BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Search Engine Redirect Virus - 64-Bit Platform
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Search Engine Redirect Virus - 64-Bit Platform  
Forum Quick Jump
 
New Topic Post reply to : Search Engine Redirect Virus - 64-Bit Platform Printable version of : Search Engine Redirect Virus - 64-Bit Platform
[ << Previous Thread | Next Thread >> ]

bsmall
New Member


Date Joined Sep 2010
Total Posts : 2
 
   Posted 9/16/2010 4:08 AM (GMT +3)    Quote: Search Engine Redirect Virus - 64-Bit PlatformAlert an admin about: Search Engine Redirect Virus - 64-Bit Platform
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:07:31 PM, on 9/15/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\ProgramData\Mozilla Firefox\firefox.exe
C:\ProgramData\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: AppLife Update Service (KjsUpdateService) - Kinetic Jump Software, LLC - C:\Program Files (x86)\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14920 bytes
Back to Top
 

bsmall
New Member


Date Joined Sep 2010
Total Posts : 2
 
   Posted 9/16/2010 4:10 AM (GMT +3)    Quote: Search Engine Redirect Virus - 64-Bit PlatformAlert an admin about: Search Engine Redirect Virus - 64-Bit Platform
OTL logfile created on: 9/15/2010 7:40:19 PM - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\bsmall\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 68.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.67 Gb Total Space | 773.17 Gb Free Space | 84.07% Space Free | Partition Type: NTFS
Drive D: | 11.56 Gb Total Space | 1.65 Gb Free Space | 14.29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.65 Gb Total Space | 233.59 Gb Free Space | 50.16% Space Free | Partition Type: FAT32
Drive L: | 149.05 Gb Total Space | 126.49 Gb Free Space | 84.86% Space Free | Partition Type: NTFS
Drive P: | 698.64 Gb Total Space | 40.66 Gb Free Space | 5.82% Space Free | Partition Type: NTFS

Computer Name: BSMALL-PC
Current User Name: bsmall
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/15 17:44:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\bsmall\Downloads\OTL.exe
PRC - [2010/08/24 21:31:19 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\ProgramData\Mozilla Firefox\plugin-container.exe
PRC - [2010/08/24 21:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\ProgramData\Mozilla Firefox\firefox.exe
PRC - [2010/08/24 09:34:17 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Jing\Jing.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/14 17:50:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/06/23 17:07:02 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2010/06/16 17:20:50 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/05/20 15:19:06 | 000,196,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/19 17:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/09/19 17:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/09/19 17:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/09/19 17:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/04/01 13:21:56 | 000,061,440 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe


========== Modules (SafeList) ==========

MOD - [2010/09/15 17:44:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\bsmall\Downloads\OTL.exe
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/10 19:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/14 17:50:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/19 17:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/08/17 15:12:38 | 000,012,800 | ---- | M] (Kinetic Jump Software, LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe -- (KjsUpdateService)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/14 16:02:08 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/05/05 23:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/05/05 23:01:44 | 000,053,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 22:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/10 19:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/10 19:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 18:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/03 08:45:00 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/25 19:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/06 08:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/09/17 00:58:38 | 000,026,624 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/08/29 19:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 05:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/08/31 17:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/08/28 12:35:31 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100915.002\EX64.SYS -- (NAVEX15)
DRV - [2010/08/28 12:35:31 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/28 12:35:31 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100915.002\ENG64.SYS -- (NAVENG)
DRV - [2010/07/14 16:04:26 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/06 03:15:40 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100910.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/09/17 20:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/07 10:18:53] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 7D 29 02 59 C5 56 49 99 91 CA 5C A9 21 E7 60 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 7D 29 02 59 C5 56 49 99 91 CA 5C A9 21 E7 60 [binary data]

IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 7D 29 02 59 C5 56 49 99 91 CA 5C A9 21 E7 60 [binary data]
IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://msn.com"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.1
FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.4
FF - prefs.js..extensions.enabledItems: {5a8ef0b5-1386-45bd-8be5-fcfcd5ef576c}:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/07/15 07:37:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/07/15 07:19:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 11:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2010/09/08 15:27:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2010/09/08 15:27:01 | 000,000,000 | ---D | M]

