BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Search Engine Redirect Virus - 64-Bit Platform
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Search Engine Redirect Virus - 64-Bit Platform  
Forum Quick Jump
 
New Topic Post reply to : Search Engine Redirect Virus - 64-Bit Platform Printable version of : Search Engine Redirect Virus - 64-Bit Platform
[ << Previous Thread | Next Thread >> ]

bsmall
New Member


Date Joined Sep 2010
Total Posts : 2
 
   Posted 9/16/2010 3:08 AM (GMT +2)    Quote: Search Engine Redirect Virus - 64-Bit PlatformAlert an admin about: Search Engine Redirect Virus - 64-Bit Platform
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:07:31 PM, on 9/15/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\ProgramData\Mozilla Firefox\firefox.exe
C:\ProgramData\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: AppLife Update Service (KjsUpdateService) - Kinetic Jump Software, LLC - C:\Program Files (x86)\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14920 bytes
Back to Top
 

bsmall
New Member


Date Joined Sep 2010
Total Posts : 2
 
   Posted 9/16/2010 3:10 AM (GMT +2)    Quote: Search Engine Redirect Virus - 64-Bit PlatformAlert an admin about: Search Engine Redirect Virus - 64-Bit Platform
OTL logfile created on: 9/15/2010 7:40:19 PM - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\bsmall\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 68.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.67 Gb Total Space | 773.17 Gb Free Space | 84.07% Space Free | Partition Type: NTFS
Drive D: | 11.56 Gb Total Space | 1.65 Gb Free Space | 14.29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.65 Gb Total Space | 233.59 Gb Free Space | 50.16% Space Free | Partition Type: FAT32
Drive L: | 149.05 Gb Total Space | 126.49 Gb Free Space | 84.86% Space Free | Partition Type: NTFS
Drive P: | 698.64 Gb Total Space | 40.66 Gb Free Space | 5.82% Space Free | Partition Type: NTFS

Computer Name: BSMALL-PC
Current User Name: bsmall
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/15 17:44:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\bsmall\Downloads\OTL.exe
PRC - [2010/08/24 21:31:19 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\ProgramData\Mozilla Firefox\plugin-container.exe
PRC - [2010/08/24 21:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\ProgramData\Mozilla Firefox\firefox.exe
PRC - [2010/08/24 09:34:17 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Jing\Jing.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/14 17:50:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/06/23 17:07:02 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2010/06/16 17:20:50 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/05/20 15:19:06 | 000,196,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/19 17:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/09/19 17:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/09/19 17:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/09/19 17:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/04/01 13:21:56 | 000,061,440 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe


========== Modules (SafeList) ==========

MOD - [2010/09/15 17:44:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\bsmall\Downloads\OTL.exe
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/10 19:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/14 17:50:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/19 17:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/08/17 15:12:38 | 000,012,800 | ---- | M] (Kinetic Jump Software, LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe -- (KjsUpdateService)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/14 16:02:08 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/05/05 23:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/05/05 23:01:44 | 000,053,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 22:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/10 19:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/10 19:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 18:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/03 08:45:00 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/25 19:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/06 08:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/09/17 00:58:38 | 000,026,624 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/08/29 19:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 05:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/08/31 17:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/08/28 12:35:31 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100915.002\EX64.SYS -- (NAVEX15)
DRV - [2010/08/28 12:35:31 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/28 12:35:31 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100915.002\ENG64.SYS -- (NAVENG)
DRV - [2010/07/14 16:04:26 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/06 03:15:40 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100910.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/09/17 20:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/07 10:18:53] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 7D 29 02 59 C5 56 49 99 91 CA 5C A9 21 E7 60 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 7D 29 02 59 C5 56 49 99 91 CA 5C A9 21 E7 60 [binary data]

IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 7D 29 02 59 C5 56 49 99 91 CA 5C A9 21 E7 60 [binary data]
IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://msn.com"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.1
FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.4
FF - prefs.js..extensions.enabledItems: {5a8ef0b5-1386-45bd-8be5-fcfcd5ef576c}:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/07/15 07:37:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/07/15 07:19:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 11:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2010/09/08 15:27:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2010/09/08 15:27:01 | 000,000,000 | ---D | M]

[2010/08/25 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Extensions
[2010/08/25 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/09/15 10:21:42 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions
[2010/09/13 09:42:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/08 10:01:48 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávací paměť) -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010/09/10 16:42:54 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{5a8ef0b5-1386-45bd-8be5-fcfcd5ef576c}
[2010/08/16 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\amznUWL@amazon.com
[2010/09/08 15:30:56 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\canitbecheaper@trafficbroker.co.uk

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.182.208.5 69.60.160.196
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/05 08:44:20 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/17 18:15:24 | 000,000,069 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/11/30 00:45:30 | 000,000,132 | ---- | M] () - P:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{87d4eab7-9052-11df-8bbe-78e7d17f8500}\Shell - "" = AutoRun
O33 - MountPoints2\{87d4eab7-9052-11df-8bbe-78e7d17f8500}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/15 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\tdsskiller
[2010/09/15 16:47:47 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/15 16:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/09/15 12:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/15 12:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/15 11:42:31 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\HPAppData
[2010/09/15 11:06:47 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\topic151700_files
[2010/09/15 11:01:52 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\how-to-use-combofix_files
[2010/09/15 10:56:00 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/15 10:19:02 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/09/15 09:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/09/15 09:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/13 09:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/09/10 10:09:20 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\My Scans
[2010/09/09 16:22:23 | 000,000,000 | R--D | C] -- C:\Users\bsmall\Documents\Scanned Documents
[2010/09/09 16:22:23 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\Fax
[2010/09/09 11:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/09/09 11:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2010/09/08 15:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2010/09/08 11:58:00 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\Mindjet
[2010/09/08 11:57:45 | 000,006,656 | ---- | C] (Tracker Software) -- C:\Windows\SysNative\pxc35pm.dll
[2010/09/08 11:57:37 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\My Maps
[2010/09/08 11:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2010/09/08 11:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet
[2010/09/08 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\{59187FCC-F4A4-40DF-8044-753DD94A7B6D}
[2010/09/07 23:00:38 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\HP
[2010/09/07 22:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/09/07 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\HP
[2010/09/07 22:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2010/09/07 22:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2010/09/07 22:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2010/09/07 22:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2010/09/07 22:49:38 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l70v.dll
[2010/09/07 22:48:30 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/09/07 22:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/09/07 22:47:33 | 001,403,904 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p02c.dll
[2010/09/07 22:47:33 | 000,880,640 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p02c.dll
[2010/09/07 22:47:33 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2010/09/07 22:47:33 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2010/09/07 22:47:33 | 000,515,072 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p02a.dll
[2010/09/07 18:29:12 | 000,184,320 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\ESDTR.dll
[2010/09/07 18:29:12 | 000,126,976 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\Esint23.dll
[2010/09/07 18:29:12 | 000,090,112 | ---- | C] (SEIKO EPSON CORP) -- C:\Windows\SysWow64\epcomdd.dll
[2010/09/07 18:29:12 | 000,077,824 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\Esintpl.dll
[2010/09/07 18:29:12 | 000,066,048 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\escwian.dll
[2010/09/07 18:29:12 | 000,061,952 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\escwiad.dll
