Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Home Security 2012 cannot open anything


  • Please log in to reply

#1
FaMaK

FaMaK

    Member

  • Member
  • PipPip
  • 64 posts
PLease help, any program I try to open brings up the XP Home Security 2012 saying that I have a trojan so I cannot get on the internet or open any programs. I tried to go to safe mode but it does not accept my password...I am stuck!!! Please help.
  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
FaMaK

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
OTL logfile created on: 1/24/2012 9:00:02 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mcmahfr\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.90 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 43.68% Memory free
3.74 Gb Paging File | 2.52 Gb Available in Paging File | 67.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 67.91 Gb Free Space | 45.57% Space Free | Partition Type: NTFS

Computer Name: US011031032-02 | User Name: mcmahfr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 08:59:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.com
PRC - [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/05/17 10:49:42 | 000,045,056 | ---- | M] (Documentum, a division of EMC Corporation) -- C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe
PRC - [2011/05/17 10:49:42 | 000,045,056 | ---- | M] (Documentum, a division of EMC Corporation) -- C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.CredentialManager.exe
PRC - [2011/03/08 15:10:48 | 000,858,792 | ---- | M] (Check Point Software Tech Ltd) -- C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
PRC - [2011/03/08 15:10:36 | 000,658,088 | ---- | M] (Check Point Software Tech Ltd) -- C:\WINDOWS\system32\Prot_srv.exe
PRC - [2011/03/08 15:10:36 | 000,232,104 | ---- | M] (Check Point Software Tech Ltd) -- C:\WINDOWS\system32\pstartSr.exe
PRC - [2011/02/23 16:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/12 12:52:00 | 000,253,104 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngmonitor.exe
PRC - [2010/07/12 12:50:16 | 000,240,816 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
PRC - [2010/06/09 01:28:22 | 000,931,184 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odTray.exe
PRC - [2010/06/09 01:28:18 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
PRC - [2010/06/09 00:58:00 | 000,152,944 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
PRC - [2010/06/08 18:54:12 | 000,398,704 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\Endpoint Defense\dsEES.exe
PRC - [2010/06/02 14:05:00 | 000,070,144 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
PRC - [2010/05/21 01:05:10 | 000,198,000 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2010/04/15 10:24:18 | 000,081,920 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcshelp.exe
PRC - [2010/04/15 10:23:40 | 000,954,416 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcs.exe
PRC - [2010/04/15 10:23:10 | 000,077,824 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\casvc.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/22 14:26:53 | 000,135,763 | ---- | M] () -- C:\WINDOWS\system32\CCM\Cache\EY000365.1.S-1-5-21-3814449816-1147414744-3287126245-22307\smsADPET141.EXE
PRC - [2009/09/01 12:15:56 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/01 12:15:50 | 000,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2009/09/01 12:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/01 12:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/03 12:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 12:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 12:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/12/11 08:45:28 | 000,292,136 | ---- | M] () -- C:\Program Files\CheckPoint\Tray\DNTray.exe
PRC - [2008/12/11 08:45:06 | 000,530,728 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe
PRC - [2008/11/25 14:38:12 | 000,114,688 | ---- | M] (Ernst & Young) -- C:\Program Files\RBManager\RBManager.exe
PRC - [2008/11/09 20:38:40 | 006,608,192 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
PRC - [2008/11/09 20:38:40 | 000,244,536 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
PRC - [2008/10/23 20:07:02 | 003,298,856 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/09/22 12:08:46 | 000,065,536 | ---- | M] (Ernst & Young) -- C:\Program Files\eyutils\SMSTOOLS\EYSelectTrayApp.exe
PRC - [2008/05/08 17:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2008/05/08 17:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/04/13 01:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2007/01/30 07:57:00 | 000,073,728 | ---- | M] (Ernst & Young) -- C:\Program Files\eyutils\Expire.exe
PRC - [2007/01/11 12:57:20 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/05 08:36:10 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcqcoms.exe
PRC - [2006/12/05 08:35:58 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 9300 Series\ezprint.exe
PRC - [2006/01/25 12:55:04 | 000,495,616 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2006/01/10 12:30:04 | 000,491,520 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2004/03/19 03:21:48 | 000,151,552 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Timbuktu Pro\tb2logon.exe
PRC - [2004/03/19 03:21:38 | 000,208,967 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Timbuktu Pro\tb2launch.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/24 08:00:00 | 000,171,072 | ---- | M] () -- C:\WINDOWS\Temp\GLC2BE.tmp
MOD - [2011/12/29 20:40:38 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/21 08:40:53 | 000,069,632 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\documentum.appconnector.locale\6.6.0.35__d8533ca61944ee9d_46ee7a3c\documentum.appconnector.locale.dll
MOD - [2011/11/21 08:40:53 | 000,016,896 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\documentum.appconnector.logging\6.6.0.35__d8533ca61944ee9d_b61266d1\documentum.appconnector.logging.dll
MOD - [2011/11/21 08:40:53 | 000,008,192 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\documentum.appconnector.localemanager\6.6.0.35__d8533ca61944ee9d_87e58c2d\documentum.appconnector.localemanager.exe
MOD - [2011/11/21 08:40:52 | 000,049,152 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\documentum.appconnector.credentials\6.6.0.35__d8533ca61944ee9d_1f71fe96\documentum.appconnector.credentials.dll
MOD - [2011/11/21 08:40:45 | 000,417,792 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\log4net\1.2.9.0__b32731d11ce58905_5a6c4afb\log4net.dll
MOD - [2011/11/20 23:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/04 20:38:45 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
MOD - [2011/11/04 20:38:10 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/11/04 20:38:07 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
MOD - [2011/11/04 20:37:44 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/11/04 20:35:26 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/11/04 20:35:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/11/04 20:35:04 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/11/04 20:33:43 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/11/04 20:33:34 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/25 11:29:15 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_16b29759\mscorlib.dll
MOD - [2011/10/25 11:29:09 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a7dfe054\system.xml.dll
MOD - [2011/10/25 11:29:05 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a50dc9a0\system.windows.forms.dll
MOD - [2011/10/25 11:28:58 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a9827795\system.dll
MOD - [2011/10/25 11:28:50 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2011/10/25 11:28:50 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/25 11:24:57 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/25 11:24:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/25 11:24:56 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/25 11:24:54 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/25 11:24:54 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/25 11:24:53 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/25 11:24:45 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/25 11:24:43 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/25 11:24:42 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/25 11:24:40 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/17 10:29:34 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/06/17 10:29:33 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/06/17 10:29:32 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/06/17 10:29:32 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/06/17 10:29:30 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/06/17 10:29:30 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/06/17 10:29:30 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/06/17 10:29:30 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/06/17 10:29:30 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/06/17 10:29:29 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/06/17 10:29:29 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/06/17 10:29:29 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/06/17 10:29:29 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/05/14 13:24:57 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/05/14 13:24:57 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/05/14 13:24:57 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/05/14 13:24:57 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/05/14 13:24:57 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/05/14 13:24:56 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/05/14 13:24:56 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/05/14 13:24:56 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/05/14 13:24:56 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/05/14 13:24:56 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/05/14 13:24:56 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/05/14 13:24:56 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/05/14 13:24:55 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/05/14 13:24:55 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/05/14 13:24:55 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/05/14 13:24:55 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/05/14 13:24:55 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/05/14 13:24:55 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/05/14 13:24:55 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/05/14 13:24:54 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/05/14 13:24:54 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/05/14 13:24:54 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/05/14 13:24:54 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/05/14 13:24:54 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/05/14 13:24:54 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/05/14 13:24:54 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/05/14 13:24:54 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/05/14 13:24:54 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/05/14 13:24:53 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/05/14 13:24:53 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/05/14 13:24:53 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/05/14 13:24:53 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/05/14 13:24:53 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/05/14 13:24:52 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/05/14 13:21:46 | 000,442,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\WicFileFormat-PlatOpt\1.1.7323.4563__b0cfd8589c27b05f\WicFileFormat-PlatOpt.dll
MOD - [2011/05/14 13:21:45 | 000,086,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\VirtualCollectionBase-Defs-PlatReq\1.0.7323.4563__b0cfd8589c27b05f\VirtualCollectionBase-Defs-PlatReq.dll
MOD - [2011/03/08 14:26:38 | 000,135,168 | ---- | M] () -- C:\WINDOWS\system32\LogonAgentAPI.dll
MOD - [2009/12/22 14:26:53 | 000,135,763 | ---- | M] () -- C:\WINDOWS\system32\CCM\Cache\EY000365.1.S-1-5-21-3814449816-1147414744-3287126245-22307\smsADPET141.EXE
MOD - [2009/09/23 11:04:06 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/09/23 11:04:05 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2009/09/23 11:04:01 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/09/23 11:04:00 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll

OTL Extras logfile created on: 1/24/2012 9:00:02 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mcmahfr\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.90 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 43.68% Memory free
3.74 Gb Paging File | 2.52 Gb Available in Paging File | 67.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 67.91 Gb Free Space | 45.57% Space Free | Partition Type: NTFS

Computer Name: US011031032-02 | User Name: mcmahfr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\standardprofile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Microsoft Lync\communicator.exe" = C:\Program Files\Microsoft Lync\communicator.exe:*:Enabled:Microsoft Lync 2010 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Lync\UcMapi.exe" = C:\Program Files\Microsoft Lync\UcMapi.exe:*:Enabled:UcMapi -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\system32\lxcqcoms.exe" = C:\WINDOWS\system32\lxcqcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{03E66D42-8B01-4127-A320-637B2ED2920D}" = EMC Documentum Application Connectors 6.6
"{050569C7-DA4C-49C7-B672-C435B7BCFFBC}" = Tax Screen Saver 3.0
"{0527509C-2381-48BA-87A0-DBC92A8FFE81}" = EY Workplace - At Your Service
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0608812E-E2BB-416B-AFB8-51F30CC78431}" = ZipMail V10 for Lotus Notes
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E040783-972F-4F83-A6FA-8C6001DCE715}" = Cassetica Software NotesMedic 5.0
"{0E480961-80C0-4A15-AF77-58113232E238}" = Tax Interest 2011.4
"{11849FBC-C416-4742-8279-17C3A2C85F72}" = Microsoft Lync 2010
"{140070AB-53AC-4B00-B818-0037791577A0}" = X1
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17E67191-2F5E-45D4-A8A7-BF7238818CBE}" = iPassConnect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24EDE4DA-3852-4BCA-BE6C-04D43BBDB2DF}" = EYRC Route Program
"{2518F0A1-EAF9-4DD4-BFE9-ECFB8D7772F0}" = Time Tracker Excel Template 4.2
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D39B47A-56AF-45E5-ACC9-821FC92A7F80}" = EY Americas Desktop Reference 4.2
"{2D41D8AE-F122-413E-A7C5-B6D86F22F5CA}" = Visual Identity Templates 2009
"{2FF43F5D-5729-4E02-A548-310E30A5F29B}" = Microsoft CAPICOM 2.1.0.2 SDK
"{31B33270-24D7-4307-84F2-A3288636B83A}" = Check Point Endpoint Security - Full Disk Encryption
"{32B47B57-F395-4C16-86C9-C9D54DF60B06}" = Global Self Help
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34843AB3-8DBA-4388-8838-080635E1EDB6}" = SwiftFile 4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = EY Personal Backup Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5CBA9D-11D6-4652-A03E-4B41D17F06CD}" = EY Tune Up
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{48336530-E7A6-4D90-8B5E-2B3DB0FE5210}" = ECMAgent4.9.0.54
"{4A39A27F-005B-407E-8CF5-F4D8065658E4}" = SMS Advanced Client
"{4E4E3C9D-42CF-4A9E-AE65-4E741EA59216}" = BTS - Winning Annuity Relationships 2009.04
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4FD4C0D3-DA93-4132-82C6-177385E41868}" = EY Branding Zone
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{55D8CC23-855C-4C8D-83EB-859980EF6015}" = SALT Tools 2011.11
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5C94EAEB-D776-4164-BBD1-B6B99BAA5290}" = IP Presence
"{5ECC898D-84FD-43AE-96D5-12DF9AD8A52D}" = Circular 230 Ver 2.1
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6BF89F80-9696-4F3A-A61B-B02E1CECBA02}" = Pointsec Protector Client
"{6D3E9027-5DD4-43F7-8C3B-43D7B936F9D7}" = Timbuktu Pro for Windows build 933
"{6EFD662B-6954-460A-8A55-05638D1FF622}" = Tax Practice Guidance & Tools
"{7870AED4-EC6C-419F-99D6-22649D926CB0}" = LDI eDocs
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E35E114-A869-4434-AE5C-8DB606DF3944}" = Adobe SVG Viewer 3.03
"{7E396E6A-0555-47D1-8AFD-A8BE834899A7}" = Prohibitive Word Checker
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82AFAC3E-A0EA-11D3-BFAC-00C04F60824A}" = IBM Lotus Web Conferencing Print Capture
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{858B0B8C-4C88-4044-9A6A-42902D4D59A6}" = Visual Identity Fonts 2009
"{863998CC-4552-43BB-82F2-4BD2AE737196}" = EY AD Password Expiration Tool 1.4.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90FF8B1D-1A81-476C-83F3-1F8D71C1CFC0}" = ACS Offline Course Manager
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E5BAB1C-7BBC-4E29-9CE3-7CA50F8F0E12}" = Visual Studio Runtime v6 SP5
"{9F91B6C4-E892-4978-A571-B5A32BC2082C}" = Symantec AntiVirus
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A6727C31-699D-495A-918E-82C8083272B7}" = eDocs 2.0 Switch Utility
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5676-5A64-900000000003}" = Adobe Reader Extended Language Support Font Pack
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B48795E5-6F0D-42F0-BCB8-CC30B1AA2AE3}" = Resolver Ballot 6.0.11 NA
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6334245-D9F3-4E15-A8C8-A7BF98D6E7E9}" = EY Signer 1.4
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8341C05-AFB8-43D2-A977-40A5126944F8}" = Kontiki Delivery Manager
"{BA9E20A1-3C1E-4DA8-80D1-C250A0F8DB87}" = EY Reserve Personal Access 5.0.1
"{BB75CCF7-5020-4258-A755-86D300774F55}" = EYHelp3 Fast Path 11.2008
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C10C13CD-9130-4D30-ADD8-5D348A6556DE}" = Visual Identity Americas Wallpaper
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9603D6E-FC80-452E-A85D-CE29D4302AAD}" = Microsoft WSE 2.0 SP1 Runtime
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC70BA1A-956A-4BB4-B5C0-0FE9904AC8C2}" = PowerPoint Default Template 2007
"{CCF0E404-9359-4B19-A04D-1F22C034BA31}" = Analyze Workbook
"{CD2415FF-1A01-4664-8B14-B1D44A5BA0EC}" = State Bonus Depreciation 2011.8
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D178299E-39AE-416E-9E53-B0A3C2586CBA}" = Lotus Notes 8.0.2
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4756C12-4517-42DD-9641-0D131B1B9467}" = EMC Documentum Application Connectors 5.3
"{D91EEFEB-965F-4975-9094-14808CC0D651}" = Windows Media Player 11
"{D9D59F48-E4AC-4106-8B50-907BF0349CDC}" = QuickView Plus
"{DA22E147-0FCA-4427-8326-AE5EF92BCB47}" = EY Tagline Font
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E4052E8B-8E57-4385-B049-2E58820CEFEB}" = Analyze Workbook
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB0BB7E4-1FE8-402F-91C6-664ACCEF9070}" = Loadset Information
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"{FF4FA23E-C8E1-403B-91DE-9014D0B8DD2C}" = ECM Remote Client
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Standard
"Adobe Acrobat 8 Standard - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aventail10" = Aventail Connect 10.0.4.35
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"B5894A99D82BE9BEE60448B8E8ABD734024DE1D9" = Windows Driver Package - CLiKAPAD Driver Package (05/19/2006 2.00.00)
"CleanUp!" = CleanUp!
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Connection Wizard" = Connection Wizard
"CyberArmor" = CyberArmor 4.0.100415
"Digital Editions" = Adobe Digital Editions
"EY eDocs" = EY eDocs
"FinePrint" = FinePrint
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Juniper Odyssey Access Client" = Juniper Odyssey Access Client 5.2
"Lexis Citation Tools 2003" = LexLink v8.4
"Lexmark 9300 Series" = Lexmark 9300 Series
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Micrografx FlowCharter Viewer 7" = Micrografx FlowCharter Viewer 7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MS Fax Viewer" = MS Fax Viewer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"pdfFactory Pro" = pdfFactory Pro
"Power Management Driver" = ThinkPad Power Management Driver
"PROPLUS" = Microsoft Office Professional Plus 2007
"Q282784" = Windows XP Hotfix (SP1) [See Q282784 for more information]
"Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
"ST6UNST #1" = Custom Import Tool 1.1.37
"TrackPoint" = ThinkPad TrackPoint Driver
"TurboTax 2010" = TurboTax 2010
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e1cbb738e2e082e" = EPIC Americas