[2010/08/25 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Extensions
[2010/08/25 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/09/15 10:21:42 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions
[2010/09/13 09:42:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/08 10:01:48 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávací paměť) -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010/09/10 16:42:54 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{5a8ef0b5-1386-45bd-8be5-fcfcd5ef576c}
[2010/08/16 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\amznUWL@amazon.com
[2010/09/08 15:30:56 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\canitbecheaper@trafficbroker.co.uk

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.182.208.5 69.60.160.196
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/05 08:44:20 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/17 18:15:24 | 000,000,069 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/11/30 00:45:30 | 000,000,132 | ---- | M] () - P:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{87d4eab7-9052-11df-8bbe-78e7d17f8500}\Shell - "" = AutoRun
O33 - MountPoints2\{87d4eab7-9052-11df-8bbe-78e7d17f8500}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/15 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\tdsskiller
[2010/09/15 16:47:47 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/15 16:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/09/15 12:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/15 12:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/15 11:42:31 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\HPAppData
[2010/09/15 11:06:47 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\topic151700_files
[2010/09/15 11:01:52 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\how-to-use-combofix_files
[2010/09/15 10:56:00 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/15 10:19:02 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/09/15 09:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/09/15 09:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/13 09:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/09/10 10:09:20 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\My Scans
[2010/09/09 16:22:23 | 000,000,000 | R--D | C] -- C:\Users\bsmall\Documents\Scanned Documents
[2010/09/09 16:22:23 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\Fax
[2010/09/09 11:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/09/09 11:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2010/09/08 15:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2010/09/08 11:58:00 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\Mindjet
[2010/09/08 11:57:45 | 000,006,656 | ---- | C] (Tracker Software) -- C:\Windows\SysNative\pxc35pm.dll
[2010/09/08 11:57:37 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\My Maps
[2010/09/08 11:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2010/09/08 11:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet
[2010/09/08 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\{59187FCC-F4A4-40DF-8044-753DD94A7B6D}
[2010/09/07 23:00:38 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\HP
[2010/09/07 22:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/09/07 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\HP
[2010/09/07 22:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2010/09/07 22:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2010/09/07 22:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2010/09/07 22:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2010/09/07 22:49:38 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l70v.dll
[2010/09/07 22:48:30 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/09/07 22:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/09/07 22:47:33 | 001,403,904 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p02c.dll
[2010/09/07 22:47:33 | 000,880,640 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p02c.dll
[2010/09/07 22:47:33 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2010/09/07 22:47:33 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2010/09/07 22:47:33 | 000,515,072 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p02a.dll
[2010/09/07 18:29:12 | 000,184,320 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\ESDTR.dll
[2010/09/07 18:29:12 | 000,126,976 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\Esint23.dll
[2010/09/07 18:29:12 | 000,090,112 | ---- | C] (SEIKO EPSON CORP) -- C:\Windows\SysWow64\epcomdd.dll
[2010/09/07 18:29:12 | 000,077,824 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\Esintpl.dll
[2010/09/07 18:29:12 | 000,066,048 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\escwian.dll
[2010/09/07 18:29:12 | 000,061,952 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\escwiad.dll
[2010/09/07 18:29:12 | 000,053,248 | ---- | C] (SEIKO EPSON Corp.) -- C:\Windows\SysWow64\ESICM.dll
[2010/09/07 18:29:12 | 000,044,544 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\escwiab.dll
[2010/09/07 18:29:12 | 000,003,584 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\eswiaml.dll
[2010/09/07 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\InstallShield
[2010/09/07 18:28:35 | 000,000,000 | ---D | C] -- C:\EPSON
[2010/09/03 12:31:43 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\Schedules
[2010/09/03 10:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOR
[2010/09/02 13:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/02 13:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/02 13:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/30 10:20:07 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\DBS2K
[2010/08/30 10:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DBS2K
[2010/08/27 15:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2010/08/27 14:12:04 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\Kjs.AppLife.Update
[2010/08/27 14:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeagueUSA
[2010/08/27 14:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AppLifeUpdateService
[2010/08/27 14:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2010/08/26 22:54:17 | 000,000,000 | ---D | C] -- C:\Windows\Crystal
[2010/08/26 22:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All-Pro Software
[2010/08/26 22:54:15 | 000,000,000 | ---D | C] -- C:\Windows\All-Pro League Scheduler
[2010/08/25 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\LimeWire Pro v5.5.8
[2010/08/25 11:05:58 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\LimeWire
[2010/08/25 11:05:58 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Incomplete
[2010/08/25 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\LimeWire
[2010/08/25 11:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[2010/08/25 09:27:49 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/22 17:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neat Video for Sony Vegas
[2010/08/17 11:22:31 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\Video LightBox
[2006/08/23 17:24:22 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL
[24 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[22 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/15 19:41:44 | 004,718,592 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat
[2010/09/15 19:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000UA.job
[2010/09/15 18:37:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 18:37:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 18:28:27 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/09/15 18:27:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/15 18:26:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/15 18:26:40 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 18:25:27 | 001,232,903 | -H-- | M] () -- C:\Users\bsmall\AppData\Local\IconCache.db
[2010/09/15 16:55:01 | 001,193,882 | ---- | M] () -- C:\Users\bsmall\Desktop\tdsskiller.zip
[2010/09/15 16:37:06 | 000,002,979 | ---- | M] () -- C:\Users\bsmall\Desktop\HiJackThis.lnk
[2010/09/15 15:04:00 | 000,012,418 | ---- | M] () -- C:\Users\bsmall\Desktop\NeedtoBreathe.pdf
[2010/09/15 14:30:26 | 000,001,139 | ---- | M] () -- C:\Users\bsmall\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/15 14:30:22 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/15 14:30:22 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/15 14:30:22 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/15 14:30:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000Core.job
[2010/09/15 12:08:23 | 000,646,656 | ---- | M] () -- C:\Users\bsmall\Desktop\ComboFix.doc
[2010/09/15 11:15:55 | 000,847,320 | ---- | M] () -- C:\Users\bsmall\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/15 11:12:52 | 004,193,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/15 11:06:48 | 000,190,661 | ---- | M] () -- C:\Users\bsmall\Desktop\topic151700.html
[2010/09/15 11:04:37 | 003,845,170 | ---- | M] () -- C:\Users\bsmall\Desktop\ComboFix.exe
[2010/09/15 11:02:09 | 000,066,923 | ---- | M] () -- C:\Users\bsmall\Desktop\how-to-use-combofix.htm
[2010/09/15 11:01:23 | 000,000,534 | ---- | M] () -- C:\Windows\win.ini
[2010/09/15 10:19:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/09/15 09:59:22 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/09/14 06:33:51 | 000,131,674 | ---- | M] () -- C:\Users\bsmall\Desktop\Form.pdf
[2010/09/14 06:07:41 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/13 16:21:14 | 000,125,871 | ---- | M] () -- C:\Users\bsmall\Desktop\baseball-highlight-film-estimate.pdf
[2010/09/10 17:33:57 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbsmall.job
[2010/09/10 03:41:56 | 000,419,499 | ---- | M] () -- C:\Users\bsmall\Desktop\SCAN00002.rtf
[2010/09/10 03:41:41 | 000,010,504 | ---- | M] () -- C:\Users\bsmall\Desktop\SCAN00001.rtf
[2010/09/10 03:41:26 | 000,508,966 | ---- | M] () -- C:\Users\bsmall\Desktop\SCAN0000.rtf
[2010/09/09 16:42:54 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2010/09/09 16:42:54 | 000,000,002 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2010/09/09 16:42:54 | 000,000,000 | ---- | M] () -- C:\Windows\Twunk002.MTX
[2010/09/09 16:41:46 | 000,233,111 | ---- | M] () -- C:\Windows\hpwins22.dat
[2010/09/09 16:35:53 | 373,813,960 | ---- | M] () -- C:\Users\bsmall\Desktop\OJP8500vA909_Full_14.exe
[2010/09/09 16:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext
[2010/09/09 11:31:20 | 000,208,069 | ---- | M] () -- C:\Windows\hpoins43.dat
[2010/09/09 11:29:09 | 000,001,317 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/09/09 11:28:50 | 000,002,101 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/09 11:09:25 | 000,207,365 | ---- | M] () -- C:\Windows\hpoins43.dat.temp
[2010/09/08 15:27:03 | 000,001,700 | ---- | M] () -- C:\Users\bsmall\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/08 15:04:29 | 000,072,080 | ---- | M] () -- C:\Users\bsmall\g2mdlhlpx.exe
[2010/09/08 13:44:42 | 001,269,564 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/08 13:27:48 | 000,001,542 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk
[2010/09/08 11:57:24 | 000,002,886 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet MindManager 9.lnk
[2010/09/07 09:55:21 | 000,009,868 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/09/06 12:08:19 | 000,589,824 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL with JR Revisions.leag
[2010/09/05 20:46:16 | 000,589,824 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL-Locks.leag
[2010/09/03 17:04:48 | 000,589,824 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL-No Flag.leag
[2010/09/02 23:06:18 | 000,606,208 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL-Test.leag
[2010/09/02 16:18:01 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/09/02 16:12:08 | 000,009,867 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Tab Separated Values (Windows).CAL
[2010/08/31 12:42:10 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/08/31 09:03:27 | 002,168,978 | ---- | M] () -- C:\Users\bsmall\Desktop\sendero.zip
[2010/08/31 00:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/28 17:06:12 | 000,524,288 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000002.regtrans-ms
[2010/08/28 17:06:12 | 000,524,288 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000001.regtrans-ms
[2010/08/28 17:06:12 | 000,065,536 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TM.blf
[2010/08/27 14:10:19 | 000,002,615 | ---- | M] () -- C:\Users\Public\Desktop\League Scheduler 2009.lnk
[2010/08/27 13:58:43 | 000,000,703 | ---- | M] () -- C:\Users\bsmall\schedule.ini
[2010/08/27 13:52:49 | 000,000,052 | ---- | M] () -- C:\Users\bsmall\winsched.hd
[2010/08/26 23:20:05 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\All-Pro League Scheduler.lnk
[2010/08/20 11:54:14 | 000,240,189 | ---- | M] () -- C:\Users\bsmall\Desktop\tinymce-advanced.3.2.7.zip
[2010/08/19 13:08:51 | 000,038,249 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).ADR
[22 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/15 16:55:00 | 001,193,882 | ---- | C] () -- C:\Users\bsmall\Desktop\tdsskiller.zip
[2010/09/15 16:37:06 | 000,002,979 | ---- | C] () -- C:\Users\bsmall\Desktop\HiJackThis.lnk
[2010/09/15 15:04:00 | 000,012,418 | ---- | C] () -- C:\Users\bsmall\Desktop\NeedtoBreathe.pdf
[2010/09/15 12:08:22 | 000,646,656 | ---- | C] () -- C:\Users\bsmall\Desktop\ComboFix.doc
[2010/09/15 11:06:47 | 000,190,661 | ---- | C] () -- C:\Users\bsmall\Desktop\topic151700.html
[2010/09/15 11:04:29 | 003,845,170 | ---- | C] () -- C:\Users\bsmall\Desktop\ComboFix.exe
[2010/09/15 11:01:51 | 000,066,923 | ---- | C] () -- C:\Users\bsmall\Desktop\how-to-use-combofix.htm
[2010/09/15 10:00:08 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/09/15 09:59:21 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/09/14 06:33:51 | 000,131,674 | ---- | C] () -- C:\Users\bsmall\Desktop\Form.pdf
[2010/09/13 16:21:14 | 000,125,871 | ---- | C] () -- C:\Users\bsmall\Desktop\baseball-highlight-film-estimate.pdf
[2010/09/10 03:41:55 | 000,419,499 | ---- | C] () -- C:\Users\bsmall\Desktop\SCAN00002.rtf
[2010/09/10 03:41:41 | 000,010,504 | ---- | C] () -- C:\Users\bsmall\Desktop\SCAN00001.rtf
[2010/09/10 03:41:26 | 000,508,966 | ---- | C] () -- C:\Users\bsmall\Desktop\SCAN0000.rtf
[2010/09/09 16:42:54 | 000,000,156 | ---- | C] () -- C:\Windows\Twunk001.MTX
[2010/09/09 16:42:54 | 000,000,002 | ---- | C] () -- C:\Windows\Twain001.Mtx
[2010/09/09 16:42:54 | 000,000,000 | ---- | C] () -- C:\Windows\Twunk002.MTX
[2010/09/09 16:38:47 | 000,233,111 | ---- | C] () -- C:\Windows\hpwins22.dat
[2010/09/09 16:38:47 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2010/09/09 16:35:53 | 373,813,960 | ---- | C] () -- C:\Users\bsmall\Desktop\OJP8500vA909_Full_14.exe
[2010/09/09 16:15:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\file.ext
[2010/09/09 11:29:09 | 000,001,317 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/09/09 11:28:50 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/09 11:26:57 | 000,208,069 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/09/09 11:26:57 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/09/09 11:09:21 | 000,207,365 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
[2010/09/09 11:09:21 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2010/09/08 15:04:29 | 000,072,080 | ---- | C] () -- C:\Users\bsmall\g2mdlhlpx.exe
[2010/09/08 13:27:34 | 000,001,542 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk
[2010/09/08 11:57:17 | 000,002,886 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet MindManager 9.lnk
[2010/09/07 22:47:45 | 000,007,866 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/09/05 21:21:01 | 000,589,824 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL with JR Revisions.leag
[2010/09/04 10:37:22 | 000,589,824 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL-Locks.leag
[2010/09/03 00:26:59 | 000,589,824 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL-No Flag.leag
[2010/09/02 16:12:07 | 000,009,867 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Tab Separated Values (Windows).CAL
[2010/09/01 19:04:01 | 000,606,208 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL-Test.leag
[2010/08/31 09:01:00 | 002,168,978 | ---- | C] () -- C:\Users\bsmall\Desktop\sendero.zip
[2010/08/28 11:27:41 | 000,524,288 | -HS- | C] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000002.regtrans-ms
[2010/08/28 11:27:41 | 000,524,288 | -HS- | C] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000001.regtrans-ms
[2010/08/28 11:27:41 | 000,065,536 | -HS- | C] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TM.blf
[2010/08/27 14:10:19 | 000,002,615 | ---- | C] () -- C:\Users\Public\Desktop\League Scheduler 2009.lnk
[2010/08/26 22:54:21 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\All-Pro League Scheduler.lnk
[2010/08/24 17:49:11 | 000,000,703 | ---- | C] () -- C:\Users\bsmall\schedule.ini
[2010/08/24 17:49:11 | 000,000,052 | ---- | C] () -- C:\Users\bsmall\winsched.hd
[2010/08/20 11:54:13 | 000,240,189 | ---- | C] () -- C:\Users\bsmall\Desktop\tinymce-advanced.3.2.7.zip
[2010/08/09 15:01:31 | 000,009,868 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/08/07 09:26:28 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/24 16:00:52 | 000,038,249 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/07/22 11:07:13 | 000,000,192 | -H-- | C] () -- C:\ProgramData\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2010/07/15 07:21:22 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/15 00:14:29 | 000,000,048 | ---- | C] () -- C:\Users\bsmall\AppData\Local\73648-88365-27475-00IP7-22847
[2010/07/14 23:45:41 | 000,000,046 | ---- | C] () -- C:\Windows\REGKEYNT.INI
[2010/07/14 18:24:19 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/14 16:34:05 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\kkzbps1.dll
[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2009/07/13 18:16:42 | 000,000,339 | ---- | C] () -- C:\Windows\SysWow64\nmbfknu.dll
[2009/07/13 18:16:42 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2009/07/13 18:16:42 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2009/07/13 18:16:42 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\ubl9clt.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/03/14 17:30:17 | 000,030,793 | ---- | C] () -- C:\Windows\SysWow64\crtslv.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:4D17708E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:C28FF86E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:66E02052
< End of report >
Back to Top
 
New Topic Post reply to : Search Engine Redirect Virus - 64-Bit Platform Printable version of : Search Engine Redirect Virus - 64-Bit Platform
 
Forum Information
Currently it is Thursday, July 24, 2014 1:12 AM (GMT +3)
There are a total of 60,522 posts in 13,303 threads.
In the last 3 days there were 3 new threads and 8 reply posts. View Active Threads
Who's Online
This forum has 36154 registered members. Please welcome our newest member, waferisigadung.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Virus Through Email (3)7/23/2014 4:07:57 AM (Touch)
Firewall causing high CPU usage (5)7/22/2014 7:01:03 PM (rv1979)
Python.exe is malware?? (1)7/22/2014 12:51:17 PM (Touch)
Cant delete annoying music downloader help? (1)7/22/2014 7:44:23 AM (Touch)