[2010/09/07 18:29:12 | 000,053,248 | ---- | C] (SEIKO EPSON Corp.) -- C:\Windows\SysWow64\ESICM.dll
[2010/09/07 18:29:12 | 000,044,544 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\escwiab.dll
[2010/09/07 18:29:12 | 000,003,584 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\eswiaml.dll
[2010/09/07 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\InstallShield
[2010/09/07 18:28:35 | 000,000,000 | ---D | C] -- C:\EPSON
[2010/09/03 12:31:43 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\Schedules
[2010/09/03 10:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOR
[2010/09/02 13:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/02 13:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/02 13:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/30 10:20:07 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\DBS2K
[2010/08/30 10:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DBS2K
[2010/08/27 15:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2010/08/27 14:12:04 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\Kjs.AppLife.Update
[2010/08/27 14:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeagueUSA
[2010/08/27 14:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AppLifeUpdateService
[2010/08/27 14:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2010/08/26 22:54:17 | 000,000,000 | ---D | C] -- C:\Windows\Crystal
[2010/08/26 22:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All-Pro Software
[2010/08/26 22:54:15 | 000,000,000 | ---D | C] -- C:\Windows\All-Pro League Scheduler
[2010/08/25 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\LimeWire Pro v5.5.8
[2010/08/25 11:05:58 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\LimeWire
[2010/08/25 11:05:58 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Incomplete
[2010/08/25 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\LimeWire
[2010/08/25 11:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[2010/08/25 09:27:49 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/22 17:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neat Video for Sony Vegas
[2010/08/17 11:22:31 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\Video LightBox
[2006/08/23 17:24:22 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL
[24 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[22 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/15 19:41:44 | 004,718,592 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat
[2010/09/15 19:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000UA.job
[2010/09/15 18:37:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 18:37:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 18:28:27 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/09/15 18:27:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/15 18:26:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/15 18:26:40 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 18:25:27 | 001,232,903 | -H-- | M] () -- C:\Users\bsmall\AppData\Local\IconCache.db
[2010/09/15 16:55:01 | 001,193,882 | ---- | M] () -- C:\Users\bsmall\Desktop\tdsskiller.zip
[2010/09/15 16:37:06 | 000,002,979 | ---- | M] () -- C:\Users\bsmall\Desktop\HiJackThis.lnk
[2010/09/15 15:04:00 | 000,012,418 | ---- | M] () -- C:\Users\bsmall\Desktop\NeedtoBreathe.pdf
[2010/09/15 14:30:26 | 000,001,139 | ---- | M] () -- C:\Users\bsmall\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/15 14:30:22 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/15 14:30:22 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/15 14:30:22 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/15 14:30:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000Core.job
[2010/09/15 12:08:23 | 000,646,656 | ---- | M] () -- C:\Users\bsmall\Desktop\ComboFix.doc
[2010/09/15 11:15:55 | 000,847,320 | ---- | M] () -- C:\Users\bsmall\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/15 11:12:52 | 004,193,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/15 11:06:48 | 000,190,661 | ---- | M] () -- C:\Users\bsmall\Desktop\topic151700.html
[2010/09/15 11:04:37 | 003,845,170 | ---- | M] () -- C:\Users\bsmall\Desktop\ComboFix.exe
[2010/09/15 11:02:09 | 000,066,923 | ---- | M] () -- C:\Users\bsmall\Desktop\how-to-use-combofix.htm
[2010/09/15 11:01:23 | 000,000,534 | ---- | M] () -- C:\Windows\win.ini
[2010/09/15 10:19:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/09/15 09:59:22 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/09/14 06:33:51 | 000,131,674 | ---- | M] () -- C:\Users\bsmall\Desktop\Form.pdf
[2010/09/14 06:07:41 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/13 16:21:14 | 000,125,871 | ---- | M] () -- C:\Users\bsmall\Desktop\baseball-highlight-film-estimate.pdf
[2010/09/10 17:33:57 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbsmall.job
[2010/09/10 03:41:56 | 000,419,499 | ---- | M] () -- C:\Users\bsmall\Desktop\SCAN00002.rtf
[2010/09/10 03:41:41 | 000,010,504 | ---- | M] () -- C:\Users\bsmall\Desktop\SCAN00001.rtf
[2010/09/10 03:41:26 | 000,508,966 | ---- | M] () -- C:\Users\bsmall\Desktop\SCAN0000.rtf
[2010/09/09 16:42:54 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2010/09/09 16:42:54 | 000,000,002 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2010/09/09 16:42:54 | 000,000,000 | ---- | M] () -- C:\Windows\Twunk002.MTX
[2010/09/09 16:41:46 | 000,233,111 | ---- | M] () -- C:\Windows\hpwins22.dat
[2010/09/09 16:35:53 | 373,813,960 | ---- | M] () -- C:\Users\bsmall\Desktop\OJP8500vA909_Full_14.exe
[2010/09/09 16:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext
[2010/09/09 11:31:20 | 000,208,069 | ---- | M] () -- C:\Windows\hpoins43.dat
[2010/09/09 11:29:09 | 000,001,317 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/09/09 11:28:50 | 000,002,101 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/09 11:09:25 | 000,207,365 | ---- | M] () -- C:\Windows\hpoins43.dat.temp
[2010/09/08 15:27:03 | 000,001,700 | ---- | M] () -- C:\Users\bsmall\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/08 15:04:29 | 000,072,080 | ---- | M] () -- C:\Users\bsmall\g2mdlhlpx.exe
[2010/09/08 13:44:42 | 001,269,564 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/08 13:27:48 | 000,001,542 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk
[2010/09/08 11:57:24 | 000,002,886 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet MindManager 9.lnk
[2010/09/07 09:55:21 | 000,009,868 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/09/06 12:08:19 | 000,589,824 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL with JR Revisions.leag
[2010/09/05 20:46:16 | 000,589,824 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL-Locks.leag
[2010/09/03 17:04:48 | 000,589,824 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL-No Flag.leag
[2010/09/02 23:06:18 | 000,606,208 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL-Test.leag
[2010/09/02 16:18:01 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/09/02 16:12:08 | 000,009,867 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Tab Separated Values (Windows).CAL
[2010/08/31 12:42:10 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/08/31 09:03:27 | 002,168,978 | ---- | M] () -- C:\Users\bsmall\Desktop\sendero.zip
[2010/08/31 00:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/28 17:06:12 | 000,524,288 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000002.regtrans-ms
[2010/08/28 17:06:12 | 000,524,288 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000001.regtrans-ms
[2010/08/28 17:06:12 | 000,065,536 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TM.blf
[2010/08/27 14:10:19 | 000,002,615 | ---- | M] () -- C:\Users\Public\Desktop\League Scheduler 2009.lnk
[2010/08/27 13:58:43 | 000,000,703 | ---- | M] () -- C:\Users\bsmall\schedule.ini
[2010/08/27 13:52:49 | 000,000,052 | ---- | M] () -- C:\Users\bsmall\winsched.hd
[2010/08/26 23:20:05 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\All-Pro League Scheduler.lnk
[2010/08/20 11:54:14 | 000,240,189 | ---- | M] () -- C:\Users\bsmall\Desktop\tinymce-advanced.3.2.7.zip
[2010/08/19 13:08:51 | 000,038,249 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).ADR
[22 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/15 16:55:00 | 001,193,882 | ---- | C] () -- C:\Users\bsmall\Desktop\tdsskiller.zip
[2010/09/15 16:37:06 | 000,002,979 | ---- | C] () -- C:\Users\bsmall\Desktop\HiJackThis.lnk
[2010/09/15 15:04:00 | 000,012,418 | ---- | C] () -- C:\Users\bsmall\Desktop\NeedtoBreathe.pdf
[2010/09/15 12:08:22 | 000,646,656 | ---- | C] () -- C:\Users\bsmall\Desktop\ComboFix.doc
[2010/09/15 11:06:47 | 000,190,661 | ---- | C] () -- C:\Users\bsmall\Desktop\topic151700.html
[2010/09/15 11:04:29 | 003,845,170 | ---- | C] () -- C:\Users\bsmall\Desktop\ComboFix.exe
[2010/09/15 11:01:51 | 000,066,923 | ---- | C] () -- C:\Users\bsmall\Desktop\how-to-use-combofix.htm
[2010/09/15 10:00:08 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/09/15 09:59:21 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/09/14 06:33:51 | 000,131,674 | ---- | C] () -- C:\Users\bsmall\Desktop\Form.pdf
[2010/09/13 16:21:14 | 000,125,871 | ---- | C] () -- C:\Users\bsmall\Desktop\baseball-highlight-film-estimate.pdf
[2010/09/10 03:41:55 | 000,419,499 | ---- | C] () -- C:\Users\bsmall\Desktop\SCAN00002.rtf
[2010/09/10 03:41:41 | 000,010,504 | ---- | C] () -- C:\Users\bsmall\Desktop\SCAN00001.rtf
[2010/09/10 03:41:26 | 000,508,966 | ---- | C] () -- C:\Users\bsmall\Desktop\SCAN0000.rtf
[2010/09/09 16:42:54 | 000,000,156 | ---- | C] () -- C:\Windows\Twunk001.MTX
[2010/09/09 16:42:54 | 000,000,002 | ---- | C] () -- C:\Windows\Twain001.Mtx
[2010/09/09 16:42:54 | 000,000,000 | ---- | C] () -- C:\Windows\Twunk002.MTX
[2010/09/09 16:38:47 | 000,233,111 | ---- | C] () -- C:\Windows\hpwins22.dat
[2010/09/09 16:38:47 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2010/09/09 16:35:53 | 373,813,960 | ---- | C] () -- C:\Users\bsmall\Desktop\OJP8500vA909_Full_14.exe
[2010/09/09 16:15:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\file.ext
[2010/09/09 11:29:09 | 000,001,317 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/09/09 11:28:50 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/09 11:26:57 | 000,208,069 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/09/09 11:26:57 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/09/09 11:09:21 | 000,207,365 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
[2010/09/09 11:09:21 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2010/09/08 15:04:29 | 000,072,080 | ---- | C] () -- C:\Users\bsmall\g2mdlhlpx.exe
[2010/09/08 13:27:34 | 000,001,542 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk
[2010/09/08 11:57:17 | 000,002,886 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet MindManager 9.lnk
[2010/09/07 22:47:45 | 000,007,866 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/09/05 21:21:01 | 000,589,824 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL with JR Revisions.leag
[2010/09/04 10:37:22 | 000,589,824 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL-Locks.leag
[2010/09/03 00:26:59 | 000,589,824 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL-No Flag.leag
[2010/09/02 16:12:07 | 000,009,867 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Tab Separated Values (Windows).CAL
[2010/09/01 19:04:01 | 000,606,208 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL-Test.leag
[2010/08/31 09:01:00 | 002,168,978 | ---- | C] () -- C:\Users\bsmall\Desktop\sendero.zip
[2010/08/28 11:27:41 | 000,524,288 | -HS- | C] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000002.regtrans-ms
[2010/08/28 11:27:41 | 000,524,288 | -HS- | C] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000001.regtrans-ms
[2010/08/28 11:27:41 | 000,065,536 | -HS- | C] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TM.blf
[2010/08/27 14:10:19 | 000,002,615 | ---- | C] () -- C:\Users\Public\Desktop\League Scheduler 2009.lnk
[2010/08/26 22:54:21 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\All-Pro League Scheduler.lnk
[2010/08/24 17:49:11 | 000,000,703 | ---- | C] () -- C:\Users\bsmall\schedule.ini
[2010/08/24 17:49:11 | 000,000,052 | ---- | C] () -- C:\Users\bsmall\winsched.hd
[2010/08/20 11:54:13 | 000,240,189 | ---- | C] () -- C:\Users\bsmall\Desktop\tinymce-advanced.3.2.7.zip
[2010/08/09 15:01:31 | 000,009,868 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/08/07 09:26:28 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/24 16:00:52 | 000,038,249 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/07/22 11:07:13 | 000,000,192 | -H-- | C] () -- C:\ProgramData\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2010/07/15 07:21:22 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/15 00:14:29 | 000,000,048 | ---- | C] () -- C:\Users\bsmall\AppData\Local\73648-88365-27475-00IP7-22847
[2010/07/14 23:45:41 | 000,000,046 | ---- | C] () -- C:\Windows\REGKEYNT.INI
[2010/07/14 18:24:19 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/14 16:34:05 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\kkzbps1.dll
[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2009/07/13 18:16:42 | 000,000,339 | ---- | C] () -- C:\Windows\SysWow64\nmbfknu.dll
[2009/07/13 18:16:42 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2009/07/13 18:16:42 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2009/07/13 18:16:42 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\ubl9clt.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/03/14 17:30:17 | 000,030,793 | ---- | C] () -- C:\Windows\SysWow64\crtslv.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:4D17708E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:C28FF86E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:66E02052
< End of report >
Back to Top
 
New Topic Post reply to : Search Engine Redirect Virus - 64-Bit Platform Printable version of : Search Engine Redirect Virus - 64-Bit Platform
 
Forum Information
Currently it is Sunday, January 25, 2015 2:21 PM (GMT +2)
There are a total of 60,902 posts in 13,390 threads.
In the last 3 days there were 20 new threads and 13 reply posts. View Active Threads
Who's Online
This forum has 37070 registered members. Please welcome our newest member, francisco bdm king.
11 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Pati vashikaran mantra +91-9001360023 (0)1/24/2015 10:52:13 AM (astrosir)
ONLINE LOVE GURU SOLVE YOUR PROBLEM +91-9001360023 (0)1/24/2015 10:51:21 AM (astrosir)
Get my ex back +91-9001360023 (0)1/24/2015 10:49:18 AM (astrosir)
How to save your marriage +91-9001360023 (0)1/24/2015 10:48:33 AM (astrosir)
BLACK MAGIC SPECIALIST ASTROLOGER +91-9001360023 (0)1/24/2015 10:47:45 AM (astrosir)