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2012 11:49:44 AM | Computer Name = US011031032-02 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 1/23/2012 11:49:44 AM | Computer Name = US011031032-02 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 1/23/2012 11:49:44 AM | Computer Name = US011031032-02 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 1/23/2012 11:49:44 AM | Computer Name = US011031032-02 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 1/23/2012 11:49:44 AM | Computer Name = US011031032-02 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 1/23/2012 11:49:44 AM | Computer Name = US011031032-02 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 1/23/2012 11:49:44 AM | Computer Name = US011031032-02 | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 1/23/2012 11:51:56 AM | Computer Name = US011031032-02 | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(78:a3:e4:0c:a8:[email protected]::7aa3:e4ff:fe0c:a8c3._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 1/24/2012 8:49:54 AM | Computer Name = US011031032-02 | Source = WSH | ID = 1
Description = Title: Grc.dat Installer Error code: N/A Message: Installation of "Grc.dat
Installer" Failed

Error - 1/24/2012 8:49:54 AM | Computer Name = US011031032-02 | Source = EYInstaller_Grc.dat Installer | ID = 44
Description =

[ OSession Events ]
Error - 11/2/2011 12:09:41 PM | Computer Name = US011031032-02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 277
seconds with 180 seconds of active time. This session ended with a crash.

[ Pointsec Events ]
Error - 12/3/2011 6:12:52 PM | Computer Name = US011031032-02 | Source = prot_srv | ID = 462753
Description = The recovery file could not be created: process failed.

Error - 12/3/2011 6:13:24 PM | Computer Name = US011031032-02 | Source = prot_srv | ID = 462753
Description = The recovery file could not be created: process failed.

Error - 12/3/2011 6:13:24 PM | Computer Name = US011031032-02 | Source = prot_srv | ID = 462753
Description = The recovery file could not be created: process failed.

Error - 12/3/2011 6:15:21 PM | Computer Name = US011031032-02 | Source = prot_srv | ID = 462753
Description = The recovery file could not be created: process failed.

Error - 12/3/2011 6:15:37 PM | Computer Name = US011031032-02 | Source = prot_srv | ID = 462753
Description = The recovery file could not be created: process failed.

Error - 12/3/2011 6:15:38 PM | Computer Name = US011031032-02 | Source = prot_srv | ID = 462753
Description = The recovery file could not be created: process failed.

Error - 12/3/2011 6:15:55 PM | Computer Name = US011031032-02 | Source = prot_srv | ID = 462753
Description = The recovery file could not be created: process failed.

Error - 12/3/2011 6:15:55 PM | Computer Name = US011031032-02 | Source = prot_srv | ID = 462753
Description = The recovery file could not be created: process failed.

Error - 12/3/2011 6:30:54 PM | Computer Name = US011031032-02 | Source = prot_srv | ID = 462753
Description = The recovery file could not be created: process failed.

Error - 12/3/2011 6:31:25 PM | Computer Name = US011031032-02 | Source = prot_srv | ID = 462753
Description = The recovery file could not be created: process failed.

[ System Events ]
Error - 1/22/2012 9:43:04 PM | Computer Name = US011031032-02 | Source = DCOM | ID = 10010
Description = The server {8C9813D0-9FEA-4F37-AAF0-89D9C805B89F} did not register
with DCOM within the required timeout.

Error - 1/23/2012 9:33:27 AM | Computer Name = US011031032-02 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain US due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 1/23/2012 9:40:51 AM | Computer Name = US011031032-02 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00216A4B58AA has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/23/2012 10:01:31 AM | Computer Name = US011031032-02 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.101
with the system having network hardware address 78:A3:E4:0C:A8:C3. Network operations
on this system may be disrupted as a result.

Error - 1/23/2012 10:01:31 AM | Computer Name = US011031032-02 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.101
with the system having network hardware address 78:A3:E4:0C:A8:C3. Network operations
on this system may be disrupted as a result.

Error - 1/24/2012 6:15:44 AM | Computer Name = US011031032-02 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/24/2012 6:15:44 AM | Computer Name = US011031032-02 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/24/2012 6:15:46 AM | Computer Name = US011031032-02 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/24/2012 6:15:46 AM | Computer Name = US011031032-02 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/24/2012 8:48:08 AM | Computer Name = US011031032-02 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain US due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
You posted only a small part of the OTL.txt file. Please copy/paste the entire file in your next reply. :thumbsup:
  • 0

#5
FaMaK

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
sorry!

OTL logfile created on: 1/24/2012 9:00:02 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mcmahfr\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.90 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 43.68% Memory free
3.74 Gb Paging File | 2.52 Gb Available in Paging File | 67.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 67.91 Gb Free Space | 45.57% Space Free | Partition Type: NTFS

Computer Name: US011031032-02 | User Name: mcmahfr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 08:59:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.com
PRC - [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/05/17 10:49:42 | 000,045,056 | ---- | M] (Documentum, a division of EMC Corporation) -- C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe
PRC - [2011/05/17 10:49:42 | 000,045,056 | ---- | M] (Documentum, a division of EMC Corporation) -- C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.CredentialManager.exe
PRC - [2011/03/08 15:10:48 | 000,858,792 | ---- | M] (Check Point Software Tech Ltd) -- C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
PRC - [2011/03/08 15:10:36 | 000,658,088 | ---- | M] (Check Point Software Tech Ltd) -- C:\WINDOWS\system32\Prot_srv.exe
PRC - [2011/03/08 15:10:36 | 000,232,104 | ---- | M] (Check Point Software Tech Ltd) -- C:\WINDOWS\system32\pstartSr.exe
PRC - [2011/02/23 16:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/12 12:52:00 | 000,253,104 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngmonitor.exe
PRC - [2010/07/12 12:50:16 | 000,240,816 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
PRC - [2010/06/09 01:28:22 | 000,931,184 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odTray.exe
PRC - [2010/06/09 01:28:18 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
PRC - [2010/06/09 00:58:00 | 000,152,944 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
PRC - [2010/06/08 18:54:12 | 000,398,704 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\Endpoint Defense\dsEES.exe
PRC - [2010/06/02 14:05:00 | 000,070,144 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
PRC - [2010/05/21 01:05:10 | 000,198,000 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2010/04/15 10:24:18 | 000,081,920 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcshelp.exe
PRC - [2010/04/15 10:23:40 | 000,954,416 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcs.exe
PRC - [2010/04/15 10:23:10 | 000,077,824 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\casvc.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/22 14:26:53 | 000,135,763 | ---- | M] () -- C:\WINDOWS\system32\CCM\Cache\EY000365.1.S-1-5-21-3814449816-1147414744-3287126245-22307\smsADPET141.EXE
PRC - [2009/09/01 12:15:56 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/01 12:15:50 | 000,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2009/09/01 12:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/01 12:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/03 12:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 12:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 12:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/12/11 08:45:28 | 000,292,136 | ---- | M] () -- C:\Program Files\CheckPoint\Tray\DNTray.exe
PRC - [2008/12/11 08:45:06 | 000,530,728 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe
PRC - [2008/11/25 14:38:12 | 000,114,688 | ---- | M] (Ernst & Young) -- C:\Program Files\RBManager\RBManager.exe
PRC - [2008/11/09 20:38:40 | 006,608,192 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
PRC - [2008/11/09 20:38:40 | 000,244,536 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
PRC - [2008/10/23 20:07:02 | 003,298,856 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/09/22 12:08:46 | 000,065,536 | ---- | M] (Ernst & Young) -- C:\Program Files\eyutils\SMSTOOLS\EYSelectTrayApp.exe
PRC - [2008/05/08 17:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2008/05/08 17:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/04/13 01:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2007/01/30 07:57:00 | 000,073,728 | ---- | M] (Ernst & Young) -- C:\Program Files\eyutils\Expire.exe
PRC - [2007/01/11 12:57:20 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/05 08:36:10 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcqcoms.exe
PRC - [2006/12/05 08:35:58 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 9300 Series\ezprint.exe
PRC - [2006/01/25 12:55:04 | 000,495,616 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2006/01/10 12:30:04 | 000,491,520 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2004/03/19 03:21:48 | 000,151,552 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Timbuktu Pro\tb2logon.exe
PRC - [2004/03/19 03:21:38 | 000,208,967 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Timbuktu Pro\tb2launch.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/24 08:00:00 | 000,171,072 | ---- | M] () -- C:\WINDOWS\Temp\GLC2BE.tmp
MOD - [2011/12/29 20:40:38 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/21 08:40:53 | 000,069,632 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\documentum.appconnector.locale\6.6.0.35__d8533ca61944ee9d_46ee7a3c\documentum.appconnector.locale.dll
MOD - [2011/11/21 08:40:53 | 000,016,896 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\documentum.appconnector.logging\6.6.0.35__d8533ca61944ee9d_b61266d1\documentum.appconnector.logging.dll
MOD - [2011/11/21 08:40:53 | 000,008,192 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\documentum.appconnector.localemanager\6.6.0.35__d8533ca61944ee9d_87e58c2d\documentum.appconnector.localemanager.exe
MOD - [2011/11/21 08:40:52 | 000,049,152 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\documentum.appconnector.credentials\6.6.0.35__d8533ca61944ee9d_1f71fe96\documentum.appconnector.credentials.dll
MOD - [2011/11/21 08:40:45 | 000,417,792 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\log4net\1.2.9.0__b32731d11ce58905_5a6c4afb\log4net.dll
MOD - [2011/11/20 23:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/04 20:38:45 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
MOD - [2011/11/04 20:38:10 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/11/04 20:38:07 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
MOD - [2011/11/04 20:37:44 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/11/04 20:35:26 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/11/04 20:35:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/11/04 20:35:04 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/11/04 20:33:43 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/11/04 20:33:34 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/25 11:29:15 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_16b29759\mscorlib.dll
MOD - [2011/10/25 11:29:09 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a7dfe054\system.xml.dll
MOD - [2011/10/25 11:29:05 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a50dc9a0\system.windows.forms.dll
MOD - [2011/10/25 11:28:58 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a9827795\system.dll
MOD - [2011/10/25 11:28:50 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2011/10/25 11:28:50 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/25 11:24:57 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/25 11:24:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/25 11:24:56 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/25 11:24:54 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/25 11:24:54 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/25 11:24:53 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/25 11:24:45 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/25 11:24:43 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/25 11:24:42 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/25 11:24:40 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/17 10:29:34 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/06/17 10:29:33 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/06/17 10:29:32 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/06/17 10:29:32 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/06/17 10:29:30 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/06/17 10:29:30 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/06/17 10:29:30 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/06/17 10:29:30 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/06/17 10:29:30 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/06/17 10:29:29 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/06/17 10:29:29 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/06/17 10:29:29 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/06/17 10:29:29 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/05/14 13:24:57 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/05/14 13:24:57 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/05/14 13:24:57 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/05/14 13:24:57 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/05/14 13:24:57 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/05/14 13:24:56 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/05/14 13:24:56 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/05/14 13:24:56 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/05/14 13:24:56 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/05/14 13:24:56 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/05/14 13:24:56 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/05/14 13:24:56 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/05/14 13:24:55 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/05/14 13:24:55 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/05/14 13:24:55 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/05/14 13:24:55 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/05/14 13:24:55 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/05/14 13:24:55 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/05/14 13:24:55 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/05/14 13:24:54 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/05/14 13:24:54 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/05/14 13:24:54 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/05/14 13:24:54 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/05/14 13:24:54 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/05/14 13:24:54 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/05/14 13:24:54 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/05/14 13:24:54 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/05/14 13:24:54 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/05/14 13:24:53 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/05/14 13:24:53 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/05/14 13:24:53 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/05/14 13:24:53 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/05/14 13:24:53 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/05/14 13:24:52 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/05/14 13:21:46 | 000,442,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\WicFileFormat-PlatOpt\1.1.7323.4563__b0cfd8589c27b05f\WicFileFormat-PlatOpt.dll
MOD - [2011/05/14 13:21:45 | 000,086,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\VirtualCollectionBase-Defs-PlatReq\1.0.7323.4563__b0cfd8589c27b05f\VirtualCollectionBase-Defs-PlatReq.dll
MOD - [2011/03/08 14:26:38 | 000,135,168 | ---- | M] () -- C:\WINDOWS\system32\LogonAgentAPI.dll
MOD - [2009/12/22 14:26:53 | 000,135,763 | ---- | M] () -- C:\WINDOWS\system32\CCM\Cache\EY000365.1.S-1-5-21-3814449816-1147414744-3287126245-22307\smsADPET141.EXE
MOD - [2009/09/23 11:04:06 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/09/23 11:04:05 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2009/09/23 11:04:01 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/09/23 11:04:00 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2008/12/11 08:45:38 | 000,052,520 | ---- | M] () -- C:\Program Files\CheckPoint\Tray\Sherlock.dll
MOD - [2008/12/11 08:45:28 | 000,292,136 | ---- | M] () -- C:\Program Files\CheckPoint\Tray\DNTray.exe
MOD - [2008/12/11 08:45:18 | 000,075,048 | ---- | M] () -- C:\Program Files\CheckPoint\Pointsec Protector Client\ba_xp.dll
MOD - [2008/12/11 08:34:46 | 000,053,248 | ---- | M] () -- C:\Program Files\CheckPoint\Tray\libexpat.dll
MOD - [2008/12/11 08:34:46 | 000,053,248 | ---- | M] () -- C:\Program Files\CheckPoint\Pointsec Protector Client\libexpat.dll
MOD - [2008/06/26 13:11:10 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\vsctool.dll
MOD - [2007/01/11 12:57:20 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
MOD - [2006/11/13 02:34:58 | 000,115,712 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcqdrui.dll
MOD - [2006/11/13 02:34:16 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcqdrpp.dll
MOD - [2006/11/13 02:33:56 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcqdr.dll
MOD - [2006/11/06 15:52:38 | 000,589,824 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcqhpec.dll
MOD - [2006/11/06 15:52:36 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcqflib.dll
MOD - [2006/10/23 12:54:08 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\lxcqdrs.dll
MOD - [2006/10/23 12:51:08 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 9300 Series\lxcqscw.dll
MOD - [2006/09/29 05:28:14 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\lxcqcaps.dll
MOD - [2006/06/09 00:39:22 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 9300 Series\lxcqdrec.dll
MOD - [2006/05/25 14:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 9300 Series\iptk.dll
MOD - [2004/10/27 04:02:36 | 000,651,264 | ---- | M] () -- C:\Program Files\iPass\iPassConnect\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/13 11:21:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/08 15:10:36 | 000,658,088 | ---- | M] (Check Point Software Tech Ltd) [Auto | Running] -- C:\WINDOWS\system32\Prot_srv.exe -- (Pointsec)
SRV - [2011/03/08 15:10:36 | 000,232,104 | ---- | M] (Check Point Software Tech Ltd) [Auto | Running] -- C:\WINDOWS\system32\pstartSr.exe -- (Pointsec_start)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/18 08:34:58 | 000,073,728 | ---- | M] (Ernst & Young) [On_Demand | Stopped] -- C:\Program Files\Ernst & Young\EY Tune Up\EYTuneUpService.exe -- (EY Tune Up Service)
SRV - [2010/07/12 12:50:16 | 000,240,816 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\system32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2010/06/09 01:28:18 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) [Auto | Running] -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -- (odClientService)
SRV - [2010/06/09 00:58:00 | 000,152,944 | ---- | M] (Juniper Networks) [On_Demand | Running] -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -- (EacService)
SRV - [2010/05/21 01:05:10 | 000,198,000 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2010/04/15 10:23:10 | 000,077,824 | ---- | M] (InfoExpress) [Auto | Running] -- C:\Program Files\CyberArmor\casvc.exe -- (CyberArmorRunService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/01 12:15:50 | 000,116,664 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/01 12:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/01 12:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/03 12:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2009/08/03 12:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2009/03/20 18:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/17 14:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/12/11 08:45:06 | 000,530,728 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe -- (DisknetClient)
SRV - [2008/11/09 20:38:40 | 006,608,192 | ---- | M] (Iron Mountain Incorporated) [Auto | Running] -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService)
SRV - [2008/10/23 20:07:02 | 003,298,856 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/08/08 14:53:16 | 000,031,624 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2008/06/12 21:57:44 | 001,720,320 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2008/05/09 05:53:32 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Disabled | Stopped] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/05/08 17:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2008/05/08 17:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2008/03/14 14:12:24 | 000,102,400 | ---- | M] (Configuresoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe -- (CSIRemoteC)
SRV - [2007/11/03 10:01:28 | 000,032,768 | ---- | M] (Configuresoft, Inc) [Disabled | Stopped] -- C:\WINDOWS\ECM4\Installer\CFC\2.0\bin\CsiWin32SocketListener.exe -- (CSI Socket Listener)
SRV - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/04/13 01:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/05 08:36:10 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcqcoms.exe -- (lxcq_device)
SRV - [2004/03/19 03:21:38 | 000,208,967 | ---- | M] (Netopia, Inc.) [Auto | Running] -- C:\Program Files\Timbuktu Pro\tb2launch.exe -- (Tb2Launch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (Tb2MirrorSys)
DRV - [2011/10/21 22:56:14 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/21 22:56:13 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/29 09:45:46 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120123.002\navex15.sys -- (NAVEX15)
DRV - [2011/07/29 09:45:43 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120123.002\naveng.sys -- (NAVENG)
DRV - [2011/05/13 11:06:52 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
DRV - [2011/05/13 09:36:59 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/03/08 15:09:38 | 000,221,736 | ---- | M] (Check Point Software Tech Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prot_2k.sys -- (prot_2k)
DRV - [2010/10/17 20:14:24 | 006,913,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel®
DRV - [2010/07/18 21:58:34 | 000,822,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/07/12 12:49:30 | 000,025,160 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2010/07/12 12:49:20 | 000,022,600 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2010/07/12 12:49:10 | 000,079,944 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2010/07/12 12:47:00 | 000,027,208 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nglog.sys -- (NgLog)
DRV - [2010/06/09 00:40:12 | 000,282,496 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFips2.sys -- (odFips2)
DRV - [2010/06/09 00:40:12 | 000,009,856 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFips.sys -- (odFips)
DRV - [2010/06/01 12:51:58 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/04/20 23:01:34 | 000,420,336 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprna.sys -- (jnprna)
DRV - [2010/04/20 23:01:34 | 000,029,312 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
DRV - [2010/04/20 23:01:34 | 000,012,288 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jnprva.sys -- (jnprva)
DRV - [2010/04/15 10:53:44 | 000,424,527 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\viexpf2k.sys -- (Viexpf2k)
DRV - [2010/01/27 11:24:44 | 000,021,504 | ---- | M] (InfoExpress) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\viexca2k.sys -- (Viexca2k)
DRV - [2009/06/29 21:59:06 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/29 21:58:26 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/06/29 21:58:22 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/23 11:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/06/14 09:47:12 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2009/06/14 09:47:10 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/12/17 14:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/12/11 08:36:30 | 000,045,696 | ---- | M] (Check Point Software Technologies Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PSG.sys -- (PSG)
DRV - [2008/12/11 08:36:26 | 000,019,072 | ---- | M] (Check Point Software Technologies Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\rmm.sys -- (rmm)
DRV - [2008/12/11 08:36:22 | 000,029,312 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kaeon.sys -- (KAEON)
DRV - [2008/12/11 08:36:18 | 000,056,960 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dvrem.sys -- (dvrem)
DRV - [2008/12/11 08:36:16 | 000,027,136 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DNPFW.sys -- (DNPFW)
DRV - [2008/12/11 08:34:50 | 000,046,592 | ---- | M] (Reflex Magnetics Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rxaes100.sys -- (rxAES100)
DRV - [2008/11/09 20:38:40 | 000,045,384 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV_Tracker.sys -- (LV_Tracker)
DRV - [2008/09/19 15:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/04/13 19:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/26 01:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/04 15:53:39 | 000,015,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmx_svga.sys -- (vmx_svga)
DRV - [2007/07/26 18:44:16 | 000,028,288 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmxnet.sys -- (vmxnet)
DRV - [2007/07/26 18:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/13 01:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2005/11/30 18:30:14 | 000,010,880 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)
DRV - [2001/08/17 07:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=USWEB:80;http=USWEB:80;https=USWEB:80

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/08 07:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/04 07:24:29 | 000,000,000 | ---D | M]

[2011/12/08 07:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\Extensions
[2011/05/19 12:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcmahfr\Application Data\Mozilla\eclipse\extensions
[2011/12/08 07:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/25 09:41:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/22 02:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/05/13 10:47:35 | 000,000,779 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 199.52.42.94 ussecameysdusr.us.na.ey.net
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (LexLink IE ToolBar) - {CBAA6F21-985C-11D4-A02B-00B0D073E889} - C:\Program Files\LexisNexis\CHCKCITE\llieobj.dll (LexisNexis)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Iron Mountain Incorporated)
O4 - HKLM..\Run: [AppConnectorCredentialMgr] C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.CredentialManager.exe (Documentum, a division of EMC Corporation)
O4 - HKLM..\Run: [AppConnectorLocaleMgr] C:\Program Files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe (Documentum, a division of EMC Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Check Point Endpoint Tray Application] C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe (InfoExpress)
O4 - HKLM..\Run: [DN4TRAY] C:\Program Files\CheckPoint\Tray\DNTray.exe ()
O4 - HKLM..\Run: [ey_kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 9300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LXCQCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcqmon.exe] C:\Program Files\Lexmark 9300 Series\lxcqmon.exe ()
O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (Juniper Networks, Inc.)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)
O4 - HKLM..\Run: [Recycle Bin Manager] C:\Program Files\RBManager\RBManager.exe (Ernst & Young)
O4 - HKLM..\Run: [TLogonPath] C:\Program Files\Timbuktu Pro\Tb2Logon.exe (Netopia, Inc.)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZEYViewer] C:\Program Files\eyutils\SMSTOOLS\EYSelectTrayApp.exe (Ernst & Young)
O4 - HKU\.DEFAULT..\RunOnce: [Odyssey520FixDel] reg delete "HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\Juniper_Odyssey_520_Fix" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [QuickLaunch] C:\Windows\EYINST\TOOLS\TOGGLEQL.EXE ()
O4 - HKU\S-1-5-18..\RunOnce: [Odyssey520FixDel] reg delete "HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\Juniper_Odyssey_520_Fix" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [QuickLaunch] C:\Windows\EYINST\TOOLS\TOGGLEQL.EXE ()
O4 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe (Steven R. Gould)
O4 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307..\RunOnce: [ProxyOn] C:\Program Files\ConnWiz\ProxyOn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: com.mx ([www.tuproteccion] https in Trusted sites)
O15 - HKLM\..Trusted Domains: eformRS.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: elementk.com ([contentserver] http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ey.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eygtt.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eyleads.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eylink.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyqa.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyqa.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: eyua.net ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: eyua.net ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: fasttax.com ([gosystemrs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: fincad.com ([ey] http in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: intellinex-asp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: lexis.com ([web] http in Trusted sites)
O15 - HKLM\..Trusted Domains: raindance.com ([intellinex] http in Trusted sites)
O15 - HKLM\..Trusted Domains: riahome.com ([insourcers] https in Trusted sites)
O15 - HKLM\..Trusted Domains: riahome.com ([support2] https in Trusted sites)
O15 - HKLM\..Trusted Domains: smarttrainer4.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: surveymonkey.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: taleo.net ([ey] http in Trusted sites)
O15 - HKLM\..Trusted Domains: thomson.com ([gosystem] https in Trusted sites)
O15 - HKLM\..Trusted Domains: thomsonib.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: xtremelearning.com ([cserver] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {12BE5614-761F-42A0-8458-ED2009EB1366} https://print-global...n/ADPrtCTRL.CAB (ADPrtCTRL.ucADPrtctrl)
O16 - DPF: {329ADA79-A81B-42DA-BFF4-DC124B075EF0} http://gfisclienteng...SZIPUtility.CAB (GFISZipUtility.GFISZIP)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {BAC4A6B1-588F-495C-9074-B1C3A50AB3B7} https://gfis.iweb.ey...ex/AuthPost.CAB (AuthPost.Class1)
O16 - DPF: {C5A27D6A-4659-4351-9B7F-45E40BE42715} https://print-global...ugin/EYGPWS.CAB (gpwsx.plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://billcam.axisc...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.leagueath...com/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A854150-194E-4CED-BBF1-828DB1C4C5C5}: Domain = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15AE1FED-7298-4563-9409-89AD45378476}: Domain = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F110215-D786-4FE0-88F4-39931D83E7FE}: Domain = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8167A1D7-D7B8-49CA-B76C-96F4A08C3AAF}: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8167A1D7-D7B8-49CA-B76C-96F4A08C3AAF}: Domain = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADC56453-A0F1-487D-9E98-FDC0BA9FB6A5}: NameServer = 199.52.174.11 199.49.100.12
O20 - AppInit_DLLs: (cahooknt.dll) -C:\WINDOWS\System32\cahooknt.dll (InfoExpress)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (pssogina.dll) -C:\WINDOWS\System32\PssoGina.dll (Check Point Software Tech Ltd)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\OdysseyClient: DllName - (odyEvent.dll) - C:\WINDOWS\System32\odyEvent.dll (Juniper Networks, Inc.)
O20 - Winlogon\Notify\Timbuktu Pro: DllName - (C:\Program Files\Timbuktu Pro\Hook32.dll) - C:\Program Files\Timbuktu Pro\HOOK32.DLL (Netopia, Inc.)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/21 23:42:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 08:59:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.com
[2011/12/29 16:29:58 | 000,034,304 | ---- | C] (Ernst & Young) -- C:\WINDOWS\System32\PushnPullClient.exe
[2011/12/28 11:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/28 11:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/28 11:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/06 11:01:16 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqserv.dll
[2011/09/06 11:01:16 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqusb1.dll
[2011/09/06 11:01:16 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqhbn3.dll
[2011/09/06 11:01:16 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqpmui.dll
[2011/09/06 11:01:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqlmpm.dll
[2011/09/06 11:01:16 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqinpa.dll
[2011/09/06 11:01:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqiesc.dll
[2011/09/06 11:01:16 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqih.exe
[2011/09/06 11:01:16 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCQhcp.dll
[2011/09/06 11:01:16 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqprox.dll
[2011/09/06 11:01:16 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqpplc.dll
[2011/09/06 11:01:15 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcomc.dll
[2011/09/06 11:01:15 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcoms.exe
[2011/09/06 11:01:15 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcomm.dll
[2011/09/06 11:01:15 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcqcfg.exe
[2011/05/13 10:09:13 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/01/24 09:10:00 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EA494441-F69A-43C3-A686-5D1D09A796E0}.job
[2012/01/24 09:10:00 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{96A33348-B7F8-4E8E-A7FA-06035588176D}.job
[2012/01/24 08:59:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcmahfr\Desktop\OTL.com
[2012/01/24 06:08:00 | 000,000,187 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/01/24 04:03:03 | 000,014,088 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP141.SYS
[2012/01/22 21:42:35 | 011,497,472 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2012/01/22 21:42:35 | 003,542,016 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2012/01/22 20:41:45 | 000,000,495 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012/01/22 20:38:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/22 20:38:24 | 2038,411,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/22 20:17:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 21:43:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/18 23:38:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/18 19:56:42 | 000,000,245 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2012/01/13 07:08:24 | 000,008,981 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Application Data\1ca163d6
[2012/01/13 07:08:24 | 000,008,929 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\d478afd3
[2012/01/13 07:08:24 | 000,008,891 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\c2c5364a
[2012/01/13 06:54:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2012/01/12 11:06:49 | 000,004,592 | ---- | M] () -- C:\WINDOWS\System32\logo.jpg
[2012/01/06 08:56:38 | 000,118,083 | ---- | M] () -- C:\Documents and Settings\mcmahfr\My Documents\Tax Alert - Tangible property regulations.pdf
[2012/01/03 21:16:29 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/03 11:37:33 | 000,082,867 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Desktop\aicpa invoice.pdf
[2011/12/29 20:40:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/29 16:29:58 | 000,034,304 | ---- | M] (Ernst & Young) -- C:\WINDOWS\System32\PushnPullClient.exe
[2011/12/28 11:29:37 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/26 17:07:05 | 000,352,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/26 11:27:56 | 000,001,067 | ---- | M] () -- C:\WINDOWS\System32\PushnPullClient.exe.config

========== Files Created - No Company Name ==========

[2012/01/13 06:54:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2012/01/12 23:14:18 | 2038,411,264 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/12 22:38:24 | 000,008,981 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Application Data\1ca163d6
[2012/01/12 22:38:24 | 000,008,929 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\d478afd3
[2012/01/12 22:38:24 | 000,008,891 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\c2c5364a
[2012/01/06 08:56:38 | 000,118,083 | ---- | C] () -- C:\Documents and Settings\mcmahfr\My Documents\Tax Alert - Tangible property regulations.pdf
[2012/01/03 11:37:33 | 000,082,867 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Desktop\aicpa invoice.pdf
[2011/12/28 11:29:37 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/26 11:27:56 | 000,001,067 | ---- | C] () -- C:\WINDOWS\System32\PushnPullClient.exe.config
[2011/11/21 08:41:43 | 000,204,880 | ---- | C] () -- C:\WINDOWS\Rem_EY_eDocs40.EXE
[2011/10/12 10:00:10 | 000,000,218 | ---- | C] () -- C:\WINDOWS\WTXI.INI
[2011/09/07 13:30:24 | 001,049,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/06 11:07:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcqvs.dll
[2011/09/06 11:07:41 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcqcoin.dll
[2011/09/06 11:07:27 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcqdrs.dll
[2011/09/06 11:07:27 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcqcaps.dll
[2011/09/06 11:07:27 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcqcnv4.dll
[2011/09/06 11:07:16 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\lxcqrwrd.ini
[2011/09/06 11:01:16 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCQinst.dll
[2011/09/06 11:01:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxcqgrd.dll
[2011/08/21 09:14:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/08/21 09:14:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/08/21 09:14:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/08/21 09:14:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/08/21 09:14:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/08/21 09:14:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/07/23 13:08:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/20 21:55:21 | 000,071,968 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/26 10:18:16 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 09:20:07 | 000,000,187 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2011/06/01 13:19:41 | 000,001,304 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/05/23 16:58:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tb2pro.INI
[2011/05/14 16:18:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/13 11:17:24 | 000,547,164 | ---- | C] () -- C:\WINDOWS\RemCFIT1137.EXE
[2011/05/13 11:13:29 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\fusioncache.dat
[2011/05/13 11:09:14 | 000,154,152 | ---- | C] () -- C:\WINDOWS\RemRBMgr.EXE
[2011/05/13 11:06:52 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\iPassI5Installer.exe
[2011/05/13 10:52:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\eyprobe.exe
[2011/05/13 10:09:17 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/05/13 10:09:13 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/05/13 10:09:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/03/08 15:10:38 | 000,141,992 | ---- | C] () -- C:\WINDOWS\System32\NovPwd32.dll
[2011/03/08 14:26:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\LogonAgentAPI.dll
[2010/07/12 12:53:48 | 000,127,664 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2010/07/12 12:52:20 | 000,015,024 | ---- | C] () -- C:\WINDOWS\ngutil.exe
[2010/06/09 00:40:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\odFIPS2.sys.icv
[2009/09/23 14:56:11 | 000,146,432 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/09/23 13:43:55 | 000,047,633 | ---- | C] () -- C:\WINDOWS\System32\wuwuninst.exe
[2009/09/23 12:18:26 | 000,424,527 | ---- | C] () -- C:\WINDOWS\System32\drivers\viexpf2k.sys
[2009/09/23 12:18:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vsctool.dll
[2009/09/23 11:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tb2Desk.INI
[2009/09/23 10:57:24 | 000,000,504 | ---- | C] () -- C:\WINDOWS\LOADSET.INI
[2009/09/23 10:57:24 | 000,000,245 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/11/09 20:38:40 | 000,045,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV_Tracker.sys
[2008/10/22 08:08:39 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/10/22 08:08:32 | 000,504,846 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/22 08:08:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/10/22 08:08:32 | 000,089,058 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/22 08:08:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/10/22 08:08:30 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/10/22 08:08:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/10/22 08:08:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/10/22 08:08:15 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/10/22 08:08:15 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/10/22 08:07:53 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/10/22 08:07:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/10/22 00:36:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/22 00:35:24 | 000,352,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/22 00:20:05 | 000,000,495 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/21 23:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/21 23:40:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/09 05:53:34 | 000,418,008 | ---- | C] () -- C:\WINDOWS\System32\WuWUI.exe
[2007/10/31 09:56:34 | 000,000,647 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dat
[2006/08/21 14:45:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
[2004/01/07 12:30:30 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\Libjcc.dll
[1999/05/24 02:26:42 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\FdfTk.dll
[1999/05/24 02:23:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\FdfAcX.dll

