DF}" = EYRC Route Program
"{258F6CA9-894A-4818-9ED9-081755CCFD3E}" = Infuzer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{27579b3c-5470-4496-be6c-0c872674f19f}" = Macromedia Flash Player
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D39B47A-56AF-45E5-ACC9-821FC92A7F80}" = EY Americas Desktop Reference 4.2
"{2D41D8AE-F122-413E-A7C5-B6D86F22F5CA}" = Visual Identity Templates 2009
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{31B33270-24D7-4307-84F2-A3288636B83A}" = Pointsec PC
"{32B47B57-F395-4C16-86C9-C9D54DF60B06}" = Global Self Help
"{34843AB3-8DBA-4388-8838-080635E1EDB6}" = SwiftFile 4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = EY Personal Backup Agent
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C5CBA9D-11D6-4652-A03E-4B41D17F06CD}" = EY Tune Up
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48336530-E7A6-4D90-8B5E-2B3DB0FE5210}" = ECMAgent4.9.0.54
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A39A27F-005B-407E-8CF5-F4D8065658E4}" = SMS Advanced Client
"{4CCA10F5-40E2-439E-9D82-67F70A292CCC}" = Polar WebSync
"{4D9029D3-D12C-4786-94F5-FF158FDB9470}" = VZAccess Manager
"{4E4E3C9D-42CF-4A9E-AE65-4E741EA59216}" = BTS - Winning Annuity Relationships 2009.04
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4FD4C0D3-DA93-4132-82C6-177385E41868}" = EY Branding Zone
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C94EAEB-D776-4164-BBD1-B6B99BAA5290}" = IP Presence
"{5ECC898D-84FD-43AE-96D5-12DF9AD8A52D}" = Circular 230 Ver 2.1
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6123B6B5-65AE-4094-9AD0-0100598C728A}" = GAAIT Online
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64637CA5-2EC1-4077-889A-2359D9E6BE8C}" = TRAX Personal 8.00
"{68BFB7FA-39DB-438F-894F-18A831AD94AC}" = WinDVD 4 for IBM Systems
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BF89F80-9696-4F3A-A61B-B02E1CECBA02}" = Pointsec Protector Client
"{6D3E9027-5DD4-43F7-8C3B-43D7B936F9D7}" = Timbuktu Pro for Windows build 933
"{6EFD662B-6954-460A-8A55-05638D1FF622}" = Tax Practice Guidance & Tools
"{72D96FC4-BD07-4376-BACB-42A215E74F31}" = ECF-Acrobat 8 Integration 2.4.0.94
"{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}" = Adobe Shockwave Player 11.5
"{743D18E2-1B67-4AA9-9E74-B392505A3565}" = Aventail OPSWAT End Point Control
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7C4A7CB9-C388-46D8-95F3-5FB8AA5CE873}" = Soap Took Kit
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E35E114-A869-4434-AE5C-8DB606DF3944}" = Adobe SVG Viewer 3.03
"{7E396E6A-0555-47D1-8AFD-A8BE834899A7}" = Prohibitive Word Checker
"{8155DE72-3F2A-404F-BF87-08EE0C827B7E}" = WinDVD 4 for Dell Systems
"{82AFAC3E-A0EA-11D3-BFAC-00C04F60824A}" = Sametime Print Capture
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837D3763-297C-4DC4-A165-F0B17F4C61DA}" = Analyze Workbook
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{858B0B8C-4C88-4044-9A6A-42902D4D59A6}" = Visual Identity Fonts 2009
"{863998CC-4552-43BB-82F2-4BD2AE737196}" = EY AD Password Expiration Tool 1.4.1
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2860A67F-F7F6-497B-BF16-1CADCBBFA8C6}" =
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{902E0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2000 Web Components
"{90FF8B1D-1A81-476C-83F3-1F8D71C1CFC0}" = ACS Offline Course Manager
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{98BCB68E-274F-11D4-B2FA-00105AA9021A}" = DR Systems Web Ambassador
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D814802-307C-450E-9B83-6BB13E29994F}" = ECF24VPN
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9EA5C213-9DCA-4B2E-BC93-A6454AE194E8}" = Infuzer
"{9F3E3C1B-6964-48D6-84C8-925C9A5A8229}" = Polar Daemon
"{9F91B6C4-E892-4978-A571-B5A32BC2082C}" = Symantec AntiVirus
"{A1BC9F13-59FE-43E4-8498-DF5A721196C5}" = BlackBerry USB Drivers
"{A243DEB6-E5D6-40CF-A888-A8E1995C5C40}" = LDI eDocs
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6334245-D9F3-4E15-A8C8-A7BF98D6E7E9}" = EY Signer 1.4
"{B8341C05-AFB8-43D2-A977-40A5126944F8}" = Kontiki Delivery Manager
"{BA9E20A1-3C1E-4DA8-80D1-C250A0F8DB87}" = EY Reserve Personal Access 5.0.1
"{BB3FF061-EF82-4858-A4DD-6A4E6425EEAE}" = Topaz Systems SigPlus & Addins 1.1
"{BB75CCF7-5020-4258-A755-86D300774F55}" = EYHelp3 Fast Path 11.2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C10C13CD-9130-4D30-ADD8-5D348A6556DE}" = Visual Identity Americas Wallpaper
"{C2ECAB8C-C48D-4C43-B268-C0360E7DC20B}" = SALT Tools 2011.2
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C813D88E-938A-42D5-95B9-64831E119DCA}" = Tax Interest 2011.2
"{C9603D6E-FC80-452E-A85D-CE29D4302AAD}" = Microsoft WSE 2.0 SP1 Runtime
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD804DF4-B486-4A13-B74C-E0EFB5E556A4}" = State Bonus Depreciation 2010.8
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D178299E-39AE-416E-9E53-B0A3C2586CBA}" = Lotus Notes 8.0.2
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4756C12-4517-42DD-9641-0D131B1B9467}" = EMC Documentum Application Connectors 5.3
"{D91EEFEB-965F-4975-9094-14808CC0D651}" = Windows Media Player 11
"{D9D59F48-E4AC-4106-8B50-907BF0349CDC}" = QuickView Plus
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E4052E8B-8E57-4385-B049-2E58820CEFEB}" = Analyze Workbook
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA0092C2-C0FE-40DA-A79E-E4C0FCA129F9}" = Intuit Entitlement Client
"{FB0BB7E4-1FE8-402F-91C6-664ACCEF9070}" = Loadset Information
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF4FA23E-C8E1-403B-91DE-9014D0B8DD2C}" = ECM Remote Client
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.2.5 Standard
"Adobe Acrobat 8 Standard - English, Français, Deutsch_825" = Adobe Acrobat 8.2.5 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aventail10" = Aventail Connect 10.0.4.35
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BlackBerry_{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"CleanUp!" = CleanUp!
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Connection Wizard" = Connection Wizard
"CyberArmor" = CyberArmor 3.5.8.701
"Digital Editions" = Adobe Digital Editions
"EY eDocs" = EY eDocs
"EY Peer Connect v1.0" = EY Peer Connect v1.0
"FinePrint" = FinePrint
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Juniper Odyssey Access Client" = Juniper Odyssey Access Client 5.2
"Lexis Citation Tools 2003" = LexLink v8.4
"LexisNexis Citation Tools v8.7" = LexisNexis Citation Tools v8.7
"Lexmark 9300 Series" = Lexmark 9300 Series
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micrografx FlowCharter Viewer 7" = Micrografx FlowCharter Viewer 7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MS Fax Viewer" = MS Fax Viewer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oracle Client 8.1.6" = Oracle Client 8.1.6
"pdfFactory Pro" = pdfFactory Pro
"PIXresizer_is1" = PIXresizer 2.0.4
"Power Management Driver" = ThinkPad Power Management Driver
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProSeries Basic Edition 2010" = ProSeries Basic Edition 2010
"PROSet" = Intel® Network Connections Drivers
"Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #1" = Custom Import Tool 1.1.37
"TrackPoint" = ThinkPad TrackPoint Driver
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZipMail V8 for Lotus Notes" = ZipMail V8 for Lotus Notes

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e1cbb738e2e082e" = EPIC Americas
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2011 11:54:03 AM | Computer Name = US011031032-01 | Source = UserInit | ID = 1000
Description = Could not execute the following script ecmadmin1.bat. The system cannot
find the file specified. .

Error - 2/20/2011 11:54:03 AM | Computer Name = US011031032-01 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/20/2011 11:55:13 AM | Computer Name = US011031032-01 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for US\mcmahfr failed to contact
the active directory (0x8007054b). The specified domain either does not exist or
could not be contacted. Enrollment will not be performed.

Error - 2/21/2011 10:17:21 PM | Computer Name = US011031032-01 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/21/2011 10:17:22 PM | Computer Name = US011031032-01 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/21/2011 10:17:47 PM | Computer Name = US011031032-01 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/21/2011 10:20:20 PM | Computer Name = US011031032-01 | Source = UserInit | ID = 1000
Description = Could not execute the following script ecmadmin1.bat. The system cannot
find the file specified. .

Error - 2/21/2011 10:20:21 PM | Computer Name = US011031032-01 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/21/2011 10:20:24 PM | Computer Name = US011031032-01 | Source = UserInit | ID = 1000
Description = Could not execute the following script KIX32.EXE. The system cannot
find the file specified. .

Error - 2/21/2011 10:21:34 PM | Computer Name = US011031032-01 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for US\mcmahfr failed to contact
the active directory (0x8007054b). The specified domain either does not exist or
could not be contacted. Enrollment will not be performed.

[ Application Events ]
Error - 2/20/2011 11:54:03 AM | Computer Name = US011031032-01 | Source = UserInit | ID = 1000
Description = Could not execute the following script ecmadmin1.bat. The system cannot
find the file specified. .

Error - 2/20/2011 11:54:03 AM | Computer Name = US011031032-01 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/20/2011 11:55:13 AM | Computer Name = US011031032-01 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for US\mcmahfr failed to contact
the active directory (0x8007054b). The specified domain either does not exist or
could not be contacted. Enrollment will not be performed.

Error - 2/21/2011 10:17:21 PM | Computer Name = US011031032-01 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/21/2011 10:17:22 PM | Computer Name = US011031032-01 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/21/2011 10:17:47 PM | Computer Name = US011031032-01 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/21/2011 10:20:20 PM | Computer Name = US011031032-01 | Source = UserInit | ID = 1000
Description = Could not execute the following script ecmadmin1.bat. The system cannot
find the file specified. .

Error - 2/21/2011 10:20:21 PM | Computer Name = US011031032-01 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/21/2011 10:20:24 PM | Computer Name = US011031032-01 | Source = UserInit | ID = 1000
Description = Could not execute the following script KIX32.EXE. The system cannot
find the file specified. .

Error - 2/21/2011 10:21:34 PM | Computer Name = US011031032-01 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for US\mcmahfr failed to contact
the active directory (0x8007054b). The specified domain either does not exist or
could not be contacted. Enrollment will not be performed.

[ OSession Events ]
Error - 11/3/2009 5:18:04 PM | Computer Name = US011031032-01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 979
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/13/2010 9:59:30 AM | Computer Name = US011031032-01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/29/2010 12:05:22 PM | Computer Name = US011031032-01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2754
seconds with 900 seconds of active time. This session ended with a crash.

Error - 11/8/2010 9:09:04 AM | Computer Name = US011031032-01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 135
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/18/2011 11:28:48 AM | Computer Name = US011031032-01 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain US due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 4/18/2011 11:29:24 AM | Computer Name = US011031032-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/18/2011 11:30:52 AM | Computer Name = US011031032-01 | Source = Service Control Manager | ID = 7022
Description = The Documentum Application Connector Credential Service service hung
on starting.

Error - 4/18/2011 5:12:41 PM | Computer Name = US011031032-01 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain US due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 4/18/2011 10:55:31 PM | Computer Name = US011031032-01 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 4/18/2011 10:55:35 PM | Computer Name = US011031032-01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/18/2011 10:55:39 PM | Computer Name = US011031032-01 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain US due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 4/18/2011 10:57:44 PM | Computer Name = US011031032-01 | Source = Service Control Manager | ID = 7022
Description = The Documentum Application Connector Credential Service service hung
on starting.

Error - 4/18/2011 10:57:44 PM | Computer Name = US011031032-01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
atapi
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 4/19/2011 8:42:29 AM | Computer Name = US011031032-01 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain US due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >
  • 0

Advertisements

#2
Salagubang
Posted 25 April 2011 - 01:05 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi famak,

Sorry for the delay.

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
FaMaK
Posted 25 April 2011 - 06:42 AM

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Thank you for your help!

Here is the log:

ComboFix 11-04-24.06 - mcmahfr 04/25/2011 8:22.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.927 [GMT -4:00]
Running from: c:\documents and settings\mcmahfr\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: CyberArmor Client *Enabled* {E503B27E-6391-4e17-B2CA-F910AF011E23}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Helpdesk\WINDOWS
.
----- BITS: Possible infected sites -----
.
hxxp://USSECAMEYSDUSB:65300
hxxp://USSECAMEYSDAM3:65300
.
((((((((((((((((((((((((( Files Created from 2011-03-25 to 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-19 20:27 . 2011-04-19 20:27 -------- d-----w- c:\windows\system32\RK_Quarantine
2011-04-18 15:26 . 2011-04-18 15:26 -------- d-----w- C:\_OTL
2011-04-18 12:40 . 2011-04-18 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\kBk06504aNdHo06504
2011-04-15 14:18 . 2011-04-15 14:18 -------- d-----w- c:\program files\TaxApps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-19 08:03 . 2011-03-22 08:04 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2011-03-04 06:45 . 2002-02-26 13:58 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 21:36 . 2010-09-05 11:08 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2010-09-05 11:08 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 19:00 . 2005-05-17 01:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2005-05-16 08:37 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2005-05-16 08:37 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 11:44 . 2005-05-17 01:04 389120 ----a-w- c:\windows\system32\html.iec
2011-02-09 13:53 . 2005-05-16 08:38 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2005-05-16 08:37 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2005-05-16 00:48 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-05-16 00:48 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberArmorHelper"="c:\progra~1\CYBERA~1\pcshelp.exe" [2008-10-02 81920]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-01-25 495616]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-01-10 491520]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2008-09-29 93472]
"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2008-12-03 674368]
"DN4TRAY"="c:\program files\CheckPoint\Tray\DNTray.exe" [2008-12-11 292136]
"ZEYViewer"="c:\program files\eyutils\SMSTOOLS\EYSelectTrayApp.exe" [2008-09-22 65536]
"Recycle Bin Manager"="c:\program files\RBManager\\RBManager.exe" [2008-11-25 114688]
"ey_kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-24 1607208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"AppConnectorLocaleMgr"="c:\program files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe" [2008-04-26 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-08-03 53096]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2009-09-01 125368]
"AgentUiRunKey"="c:\program files\Iron Mountain\Connected BackupPC\Agent.exe" [2008-11-10 244536]
"LXCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-11-21 106496]
"OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2010-06-09 931184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "c:\program files\Quick View Plus\Support\qvphook.dll" [2002-02-01 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2010-12-06 20:47 218480 ----a-w- c:\windows\system32\odyEvent.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
2004-03-19 09:29 81973 ----a-w- c:\program files\Timbuktu Pro\HOOK32.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cahooknt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3814449816-1147414744-3287126245-22307\Scripts\Logon\0\0]
"Script"=KIX32.EXE
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DisknetClient]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Iron Mountain\\Connected BackupPC\\Agent.exe"=
"c:\\WINDOWS\\system32\\lxcqcoms.exe"=
"c:\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.6.0.20090219c-200908151410\\jre\\bin\\notes2w.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [12/11/2008 9:36 AM 27136]
R0 dvrem;Pointsec Protector EPM Driver;c:\windows\system32\drivers\dvrem.sys [12/11/2008 9:36 AM 56960]
R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [12/11/2008 9:36 AM 29312]
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [6/9/2010 1:40 AM 9856]
R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [6/9/2010 1:40 AM 282496]
R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [12/3/2008 2:39 PM 218176]
R0 PSG;Pointsec Protector PSG;c:\windows\system32\drivers\psg.sys [12/11/2008 9:36 AM 45696]
R0 rmm;Pointsec Protector RMM Driver;c:\windows\system32\drivers\rmm.sys [12/11/2008 9:36 AM 19072]
R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [12/11/2008 9:34 AM 46592]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [11/9/2008 9:38 PM 6608192]
R2 CSI Socket Listener;CSI Socket Listener;c:\windows\ECM4\INSTAL~1\CFC\2.0\bin\CsiWin32SocketListener.exe [9/22/2009 1:13 PM 32768]
R2 CSIRemoteC;Configuresoft ECM Remote Client;c:\program files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe [3/14/2008 3:12 PM 102400]
R2 CyberArmorRunService;CyberArmor Run Service;c:\program files\CyberArmor\casvc.exe [5/15/2005 9:42 PM 77824]
R2 DisknetClient;Pointsec Protector Client Service;c:\program files\CheckPoint\Pointsec Protector Client\disknet.exe [12/11/2008 9:45 AM 530728]
R2 Documentum Application Connector Credential Service;Documentum Application Connector Credential Service;c:\program files\Documentum\AppConnector\Documentum.AppConnector.CredentialService.exe [4/26/2008 1:06 AM 49152]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [5/21/2010 2:05 AM 198000]
R2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe -service --> c:\windows\system32\lxcqcoms.exe -service [?]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [7/12/2010 2:50 PM 240816]
R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [12/3/2008 2:40 PM 621120]
R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [12/3/2008 2:40 PM 154176]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/1/2009 1:15 PM 116664]
R2 Viexca2k;CyberArmor Registry Driver;c:\windows\system32\drivers\viexca2k.sys [10/27/2009 11:45 PM 21504]
R2 Viexpf2k;CyberArmor W2KDriver;c:\windows\system32\drivers\viexpf2k.sys [5/15/2005 9:42 PM 424495]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/6/2009 8:35 PM 243856]
R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [6/9/2010 1:58 AM 152944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/13/2011 11:41 AM 102448]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [12/6/2010 4:46 PM 420336]
R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [12/6/2010 4:46 PM 29312]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [7/12/2010 2:49 PM 22600]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [7/12/2010 2:47 PM 27208]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [7/12/2010 2:49 PM 79944]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [7/6/2009 8:36 PM 23080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2011 6:49 PM 136176]
S2 Polar Daemon;Polar Daemon;c:\program files\Polar\Daemon\polard.exe [5/31/2010 1:28 PM 344064]
S3 EY Tune Up Service;EY Tune Up Service;c:\program files\Ernst & Young\EY Tune Up\EYTuneUpService.exe [8/18/2010 9:34 AM 73728]
S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [12/6/2010 4:46 PM 12288]
S3 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [11/9/2008 9:38 PM 45384]
S3 netflx3;Compaq NetFlex-3/Netelligent Adapter Driver;c:\windows\system32\drivers\NetFlx3.sys [5/15/2005 9:45 PM 65278]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [7/12/2010 2:49 PM 25160]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\Ora81\bin\ONRSD.EXE [7/6/2009 6:40 PM 408568]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
S4 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/9/2008 6:53 AM 262360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\BrandingZone]
2008-03-11 19:57 177106 ----a-w- c:\windows\EYINST\The_Branding_Zone\Branding_Zone_USER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\EY_Leads_Branding]
2008-02-15 17:58 177221 ----a-w- c:\windows\EYINST\ACS_Offline_Course_Manager\EY_Leads.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Lotus_Notes]
2008-09-03 22:06 126874 ----a-w- c:\windows\EYINST\Lotus_Notes\8.0.2\Shortcuts.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\pdfFP_Up]
2009-02-23 21:56 125354 ----a-w- c:\windows\EYINST\pdfFactory_Pro_Update\2.50\pdfFP_Up.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D41D8AE-F122-413E-A7C5-B6D86F22F5CA}]
2009-09-10 15:36 136701 ----a-w- c:\windows\EYINST\Visual_Identity_Templates_2009\1.0\EYIT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2010-12-20 23:08 124928 ------w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 22:49]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 22:49]
.
2011-04-25 c:\windows\Tasks\User_Feed_Synchronization-{1E966DD4-AA5B-4E9E-B973-2B8ED1C074AB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.iweb.ey.com/
uInternet Settings,ProxyOverride = *.corptax.com;blrscr3.egs-seg.gc.ca;142.221.160.*;*.gamx.ey.net;myvpn.eycan.com;cda.eyo.ca;*.taxnavigator.ca;ey.venngo.com;ogs*.com;*.gofileroom.com;globaltracker.ey.com;199.52.42.94;199.50.15.252;199.50.15.251;199.50.14.59;199.50.14.91;199.50.15.220;199.50.15.219;eyonline-er*.ey.com;eroomdestage.ey.com;eroomusstage.ey.com;*.eyqa.net;*.eyua.net;*.gamx.ey.com;erniedomino.ey.com;eyo-iis-pd.ey.com;eyonline.ey.com;sdc.ey.com;deqp001.quickplace.ey.com;gbqp001.quickplace.ey.com;qp002.quickplace.ey.com;qp001.quickplace.ey.com;199.50.20.187;199.50.20.186;*.adc.ey.com;gosystemrs.fasttax.com;riatraining.com;www.riahelp.com;iweb.eycan.com;txrn.ey.com;txsn.ey.com;txadmin.ey.com;*.eyntc.com;eformrs.com;*.kontiki.com;*.iweb.ey.com;169.254.*.*;*.eylink.com;*.ey.net;*.quickplace.ey.com;199.49.190.*;198.134.44.*;*.ltdcenter.ey.com;<local>
uInternet Settings,ProxyServer = ftp=USWEB:80;http=USWEB:80;https=USWEB:443
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: com.mx\www.tuproteccion
Trusted Zone: eformRS.com
Trusted Zone: elementk.com\contentserver
Trusted Zone: ey.com
Trusted Zone: ey.net
Trusted Zone: eygtt.com
Trusted Zone: eyleads.com
Trusted Zone: eylink.com
Trusted Zone: eyqa.net
Trusted Zone: eyua.net
Trusted Zone: fasttax.com\gosystemrs
Trusted Zone: fincad.com\ey
Trusted Zone: intellinex-asp.com
Trusted Zone: intellinex.com
Trusted Zone: lexis.com\web
Trusted Zone: raindance.com\intellinex
Trusted Zone: riahome.com\insourcers
Trusted Zone: riahome.com\support2
Trusted Zone: smarttrainer4.com
Trusted Zone: surveymonkey.com
Trusted Zone: taleo.net\ey
Trusted Zone: thomson.com\gosystem
Trusted Zone: thomsonib.com
Trusted Zone: xtremelearning.com\cserver
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {12BE5614-761F-42A0-8458-ED2009EB1366} - hxxps://print-globalselfhelp.ey.net/GPODTEST/content/services/servicesconnection/plugin/ADPrtCTRL.CAB
DPF: {329ADA79-A81B-42DA-BFF4-DC124B075EF0} - hxxp://gfisclientengsummary.iweb.ey.com/GFIS/Activex/GFISZIPUtility.CAB
DPF: {51B217FA-AA53-11D1-8295-006097970389} - hxxp://home.iweb.ey.com/w6cab/notesuser.cab
DPF: {759FD3DE-F0EF-4A76-909C-88CF840D4173} - hxxps://edocs.us.na.ey.net/edocs/wdk/native/WdkPluginCab.CAB
DPF: {BAC4A6B1-588F-495C-9074-B1C3A50AB3B7} - hxxps://gfis.iweb.ey.com/GFIS/Activex/AuthPost.CAB
DPF: {C5A27D6A-4659-4351-9B7F-45E40BE42715} - hxxps://print-globalselfhelp.ey.net/GPODTEST/content/services/servicesconnection/plugin/EYGPWS.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://bettycam.axiscam.net/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Panda3D Game Engine Plug-In: [email protected] - %profile%\extensions\[email protected]
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\mcmahfr\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 08:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}\0409]
@SACL=
"Version"="1.0.0.2"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1916)
c:\windows\system32\cahooknt.dll
c:\windows\system32\pssogina.dll
c:\windows\system32\odyEvent.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1972)
c:\windows\system32\cahooknt.dll
.
Completion time: 2011-04-25 08:29:10
ComboFix-quarantined-files.txt 2011-04-25 12:29
.
Pre-Run: 51,874,021,376 bytes free
Post-Run: 51,908,632,576 bytes free
.
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 847E4E8AAE8B569E84953C486EBD40DA
  • 0

#4
Salagubang
Posted 25 April 2011 - 06:53 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Doesn't the machine have internet access? I noticed it didnt install the recovery console.
  • 0

#5
Salagubang
Posted 25 April 2011 - 07:03 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#6
FaMaK
Posted 25 April 2011 - 06:28 PM

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Attached are the reports - note that I accidentely stopped the virus scan the first time (after it deleted a few trojans) so I needed to rerun it. Took a while to run!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6440

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/25/2011 9:14:20 AM
mbam-log-2011-04-25 (09-14-20).txt

Scan type: Quick scan
Objects scanned: 172031
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kaspersky LOG:

Autoscan: stopped 9 hours ago (events: 9, objects: 509223, time: 01:33:24)
4/25/2011 9:21:32 AM Task started
4/25/2011 9:40:29 AM Detected: Trojan.Win32.Oficla.ajn C:\Documents and Settings\mcmahfr\My Documents\Downloads\USPSLabel.zip/LABEL_USPSXLS/LABEL_USPSXLS.exe
4/25/2011 9:40:46 AM Deleted: Trojan.Win32.Oficla.ajn C:\Documents and Settings\mcmahfr\My Documents\Downloads\USPSLabel.zip/LABEL_USPSXLS/LABEL_USPSXLS.exe
4/25/2011 9:42:16 AM Detected: Trojan-Banker.Win32.Banker.bdki C:\Documents and Settings\mcmahfr\My Documents\Int cleaner\wwsetup1_1790998060.exe/data0000.res/Formdata.exe
4/25/2011 9:43:34 AM Detected: Trojan-Banker.Win32.Banker.bdki C:\Documents and Settings\mcmahfr\My Documents\Int cleaner\wwsetup1_1790998060.exe/# By hash
4/25/2011 9:43:35 AM Detected: Trojan-Banker.Win32.Banker.bdki C:\Documents and Settings\mcmahfr\My Documents\Int cleaner\wwsetup1_1790998060.exe/#
4/25/2011 9:43:37 AM Deleted: Trojan-Banker.Win32.Banker.bdki C:\Documents and Settings\mcmahfr\My Documents\Int cleaner\wwsetup1_1790998060.exe
4/25/2011 10:54:55 AM Processing error C:\Program Files\Common Files\Intuit\TurboTax\TY08\PER\MSI\WinPerTaxSupport.msi/TurboTax.cab Read error
4/25/2011 10:54:58 AM Task stopped
Autoscan: completed 38 minutes ago (events: 2, objects: 6977699, time: 08:49:23)
4/25/2011 10:55:53 AM Task started
4/25/2011 7:45:16 PM Task completed

Attached Files


  • 0

#7
Salagubang
Posted 25 April 2011 - 06:51 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Standard Output at the top
  • Under the Extra Registry sectionm ensure that Safelist is selected
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#8
FaMaK
Posted 25 April 2011 - 07:32 PM

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Here they are:

OTL logfile created on: 4/25/2011 9:22:02 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\mcmahfr\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 119.05 Gb Total Space | 47.68 Gb Free Space | 40.05% Space Free | Partition Type: NTFS

Computer Name: US011031032-01 | User Name: mcmahfr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 21:02:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
PRC - [2011/03/23 12:24:29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/12 14:50:16 | 000,240,816 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
PRC - [2010/06/09 02:28:22 | 000,931,184 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odTray.exe
PRC - [2010/06/09 02:28:18 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
PRC - [2010/06/09 01:58:00 | 000,152,944 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
PRC - [2010/06/08 19:54:12 | 000,398,704 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\Endpoint Defense\dsEES.exe
PRC - [2010/05/31 13:28:10 | 000,344,064 | ---- | M] () -- C:\Program Files\Polar\Daemon\polard.exe
PRC - [2010/05/21 02:05:10 | 000,198,000 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/01 13:15:56 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/01 13:15:50 | 000,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2009/09/01 13:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/01 13:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/03 13:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 13:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 13:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/12/11 09:45:28 | 000,292,136 | ---- | M] () -- C:\Program Files\CheckPoint\Tray\DNTray.exe
PRC - [2008/12/11 09:45:06 | 000,530,728 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe
PRC - [2008/12/03 14:40:26 | 000,674,368 | ---- | M] (Check Point Software Tech Ltd) -- C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
PRC - [2008/12/03 14:40:14 | 000,154,176 | ---- | M] () -- C:\WINDOWS\system32\pstartSr.exe
PRC - [2008/12/03 14:40:12 | 000,621,120 | ---- | M] () -- C:\WINDOWS\system32\Prot_srv.exe
PRC - [2008/11/25 16:38:12 | 000,114,688 | ---- | M] (Ernst & Young) -- C:\Program Files\RBManager\RBManager.exe
PRC - [2008/11/09 21:38:40 | 006,608,192 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
PRC - [2008/11/09 21:38:40 | 000,244,536 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
PRC - [2008/10/23 21:09:18 | 001,607,208 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/10/23 21:07:02 | 003,298,856 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/02 16:34:20 | 000,081,920 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcshelp.exe
PRC - [2008/10/02 15:04:50 | 000,954,416 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcs.exe
PRC - [2008/10/02 14:56:14 | 000,077,824 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\casvc.exe
PRC - [2008/09/29 10:15:56 | 000,093,472 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
PRC - [2008/09/22 13:08:46 | 000,065,536 | ---- | M] (Ernst & Young) -- C:\Program Files\eyutils\SMSTOOLS\EYSelectTrayApp.exe
PRC - [2008/05/08 18:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2008/05/08 18:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2008/04/26 01:06:22 | 000,049,152 | ---- | M] (Documentum, a division of EMC Corporation) -- c:\Program Files\Documentum\AppConnector\Documentum.AppConnector.CredentialService.exe
PRC - [2008/04/26 01:06:22 | 000,045,056 | ---- | M] (Documentum, a division of EMC Corporation) -- C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 15:12:24 | 000,102,400 | ---- | M] (Configuresoft, Inc.) -- C:\Program Files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe
PRC - [2007/11/03 11:01:28 | 000,032,768 | ---- | M] (Configuresoft, Inc) -- C:\WINDOWS\ECM4\Installer\CFC\2.0\bin\CsiWin32SocketListener.exe
PRC - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/12/05 09:36:10 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcqcoms.exe
PRC - [2006/01/25 13:55:04 | 000,495,616 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2006/01/10 13:30:04 | 000,491,520 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2004/03/19 05:21:38 | 000,208,967 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Timbuktu Pro\tb2launch.exe


========== Modules (SafeList) ==========

MOD - [2011/04/25 21:02:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/02/01 07:00:00 | 000,045,056 | ---- | M] (Stellent, Inc.) -- C:\Program Files\Quick View Plus\Support\qvphook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/18 09:34:58 | 000,073,728 | ---- | M] (Ernst & Young) [On_Demand | Stopped] -- C:\Program Files\Ernst & Young\EY Tune Up\EYTuneUpService.exe -- (EY Tune Up Service)
SRV - [2010/07/12 14:50:16 | 000,240,816 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\system32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2010/06/09 02:28:18 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) [Auto | Running] -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -- (odClientService)
SRV - [2010/06/09 01:58:00 | 000,152,944 | ---- | M] (Juniper Networks) [On_Demand | Running] -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -- (EacService)
SRV - [2010/05/31 13:28:10 | 000,344,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2010/05/21 02:05:10 | 000,198,000 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/01 13:15:50 | 000,116,664 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/01 13:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/01 13:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/03 13:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2009/08/03 13:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2009/07/06 19:12:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/17 15:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/12/11 09:45:06 | 000,530,728 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe -- (DisknetClient)
SRV - [2008/12/03 14:40:14 | 000,154,176 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\pstartSr.exe -- (Pointsec_start)
SRV - [2008/12/03 14:40:12 | 000,621,120 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Prot_srv.exe -- (Pointsec)
SRV - [2008/11/09 21:38:40 | 006,608,192 | ---- | M] (Iron Mountain Incorporated) [Auto | Running] -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService)
SRV - [2008/10/23 21:07:02 | 003,298,856 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/10/02 14:56:14 | 000,077,824 | ---- | M] (InfoExpress) [Auto | Running] -- C:\Program Files\CyberArmor\casvc.exe -- (CyberArmorRunService)
SRV - [2008/08/08 15:53:16 | 000,031,624 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2008/06/12 22:57:44 | 001,720,320 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2008/05/09 06:53:32 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Disabled | Stopped] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/05/08 18:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2008/05/08 18:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2008/04/26 01:06:22 | 000,049,152 | ---- | M] (Documentum, a division of EMC Corporation) [Auto | Running] -- c:\Program Files\Documentum\AppConnector\Documentum.AppConnector.CredentialService.exe -- (Documentum Application Connector Credential Service)
SRV - [2008/03/14 15:12:24 | 000,102,400 | ---- | M] (Configuresoft, Inc.) [Auto | Running] -- C:\Program Files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe -- (CSIRemoteC)
SRV - [2007/11/03 11:01:28 | 000,032,768 | ---- | M] (Configuresoft, Inc) [Auto | Running] -- C:\WINDOWS\ECM4\Installer\CFC\2.0\bin\CsiWin32SocketListener.exe -- (CSI Socket Listener)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/12/05 09:36:10 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcqcoms.exe -- (lxcq_device)
SRV - [2004/03/19 05:21:38 | 000,208,967 | ---- | M] (Netopia, Inc.) [Auto | Running] -- C:\Program Files\Timbuktu Pro\tb2launch.exe -- (Tb2Launch)
SRV - [2000/01/25 18:00:16 | 000,408,568 | ---- | M] () [On_Demand | Stopped] -- C:\Oracle\Ora81\bin\ONRSD.EXE -- (OracleOraHome81ClientCache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (Tb2MirrorSys)
DRV - File not found [Kernel | System | Running] -- -- (Tb2Device)
DRV - [2011/03/04 17:49:53 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110424.002\navex15.sys -- (NAVEX15)
DRV - [2011/03/04 17:49:49 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110424.002\naveng.sys -- (NAVENG)
DRV - [2010/11/17 12:31:08 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/12 14:49:30 | 000,025,160 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2010/07/12 14:49:20 | 000,022,600 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2010/07/12 14:49:10 | 000,079,944 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2010/07/12 14:47:00 | 000,027,208 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nglog.sys -- (NgLog)
DRV - [2010/06/17 07:28:15 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/09 01:40:12 | 000,282,496 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFips2.sys -- (odFips2)
DRV - [2010/06/09 01:40:12 | 000,009,856 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFips.sys -- (odFips)
DRV - [2010/05/21 18:41:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/21 00:01:34 | 000,420,336 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprna.sys -- (jnprna)
DRV - [2010/04/21 00:01:34 | 000,029,312 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
DRV - [2010/04/21 00:01:34 | 000,012,288 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jnprva.sys -- (jnprva)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\90819002.sys -- (90819002)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\9081900.sys -- (setup_9.0.0.722_25.04.2011_14-06drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\90819001.sys -- (90819001)
DRV - [2009/07/06 18:58:52 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
DRV - [2009/06/14 10:47:12 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2009/06/14 10:47:10 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2009/03/31 11:08:50 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/02/16 10:32:32 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/02/06 11:39:02 | 000,809,984 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/12/17 15:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/12/11 09:36:30 | 000,045,696 | ---- | M] (Check Point Software Technologies Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PSG.sys -- (PSG)
DRV - [2008/12/11 09:36:26 | 000,019,072 | ---- | M] (Check Point Software Technologies Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\rmm.sys -- (rmm)
DRV - [2008/12/11 09:36:22 | 000,029,312 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kaeon.sys -- (KAEON)
DRV - [2008/12/11 09:36:18 | 000,056,960 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dvrem.sys -- (dvrem)
DRV - [2008/12/11 09:36:16 | 000,027,136 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DNPFW.sys -- (DNPFW)
DRV - [2008/12/11 09:34:50 | 000,046,592 | ---- | M] (Reflex Magnetics Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rxaes100.sys -- (rxAES100)
DRV - [2008/12/03 14:39:08 | 000,218,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prot_2k.sys -- (prot_2k)
DRV - [2008/11/09 21:38:40 | 000,045,384 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV_Tracker.sys -- (LV_Tracker)
DRV - [2008/10/03 14:09:16 | 000,424,495 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\viexpf2k.sys -- (Viexpf2k)
DRV - [2008/09/19 17:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/07/01 10:50:34 | 000,021,504 | ---- | M] (InfoExpress) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\viexca2k.sys -- (Viexca2k)
DRV - [2008/04/09 07:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 07:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 07:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 02:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 02:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/13 03:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/08/17 09:51:04 | 000,217,216 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2001/08/17 08:11:36 | 000,065,278 | ---- | M] (Compaq Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetFlx3.sys -- (netflx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=USWEB:80;http=USWEB:80;https=USWEB:443

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=USWEB:80;http=USWEB:80;https=USWEB:443

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.iweb.ey.com/
IE - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=USWEB:80;http=USWEB:80;https=USWEB:443

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...50CLie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.aol.co...B50CLab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 12:24:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 12:24:33 | 000,000,000 | ---D | M]

[2009/07/16 21:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Extensions
[2009/10/28 11:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\eclipse\extensions
[2009/07/15 13:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\eclipse1\extensions
[2011/04/24 22:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions
[2010/09/03 13:49:06 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/08/23 11:11:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/19 17:49:01 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions\[email protected]
[2009/09/01 13:24:31 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\searchplugins\aol-search.xml
[2011/04/24 22:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/07 09:48:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/07 09:47:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/07 09:47:54 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/25 08:27:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (LexLink IE ToolBar) - {CBAA6F21-985C-11D4-A02B-00B0D073E889} - C:\Program Files\LexisNexis\CheckCite\llieobj.dll (LexisNexis)
O3 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Iron Mountain Incorporated)
O4 - HKLM..\Run: [AppConnectorLocaleMgr] C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe (Documentum, a division of EMC Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe (InfoExpress)
O4 - HKLM..\Run: [DN4TRAY] C:\Program Files\CheckPoint\Tray\DNTray.exe ()
O4 - HKLM..\Run: [ey_kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [LXCQCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (Juniper Networks, Inc.)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)
O4 - HKLM..\Run: [Recycle Bin Manager] C:\Program Files\RBManager\RBManager.exe (Ernst & Young)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZEYViewer] C:\Program Files\eyutils\SMSTOOLS\EYSelectTrayApp.exe (Ernst & Young)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe (Steven R. Gould)
O4 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307..\RunOnce: [ProxyOn] C:\Program Files\ConnWiz\ProxyOn.exe ()
O4 - Startup: C:\Documents and Settings\mcmahfr\Start Menu\Programs\Startup\setup_9.0.0.722_25.04.2011_14-06.lnk = C:\Documents and Settings\mcmahfr\Desktop\Virus Removal Tool\setup_9.0.0.722_25.04.2011_14-06\startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKLM\..Trusted Domains: com.mx ([www.tuproteccion] https in Trusted sites)
O15 - HKLM\..Trusted Domains: eformRS.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: elementk.com ([contentserver] http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eygtt.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eyleads.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eylink.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyqa.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyqa.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eyua.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyua.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: fasttax.com ([gosystemrs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: fincad.com ([ey] http in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex-asp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: lexis.com ([web] http in Trusted sites)
O15 - HKLM\..Trusted Domains: raindance.com ([intellinex] http in Trusted sites)
O15 - HKLM\..Trusted Domains: riahome.com ([insourcers] https in Trusted sites)
O15 - HKLM\..Trusted Domains: riahome.com ([support2] https in Trusted sites)
O15 - HKLM\..Trusted Domains: smarttrainer4.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: surveymonkey.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: taleo.net ([ey] http in Trusted sites)
O15 - HKLM\..Trusted Domains: thomson.com ([gosystem] https in Trusted sites)
O15 - HKLM\..Trusted Domains: thomsonib.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: xtremelearning.com ([cserver] http in Trusted sites)
O16 - DPF: {12BE5614-761F-42A0-8458-ED2009EB1366} https://print-global...n/ADPrtCTRL.CAB (ADPrtCTRL.ucADPrtctrl)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {329ADA79-A81B-42DA-BFF4-DC124B075EF0} http://gfisclienteng...SZIPUtility.CAB (GFISZipUtility.GFISZIP)
O16 - DPF: {51B217FA-AA53-11D1-8295-006097970389} http://home.iweb.ey....b/notesuser.cab (NotesUserCtrl Class)
O16 - DPF: {759FD3DE-F0EF-4A76-909C-88CF840D4173} https://edocs.us.na....dkPluginCab.CAB (DmDragDrop Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BAC4A6B1-588F-495C-9074-B1C3A50AB3B7} https://gfis.iweb.ey...ex/AuthPost.CAB (AuthPost.Class1)
O16 - DPF: {C5A27D6A-4659-4351-9B7F-45E40BE42715} https://print-global...ugin/EYGPWS.CAB (gpwsx.plugin)
O16 - DPF: {CAFEEFAC-0011-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://bettycam.axis...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ey.webex.com...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.na.ey.net
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (pssogina.dll) - C:\WINDOWS\System32\PssoGina.dll (Check Point Software Tech Ltd)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Juniper Networks, Inc.)
O20 - Winlogon\Notify\Timbuktu Pro: DllName - C:\Program Files\Timbuktu Pro\Hook32.dll - C:\Program Files\Timbuktu Pro\HOOK32.DLL (Netopia, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mcmahfr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mcmahfr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/15 20:54:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: DisknetClient - C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe (Check Point Software Technologies Ltd.)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: DisknetClient - C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe (Check Point Software Technologies Ltd.)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2D41D8AE-F122-413E-A7C5-B6D86F22F5CA} - C:\WINDOWS\EYINST\Visual_Identity_Templates_2009\1.0\EYIT.EXE /S
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5ECC898D-84FD-43AE-96D5-12DF9AD8A52D} -
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmactedp.inf,PerUserStub
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{2F1AB3FA-BBDC-4D12-9007-9A96BF523872} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: BrandingZone - C:\WINDOWS\EYINST\The_Branding_Zone\Branding_Zone_USER.EXE /S
ActiveX: EY_Leads_Branding - C:\WINDOWS\EYINST\ACS_Offline_Course_Manager\EY_Leads.EXE /S
ActiveX: Lotus_Notes - C:\WINDOWS\EYINST\Lotus_Notes\8.0.2\Shortcuts.EXE
ActiveX: pdfFP_Up - C:\WINDOWS\EYINST\pdfFactory_Pro_Update\2.50\pdfFP_Up.EXE /S

========== Files/Folders - Created Within 30 Days ==========

[2011/04/25 21:02:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
[2011/04/25 09:19:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/25 09:19:22 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\9081900.sys
[2011/04/25 09:19:22 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\90819001.sys
[2011/04/25 09:19:22 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\90819002.sys
[2011/04/25 09:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcmahfr\Desktop\Virus Removal Tool
[2011/04/25 09:15:23 | 108,903,144 | ---- | C] ( ) -- C:\Documents and Settings\mcmahfr\Desktop\setup_9.0.0.722_25.04.2011_14-06.exe
[2011/04/25 09:06:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/25 09:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 09:06:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/25 09:06:10 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\mcmahfr\Desktop\mbam-setup.exe
[2011/04/25 08:57:36 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/04/25 08:36:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/25 08:16:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/25 08:16:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/25 08:16:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/25 08:16:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/25 08:12:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/19 16:27:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RK_Quarantine
[2011/04/19 08:46:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\My Documents\OTL.exe
[2011/04/18 11:26:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/18 08:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kBk06504aNdHo06504
[2011/04/15 10:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\TaxApps
[2011/04/15 09:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcmahfr\Desktop\Pictures April 2011
[2010/10/30 07:40:38 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqserv.dll
[2010/10/30 07:40:38 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqusb1.dll
[2010/10/30 07:40:38 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqhbn3.dll
[2010/10/30 07:40:38 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcomc.dll
[2010/10/30 07:40:38 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqpmui.dll
[2010/10/30 07:40:38 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqlmpm.dll
[2010/10/30 07:40:38 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcoms.exe
[2010/10/30 07:40:38 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcomm.dll
[2010/10/30 07:40:38 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqinpa.dll
[2010/10/30 07:40:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqiesc.dll
[2010/10/30 07:40:38 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqih.exe
[2010/10/30 07:40:38 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcfg.exe
[2010/10/30 07:40:38 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCQhcp.dll
[2010/10/30 07:40:38 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqprox.dll
[2010/10/30 07:40:38 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqpplc.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/25 21:02:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
[2011/04/25 20:54:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/25 17:54:08 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/25 16:56:10 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/04/25 09:43:04 | 000,000,182 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_25.04.2011_14-06drv.spi
[2011/04/25 09:20:45 | 000,002,238 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Start Menu\Programs\Startup\setup_9.0.0.722_25.04.2011_14-06.lnk
[2011/04/25 09:18:28 | 108,903,144 | ---- | M] ( ) -- C:\Documents and Settings\mcmahfr\Desktop\setup_9.0.0.722_25.04.2011_14-06.exe
[2011/04/25 09:06:42 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 09:06:16 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\mcmahfr\Desktop\mbam-setup.exe
[2011/04/25 09:02:17 | 000,000,495 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2011/04/25 08:59:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/25 08:59:40 | 2038,411,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/25 08:27:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/25 08:11:34 | 004,329,386 | R--- | M] () -- C:\Documents and Settings\mcmahfr\Desktop\ComboFix.exe
[2011/04/25 03:19:06 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1E966DD4-AA5B-4E9E-B973-2B8ED1C074AB}.job
[2011/04/24 19:34:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/22 07:14:54 | 003,177,472 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/04/22 07:13:13 | 007,094,272 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/04/21 14:43:21 | 000,444,756 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 14:43:21 | 000,072,710 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/21 14:38:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/19 16:27:10 | 001,098,752 | ---- | M] () -- C:\Documents and Settings\mcmahfr\My Documents\RogueKiller.exe
[2011/04/19 08:46:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\My Documents\OTL.exe
[2011/04/19 04:03:03 | 000,014,088 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP141.SYS
[2011/04/18 11:32:41 | 000,026,917 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Desktop\McMahon Empire Correspondence 4.18.11.pdf
[2011/04/18 11:05:26 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 23:21:43 | 000,093,730 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Desktop\Eric Hodska Training- Enjoy the Journey.pdf
[2011/04/16 16:13:27 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/16 15:19:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 09:49:37 | 000,094,838 | ---- | M] () -- C:\Documents and Settings\mcmahfr\My Documents\ETU.pdf
[2011/04/13 13:43:55 | 000,025,244 | RHS- | M] () -- C:\Documents and Settings\mcmahfr\ntuser.pol
[2011/04/13 03:57:50 | 000,303,022 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/01 13:23:09 | 000,000,224 | ---- | M] () -- C:\WINDOWS\WTXI.INI
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/25 09:43:04 | 000,000,182 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_25.04.2011_14-06drv.spi
[2011/04/25 09:20:45 | 000,002,238 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Start Menu\Programs\Startup\setup_9.0.0.722_25.04.2011_14-06.lnk
[2011/04/25 09:06:42 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 08:16:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/25 08:16:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/25 08:16:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/25 08:16:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/25 08:16:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/25 08:11:33 | 004,329,386 | R--- | C] () -- C:\Documents and Settings\mcmahfr\Desktop\ComboFix.exe
[2011/04/21 15:24:58 | 004,361,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/19 16:27:16 | 001,098,752 | ---- | C] () -- C:\Documents and Settings\mcmahfr\My Documents\RogueKiller.exe
[2011/04/18 11:32:41 | 000,026,917 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Desktop\McMahon Empire Correspondence 4.18.11.pdf
[2011/04/18 10:33:47 | 2038,411,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/16 23:21:43 | 000,093,730 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Desktop\Eric Hodska Training- Enjoy the Journey.pdf
[2011/04/15 09:49:37 | 000,094,838 | ---- | C] () -- C:\Documents and Settings\mcmahfr\My Documents\ETU.pdf
[2010/10/30 07:41:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcqvs.dll
[2010/10/30 07:41:08 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcqcoin.dll
[2010/10/30 07:40:58 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcqdrs.dll
[2010/10/30 07:40:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcqcaps.dll
[2010/10/30 07:40:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcqcnv4.dll
[2010/10/30 07:40:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\lxcqrwrd.ini
[2010/10/30 07:40:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCQinst.dll
[2010/10/30 07:40:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxcqgrd.dll
[2010/10/28 03:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UnivMgr.INI
[2010/07/31 18:47:35 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\kodakpcd.ini
[2010/07/12 14:53:48 | 000,127,664 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2010/07/12 14:52:20 | 000,015,024 | ---- | C] () -- C:\WINDOWS\ngutil.exe
[2010/06/09 01:40:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\odFIPS2.sys.icv
[2010/03/27 08:02:03 | 000,000,224 | ---- | C] () -- C:\WINDOWS\WTXI.INI
[2010/03/13 19:14:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/01 08:04:34 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 05:35:08 | 000,167,252 | ---- | C] () -- C:\WINDOWS\Rem_EY_eDocs.EXE
[2009/10/28 01:09:14 | 000,047,633 | ---- | C] () -- C:\WINDOWS\System32\wuwuninst.exe
[2009/10/12 11:21:16 | 000,060,096 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/07 14:11:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tb2pro.INI
[2009/09/09 12:27:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/09/08 13:20:53 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/08/13 10:45:01 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/07/21 10:03:53 | 000,001,304 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/07/16 21:52:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/16 15:33:56 | 000,000,099 | ---- | C] () -- C:\WINDOWS\notesnsd.ini
[2009/07/06 20:36:19 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/07/06 20:36:13 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/07/06 19:17:48 | 000,000,070 | ---- | C] () -- C:\WINDOWS\init.ini
[2009/07/06 19:16:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WINMSG.INI
[2009/07/06 19:16:48 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\NCALLS.DLL
[2009/07/06 19:16:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\guidgen.dll
[2009/07/06 19:08:39 | 000,547,164 | ---- | C] () -- C:\WINDOWS\RemCFIT1137.EXE
[2009/07/06 19:06:22 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\fusioncache.dat
[2009/07/06 19:03:51 | 000,531,239 | ---- | C] () -- C:\WINDOWS\RemLNCT87.EXE
[2009/07/06 19:03:32 | 000,531,133 | ---- | C] () -- C:\WINDOWS\RemEYPeerConnectv1.0.EXE
[2009/07/06 19:01:04 | 000,154,152 | ---- | C] () -- C:\WINDOWS\RemRBMgr.EXE
[2009/07/06 18:58:52 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\iPassI5Installer.exe
[2009/07/06 18:56:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2009/07/06 18:45:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\eyprobe.exe
[2008/12/03 14:40:18 | 000,137,792 | ---- | C] () -- C:\WINDOWS\System32\NovPwd32.dll
[2008/12/03 14:40:14 | 000,154,176 | ---- | C] () -- C:\WINDOWS\System32\pstartSr.exe
[2008/12/03 14:40:12 | 000,621,120 | ---- | C] () -- C:\WINDOWS\System32\Prot_srv.exe
[2008/12/03 14:39:08 | 000,218,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\prot_2k.sys
[2008/11/09 21:38:40 | 000,045,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV_Tracker.sys
[2008/05/09 06:53:34 | 000,418,008 | ---- | C] () -- C:\WINDOWS\System32\WuWUI.exe
[2007/10/31 10:56:34 | 000,000,647 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dat
[2007/04/04 15:13:56 | 000,000,142 | ---- | C] () -- C:\WINDOWS\GemSignPdf.ini
[2006/08/21 15:45:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
[2005/05/18 14:16:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/17 20:18:46 | 000,000,495 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/17 19:32:15 | 000,146,432 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/05/16 20:27:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tb2Desk.INI
[2005/05/16 19:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/05/16 04:38:47 | 000,000,526 | ---- | C] () -- C:\WINDOWS\LOADSET.INI
[2005/05/16 04:38:00 | 000,444,756 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/05/16 04:38:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/05/16 04:38:00 | 000,072,710 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/05/16 04:38:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/05/16 04:37:58 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/05/16 04:37:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/05/16 04:37:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/16 04:37:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/05/16 04:37:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/05/16 04:37:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/05/16 04:37:18 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/05/15 21:53:06 | 000,568,493 | ---- | C] () -- C:\WINDOWS\REMKontiki.EXE
[2005/05/15 21:51:39 | 000,111,276 | ---- | C] () -- C:\WINDOWS\RemFF.EXE
[2005/05/15 21:48:19 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\Libjcc.dll
[2005/05/15 21:48:19 | 000,067,306 | ---- | C] () -- C:\WINDOWS\System32\pbodb70.ini
[2005/05/15 21:43:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/15 21:42:33 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/15 21:42:18 | 000,424,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\viexpf2k.sys
[2005/05/15 21:42:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vsctool.dll
[2005/05/15 21:33:07 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/05/15 21:15:11 | 000,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/15 21:13:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/15 21:02:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/15 20:49:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/04/29 14:09:30 | 000,004,743 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1999/05/24 03:26:42 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\FdfTk.dll
[1999/05/24 03:23:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\FdfAcX.dll

========== LOP Check ==========

[2009/08/05 09:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kontiki
[2010/12/05 09:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2010/08/26 19:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Email Backup Optimization
[2009/07/06 18:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPass
[2010/12/06 16:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/04/18 15:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kBk06504aNdHo06504
[2011/04/25 21:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/07/06 18:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pointsec
[2010/01/18 19:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/09/01 12:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/09 13:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/05 07:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/12 08:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/05 09:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Kontiki
[2009/12/04 15:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\.oit
[2011/02/13 09:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Aventail
[2011/02/25 15:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Blackberry Desktop
[2009/07/16 08:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Documentum
[2009/07/06 18:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Ernst & Young
[2009/07/06 20:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Funk Software
[2010/09/03 13:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\GARMIN
[2009/07/06 18:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\InterVideo
[2009/08/05 09:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Kontiki
[2009/07/06 18:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Local Settings
[2010/12/06 16:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Polar WebSync
[2009/07/15 12:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Research in Motion
[2009/08/05 13:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Skinux
[2010/06/23 19:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Smith Micro
[2010/11/29 06:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Trondent Development Corp
[2009/09/09 21:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Viewpoint
[2010/09/10 08:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\webex
[2010/10/13 16:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcmahfr\Application Data\Xerox
[2011/04/25 03:19:06 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1E966DD4-AA5B-4E9E-B973-2B8ED1C074AB}.job

========== Purity Check ==========



< End of report >

OTL logfile created on: 4/25/2011 9:03:36 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\mcmahfr\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 119.05 Gb Total Space | 47.68 Gb Free Space | 40.05% Space Free | Partition Type: NTFS

Computer Name: US011031032-01 | User Name: mcmahfr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 21:02:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/12 14:50:16 | 000,240,816 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
PRC - [2010/06/09 02:28:22 | 000,931,184 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odTray.exe
PRC - [2010/06/09 02:28:18 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
PRC - [2010/06/09 01:58:00 | 000,152,944 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
PRC - [2010/06/08 19:54:12 | 000,398,704 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\Endpoint Defense\dsEES.exe
PRC - [2010/05/31 13:28:10 | 000,344,064 | ---- | M] () -- C:\Program Files\Polar\Daemon\polard.exe
PRC - [2010/05/21 02:05:10 | 000,198,000 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/01 13:15:56 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/01 13:15:50 | 000,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2009/09/01 13:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/01 13:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/03 13:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 13:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 13:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/12/11 09:45:28 | 000,292,136 | ---- | M] () -- C:\Program Files\CheckPoint\Tray\DNTray.exe
PRC - [2008/12/11 09:45:06 | 000,530,728 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe
PRC - [2008/12/03 14:40:26 | 000,674,368 | ---- | M] (Check Point Software Tech Ltd) -- C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
PRC - [2008/12/03 14:40:14 | 000,154,176 | ---- | M] () -- C:\WINDOWS\system32\pstartSr.exe
PRC - [2008/12/03 14:40:12 | 000,621,120 | ---- | M] () -- C:\WINDOWS\system32\Prot_srv.exe
PRC - [2008/11/25 16:38:12 | 000,114,688 | ---- | M] (Ernst & Young) -- C:\Program Files\RBManager\RBManager.exe
PRC - [2008/11/09 21:38:40 | 006,608,192 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
PRC - [2008/11/09 21:38:40 | 000,244,536 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
PRC - [2008/10/23 21:09:18 | 001,607,208 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/10/23 21:07:02 | 003,298,856 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/02 16:34:20 | 000,081,920 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcshelp.exe
PRC - [2008/10/02 15:04:50 | 000,954,416 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcs.exe
PRC - [2008/10/02 14:56:14 | 000,077,824 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\casvc.exe
PRC - [2008/09/29 10:15:56 | 000,093,472 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
PRC - [2008/09/22 13:08:46 | 000,065,536 | ---- | M] (Ernst & Young) -- C:\Program Files\eyutils\SMSTOOLS\EYSelectTrayApp.exe
PRC - [2008/05/08 18:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2008/05/08 18:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2008/04/26 01:06:22 | 000,049,152 | ---- | M] (Documentum, a division of EMC Corporation) -- c:\Program Files\Documentum\AppConnector\Documentum.AppConnector.CredentialService.exe
PRC - [2008/04/26 01:06:22 | 000,045,056 | ---- | M] (Documentum, a division of EMC Corporation) -- C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 15:12:24 | 000,102,400 | ---- | M] (Configuresoft, Inc.) -- C:\Program Files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe
PRC - [2007/11/03 11:01:28 | 000,032,768 | ---- | M] (Configuresoft, Inc) -- C:\WINDOWS\ECM4\Installer\CFC\2.0\bin\CsiWin32SocketListener.exe
PRC - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006/12/05 09:36:10 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcqcoms.exe
PRC - [2006/01/25 13:55:04 | 000,495,616 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2006/01/10 13:30:04 | 000,491,520 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2004/03/19 05:21:38 | 000,208,967 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Timbuktu Pro\tb2launch.exe


========== Modules (SafeList) ==========

MOD - [2011/04/25 21:02:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/18 09:34:58 | 000,073,728 | ---- | M] (Ernst & Young) [On_Demand | Stopped] -- C:\Program Files\Ernst & Young\EY Tune Up\EYTuneUpService.exe -- (EY Tune Up Service)
SRV - [2010/07/12 14:50:16 | 000,240,816 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\system32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2010/06/09 02:28:18 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) [Auto | Running] -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -- (odClientService)
SRV - [2010/06/09 01:58:00 | 000,152,944 | ---- | M] (Juniper Networks) [On_Demand | Running] -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -- (EacService)
SRV - [2010/05/31 13:28:10 | 000,344,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2010/05/21 02:05:10 | 000,198,000 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/01 13:15:50 | 000,116,664 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/01 13:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/01 13:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/03 13:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2009/08/03 13:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2009/07/06 19:12:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/17 15:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/12/11 09:45:06 | 000,530,728 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe -- (DisknetClient)
SRV - [2008/12/03 14:40:14 | 000,154,176 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\pstartSr.exe -- (Pointsec_start)
SRV - [2008/12/03 14:40:12 | 000,621,120 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Prot_srv.exe -- (Pointsec)
SRV - [2008/11/09 21:38:40 | 006,608,192 | ---- | M] (Iron Mountain Incorporated) [Auto | Running] -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService)
SRV - [2008/10/23 21:07:02 | 003,298,856 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/10/02 14:56:14 | 000,077,824 | ---- | M] (InfoExpress) [Auto | Running] -- C:\Program Files\CyberArmor\casvc.exe -- (CyberArmorRunService)
SRV - [2008/08/08 15:53:16 | 000,031,624 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2008/06/12 22:57:44 | 001,720,320 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2008/05/09 06:53:32 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Disabled | Stopped] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/05/08 18:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2008/05/08 18:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2008/04/26 01:06:22 | 000,049,152 | ---- | M] (Documentum, a division of EMC Corporation) [Auto | Running] -- c:\Program Files\Documentum\AppConnector\Documentum.AppConnector.CredentialService.exe -- (Documentum Application Connector Credential Service)
SRV - [2008/03/14 15:12:24 | 000,102,400 | ---- | M] (Configuresoft, Inc.) [Auto | Running] -- C:\Program Files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe -- (CSIRemoteC)
SRV - [2007/11/03 11:01:28 | 000,032,768 | ---- | M] (Configuresoft, Inc) [Auto | Running] -- C:\WINDOWS\ECM4\Installer\CFC\2.0\bin\CsiWin32SocketListener.exe -- (CSI Socket Listener)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/12/05 09:36:10 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcqcoms.exe -- (lxcq_device)
SRV - [2004/03/19 05:21:38 | 000,208,967 | ---- | M] (Netopia, Inc.) [Auto | Running] -- C:\Program Files\Timbuktu Pro\tb2launch.exe -- (Tb2Launch)
SRV - [2000/01/25 18:00:16 | 000,408,568 | ---- | M] () [On_Demand | Stopped] -- C:\Oracle\Ora81\bin\ONRSD.EXE -- (OracleOraHome81ClientCache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (Tb2MirrorSys)
DRV - File not found [Kernel | System | Running] -- -- (Tb2Device)
DRV - [2011/03/04 17:49:53 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110424.002\navex15.sys -- (NAVEX15)
DRV - [2011/03/04 17:49:49 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110424.002\naveng.sys -- (NAVENG)
DRV - [2010/11/17 12:31:08 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/12 14:49:30 | 000,025,160 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2010/07/12 14:49:20 | 000,022,600 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2010/07/12 14:49:10 | 000,079,944 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2010/07/12 14:47:00 | 000,027,208 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nglog.sys -- (NgLog)
DRV - [2010/06/17 07:28:15 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/09 01:40:12 | 000,282,496 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFips2.sys -- (odFips2)
DRV - [2010/06/09 01:40:12 | 000,009,856 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFips.sys -- (odFips)
DRV - [2010/05/21 18:41:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/21 00:01:34 | 000,420,336 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprna.sys -- (jnprna)
DRV - [2010/04/21 00:01:34 | 000,029,312 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
DRV - [2010/04/21 00:01:34 | 000,012,288 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jnprva.sys -- (jnprva)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\90819002.sys -- (90819002)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\9081900.sys -- (setup_9.0.0.722_25.04.2011_14-06drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\90819001.sys -- (90819001)
DRV - [2009/07/06 18:58:52 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
DRV - [2009/06/14 10:47:12 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2009/06/14 10:47:10 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2009/03/31 11:08:50 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/02/16 10:32:32 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/02/06 11:39:02 | 000,809,984 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/12/17 15:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/12/11 09:36:30 | 000,045,696 | ---- | M] (Check Point Software Technologies Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PSG.sys -- (PSG)
DRV - [2008/12/11 09:36:26 | 000,019,072 | ---- | M] (Check Point Software Technologies Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\rmm.sys -- (rmm)
DRV - [2008/12/11 09:36:22 | 000,029,312 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kaeon.sys -- (KAEON)
DRV - [2008/12/11 09:36:18 | 000,056,960 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dvrem.sys -- (dvrem)
DRV - [2008/12/11 09:36:16 | 000,027,136 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DNPFW.sys -- (DNPFW)
DRV - [2008/12/11 09:34:50 | 000,046,592 | ---- | M] (Reflex Magnetics Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rxaes100.sys -- (rxAES100)
DRV - [2008/12/03 14:39:08 | 000,218,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prot_2k.sys -- (prot_2k)
DRV - [2008/11/09 21:38:40 | 000,045,384 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV_Tracker.sys -- (LV_Tracker)
DRV - [2008/10/03 14:09:16 | 000,424,495 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\viexpf2k.sys -- (Viexpf2k)
DRV - [2008/09/19 17:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/07/01 10:50:34 | 000,021,504 | ---- | M] (InfoExpress) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\viexca2k.sys -- (Viexca2k)
DRV - [2008/04/09 07:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 07:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 07:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 02:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 02:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/13 03:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/08/17 09:51:04 | 000,217,216 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2001/08/17 08:11:36 | 000,065,278 | ---- | M] (Compaq Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetFlx3.sys -- (netflx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.iweb.ey.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=USWEB:80;http=USWEB:80;https=USWEB:443

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...50CLie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.aol.co...B50CLab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 12:24:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 12:24:33 | 000,000,000 | ---D | M]

[2009/07/16 21:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Extensions
[2009/10/28 11:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\eclipse\extensions
[2009/07/15 13:35:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\eclipse1\extensions
[2011/04/24 22:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions
[2010/09/03 13:49:06 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/08/23 11:11:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/19 17:49:01 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\extensions\[email protected]
[2009/09/01 13:24:31 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\y0tk9qyi.default\searchplugins\aol-search.xml
[2011/04/24 22:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/07 09:48:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/07 09:47:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/07 09:47:54 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/25 08:27:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (LexLink IE ToolBar) - {CBAA6F21-985C-11D4-A02B-00B0D073E889} - C:\Program Files\LexisNexis\CheckCite\llieobj.dll (LexisNexis)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Iron Mountain Incorporated)
O4 - HKLM..\Run: [AppConnectorLocaleMgr] C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe (Documentum, a division of EMC Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe (InfoExpress)
O4 - HKLM..\Run: [DN4TRAY] C:\Program Files\CheckPoint\Tray\DNTray.exe ()
O4 - HKLM..\Run: [ey_kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [LXCQCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (Juniper Networks, Inc.)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)
O4 - HKLM..\Run: [Recycle Bin Manager] C:\Program Files\RBManager\RBManager.exe (Ernst & Young)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZEYViewer] C:\Program Files\eyutils\SMSTOOLS\EYSelectTrayApp.exe (Ernst & Young)
O4 - HKCU..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe (Steven R. Gould)
O4 - HKCU..\RunOnce: [ProxyOn] C:\Program Files\ConnWiz\ProxyOn.exe ()
O4 - Startup: C:\Documents and Settings\mcmahfr\Start Menu\Programs\Startup\setup_9.0.0.722_25.04.2011_14-06.lnk = C:\Documents and Settings\mcmahfr\Desktop\Virus Removal Tool\setup_9.0.0.722_25.04.2011_14-06\startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKLM\..Trusted Domains: com.mx ([www.tuproteccion] https in Trusted sites)
O15 - HKLM\..Trusted Domains: eformRS.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: elementk.com ([contentserver] http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eygtt.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eyleads.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eylink.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyqa.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyqa.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eyua.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyua.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: fasttax.com ([gosystemrs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: fincad.com ([ey] http in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex-asp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: lexis.com ([web] http in Trusted sites)
O15 - HKLM\..Trusted Domains: raindance.com ([intellinex] http in Trusted sites)
O15 - HKLM\..Trusted Domains: riahome.com ([insourcers] https in Trusted sites)
O15 - HKLM\..Trusted Domains: riahome.com ([support2] https in Trusted sites)
O15 - HKLM\..Trusted Domains: smarttrainer4.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: surveymonkey.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: taleo.net ([ey] http in Trusted sites)
O15 - HKLM\..Trusted Domains: thomson.com ([gosystem] https in Trusted sites)
O15 - HKLM\..Trusted Domains: thomsonib.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: xtremelearning.com ([cserver] http in Trusted sites)
O16 - DPF: {12BE5614-761F-42A0-8458-ED2009EB1366} https://print-global...n/ADPrtCTRL.CAB (ADPrtCTRL.ucADPrtctrl)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {329ADA79-A81B-42DA-BFF4-DC124B075EF0} http://gfisclienteng...SZIPUtility.CAB (GFISZipUtility.GFISZIP)
O16 - DPF: {51B217FA-AA53-11D1-8295-006097970389} http://home.iweb.ey....b/notesuser.cab (NotesUserCtrl Class)
O16 - DPF: {759FD3DE-F0EF-4A76-909C-88CF840D4173} https://edocs.us.na....dkPluginCab.CAB (DmDragDrop Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BAC4A6B1-588F-495C-9074-B1C3A50AB3B7} https://gfis.iweb.ey...ex/AuthPost.CAB (AuthPost.Class1)
O16 - DPF: {C5A27D6A-4659-4351-9B7F-45E40BE42715} https://print-global...ugin/EYGPWS.CAB (gpwsx.plugin)
O16 - DPF: {CAFEEFAC-0011-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://bettycam.axis...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ey.webex.com...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.na.ey.net
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (pssogina.dll) - C:\WINDOWS\System32\PssoGina.dll (Check Point Software Tech Ltd)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Juniper Networks, Inc.)
O20 - Winlogon\Notify\Timbuktu Pro: DllName - C:\Program Files\Timbuktu Pro\Hook32.dll - C:\Program Files\Timbuktu Pro\HOOK32.DLL (Netopia, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mcmahfr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mcmahfr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - Reg Error: Key error. File not found
O28 - HKCU ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\Program Files\Quick View Plus\Support\qvphook.dll (Stellent, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/15 20:54:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/25 21:02:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
[2011/04/25 09:19:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/25 09:19:22 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\9081900.sys
[2011/04/25 09:19:22 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\90819001.sys
[2011/04/25 09:19:22 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\90819002.sys
[2011/04/25 09:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcmahfr\Desktop\Virus Removal Tool
[2011/04/25 09:15:23 | 108,903,144 | ---- | C] ( ) -- C:\Documents and Settings\mcmahfr\Desktop\setup_9.0.0.722_25.04.2011_14-06.exe
[2011/04/25 09:06:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/25 09:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 09:06:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/25 09:06:10 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\mcmahfr\Desktop\mbam-setup.exe
[2011/04/25 08:57:36 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/04/25 08:36:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/25 08:16:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/25 08:16:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/25 08:16:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/25 08:16:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/25 08:12:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/19 16:27:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RK_Quarantine
[2011/04/19 08:46:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\My Documents\OTL.exe
[2011/04/18 11:26:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/18 08:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kBk06504aNdHo06504
[2011/04/15 10:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\TaxApps
[2011/04/15 09:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcmahfr\Desktop\Pictures April 2011
[2010/10/30 07:40:38 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqserv.dll
[2010/10/30 07:40:38 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqusb1.dll
[2010/10/30 07:40:38 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqhbn3.dll
[2010/10/30 07:40:38 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcomc.dll
[2010/10/30 07:40:38 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqpmui.dll
[2010/10/30 07:40:38 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqlmpm.dll
[2010/10/30 07:40:38 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcoms.exe
[2010/10/30 07:40:38 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcomm.dll
[2010/10/30 07:40:38 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqinpa.dll
[2010/10/30 07:40:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqiesc.dll
[2010/10/30 07:40:38 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqih.exe
[2010/10/30 07:40:38 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcfg.exe
[2010/10/30 07:40:38 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCQhcp.dll
[2010/10/30 07:40:38 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqprox.dll
[2010/10/30 07:40:38 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqpplc.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/25 21:02:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.exe
[2011/04/25 20:54:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/25 17:54:08 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/25 16:56:10 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/04/25 09:43:04 | 000,000,182 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_25.04.2011_14-06drv.spi
[2011/04/25 09:20:45 | 000,002,238 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Start Menu\Programs\Startup\setup_9.0.0.722_25.04.2011_14-06.lnk
[2011/04/25 09:18:28 | 108,903,144 | ---- | M] ( ) -- C:\Documents and Settings\mcmahfr\Desktop\setup_9.0.0.722_25.04.2011_14-06.exe
[2011/04/25 09:06:42 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 09:06:16 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\mcmahfr\Desktop\mbam-setup.exe
[2011/04/25 09:02:17 | 000,000,495 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2011/04/25 08:59:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/25 08:59:40 | 2038,411,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/25 08:27:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/25 08:11:34 | 004,329,386 | R--- | M] () -- C:\Documents and Settings\mcmahfr\Desktop\ComboFix.exe
[2011/04/25 03:19:06 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1E966DD4-AA5B-4E9E-B973-2B8ED1C074AB}.job
[2011/04/24 19:34:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/22 07:14:54 | 003,177,472 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/04/22 07:13:13 | 007,094,272 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/04/21 14:43:21 | 000,444,756 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 14:43:21 | 000,072,710 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/21 14:38:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/19 16:27:10 | 001,098,752 | ---- | M] () -- C:\Documents and Settings\mcmahfr\My Documents\RogueKiller.exe
[2011/04/19 08:46:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\My Documents\OTL.exe
[2011/04/19 04:03:03 | 000,014,088 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP141.SYS
[2011/04/18 11:32:41 | 000,026,917 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Desktop\McMahon Empire Correspondence 4.18.11.pdf
[2011/04/18 11:05:26 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 23:21:43 | 000,093,730 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Desktop\Eric Hodska Training- Enjoy the Journey.pdf
[2011/04/16 16:13:27 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/16 15:19:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 09:49:37 | 000,094,838 | ---- | M] () -- C:\Documents and Settings\mcmahfr\My Documents\ETU.pdf
[2011/04/13 13:43:55 | 000,025,244 | RHS- | M] () -- C:\Documents and Settings\mcmahfr\ntuser.pol
[2011/04/13 03:57:50 | 000,303,022 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/01 13:23:09 | 000,000,224 | ---- | M] () -- C:\WINDOWS\WTXI.INI
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/25 09:43:04 | 000,000,182 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_25.04.2011_14-06drv.spi
[2011/04/25 09:20:45 | 000,002,238 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Start Menu\Programs\Startup\setup_9.0.0.722_25.04.2011_14-06.lnk
[2011/04/25 09:06:42 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 08:16:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/25 08:16:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/25 08:16:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/25 08:16:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/25 08:16:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/25 08:11:33 | 004,329,386 | R--- | C] () -- C:\Documents and Settings\mcmahfr\Desktop\ComboFix.exe
[2011/04/21 15:24:58 | 004,361,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/19 16:27:16 | 001,098,752 | ---- | C] () -- C:\Documents and Settings\mcmahfr\My Documents\RogueKiller.exe
[2011/04/18 11:32:41 | 000,026,917 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Desktop\McMahon Empire Correspondence 4.18.11.pdf
[2011/04/18 10:33:47 | 2038,411,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/16 23:21:43 | 000,093,730 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Desktop\Eric Hodska Training- Enjoy the Journey.pdf
[2011/04/15 09:49:37 | 000,094,838 | ---- | C] () -- C:\Documents and Settings\mcmahfr\My Documents\ETU.pdf
[2010/10/30 07:41:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcqvs.dll
[2010/10/30 07:41:08 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcqcoin.dll
[2010/10/30 07:40:58 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcqdrs.dll
[2010/10/30 07:40:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcqcaps.dll
[2010/10/30 07:40:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcqcnv4.dll
[2010/10/30 07:40:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\lxcqrwrd.ini
[2010/10/30 07:40:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCQinst.dll
[2010/10/30 07:40:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxcqgrd.dll
[2010/10/28 03:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UnivMgr.INI
[2010/07/31 18:47:35 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\kodakpcd.ini
[2010/07/12 14:53:48 | 000,127,664 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2010/07/12 14:52:20 | 000,015,024 | ---- | C] () -- C:\WINDOWS\ngutil.exe
[2010/06/09 01:40:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\odFIPS2.sys.icv
[2010/03/27 08:02:03 | 000,000,224 | ---- | C] () -- C:\WINDOWS\WTXI.INI
[2010/03/13 19:14:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/01 08:04:34 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 05:35:08 | 000,167,252 | ---- | C] () -- C:\WINDOWS\Rem_EY_eDocs.EXE
[2009/10/28 01:09:14 | 000,047,633 | ---- | C] () -- C:\WINDOWS\System32\wuwuninst.exe
[2009/10/12 11:21:16 | 000,060,096 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/07 14:11:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tb2pro.INI
[2009/09/09 12:27:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/09/08 13:20:53 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/08/13 10:45:01 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/07/21 10:03:53 | 000,001,304 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/07/16 21:52:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/16 15:33:56 | 000,000,099 | ---- | C] () -- C:\WINDOWS\notesnsd.ini
[2009/07/06 20:36:19 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/07/06 20:36:13 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/07/06 19:17:48 | 000,000,070 | ---- | C] () -- C:\WINDOWS\init.ini
[2009/07/06 19:16:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WINMSG.INI
[2009/07/06 19:16:48 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\NCALLS.DLL
[2009/07/06 19:16:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\guidgen.dll
[2009/07/06 19:08:39 | 000,547,164 | ---- | C] () -- C:\WINDOWS\RemCFIT1137.EXE
[2009/07/06 19:06:22 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\fusioncache.dat
[2009/07/06 19:03:51 | 000,531,239 | ---- | C] () -- C:\WINDOWS\RemLNCT87.EXE
[2009/07/06 19:03:32 | 000,531,133 | ---- | C] () -- C:\WINDOWS\RemEYPeerConnectv1.0.EXE
[2009/07/06 19:01:04 | 000,154,152 | ---- | C] () -- C:\WINDOWS\RemRBMgr.EXE
[2009/07/06 18:58:52 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\iPassI5Installer.exe
[2009/07/06 18:56:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2009/07/06 18:45:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\eyprobe.exe
[2008/12/03 14:40:18 | 000,137,792 | ---- | C] () -- C:\WINDOWS\System32\NovPwd32.dll
[2008/12/03 14:40:14 | 000,154,176 | ---- | C] () -- C:\WINDOWS\System32\pstartSr.exe
[2008/12/03 14:40:12 | 000,621,120 | ---- | C] () -- C:\WINDOWS\System32\Prot_srv.exe
[2008/12/03 14:39:08 | 000,218,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\prot_2k.sys
[2008/11/09 21:38:40 | 000,045,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV_Tracker.sys
[2008/05/09 06:53:34 | 000,418,008 | ---- | C] () -- C:\WINDOWS\System32\WuWUI.exe
[2007/10/31 10:56:34 | 000,000,647 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dat
[2007/04/04 15:13:56 | 000,000,142 | ---- | C] () -- C:\WINDOWS\GemSignPdf.ini
[2006/08/21 15:45:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
[2005/05/18 14:16:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/17 20:18:46 | 000,000,495 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/17 19:32:15 | 000,146,432 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/05/16 20:27:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tb2Desk.INI
[2005/05/16 19:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/05/16 04:38:47 | 000,000,526 | ---- | C] () -- C:\WINDOWS\LOADSET.INI
[2005/05/16 04:38:00 | 000,444,756 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/05/16 04:38:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/05/16 04:38:00 | 000,072,710 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/05/16 04:38:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/05/16 04:37:58 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/05/16 04:37:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/05/16 04:37:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/16 04:37:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/05/16 04:37:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/05/16 04:37:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/05/16 04:37:18 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/05/15 21:53:06 | 000,568,493 | ---- | C] () -- C:\WINDOWS\REMKontiki.EXE
[2005/05/15 21:51:39 | 000,111,276 | ---- | C] () -- C:\WINDOWS\RemFF.EXE
[2005/05/15 21:48:19 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\Libjcc.dll
[2005/05/15 21:48:19 | 000,067,306 | ---- | C] () -- C:\WINDOWS\System32\pbodb70.ini
[2005/05/15 21:43:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/15 21:42:33 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/15 21:42:18 | 000,424,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\viexpf2k.sys
[2005/05/15 21:42:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vsctool.dll
[2005/05/15 21:33:07 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/05/15 21:15:11 | 000,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/15 21:13:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/15 21:02:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/15 20:49:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/04/29 14:09:30 | 000,004,743 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1999/05/24 03:26:42 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\FdfTk.dll
[1999/05/24 03:23:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\FdfAcX.dll

< End of report >
  • 0

#9
Salagubang
Posted 25 April 2011 - 07:36 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
and the Extras.txt?

Is this machine part of a company domain?
  • 0

#10
FaMaK
Posted 25 April 2011 - 07:38 PM

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
It only output the ones I posted and on my desktop there is only one "OTL" txt?? Neither one was titled extras.
  • 0

Advertisements

#11
Salagubang
Posted 25 April 2011 - 07:41 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
:D

Probably missed this part of my instruction.

Under the Extra Registry section ensure that Safelist is selected


Also, Is this machine part of a company domain?
  • 0

#12
FaMaK
Posted 25 April 2011 - 07:43 PM

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I did check the box under extra registry, not sure what happened.

Yes, this is my work laptop but I also use it at home.

Thanks
  • 0

#13
FaMaK
Posted 25 April 2011 - 07:45 PM

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Actually, I may have checked that box under standard registry, sorry.
  • 0

#14
Salagubang
Posted 25 April 2011 - 07:47 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Its alright. :D
  • 0

#15
Salagubang
Posted 25 April 2011 - 07:51 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\90819002.sys -- (90819002)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\9081900.sys -- (setup_9.0.0.722_25.04.2011_14-06drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\90819001.sys -- (90819001)

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

+++++++++++++++++++++++++++

How is the machine running?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP