Jump to content

Google Redirect Issues - 64-bit platform

bsmall

By bsmall
in Resolved Malware Removal Logs

 Share

Recommended Posts

bsmall

bsmall

Posted
Posted

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 5:41:36 PM, on 9/15/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\TechSmith\Jing\Jing.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\ProgramData\Mozilla Firefox\firefox.exe

C:\ProgramData\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL

O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: AppLife Update Service (KjsUpdateService) - Kinetic Jump Software, LLC - C:\Program Files (x86)\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14787 bytes

Link to post
Share on other sites
bsmall

bsmall

Posted
  • Author
Posted

OTL logfile created on: 9/15/2010 7:40:19 PM - Run 2

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\bsmall\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 68.00% Memory free

16.00 Gb Paging File | 13.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 919.67 Gb Total Space | 773.17 Gb Free Space | 84.07% Space Free | Partition Type: NTFS

Drive D: | 11.56 Gb Total Space | 1.65 Gb Free Space | 14.29% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 465.65 Gb Total Space | 233.59 Gb Free Space | 50.16% Space Free | Partition Type: FAT32

Drive L: | 149.05 Gb Total Space | 126.49 Gb Free Space | 84.86% Space Free | Partition Type: NTFS

Drive P: | 698.64 Gb Total Space | 40.66 Gb Free Space | 5.82% Space Free | Partition Type: NTFS

Computer Name: BSMALL-PC

Current User Name: bsmall

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/15 17:44:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\bsmall\Downloads\OTL.exe

PRC - [2010/08/24 21:31:19 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\ProgramData\Mozilla Firefox\plugin-container.exe

PRC - [2010/08/24 21:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\ProgramData\Mozilla Firefox\firefox.exe

PRC - [2010/08/24 09:34:17 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Jing\Jing.exe

PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/07/14 17:50:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2010/06/23 17:07:02 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

PRC - [2010/06/16 17:20:50 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

PRC - [2010/05/20 15:19:06 | 000,196,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe

PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/09/19 17:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe

PRC - [2009/09/19 17:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe

PRC - [2009/09/19 17:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

PRC - [2009/09/19 17:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2008/04/01 13:21:56 | 000,061,440 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe

========== Modules (SafeList) ==========

MOD - [2010/09/15 17:44:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\bsmall\Downloads\OTL.exe

MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/10 19:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/07/14 17:50:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)

SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009/09/19 17:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)

SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/08/17 15:12:38 | 000,012,800 | ---- | M] (Kinetic Jump Software, LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe -- (KjsUpdateService)

SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)

SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/14 16:02:08 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/05/05 23:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys -- (SYMTDIv)

DRV:64bit: - [2010/05/05 23:01:44 | 000,053,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)

DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/04/21 22:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys -- (SymEFA)

DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/03/10 19:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/03/10 19:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/03/10 18:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/03 08:45:00 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/02/25 19:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys -- (ccHP)

DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)

DRV:64bit: - [2009/10/06 08:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)

DRV:64bit: - [2009/09/17 00:58:38 | 000,026,624 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)

DRV:64bit: - [2009/08/29 19:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys -- (SymDS)

DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)

DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/05 05:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV - [2010/08/31 17:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)

DRV - [2010/08/28 12:35:31 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100915.002\EX64.SYS -- (NAVEX15)

DRV - [2010/08/28 12:35:31 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2010/08/28 12:35:31 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100915.002\ENG64.SYS -- (NAVENG)

DRV - [2010/07/14 16:04:26 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/07/06 03:15:40 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100910.001\IDSviA64.sys -- (IDSVia64)

DRV - [2009/09/17 20:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/07 10:18:53] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 7D 29 02 59 C5 56 49 99 91 CA 5C A9 21 E7 60 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 7D 29 02 59 C5 56 49 99 91 CA 5C A9 21 E7 60 [binary data]

IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 7D 29 02 59 C5 56 49 99 91 CA 5C A9 21 E7 60 [binary data]

IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.startup.homepage: "http://msn.com"

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.1

FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c

FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.4

FF - prefs.js..extensions.enabledItems: {5a8ef0b5-1386-45bd-8be5-fcfcd5ef576c}:1.0

FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/07/15 07:37:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/07/15 07:19:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 11:29:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2010/09/08 15:27:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2010/09/08 15:27:01 | 000,000,000 | ---D | M]

[2010/08/25 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Extensions

[2010/08/25 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2010/09/15 10:21:42 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions

[2010/09/13 09:42:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/09/08 10:01:48 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávací paměť) -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}

[2010/09/10 16:42:54 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{5a8ef0b5-1386-45bd-8be5-fcfcd5ef576c}

[2010/08/16 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\amznUWL@amazon.com

[2010/09/08 15:30:56 | 000,000,000 | ---D | M] -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\canitbecheaper@trafficbroker.co.uk

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)

O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - Startup: C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2316158855-2731607963-2616292143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB (Hewlett-Packard Online Support Services)

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.182.208.5 69.60.160.196

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/04/05 08:44:20 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]

O32 - AutoRun File - [2005/11/17 18:15:24 | 000,000,069 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2006/11/30 00:45:30 | 000,000,132 | ---- | M] () - P:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{87d4eab7-9052-11df-8bbe-78e7d17f8500}\Shell - "" = AutoRun

O33 - MountPoints2\{87d4eab7-9052-11df-8bbe-78e7d17f8500}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/15 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\tdsskiller

[2010/09/15 16:47:47 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/09/15 16:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro

[2010/09/15 12:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/09/15 12:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010/09/15 11:42:31 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\HPAppData

[2010/09/15 11:06:47 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\topic151700_files

[2010/09/15 11:01:52 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\how-to-use-combofix_files

[2010/09/15 10:56:00 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll

[2010/09/15 10:19:02 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2010/09/15 09:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2010/09/15 09:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/09/13 09:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2010/09/10 10:09:20 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\My Scans

[2010/09/09 16:22:23 | 000,000,000 | R--D | C] -- C:\Users\bsmall\Documents\Scanned Documents

[2010/09/09 16:22:23 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\Fax

[2010/09/09 11:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant

[2010/09/09 11:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP

[2010/09/08 15:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix

[2010/09/08 11:58:00 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\Mindjet

[2010/09/08 11:57:45 | 000,006,656 | ---- | C] (Tracker Software) -- C:\Windows\SysNative\pxc35pm.dll

[2010/09/08 11:57:37 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\My Maps

[2010/09/08 11:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet

[2010/09/08 11:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet

[2010/09/08 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\{59187FCC-F4A4-40DF-8044-753DD94A7B6D}

[2010/09/07 23:00:38 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\HP

[2010/09/07 22:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2010/09/07 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\HP

[2010/09/07 22:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons

[2010/09/07 22:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations

[2010/09/07 22:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations

[2010/09/07 22:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard

[2010/09/07 22:49:38 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l70v.dll

[2010/09/07 22:48:30 | 000,000,000 | -H-D | C] -- C:\Config.Msi

[2010/09/07 22:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2010/09/07 22:47:33 | 001,403,904 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p02c.dll

[2010/09/07 22:47:33 | 000,880,640 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p02c.dll

[2010/09/07 22:47:33 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll

[2010/09/07 22:47:33 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll

[2010/09/07 22:47:33 | 000,515,072 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p02a.dll

[2010/09/07 18:29:12 | 000,184,320 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\ESDTR.dll

[2010/09/07 18:29:12 | 000,126,976 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\Esint23.dll

[2010/09/07 18:29:12 | 000,090,112 | ---- | C] (SEIKO EPSON CORP) -- C:\Windows\SysWow64\epcomdd.dll

[2010/09/07 18:29:12 | 000,077,824 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\Esintpl.dll

[2010/09/07 18:29:12 | 000,066,048 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\escwian.dll

[2010/09/07 18:29:12 | 000,061,952 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\escwiad.dll

[2010/09/07 18:29:12 | 000,053,248 | ---- | C] (SEIKO EPSON Corp.) -- C:\Windows\SysWow64\ESICM.dll

[2010/09/07 18:29:12 | 000,044,544 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\escwiab.dll

[2010/09/07 18:29:12 | 000,003,584 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\eswiaml.dll

[2010/09/07 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\InstallShield

[2010/09/07 18:28:35 | 000,000,000 | ---D | C] -- C:\EPSON

[2010/09/03 12:31:43 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\Schedules

[2010/09/03 10:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOR

[2010/09/02 13:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/09/02 13:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/09/02 13:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/08/30 10:20:07 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\DBS2K

[2010/08/30 10:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DBS2K

[2010/08/27 15:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects

[2010/08/27 14:12:04 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Local\Kjs.AppLife.Update

[2010/08/27 14:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeagueUSA

[2010/08/27 14:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AppLifeUpdateService

[2010/08/27 14:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects

[2010/08/26 22:54:17 | 000,000,000 | ---D | C] -- C:\Windows\Crystal

[2010/08/26 22:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All-Pro Software

[2010/08/26 22:54:15 | 000,000,000 | ---D | C] -- C:\Windows\All-Pro League Scheduler

[2010/08/25 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Desktop\LimeWire Pro v5.5.8

[2010/08/25 11:05:58 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\LimeWire

[2010/08/25 11:05:58 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Incomplete

[2010/08/25 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\bsmall\AppData\Roaming\LimeWire

[2010/08/25 11:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire

[2010/08/25 09:27:49 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2010/08/22 17:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neat Video for Sony Vegas

[2010/08/17 11:22:31 | 000,000,000 | ---D | C] -- C:\Users\bsmall\Documents\Video LightBox

[2006/08/23 17:24:22 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL

[24 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

[22 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/15 19:41:44 | 004,718,592 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat

[2010/09/15 19:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000UA.job

[2010/09/15 18:37:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/15 18:37:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/15 18:28:27 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/09/15 18:27:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/15 18:26:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/15 18:26:40 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/15 18:25:27 | 001,232,903 | -H-- | M] () -- C:\Users\bsmall\AppData\Local\IconCache.db

[2010/09/15 16:55:01 | 001,193,882 | ---- | M] () -- C:\Users\bsmall\Desktop\tdsskiller.zip

[2010/09/15 16:37:06 | 000,002,979 | ---- | M] () -- C:\Users\bsmall\Desktop\HiJackThis.lnk

[2010/09/15 15:04:00 | 000,012,418 | ---- | M] () -- C:\Users\bsmall\Desktop\NeedtoBreathe.pdf

[2010/09/15 14:30:26 | 000,001,139 | ---- | M] () -- C:\Users\bsmall\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2010/09/15 14:30:22 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/09/15 14:30:22 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/09/15 14:30:22 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/09/15 14:30:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2316158855-2731607963-2616292143-1000Core.job

[2010/09/15 12:08:23 | 000,646,656 | ---- | M] () -- C:\Users\bsmall\Desktop\ComboFix.doc

[2010/09/15 11:15:55 | 000,847,320 | ---- | M] () -- C:\Users\bsmall\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/09/15 11:12:52 | 004,193,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/09/15 11:06:48 | 000,190,661 | ---- | M] () -- C:\Users\bsmall\Desktop\topic151700.html

[2010/09/15 11:04:37 | 003,845,170 | ---- | M] () -- C:\Users\bsmall\Desktop\ComboFix.exe

[2010/09/15 11:02:09 | 000,066,923 | ---- | M] () -- C:\Users\bsmall\Desktop\how-to-use-combofix.htm

[2010/09/15 11:01:23 | 000,000,534 | ---- | M] () -- C:\Windows\win.ini

[2010/09/15 10:19:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2010/09/15 09:59:22 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/09/14 06:33:51 | 000,131,674 | ---- | M] () -- C:\Users\bsmall\Desktop\Form.pdf

[2010/09/14 06:07:41 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/09/13 16:21:14 | 000,125,871 | ---- | M] () -- C:\Users\bsmall\Desktop\baseball-highlight-film-estimate.pdf

[2010/09/10 17:33:57 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbsmall.job

[2010/09/10 03:41:56 | 000,419,499 | ---- | M] () -- C:\Users\bsmall\Desktop\SCAN00002.rtf

[2010/09/10 03:41:41 | 000,010,504 | ---- | M] () -- C:\Users\bsmall\Desktop\SCAN00001.rtf

[2010/09/10 03:41:26 | 000,508,966 | ---- | M] () -- C:\Users\bsmall\Desktop\SCAN0000.rtf

[2010/09/09 16:42:54 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX

[2010/09/09 16:42:54 | 000,000,002 | ---- | M] () -- C:\Windows\Twain001.Mtx

[2010/09/09 16:42:54 | 000,000,000 | ---- | M] () -- C:\Windows\Twunk002.MTX

[2010/09/09 16:41:46 | 000,233,111 | ---- | M] () -- C:\Windows\hpwins22.dat

[2010/09/09 16:35:53 | 373,813,960 | ---- | M] () -- C:\Users\bsmall\Desktop\OJP8500vA909_Full_14.exe

[2010/09/09 16:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext

[2010/09/09 11:31:20 | 000,208,069 | ---- | M] () -- C:\Windows\hpoins43.dat

[2010/09/09 11:29:09 | 000,001,317 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2010/09/09 11:28:50 | 000,002,101 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2010/09/09 11:09:25 | 000,207,365 | ---- | M] () -- C:\Windows\hpoins43.dat.temp

[2010/09/08 15:27:03 | 000,001,700 | ---- | M] () -- C:\Users\bsmall\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/08 15:04:29 | 000,072,080 | ---- | M] () -- C:\Users\bsmall\g2mdlhlpx.exe

[2010/09/08 13:44:42 | 001,269,564 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/09/08 13:27:48 | 000,001,542 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk

[2010/09/08 11:57:24 | 000,002,886 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet MindManager 9.lnk

[2010/09/07 09:55:21 | 000,009,868 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).CAL

[2010/09/06 12:08:19 | 000,589,824 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL with JR Revisions.leag

[2010/09/05 20:46:16 | 000,589,824 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL-Locks.leag

[2010/09/03 17:04:48 | 000,589,824 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL-No Flag.leag

[2010/09/02 23:06:18 | 000,606,208 | ---- | M] () -- C:\Users\bsmall\Desktop\NTFL-Test.leag

[2010/09/02 16:18:01 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI

[2010/09/02 16:12:08 | 000,009,867 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Tab Separated Values (Windows).CAL

[2010/08/31 12:42:10 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

[2010/08/31 09:03:27 | 002,168,978 | ---- | M] () -- C:\Users\bsmall\Desktop\sendero.zip

[2010/08/31 00:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll

[2010/08/28 17:06:12 | 000,524,288 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000002.regtrans-ms

[2010/08/28 17:06:12 | 000,524,288 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000001.regtrans-ms

[2010/08/28 17:06:12 | 000,065,536 | -HS- | M] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TM.blf

[2010/08/27 14:10:19 | 000,002,615 | ---- | M] () -- C:\Users\Public\Desktop\League Scheduler 2009.lnk

[2010/08/27 13:58:43 | 000,000,703 | ---- | M] () -- C:\Users\bsmall\schedule.ini

[2010/08/27 13:52:49 | 000,000,052 | ---- | M] () -- C:\Users\bsmall\winsched.hd

[2010/08/26 23:20:05 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\All-Pro League Scheduler.lnk

[2010/08/20 11:54:14 | 000,240,189 | ---- | M] () -- C:\Users\bsmall\Desktop\tinymce-advanced.3.2.7.zip

[2010/08/19 13:08:51 | 000,038,249 | ---- | M] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).ADR

[22 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/15 16:55:00 | 001,193,882 | ---- | C] () -- C:\Users\bsmall\Desktop\tdsskiller.zip

[2010/09/15 16:37:06 | 000,002,979 | ---- | C] () -- C:\Users\bsmall\Desktop\HiJackThis.lnk

[2010/09/15 15:04:00 | 000,012,418 | ---- | C] () -- C:\Users\bsmall\Desktop\NeedtoBreathe.pdf

[2010/09/15 12:08:22 | 000,646,656 | ---- | C] () -- C:\Users\bsmall\Desktop\ComboFix.doc

[2010/09/15 11:06:47 | 000,190,661 | ---- | C] () -- C:\Users\bsmall\Desktop\topic151700.html

[2010/09/15 11:04:29 | 003,845,170 | ---- | C] () -- C:\Users\bsmall\Desktop\ComboFix.exe

[2010/09/15 11:01:51 | 000,066,923 | ---- | C] () -- C:\Users\bsmall\Desktop\how-to-use-combofix.htm

[2010/09/15 10:00:08 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys

[2010/09/15 09:59:21 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/09/14 06:33:51 | 000,131,674 | ---- | C] () -- C:\Users\bsmall\Desktop\Form.pdf

[2010/09/13 16:21:14 | 000,125,871 | ---- | C] () -- C:\Users\bsmall\Desktop\baseball-highlight-film-estimate.pdf

[2010/09/10 03:41:55 | 000,419,499 | ---- | C] () -- C:\Users\bsmall\Desktop\SCAN00002.rtf

[2010/09/10 03:41:41 | 000,010,504 | ---- | C] () -- C:\Users\bsmall\Desktop\SCAN00001.rtf

[2010/09/10 03:41:26 | 000,508,966 | ---- | C] () -- C:\Users\bsmall\Desktop\SCAN0000.rtf

[2010/09/09 16:42:54 | 000,000,156 | ---- | C] () -- C:\Windows\Twunk001.MTX

[2010/09/09 16:42:54 | 000,000,002 | ---- | C] () -- C:\Windows\Twain001.Mtx

[2010/09/09 16:42:54 | 000,000,000 | ---- | C] () -- C:\Windows\Twunk002.MTX

[2010/09/09 16:38:47 | 000,233,111 | ---- | C] () -- C:\Windows\hpwins22.dat

[2010/09/09 16:38:47 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat

[2010/09/09 16:35:53 | 373,813,960 | ---- | C] () -- C:\Users\bsmall\Desktop\OJP8500vA909_Full_14.exe

[2010/09/09 16:15:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\file.ext

[2010/09/09 11:29:09 | 000,001,317 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2010/09/09 11:28:50 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2010/09/09 11:26:57 | 000,208,069 | ---- | C] () -- C:\Windows\hpoins43.dat

[2010/09/09 11:26:57 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat

[2010/09/09 11:09:21 | 000,207,365 | ---- | C] () -- C:\Windows\hpoins43.dat.temp

[2010/09/09 11:09:21 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp

[2010/09/08 15:04:29 | 000,072,080 | ---- | C] () -- C:\Users\bsmall\g2mdlhlpx.exe

[2010/09/08 13:27:34 | 000,001,542 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk

[2010/09/08 11:57:17 | 000,002,886 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet MindManager 9.lnk

[2010/09/07 22:47:45 | 000,007,866 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/09/05 21:21:01 | 000,589,824 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL with JR Revisions.leag

[2010/09/04 10:37:22 | 000,589,824 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL-Locks.leag

[2010/09/03 00:26:59 | 000,589,824 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL-No Flag.leag

[2010/09/02 16:12:07 | 000,009,867 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Tab Separated Values (Windows).CAL

[2010/09/01 19:04:01 | 000,606,208 | ---- | C] () -- C:\Users\bsmall\Desktop\NTFL-Test.leag

[2010/08/31 09:01:00 | 002,168,978 | ---- | C] () -- C:\Users\bsmall\Desktop\sendero.zip

[2010/08/28 11:27:41 | 000,524,288 | -HS- | C] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000002.regtrans-ms

[2010/08/28 11:27:41 | 000,524,288 | -HS- | C] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TMContainer00000000000000000001.regtrans-ms

[2010/08/28 11:27:41 | 000,065,536 | -HS- | C] () -- C:\Users\bsmall\ntuser.dat{7ff99ed7-b2be-11df-b89b-78e7d17f8500}.TM.blf

[2010/08/27 14:10:19 | 000,002,615 | ---- | C] () -- C:\Users\Public\Desktop\League Scheduler 2009.lnk

[2010/08/26 22:54:21 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\All-Pro League Scheduler.lnk

[2010/08/24 17:49:11 | 000,000,703 | ---- | C] () -- C:\Users\bsmall\schedule.ini

[2010/08/24 17:49:11 | 000,000,052 | ---- | C] () -- C:\Users\bsmall\winsched.hd

[2010/08/20 11:54:13 | 000,240,189 | ---- | C] () -- C:\Users\bsmall\Desktop\tinymce-advanced.3.2.7.zip

[2010/08/09 15:01:31 | 000,009,868 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).CAL

[2010/08/07 09:26:28 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2010/07/24 16:00:52 | 000,038,249 | ---- | C] () -- C:\Users\bsmall\AppData\Roaming\Comma Separated Values (Windows).ADR

[2010/07/22 11:07:13 | 000,000,192 | -H-- | C] () -- C:\ProgramData\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss

[2010/07/15 07:21:22 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/07/15 00:14:29 | 000,000,048 | ---- | C] () -- C:\Users\bsmall\AppData\Local\73648-88365-27475-00IP7-22847

[2010/07/14 23:45:41 | 000,000,046 | ---- | C] () -- C:\Windows\REGKEYNT.INI

[2010/07/14 18:24:19 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/07/14 16:34:05 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll

[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\kkzbps1.dll

[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll

[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll

[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll

[2009/07/13 18:16:42 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll

[2009/07/13 18:16:42 | 000,000,339 | ---- | C] () -- C:\Windows\SysWow64\nmbfknu.dll

[2009/07/13 18:16:42 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll

[2009/07/13 18:16:42 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll

[2009/07/13 18:16:42 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\ubl9clt.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2008/03/14 17:30:17 | 000,030,793 | ---- | C] () -- C:\Windows\SysWow64\crtslv.dll

[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:4D17708E

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:C28FF86E

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:66E02052

< End of report

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

Are you getting redirects also in IE? I see only evidence of a firefox redirector here. Please let me know how things are after the following fix.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    [2010/09/10 16:42:54 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{5a8ef0b5-1386-45bd-8be5-fcfcd5ef576c}
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites
bsmall

bsmall

Posted
  • Author
Posted

Thanks, Elise. I think you're right, Firefox seems to be the victim here.

Here is the latest report:

All processes killed

========== OTL ==========

Folder C:\Users\bsmall\AppData\Roaming\mozilla\Firefox\Profiles\g5dzor37.default\extensions\{5a8ef0b5-1386-45bd-8be5-fcfcd5ef576c}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 51556 bytes

->Temporary Internet Files folder emptied: 34064 bytes

User: All Users

User: bsmall

->Temp folder emptied: 1389398 bytes

->Temporary Internet Files folder emptied: 19646077 bytes

->Java cache emptied: 2111090 bytes

->FireFox cache emptied: 92530538 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 2574551 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1922431 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 115.00 mb

OTL by OldTimer - Version 3.2.12.1 log created on 09162010_085019

Files\Folders moved on Reboot...

C:\Users\bsmall\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\bsmall\AppData\Local\Temp\WER74C2.tmp.resp.erc.xml not found!

File\Folder C:\Users\bsmall\AppData\Local\Temp\WER74C3.tmp.resp not found!

File\Folder C:\Windows\temp\hsperfdata_BSMALL-PC$\1524 not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites
bsmall

bsmall

Posted
  • Author
Posted

Latest HijackThis report, as well, in case you want it:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 8:59:53 AM, on 9/16/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\TechSmith\Jing\Jing.exe

C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\ProgramData\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL

O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: AppLife Update Service (KjsUpdateService) - Kinetic Jump Software, LLC - C:\Program Files (x86)\Common Files\AppLifeUpdateService\Kjs.AppLife.Update.Service.Exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14797 bytes

Link to post
Share on other sites
bsmall

bsmall

Posted
  • Author
Posted

I stumbled across a program last night, while browsing the Malwarebytes Forum and waiting on a reply here, that I gave a shot. (sound desperate?!)

GooredFix - I ran it, and got the following report:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 23:03 on 15/09/2010 (bsmall)

Firefox version 3.6.9 (en-US)

========== GooredScan ==========

Deleting "C:\Users\bsmall\Application Data\Mozilla\Firefox\Profiles\g5dzor37.default\extensions\{5a8ef0b5-1386-45bd-8be5-fcfcd5ef576c}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\

(none)

C:\Users\bsmall\Application Data\Mozilla\Firefox\Profiles\g5dzor37.default\extensions\

amznUWL@amazon.com [03:25 17/08/2010]

canitbecheaper@trafficbroker.co.uk [20:30 08/09/2010]

{3112ca9c-de6d-4884-a869-9855de68056c} [14:42 13/09/2010]

{563e4790-7e70-11da-a72b-0800200c9a66} [15:01 08/09/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\" [21:02 14/07/2010]

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\" [21:02 14/07/2010]

"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [16:29 09/09/2010]

-=E.O.F=-

Link to post
Share on other sites
bsmall

bsmall

Posted
  • Author
Posted

OTL logfile created on: 9/19/2010 11:37:50 AM - Run 3

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\bsmall\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free

16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 919.67 Gb Total Space | 769.74 Gb Free Space | 83.70% Space Free | Partition Type: NTFS

Drive D: | 11.56 Gb Total Space | 1.65 Gb Free Space | 14.29% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 465.65 Gb Total Space | 233.59 Gb Free Space | 50.16% Space Free | Partition Type: FAT32

Drive L: | 149.05 Gb Total Space | 126.48 Gb Free Space | 84.86% Space Free | Partition Type: NTFS

Drive P: | 698.64 Gb Total Space | 40.66 Gb Free Space | 5.82% Space Free | Partition Type: NTFS

Computer Name: BSMALL-PC

Current User Name: bsmall

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

< End of report >

Link to post
Share on other sites
bsmall

bsmall

Posted
  • Author
Posted

Oops ...

OTL Extras logfile created on: 9/19/2010 11:37:51 AM - Run 3

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\bsmall\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free

16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 919.67 Gb Total Space | 769.74 Gb Free Space | 83.70% Space Free | Partition Type: NTFS

Drive D: | 11.56 Gb Total Space | 1.65 Gb Free Space | 14.29% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 465.65 Gb Total Space | 233.59 Gb Free Space | 50.16% Space Free | Partition Type: FAT32

Drive L: | 149.05 Gb Total Space | 126.48 Gb Free Space | 84.86% Space Free | Partition Type: NTFS

Drive P: | 698.64 Gb Total Space | 40.66 Gb Free Space | 5.82% Space Free | Partition Type: NTFS

Computer Name: BSMALL-PC

Current User Name: bsmall

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\ProgramData\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)

"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes

"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B5CF5995-5E0B-967D-3FC5-325089795937}" = ccc-utility64

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series

"{F9F4430E-80DE-EC0F-BF8E-476352C8F954}" = ATI Catalyst Install Manager

"HitmanPro35" = Hitman Pro 3.5

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"HPOCR" = OCR Software by I.R.I.S. 14.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"OfficeTrial" = Microsoft Office Home and Student 60 day trial

"PC-Doctor for Windows" = Hardware Diagnostic Tools

"PDF-XChange 3_is1" = PDF-XChange 3

"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{0712667C-A171-49AE-A098-4ACDA28625F8}" = Sony Sound Forge 7.0

"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{09B1AF25-4C86-447D-8C2F-001471B29BC4}" = iPodCopy

"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup

"{09F46E3D-EAFB-9390-B6D9-F6DAA73B3ECB}" = CCC Help Finnish

"{0A172278-5048-3BDA-D318-974ED0AA0B95}" = CCC Help Greek

"{0B2536F0-8E7A-340F-9031-1AA60BEFBFD8}" = Catalyst Control Center Graphics Full Existing

"{0D526570-6B8F-3CE9-04DB-16FD2E68FCBE}" = CCC Help Danish

"{0E6CE44A-EE07-1C20-72C8-9A24CA2ED2CB}" = Catalyst Control Center HydraVision Full

"{113F4E2E-416A-33BD-D2A6-39C58AB6ACAC}" = CCC Help Korean

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{1688104B-0261-42FC-D796-CB97EA5159A4}" = CCC Help Thai

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18812D65-95DB-5482-4CAC-3B3B5E5446B0}" = CCC Help Italian

"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover

"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}

"{1D5B3A03-17FD-EC8F-755B-6164ABFF450A}" = CCC Help Turkish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari

"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls

"{223CCCD3-2217-9AA1-98F0-2879733549D0}" = CCC Help English

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix

"{390814DD-2F04-4527-ACE2-7E436DFCB85D}" = League Scheduler

"{394F1B21-1FA4-DDE1-C00B-0A3EEA1A94D1}" = ccc-core-static

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan

"{40965CEA-43EE-B8D7-09AB-705B5E2A2521}" = CCC Help Hungarian

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4680D4CC-5220-6AAF-54D3-C1E75C90A69A}" = CCC Help German

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4ED198D7-DF83-48D8-80BC-5C79136A8493}" = Getting Things Done Outlook Add-In

"{4F11AE1B-452A-2A9B-250D-EDB725E39199}" = CCC Help Russian

"{4F9B4C70-F223-B34B-C7D3-55FC1D2BAD2E}" = CCC Help Chinese Standard

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0

"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5906DAFF-9370-2B54-D483-343ABB9BE748}" = Catalyst Control Center Graphics Light

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{659F8F13-E8C5-C4B8-85E7-1D3912C06929}" = Catalyst Control Center Localization All

"{65B2D116-67B7-4562-BFC6-8CD3E10B33B2}" = Cloudmark Desktop for Microsoft Outlook

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6C6B8B89-AC64-4B04-DBE1-992B80C83F1A}" = CCC Help Japanese

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{79AE21FD-837E-4774-BAC7-6D0523DE7488}" = Marketing Plan Pro Powered by Duct Tape Marketing

"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic

"{7B9D9DC4-EDB9-3181-4D1B-E47C34609E0C}" = CCC Help Portuguese

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8966B8B5-D87A-E689-B370-E79B7691299C}" = Catalyst Control Center Core Implementation

"{89EA759B-B9C8-6CB5-6BF2-248961E68809}" = Catalyst Control Center InstallProxy

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90756E9C-97E4-4405-A85F-1734804990DD}" = Mindjet MindManager 9

"{90CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003

"{931E11B0-1ACE-438D-90AF-E5D8C64880EF}" = Catalyst Control Center - Branding

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95140000-004E-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector 32-bit

"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9C23A506-3E8B-B91C-4F9B-040518EC792D}" = CCC Help Norwegian

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9D54290B-CD49-4B36-2EF2-7597FD0D683F}" = CCC Help Swedish

"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A6F42664-73EC-25B0-F3A9-D8CCE53CFB25}" = Catalyst Control Center Graphics Previews Common

"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware

"{A7C0BB1A-1546-44D6-1BE0-FB0F84364787}" = HydraVision

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3

"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini

"{B07E4A53-C39E-9BEB-9716-1953F0EE2953}" = CCC Help French

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B439A476-119C-13A9-6FB8-B2B2D566CF63}" = CCC Help Spanish

"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700

"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C3DF1C57-780A-DB9C-F30A-68EB45526761}" = Catalyst Control Center InstallProxy

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C54BBB47-5D1A-5C82-614E-0D75C1AD92B5}" = Catalyst Control Center Graphics Previews Vista

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{C725937A-C6B3-0D07-A765-029FB1FD66B6}" = CCC Help Chinese Traditional

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium

"{D228187B-0D49-44C6-DEA8-64F180D14DB9}" = CCC Help Polish

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D4134B0B-EA9B-4835-A77A-60BEE6277101}" = Lightroom

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D74B4F5A-28CB-33E4-AFC2-412B8227C582}" = CCC Help Dutch

"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5492B8D-B6DB-C3D2-8309-1B6A766CAF85}" = Catalyst Control Center Graphics Full New

"{F5F38D48-5AF3-EEEC-7E0C-25D516D1DC74}" = CCC Help Czech

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FB8BD91F-DC90-4770-AE33-8AA6AA2E691B}" = Extensis Suitcase Fusion 2

"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"ActiveTouchMeetingClient" = WebEx

"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.3 Professional

"Adobe Acrobat 8 Professional_824" = Adobe Acrobat 8.2.4 - CPSID_83708

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium

"All-Pro League Scheduler" = All-Pro League Scheduler

"CCleaner" = CCleaner

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Eye Candy 4000" = Eye Candy 4000

"Handbrake" = Handbrake 0.9.4

"HP Photo Creations" = HP Photo Creations

"HP Remote Solution" = HP Remote Solution

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"LimeWire" = LimeWire 5.5.8

"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

"Neat Video for Sony Vegas_is1" = Neat Video v2.2 Demo plug-in for Sony Vegas

"Network MagicUninstall" = Network Magic

"NIS" = Norton Internet Security

"NoteBurner_is1" = NoteBurner 1.35

"Picasa 3" = Picasa 3

"ShapeCollage" = Shape Collage

"Speccy" = Speccy

"Splat" = Alien Skin Splat! 1.0 Demo

"Tansee iPhone Transfer SMS_is1" = Tansee iPhone Transfer SMS

"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.1

"VisualLightBox" = VisualLightBox

"VueScan" = VueScan

"WildTangent hp Master Uninstall" = HP Games

"WinAce Archiver" = WinAce Archiver

"WinLiveSuite_Wave3" = Windows Live Essentials

"Xenofex2Demo" = Alien Skin Xenofex 2 Demo

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"GoToMeeting" = GoToMeeting 4.5.0.457

"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/8/2010 12:58:30 AM | Computer Name = bsmall-PC | Source = Bonjour Service | ID = 100

Description = 480: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 9/8/2010 12:58:30 AM | Computer Name = bsmall-PC | Source = Bonjour Service | ID = 100

Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 9/8/2010 12:58:30 AM | Computer Name = bsmall-PC | Source = Bonjour Service | ID = 100

Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 9/8/2010 12:58:30 AM | Computer Name = bsmall-PC | Source = Bonjour Service | ID = 100

Description = 492: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 9/8/2010 11:17:01 AM | Computer Name = bsmall-PC | Source = Application Error | ID = 1000

Description = Faulting application name: WINWORD.EXE, version: 11.0.8326.0, time

stamp: 0x4c1c23b8 Faulting module name: ENVELOPE.DLL, version: 11.0.8205.0, time

stamp: 0x478c172c Exception code: 0xc0000005 Fault offset: 0x00004e9b Faulting process

id: 0x141c Faulting application start time: 0x01cb4f60a8430542 Faulting application

path: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE Faulting module

path: C:\Program Files (x86)\Microsoft Office\OFFICE11\ENVELOPE.DLL Report Id: 20d1ef34-bb5c-11df-a293-78e7d17f8500

Error - 9/8/2010 2:28:48 PM | Computer Name = bsmall-PC | Source = Bonjour Service | ID = 100

Description = 504: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 9/8/2010 2:28:48 PM | Computer Name = bsmall-PC | Source = Bonjour Service | ID = 100

Description = 508: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 9/8/2010 2:28:48 PM | Computer Name = bsmall-PC | Source = Bonjour Service | ID = 100

Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 9/8/2010 2:28:48 PM | Computer Name = bsmall-PC | Source = Bonjour Service | ID = 100

Description = 360: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 9/8/2010 2:28:54 PM | Computer Name = bsmall-PC | Source = Application Error | ID = 1000

Description = Faulting application name: OUTLOOK.EXE, version: 11.0.8325.0, time

stamp: 0x4bf591af Faulting module name: hhctrl.ocx_unloaded, version: 0.0.0.0, time

stamp: 0x4a5bd9ea Exception code: 0xc0000005 Fault offset: 0x6629473f Faulting process

id: 0xad8 Faulting application start time: 0x01cb4f779287fa21 Faulting application

path: C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE Faulting module

path: hhctrl.ocx Report Id: eec2b04c-bb76-11df-a293-78e7d17f8500

[ System Events ]

Error - 9/15/2010 2:12:02 PM | Computer Name = bsmall-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 9/15/2010 2:13:58 PM | Computer Name = bsmall-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 9/15/2010 2:13:58 PM | Computer Name = bsmall-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 9/15/2010 2:13:58 PM | Computer Name = bsmall-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 9/15/2010 2:14:00 PM | Computer Name = bsmall-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 9/15/2010 2:14:00 PM | Computer Name = bsmall-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 9/15/2010 2:14:00 PM | Computer Name = bsmall-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 9/15/2010 2:23:33 PM | Computer Name = bsmall-PC | Source = bowser | ID = 8003

Description =

Error - 9/15/2010 3:05:00 PM | Computer Name = bsmall-PC | Source = bowser | ID = 8003

Description =

Error - 9/15/2010 11:39:02 PM | Computer Name = bsmall-PC | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

< End of report >

Link to post
Share on other sites
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.