< End of report >
  • 0

#6
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O37 - HKU\S-1-5-21-3814449816-1147414744-3287126245-22307\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2012/01/13 07:08:24 | 000,008,981 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Application Data\1ca163d6
    [2012/01/13 07:08:24 | 000,008,929 | ---- | M] () -- C:\Documents and Settings\mcmahfr\Local Settings\Application Data\d478afd3
    [2012/01/13 07:08:24 | 000,008,891 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\c2c5364a
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#7
FaMaK

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Seems to be running pretty good....

ComboFix 12-01-23.02 - mcmahfr 01/24/2012 12:15:40.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.874 [GMT -5:00]
Running from: c:\documents and settings\mcmahfr\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: CyberArmor Client *Enabled* {E503B27E-6391-4e17-B2CA-F910AF011E23}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Helpdesk\WINDOWS
c:\documents and settings\mcmahfr\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 17:03 . 2012-01-24 17:03 -------- d-----w- C:\_OTL
2012-01-04 12:24 . 2011-08-30 18:33 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-04 06:17 . 2012-01-04 06:17 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Xerox
2011-12-29 21:29 . 2011-12-29 21:29 34304 ----a-w- c:\windows\system32\PushnPullClient.exe
2011-12-28 16:28 . 2011-12-28 16:28 -------- d-----w- c:\program files\iPod
2011-12-28 16:28 . 2011-12-28 16:29 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 09:03 . 2011-05-17 00:01 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2011-12-30 01:40 . 2011-05-15 12:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2011-05-17 15:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:29 . 2008-10-22 13:08 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07 . 2008-10-22 13:08 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2008-10-22 13:08 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2008-10-22 13:08 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2008-10-22 13:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2008-10-22 13:07 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2008-10-22 13:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-27 13:51 . 2008-10-22 13:08 389120 ----a-w- c:\windows\system32\html.iec
2011-11-21 04:04 . 2011-12-08 12:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-01-25 495616]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-01-10 491520]
"TLogonPath"="c:\program files\Timbuktu Pro\Tb2Logon.exe" [2004-03-19 151552]
"CyberArmorHelper"="c:\progra~1\CYBERA~1\pcshelp.exe" [2010-04-15 81920]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2010-01-15 93032]
"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2011-03-08 858792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-08-03 53096]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2009-09-01 125368]
"ZEYViewer"="c:\program files\eyutils\SMSTOOLS\EYSelectTrayApp.exe" [2008-09-22 65536]
"ey_kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-24 1607208]
"DN4TRAY"="c:\program files\CheckPoint\Tray\DNTray.exe" [2008-12-11 292136]
"Recycle Bin Manager"="c:\program files\RBManager\\RBManager.exe" [2008-11-25 114688]
"AppConnectorLocaleMgr"="c:\program files\Documentum\AppConnector\Documentum.AppConnector.LocaleManager.exe" [2011-05-17 45056]
"OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2010-06-09 931184]
"AgentUiRunKey"="c:\program files\Iron Mountain\Connected BackupPC\Agent.exe" [2008-11-10 244536]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"lxcqmon.exe"="c:\program files\Lexmark 9300 Series\lxcqmon.exe" [2007-01-11 291760]
"EzPrint"="c:\program files\Lexmark 9300 Series\ezprint.exe" [2006-12-05 82864]
"LXCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-11-21 106496]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"AppConnectorCredentialMgr"="c:\program files\Documentum\AppConnector\Documentum.AppConnector.CredentialManager.exe" [2011-05-17 45056]
"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-06-02 70144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Odyssey520FixDel"="reg delete HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\Juniper_Odyssey_520_Fix" [X]
"QuickLaunch"="c:\windows\EYINST\TOOLS\TOGGLEQL.EXE" [2003-09-03 131072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2011-05-13 17:33 218480 ----a-w- c:\windows\system32\odyEvent.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
2004-03-19 08:29 81973 ----a-w- c:\program files\Timbuktu Pro\HOOK32.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cahooknt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3814449816-1147414744-3287126245-22307\Scripts\Logon\0\0]
"Script"=KIX32.EXE
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DisknetClient]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxcqcoms.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [12/11/2008 8:36 AM 27136]
R0 dvrem;Pointsec Protector EPM Driver;c:\windows\system32\drivers\dvrem.sys [12/11/2008 8:36 AM 56960]
R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [12/11/2008 8:36 AM 29312]
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [6/9/2010 12:40 AM 9856]
R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [6/9/2010 12:40 AM 282496]
R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [3/8/2011 3:09 PM 221736]
R0 PSG;Pointsec Protector PSG;c:\windows\system32\drivers\psg.sys [12/11/2008 8:36 AM 45696]
R0 rmm;Pointsec Protector RMM Driver;c:\windows\system32\drivers\rmm.sys [12/11/2008 8:36 AM 19072]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [9/23/2009 2:18 PM 10880]
R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [12/11/2008 8:34 AM 46592]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [11/9/2008 8:38 PM 6608192]
R2 CyberArmorRunService;CyberArmor Run Service;c:\program files\CyberArmor\casvc.exe [9/23/2009 12:18 PM 77824]
R2 DisknetClient;Pointsec Protector Client Service;c:\program files\CheckPoint\Pointsec Protector Client\disknet.exe [12/11/2008 8:45 AM 530728]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [5/21/2010 1:05 AM 198000]
R2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe -service --> c:\windows\system32\lxcqcoms.exe -service [?]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [7/12/2010 12:50 PM 240816]
R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [3/8/2011 3:10 PM 658088]
R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [3/8/2011 3:10 PM 232104]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/1/2009 12:15 PM 116664]
R2 Viexca2k;CyberArmor Registry Driver;c:\windows\system32\drivers\viexca2k.sys [9/23/2009 12:18 PM 21504]
R2 Viexpf2k;CyberArmor W2KDriver;c:\windows\system32\drivers\viexpf2k.sys [9/23/2009 12:18 PM 424527]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [5/13/2011 10:08 AM 243856]
R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [6/9/2010 12:58 AM 152944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/10/2011 12:57 PM 106104]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [5/13/2011 12:32 PM 420336]
R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [5/13/2011 12:33 PM 29312]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [5/13/2011 10:09 AM 6913920]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [7/12/2010 12:47 PM 27208]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [7/12/2010 12:49 PM 79944]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [5/13/2011 10:08 AM 23152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 EY Tune Up Service;EY Tune Up Service;c:\program files\Ernst & Young\EY Tune Up\EYTuneUpService.exe [8/18/2010 8:34 AM 73728]
S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [5/13/2011 12:32 PM 12288]
S3 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [11/9/2008 8:38 PM 45384]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/26/2011 6:17 PM 18432]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [7/12/2010 12:49 PM 22600]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [7/12/2010 12:49 PM 25160]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [9/23/2009 2:17 PM 15744]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [9/23/2009 2:17 PM 28288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 CSI Socket Listener;CSI Socket Listener;c:\windows\ECM4\INSTAL~1\CFC\2.0\bin\CsiWin32SocketListener.exe [9/23/2009 3:38 PM 32768]
S4 CSIRemoteC;Configuresoft ECM Remote Client;c:\program files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe [3/14/2008 2:12 PM 102400]
S4 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
S4 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/9/2008 5:53 AM 262360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\BrandingZone]
2008-03-11 19:57 177106 ----a-w- c:\windows\EYINST\The_Branding_Zone\Branding_Zone_USER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\EY_Leads_Branding]
2008-02-15 17:58 177221 ----a-w- c:\windows\EYINST\ACS_Offline_Course_Manager\EY_Leads.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Lotus_Notes]
2008-09-03 22:06 126874 ----a-w- c:\windows\EYINST\Lotus_Notes\8.0.2\Shortcuts.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OdyCertUpd]
2010-06-09 06:28 1324400 ----a-w- c:\program files\Juniper Networks\Odyssey Access Client\odClientAdministrator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\pdfFP_Up]
2009-02-23 20:56 125354 ----a-w- c:\windows\EYINST\pdfFactory_Pro_Update\2.50\pdfFP_Up.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PPTXD07]
2008-05-19 05:57 95744 ----a-w- c:\windows\system32\msiexec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D41D8AE-F122-413E-A7C5-B6D86F22F5CA}]
2009-09-10 14:36 136701 ----a-w- c:\windows\EYINST\Visual_Identity_Templates_2009\1.0\EYIT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2011-10-31 23:43 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-24 c:\windows\Tasks\User_Feed_Synchronization-{96A33348-B7F8-4E8E-A7FA-06035588176D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
2012-01-24 c:\windows\Tasks\User_Feed_Synchronization-{EA494441-F69A-43C3-A686-5D1D09A796E0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.corptax.com;ogs*.com;blrscr3.egs-seg.gc.ca;142.221.160.*;*.gamx.ey.net;myvpn.eycan.com;cda.eyo.ca;*.taxnavigator.ca;ey.venngo.com;*.kontiki.com;globaltracker.ey.com;199.52.42.94;199.50.15.252;199.50.15.251;199.50.14.59;199.50.14.91;199.50.15.220;199.50.15.219;eyonline-er*.ey.com;eroomdestage.ey.com;eroomusstage.ey.com;*.eyqa.net;*.eyua.net;*.gamx.ey.com;erniedomino.ey.com;eyo-iis-pd.ey.com;eyonline.ey.com;sdc.ey.com;deqp001.quickplace.ey.com;gbqp001.quickplace.ey.com;qp002.quickplace.ey.com;qp001.quickplace.ey.com;*.gofileroom.com;199.50.20.187;*.eylink.com;199.50.20.186;*.adc.ey.com;gosystemrs.fasttax.com;169.254.*.*;riatraining.com;www.riahelp.com;iweb.eycan.com;txrn.ey.com;txsn.ey.com;txadmin.ey.com;*.eyntc.com;eformrs.com;*.ltdcenter.ey.com;198.134.44.*;199.49.190.*;*.ey.net;*.iweb.ey.com;<local>
uInternet Settings,ProxyServer = ftp=USWEB:80;http=USWEB:80;https=USWEB:80
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: com.mx\www.tuproteccion
Trusted Zone: eformRS.com
Trusted Zone: elementk.com\contentserver
Trusted Zone: ey.com
Trusted Zone: ey.net
Trusted Zone: eygtt.com
Trusted Zone: eyleads.com
Trusted Zone: eylink.com
Trusted Zone: eyqa.net
Trusted Zone: eyua.net
Trusted Zone: fasttax.com\gosystemrs
Trusted Zone: fincad.com\ey
Trusted Zone: intellinex-asp.com
Trusted Zone: intellinex.com
Trusted Zone: lexis.com\web
Trusted Zone: raindance.com\intellinex
Trusted Zone: riahome.com\insourcers
Trusted Zone: riahome.com\support2
Trusted Zone: smarttrainer4.com
Trusted Zone: surveymonkey.com
Trusted Zone: taleo.net\ey
Trusted Zone: thomson.com\gosystem
Trusted Zone: thomsonib.com
Trusted Zone: xtremelearning.com\cserver
DPF: {12BE5614-761F-42A0-8458-ED2009EB1366} - hxxps://print-globalselfhelp.ey.net/GPODTEST/content/services/servicesconnection/plugin/ADPrtCTRL.CAB
DPF: {329ADA79-A81B-42DA-BFF4-DC124B075EF0} - hxxp://gfisclientengsummary.iweb.ey.com/GFIS/Activex/GFISZIPUtility.CAB
DPF: {BAC4A6B1-588F-495C-9074-B1C3A50AB3B7} - hxxps://gfis.iweb.ey.com/GFIS/Activex/AuthPost.CAB
DPF: {C5A27D6A-4659-4351-9B7F-45E40BE42715} - hxxps://print-globalselfhelp.ey.net/GPODTEST/content/services/servicesconnection/plugin/EYGPWS.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://billcam.axiscam.net/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\mcmahfr\Application Data\Mozilla\Firefox\Profiles\tr0r788b.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{0cab0400-7395-11d0-a5e5-0020afe2fdd9} - (no file)
SafeBoot-disknet
HKLM_ActiveSetup-MSO07QuickLaunch - c:\windows\EYINST\Office_2007\12.0\ASQLSC.EXE
HKLM_ActiveSetup-ZZZ_2009-08-12_AutoComplete - start
HKLM_ActiveSetup-ZZZ_2009-08-17_Excel97SubTotals - reg add HKCU\Software\Microsoft\Office\12.0\Excel\Options
HKLM_ActiveSetup-ZZZ_2009-08-17_RemoveDuplicateFavorites - start
HKLM_ActiveSetup-ZZZ_2009-11-19_EnableBalloonTips - reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKLM_ActiveSetup-{050569C7-DA4C-49C7-B672-C435B7BCFFBC} - msiexec
HKLM_ActiveSetup-{2518F0A1-EAF9-4DD4-BFE9-ECFB8D7772F0} - msiexec
HKLM_ActiveSetup-{32B47B57-F395-4C16-86C9-C9D54DF60B06} - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1464)
c:\windows\system32\cahooknt.dll
c:\windows\system32\pssogina.dll
c:\windows\system32\LogonAgentAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\odyEvent.dll
.
- - - - - - - > 'lsass.exe'(1520)
c:\windows\system32\cahooknt.dll
.
Completion time: 2012-01-24 12:22:59
ComboFix-quarantined-files.txt 2012-01-24 17:22
.
Pre-Run: 72,975,048,704 bytes free
Post-Run: 72,929,550,336 bytes free
.
- - End Of File - - 7F0D75EEAC61DADE91E213897497F9B4
  • 0

#8
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#9
FaMaK

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Thank you very much!!!!!!!!!!!!
  • 0

#10
FaMaK

FaMaK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I ran Malwarebytes overnight and it picked up the following:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
mcmahfr :: US011031032-02 [administrator]

1/24/2012 10:15:49 PM
mbam-log-2012-01-24 (22-15-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 318789
Time elapsed: 1 hour(s), 22 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|QuickLaunch (Trojan.WinLock) -> Data: C:\Windows\EYINST\TOOLS\TOGGLEQL.EXE 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\EYINST\TOOLS\toggleql.exe (Trojan.WinLock) -> Quarantined and deleted successfully.

(end)
  • 0

#11
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
That's nothing to worry about. :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP