WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Hidden Malware?
Started by
HelloAnya
, Sep 11 2011 05:30 PM
-
This topic is locked
17 replies to this topic
#1
HelloAnya
-
- Authentic Member
-
- 8 posts
New Member
Posted 11 September 2011 - 05:30 PM
Register to Remove
#2
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 11 September 2011 - 06:23 PM
Hi and Welcome!! 
My name is Jeff. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
Having said that....Let's get going!!
----------
Download GMER Rootkit Scanner from here or here.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------
Please download aswMBR to your desktop.
Click the image to enlarge it
----------
In your next reply please post the logs created by GMER and aswMBR.exe
My name is Jeff. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
Having said that....Let's get going!!
----------
Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Right-click and Run as Administrator GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------
Please download aswMBR to your desktop.
- Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator". - Click the Scan button to start scan.
- When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
Click the image to enlarge it
----------
In your next reply please post the logs created by GMER and aswMBR.exe
#3
HelloAnya
-
- Authentic Member
-
- 8 posts
New Member
Posted 11 September 2011 - 08:06 PM
Scans are done, though in the middle of each of them I got blue screened and had to start over again.
Attached Files
-
Gmer.txt 1.27KB
248 downloads
-
aswMBR.txt 1.77KB
227 downloads
#4
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 11 September 2011 - 08:23 PM
Hi Hello Anya,
Thank you for the logs that I needed. Next time could you just copy/paste the logs into your reply? It helps me to better look at the logs that are being created. Thank you.
----------
Thank you for the logs that I needed.
Next time could you just copy/paste the logs into your reply? It helps me to better look at the logs that are being created. Thank you.----------
- Download OTL to your desktop.
- Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
#5
HelloAnya
-
- Authentic Member
-
- 8 posts
New Member
Posted 11 September 2011 - 08:37 PM
Okay! I'll be sure to do that from now on.
OTL logfile created on: 9/11/2011 9:30:30 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Bonnet Bouth\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.45 Mb Total Physical Memory | 248.39 Mb Available Physical Memory | 24.32% Memory free
2.26 Gb Paging File | 1.20 Gb Available in Paging File | 53.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 37.64 Gb Free Space | 50.53% Space Free | Partition Type: NTFS
Computer Name: BONNETBOUTH-PC | User Name: Bonnet Bouth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Bonnet Bouth\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/25 16:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 18:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/25 16:33:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{94EC7E81-A39C-46BF-850E-FDA80C92B674}: C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\ [2011/09/10 20:15:04 | 000,000,000 | ---D | M]
[2011/07/04 14:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Extensions
[2011/08/29 16:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\extensions
[2011/08/30 00:46:37 | 000,001,959 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\searchplugins\lastfm.xml
[2011/08/22 21:04:33 | 000,004,140 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\searchplugins\youtube.xml
[2011/08/23 22:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/23 22:09:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/25 16:33:29 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/09/10 20:15:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\BONNET BOUTH\APPDATA\LOCAL\{94EC7E81-A39C-46BF-850E-FDA80C92B674}
() (No name found) -- C:\USERS\BONNET BOUTH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OIQRKZUQ.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2011/08/24 22:42:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 18:16:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [parsecfgsvc.exe] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9547BA5B-9832-4DC0-ADFF-DACC70225BB5}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/11 20:26:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/11 17:10:24 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/09/11 17:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/09/11 17:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/09/11 17:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/11 16:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/09/11 16:12:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/10 21:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/10 21:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/09/10 21:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/10 20:15:01 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}
[2011/09/10 20:13:33 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\62F3DCFB7A4CB9CBA38735738A5833B2
[2011/09/08 21:45:51 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Microsoft Games
[2011/08/31 18:19:30 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/08/31 18:19:30 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/08/31 18:19:16 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/08/31 18:18:54 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/08/31 18:18:00 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/08/28 20:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/08/26 15:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2011/08/26 15:29:26 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Last.fm
[2011/08/26 15:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2011/08/26 15:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
[2011/08/25 21:02:36 | 000,000,000 | R--D | C] -- C:\Users\Bonnet Bouth\Desktop\School & etc
[2011/08/25 16:50:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\Documents\My Scans
[2011/08/25 16:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/08/25 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\HP
[2011/08/25 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\HP
[2011/08/25 16:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/08/25 16:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/08/25 16:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/08/25 16:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/08/25 15:38:44 | 000,966,656 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_p02d.dll
[2011/08/25 15:38:44 | 000,712,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_p02d.dll
[2011/08/25 15:38:44 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2011/08/25 15:38:44 | 000,315,392 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_p02a.dll
[2011/08/25 15:38:44 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2011/08/25 15:38:25 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/08/25 15:38:22 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l70v.dll
[2011/08/25 15:37:48 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/08/25 15:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/08/25 15:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/08/25 15:26:05 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Skype
[2011/08/25 15:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/25 15:25:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/08/25 15:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/08/25 15:10:52 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Malwarebytes
[2011/08/25 15:10:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/25 15:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/25 15:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/25 15:10:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/25 15:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/24 22:39:54 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/08/24 22:39:54 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/08/24 22:39:54 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/08/24 19:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/24 19:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/08/24 15:05:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/08/24 15:05:22 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/08/23 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Adobe
[2011/08/23 23:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/23 23:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/23 23:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/08/23 22:31:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\OpenOffice.org
[2011/08/23 22:12:24 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/08/23 22:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/08/23 22:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/23 22:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/23 22:09:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/23 22:09:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/23 22:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/23 22:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/23 22:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/23 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Apple Computer
[2011/08/23 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Apple Computer
[2011/08/23 21:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/23 21:57:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/08/23 21:57:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/23 21:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/23 21:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/23 21:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/23 21:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/23 21:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/23 21:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/23 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/23 21:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/23 21:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/23 21:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/23 21:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/08/23 16:02:21 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Apple
[2011/08/23 15:19:27 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/08/23 15:19:26 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/08/23 15:19:25 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/08/23 15:19:25 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/08/23 15:19:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/08/23 15:19:21 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/08/23 15:13:53 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/08/23 15:13:51 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/08/23 15:10:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/08/23 15:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/08/22 21:38:19 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/08/22 21:38:17 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/08/22 21:38:07 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/08/22 21:19:17 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/08/22 21:19:15 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/22 21:19:15 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/08/22 21:19:09 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/08/22 21:18:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/08/22 21:18:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/08/22 21:18:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/08/22 21:18:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/08/22 21:18:44 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/08/22 21:18:43 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/08/22 21:18:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/08/22 21:18:43 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/08/22 21:18:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/08/22 21:18:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/08/22 21:18:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/08/22 21:18:21 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/22 21:18:20 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/22 21:18:19 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/22 21:18:19 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/22 21:18:19 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/22 21:18:19 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/22 21:18:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/22 21:18:19 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/22 21:18:19 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/22 21:18:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/08/22 21:18:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/22 21:18:19 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/22 21:17:38 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/08/22 21:17:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/08/22 21:17:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/08/22 21:17:29 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/22 21:17:29 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/22 21:17:18 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/08/22 21:17:18 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/08/22 21:17:13 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/08/22 21:17:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2011/08/22 21:17:08 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/08/22 21:17:08 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/08/22 21:17:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/08/22 21:16:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/08/22 21:16:25 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/08/22 21:16:22 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/08/22 21:16:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011/08/22 21:15:45 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/08/22 21:15:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/08/22 21:15:11 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/08/22 21:14:38 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/08/22 21:14:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/08/22 21:14:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/08/22 21:14:02 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/08/22 21:14:00 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/08/22 21:13:57 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/08/22 21:11:01 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/08/22 21:11:01 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/08/22 21:11:01 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/08/22 21:11:01 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/08/22 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Macromedia
[2011/08/22 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Adobe
[2011/08/22 21:06:16 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/22 21:06:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/08/22 21:01:41 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/08/22 21:01:38 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/08/22 21:01:38 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/08/22 21:01:38 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/08/22 21:01:37 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/08/22 21:01:37 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/08/22 21:01:37 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/08/22 21:01:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/08/22 21:01:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2011/08/22 21:01:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2011/08/22 21:01:15 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/08/22 21:01:14 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/08/22 21:01:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/08/22 21:01:14 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/08/22 21:01:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/08/22 21:01:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/08/22 21:01:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/08/22 21:01:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/08/22 21:01:00 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/08/22 21:01:00 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/08/22 21:01:00 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/08/22 21:00:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011/08/22 21:00:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011/08/22 21:00:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/08/22 21:00:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/08/22 21:00:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/08/22 21:00:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/08/22 21:00:15 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/08/22 21:00:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/08/22 20:59:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 20:59:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011/08/22 20:59:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/08/22 20:59:16 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/08/22 20:59:13 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/08/22 20:59:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/08/22 20:59:02 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/08/22 20:59:02 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/08/22 20:59:00 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
========== Files - Modified Within 30 Days ==========
[2011/09/11 21:04:35 | 000,000,512 | ---- | M] () -- C:\Users\Bonnet Bouth\Documents\MBR.dat
[2011/09/11 20:51:52 | 000,035,573 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/11 20:51:52 | 000,035,573 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/11 20:51:18 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 20:51:18 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 20:51:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/11 20:51:06 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/11 20:51:05 | 154,544,747 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/11 20:32:48 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/11 20:32:48 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/11 18:32:49 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/09/11 17:18:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/09/11 17:00:59 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/11 16:11:41 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DA653D74-5569-4830-B652-DB998BCEB604}.job
[2011/09/10 21:11:46 | 000,001,079 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/10 21:11:46 | 000,001,055 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\Spybot - Search & Destroy.lnk
[2011/09/08 20:05:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/01 14:44:10 | 000,256,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/31 10:07:24 | 000,000,938 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/30 18:05:36 | 000,001,664 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/29 00:03:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/08/28 22:56:26 | 000,023,225 | ---- | M] () -- C:\Users\Bonnet Bouth\Documents\The Awakening.odt
[2011/08/26 15:29:20 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2011/08/25 16:47:47 | 000,201,562 | ---- | M] () -- C:\Windows\hpoins40.dat
[2011/08/25 16:05:19 | 000,201,495 | ---- | M] () -- C:\Windows\hpoins40.dat.temp
[2011/08/25 16:04:40 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/08/25 16:03:24 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/25 16:02:36 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2011/08/25 15:40:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/25 15:25:57 | 000,001,878 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\Skype.lnk
[2011/08/25 15:10:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 23:25:46 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/23 22:32:03 | 000,001,028 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/08/23 22:08:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/23 22:08:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/23 22:08:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/23 22:08:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/23 21:58:08 | 000,001,664 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\iTunes.lnk
[2011/08/23 21:55:03 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/23 15:03:46 | 000,000,680 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Local\d3d9caps.dat
========== Files Created - No Company Name ==========
[2011/09/11 21:04:35 | 000,000,512 | ---- | C] () -- C:\Users\Bonnet Bouth\Documents\MBR.dat
[2011/09/11 20:26:22 | 154,544,747 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/11 17:01:09 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/09/11 17:00:59 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/10 21:11:46 | 000,001,079 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/10 21:11:46 | 000,001,055 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\Spybot - Search & Destroy.lnk
[2011/08/31 10:07:24 | 000,000,938 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/30 18:05:36 | 000,001,664 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/29 00:03:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/08/28 22:54:53 | 000,023,225 | ---- | C] () -- C:\Users\Bonnet Bouth\Documents\The Awakening.odt
[2011/08/26 15:29:20 | 000,000,733 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2011/08/25 16:29:38 | 000,201,495 | ---- | C] () -- C:\Windows\hpoins40.dat.temp
[2011/08/25 16:29:38 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
[2011/08/25 16:04:40 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/08/25 16:03:24 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/25 16:02:36 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2011/08/25 15:55:43 | 000,201,562 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011/08/25 15:40:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/25 15:25:57 | 000,001,878 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\Skype.lnk
[2011/08/25 15:10:27 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 23:25:46 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/23 23:25:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/23 22:32:03 | 000,001,028 | ---- | C] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/08/23 21:58:08 | 000,001,664 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\iTunes.lnk
[2011/08/23 21:55:03 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/23 21:53:42 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/23 21:29:44 | 000,035,573 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/08/23 21:29:44 | 000,035,573 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/08/22 21:17:38 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/07/04 16:38:54 | 000,000,680 | ---- | C] () -- C:\Users\Bonnet Bouth\AppData\Local\d3d9caps.dat
[2009/05/22 05:04:30 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2008/01/20 21:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,256,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
========== LOP Check ==========
[2011/09/10 21:04:48 | 000,000,000 | ---D | M] -- C:\Users\Bonnet Bouth\AppData\Roaming\62F3DCFB7A4CB9CBA38735738A5833B2
[2011/08/23 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Bonnet Bouth\AppData\Roaming\OpenOffice.org
[2011/09/11 00:04:09 | 000,014,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/11 16:11:41 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DA653D74-5569-4830-B652-DB998BCEB604}.job
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 9/11/2011 9:30:31 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Bonnet Bouth\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.45 Mb Total Physical Memory | 248.39 Mb Available Physical Memory | 24.32% Memory free
2.26 Gb Paging File | 1.20 Gb Available in Paging File | 53.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 37.64 Gb Free Space | 50.53% Space Free | Partition Type: NTFS
Computer Name: BONNETBOUTH-PC | User Name: Bonnet Bouth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E34D33-04A2-47B2-8DEE-A589600A67DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{093BEF9E-153C-46D0-957D-934E1208CBF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E747917-CE8B-4822-B73A-839FE22D3B6F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{1CA81451-5526-430D-86EB-6621A0513631}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{262BCA5B-D7D3-4CCF-94ED-4704BC00261A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{37D9F982-CFEE-4055-855F-CD4BDC11EDD0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{594B3038-4AD1-4027-AB6C-95F03036ED28}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{6A0F4DAA-83F3-4BA6-A5E7-F23D0368BB14}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7336C9D5-AC4A-4129-9E79-5EAA195AC96F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7D1A4032-F570-45AF-A770-C0A494FC8B64}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{7FB12754-0739-4611-9AA9-55F78DA9945F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8D16FE7B-9F50-4FBF-A2C0-BF97C9AF03BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{906F728A-06AD-450C-91FF-B9118C503745}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{9E4269EA-3D21-41A5-9B20-72CD71A6FD36}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A51C0CF1-281A-4FEE-8108-6E417BFA3FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A9AAE787-308C-4096-B7F8-A2ABF4530645}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B25D6FB2-C1AF-406D-8E81-DDFCA9E39EBF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{BF59D934-DE4C-4EA9-AC1C-D1F1209F3890}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HitmanPro35" = Hitman Pro 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/11/2011 1:03:46 AM | Computer Name = BonnetBouth-PC | Source = Bonjour Service | ID = 100
Description = 356: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 9/11/2011 1:03:46 AM | Computer Name = BonnetBouth-PC | Source = Bonjour Service | ID = 100
Description = 364: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 9/11/2011 1:03:46 AM | Computer Name = BonnetBouth-PC | Source = Bonjour Service | ID = 100
Description = 372: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 9/11/2011 1:03:46 AM | Computer Name = BonnetBouth-PC | Source = Bonjour Service | ID = 100
Description = 380: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 9/11/2011 5:07:35 PM | Computer Name = BonnetBouth-PC | Source = WinMgmt | ID = 10
Description =
Error - 9/11/2011 5:11:48 PM | Computer Name = BonnetBouth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 9/11/2011 5:11:54 PM | Computer Name = BonnetBouth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 9/11/2011 9:26:49 PM | Computer Name = BonnetBouth-PC | Source = WinMgmt | ID = 10
Description =
Error - 9/11/2011 9:34:28 PM | Computer Name = BonnetBouth-PC | Source = Perflib | ID = 1010
Description =
Error - 9/11/2011 9:51:44 PM | Computer Name = BonnetBouth-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 9/10/2011 2:15:48 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/10/2011 7:56:57 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/10/2011 10:04:57 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/11/2011 12:30:50 AM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/11/2011 5:07:14 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/11/2011 5:21:03 PM | Computer Name = BonnetBouth-PC | Source = Microsoft-Windows-Service Pack Installer | ID = 8
Description =
Error - 9/11/2011 9:26:23 PM | Computer Name = BonnetBouth-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:25:08 PM on 9/11/2011 was unexpected.
Error - 9/11/2011 9:26:25 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/11/2011 9:51:09 PM | Computer Name = BonnetBouth-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:49:56 PM on 9/11/2011 was unexpected.
Error - 9/11/2011 9:51:17 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
< End of report >
OTL logfile created on: 9/11/2011 9:30:30 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Bonnet Bouth\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.45 Mb Total Physical Memory | 248.39 Mb Available Physical Memory | 24.32% Memory free
2.26 Gb Paging File | 1.20 Gb Available in Paging File | 53.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 37.64 Gb Free Space | 50.53% Space Free | Partition Type: NTFS
Computer Name: BONNETBOUTH-PC | User Name: Bonnet Bouth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Bonnet Bouth\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/25 16:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 18:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/25 16:33:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{94EC7E81-A39C-46BF-850E-FDA80C92B674}: C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\ [2011/09/10 20:15:04 | 000,000,000 | ---D | M]
[2011/07/04 14:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Extensions
[2011/08/29 16:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\extensions
[2011/08/30 00:46:37 | 000,001,959 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\searchplugins\lastfm.xml
[2011/08/22 21:04:33 | 000,004,140 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\searchplugins\youtube.xml
[2011/08/23 22:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/23 22:09:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/25 16:33:29 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/09/10 20:15:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\BONNET BOUTH\APPDATA\LOCAL\{94EC7E81-A39C-46BF-850E-FDA80C92B674}
() (No name found) -- C:\USERS\BONNET BOUTH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OIQRKZUQ.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2011/08/24 22:42:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 18:16:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [parsecfgsvc.exe] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9547BA5B-9832-4DC0-ADFF-DACC70225BB5}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/11 20:26:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/11 17:10:24 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/09/11 17:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/09/11 17:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/09/11 17:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/11 16:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/09/11 16:12:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/10 21:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/10 21:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/09/10 21:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/10 20:15:01 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}
[2011/09/10 20:13:33 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\62F3DCFB7A4CB9CBA38735738A5833B2
[2011/09/08 21:45:51 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Microsoft Games
[2011/08/31 18:19:30 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/08/31 18:19:30 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/08/31 18:19:16 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/08/31 18:18:54 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/08/31 18:18:00 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/08/28 20:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/08/26 15:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2011/08/26 15:29:26 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Last.fm
[2011/08/26 15:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2011/08/26 15:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
[2011/08/25 21:02:36 | 000,000,000 | R--D | C] -- C:\Users\Bonnet Bouth\Desktop\School & etc
[2011/08/25 16:50:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\Documents\My Scans
[2011/08/25 16:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/08/25 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\HP
[2011/08/25 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\HP
[2011/08/25 16:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/08/25 16:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/08/25 16:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/08/25 16:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/08/25 15:38:44 | 000,966,656 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_p02d.dll
[2011/08/25 15:38:44 | 000,712,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_p02d.dll
[2011/08/25 15:38:44 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2011/08/25 15:38:44 | 000,315,392 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_p02a.dll
[2011/08/25 15:38:44 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2011/08/25 15:38:25 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/08/25 15:38:22 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l70v.dll
[2011/08/25 15:37:48 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/08/25 15:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/08/25 15:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/08/25 15:26:05 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Skype
[2011/08/25 15:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/25 15:25:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/08/25 15:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/08/25 15:10:52 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Malwarebytes
[2011/08/25 15:10:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/25 15:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/25 15:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/25 15:10:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/25 15:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/24 22:39:54 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/08/24 22:39:54 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/08/24 22:39:54 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/08/24 19:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/24 19:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/08/24 15:05:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/08/24 15:05:22 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/08/23 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Adobe
[2011/08/23 23:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/23 23:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/23 23:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/08/23 22:31:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\OpenOffice.org
[2011/08/23 22:12:24 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/08/23 22:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/08/23 22:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/23 22:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/23 22:09:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/23 22:09:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/23 22:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/23 22:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/23 22:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/23 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Apple Computer
[2011/08/23 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Apple Computer
[2011/08/23 21:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/23 21:57:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/08/23 21:57:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/23 21:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/23 21:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/23 21:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/23 21:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/23 21:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/23 21:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/23 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/23 21:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/23 21:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/23 21:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/23 21:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/08/23 16:02:21 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Apple
[2011/08/23 15:19:27 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/08/23 15:19:26 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/08/23 15:19:25 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/08/23 15:19:25 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/08/23 15:19:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/08/23 15:19:21 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/08/23 15:13:53 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/08/23 15:13:51 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/08/23 15:10:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/08/23 15:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/08/22 21:38:19 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/08/22 21:38:17 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/08/22 21:38:07 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/08/22 21:19:17 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/08/22 21:19:15 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/22 21:19:15 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/08/22 21:19:09 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/08/22 21:18:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/08/22 21:18:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/08/22 21:18:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/08/22 21:18:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/08/22 21:18:44 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/08/22 21:18:43 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/08/22 21:18:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/08/22 21:18:43 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/08/22 21:18:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/08/22 21:18:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/08/22 21:18:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/08/22 21:18:21 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/22 21:18:20 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/22 21:18:19 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/22 21:18:19 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/22 21:18:19 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/22 21:18:19 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/22 21:18:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/22 21:18:19 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/22 21:18:19 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/22 21:18:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/08/22 21:18:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/22 21:18:19 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/22 21:17:38 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/08/22 21:17:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/08/22 21:17:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/08/22 21:17:29 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/22 21:17:29 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/22 21:17:18 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/08/22 21:17:18 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/08/22 21:17:13 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/08/22 21:17:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2011/08/22 21:17:08 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/08/22 21:17:08 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/08/22 21:17:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/08/22 21:16:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/08/22 21:16:25 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/08/22 21:16:22 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/08/22 21:16:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011/08/22 21:15:45 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/08/22 21:15:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/08/22 21:15:11 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/08/22 21:14:38 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/08/22 21:14:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/08/22 21:14:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/08/22 21:14:02 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/08/22 21:14:00 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/08/22 21:13:57 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/08/22 21:11:01 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/08/22 21:11:01 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/08/22 21:11:01 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/08/22 21:11:01 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/08/22 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Macromedia
[2011/08/22 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Adobe
[2011/08/22 21:06:16 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/22 21:06:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/08/22 21:01:41 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/08/22 21:01:38 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/08/22 21:01:38 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/08/22 21:01:38 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/08/22 21:01:37 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/08/22 21:01:37 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/08/22 21:01:37 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/08/22 21:01:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/08/22 21:01:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2011/08/22 21:01:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2011/08/22 21:01:15 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/08/22 21:01:14 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/08/22 21:01:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/08/22 21:01:14 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/08/22 21:01:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/08/22 21:01:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/08/22 21:01:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/08/22 21:01:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/08/22 21:01:00 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/08/22 21:01:00 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/08/22 21:01:00 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/08/22 21:00:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011/08/22 21:00:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011/08/22 21:00:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/08/22 21:00:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/08/22 21:00:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/08/22 21:00:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/08/22 21:00:15 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/08/22 21:00:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/08/22 20:59:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 20:59:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011/08/22 20:59:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/08/22 20:59:16 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/08/22 20:59:13 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/08/22 20:59:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/08/22 20:59:02 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/08/22 20:59:02 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/08/22 20:59:00 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
========== Files - Modified Within 30 Days ==========
[2011/09/11 21:04:35 | 000,000,512 | ---- | M] () -- C:\Users\Bonnet Bouth\Documents\MBR.dat
[2011/09/11 20:51:52 | 000,035,573 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/11 20:51:52 | 000,035,573 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/11 20:51:18 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 20:51:18 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 20:51:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/11 20:51:06 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/11 20:51:05 | 154,544,747 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/11 20:32:48 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/11 20:32:48 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/11 18:32:49 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/09/11 17:18:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/09/11 17:00:59 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/11 16:11:41 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DA653D74-5569-4830-B652-DB998BCEB604}.job
[2011/09/10 21:11:46 | 000,001,079 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/10 21:11:46 | 000,001,055 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\Spybot - Search & Destroy.lnk
[2011/09/08 20:05:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/01 14:44:10 | 000,256,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/31 10:07:24 | 000,000,938 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/30 18:05:36 | 000,001,664 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/29 00:03:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/08/28 22:56:26 | 000,023,225 | ---- | M] () -- C:\Users\Bonnet Bouth\Documents\The Awakening.odt
[2011/08/26 15:29:20 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2011/08/25 16:47:47 | 000,201,562 | ---- | M] () -- C:\Windows\hpoins40.dat
[2011/08/25 16:05:19 | 000,201,495 | ---- | M] () -- C:\Windows\hpoins40.dat.temp
[2011/08/25 16:04:40 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/08/25 16:03:24 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/25 16:02:36 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2011/08/25 15:40:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/25 15:25:57 | 000,001,878 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\Skype.lnk
[2011/08/25 15:10:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 23:25:46 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/23 22:32:03 | 000,001,028 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/08/23 22:08:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/23 22:08:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/23 22:08:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/23 22:08:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/23 21:58:08 | 000,001,664 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\iTunes.lnk
[2011/08/23 21:55:03 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/23 15:03:46 | 000,000,680 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Local\d3d9caps.dat
========== Files Created - No Company Name ==========
[2011/09/11 21:04:35 | 000,000,512 | ---- | C] () -- C:\Users\Bonnet Bouth\Documents\MBR.dat
[2011/09/11 20:26:22 | 154,544,747 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/11 17:01:09 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/09/11 17:00:59 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/10 21:11:46 | 000,001,079 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/10 21:11:46 | 000,001,055 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\Spybot - Search & Destroy.lnk
[2011/08/31 10:07:24 | 000,000,938 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/30 18:05:36 | 000,001,664 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/29 00:03:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/08/28 22:54:53 | 000,023,225 | ---- | C] () -- C:\Users\Bonnet Bouth\Documents\The Awakening.odt
[2011/08/26 15:29:20 | 000,000,733 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2011/08/25 16:29:38 | 000,201,495 | ---- | C] () -- C:\Windows\hpoins40.dat.temp
[2011/08/25 16:29:38 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
[2011/08/25 16:04:40 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/08/25 16:03:24 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/25 16:02:36 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2011/08/25 15:55:43 | 000,201,562 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011/08/25 15:40:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/25 15:25:57 | 000,001,878 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\Skype.lnk
[2011/08/25 15:10:27 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 23:25:46 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/23 23:25:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/23 22:32:03 | 000,001,028 | ---- | C] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/08/23 21:58:08 | 000,001,664 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\iTunes.lnk
[2011/08/23 21:55:03 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/23 21:53:42 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/23 21:29:44 | 000,035,573 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/08/23 21:29:44 | 000,035,573 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/08/22 21:17:38 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/07/04 16:38:54 | 000,000,680 | ---- | C] () -- C:\Users\Bonnet Bouth\AppData\Local\d3d9caps.dat
[2009/05/22 05:04:30 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2008/01/20 21:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,256,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
========== LOP Check ==========
[2011/09/10 21:04:48 | 000,000,000 | ---D | M] -- C:\Users\Bonnet Bouth\AppData\Roaming\62F3DCFB7A4CB9CBA38735738A5833B2
[2011/08/23 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Bonnet Bouth\AppData\Roaming\OpenOffice.org
[2011/09/11 00:04:09 | 000,014,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/11 16:11:41 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DA653D74-5569-4830-B652-DB998BCEB604}.job
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 9/11/2011 9:30:31 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Bonnet Bouth\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.45 Mb Total Physical Memory | 248.39 Mb Available Physical Memory | 24.32% Memory free
2.26 Gb Paging File | 1.20 Gb Available in Paging File | 53.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 37.64 Gb Free Space | 50.53% Space Free | Partition Type: NTFS
Computer Name: BONNETBOUTH-PC | User Name: Bonnet Bouth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E34D33-04A2-47B2-8DEE-A589600A67DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{093BEF9E-153C-46D0-957D-934E1208CBF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E747917-CE8B-4822-B73A-839FE22D3B6F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{1CA81451-5526-430D-86EB-6621A0513631}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{262BCA5B-D7D3-4CCF-94ED-4704BC00261A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{37D9F982-CFEE-4055-855F-CD4BDC11EDD0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{594B3038-4AD1-4027-AB6C-95F03036ED28}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{6A0F4DAA-83F3-4BA6-A5E7-F23D0368BB14}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7336C9D5-AC4A-4129-9E79-5EAA195AC96F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7D1A4032-F570-45AF-A770-C0A494FC8B64}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{7FB12754-0739-4611-9AA9-55F78DA9945F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8D16FE7B-9F50-4FBF-A2C0-BF97C9AF03BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{906F728A-06AD-450C-91FF-B9118C503745}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{9E4269EA-3D21-41A5-9B20-72CD71A6FD36}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A51C0CF1-281A-4FEE-8108-6E417BFA3FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A9AAE787-308C-4096-B7F8-A2ABF4530645}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B25D6FB2-C1AF-406D-8E81-DDFCA9E39EBF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{BF59D934-DE4C-4EA9-AC1C-D1F1209F3890}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HitmanPro35" = Hitman Pro 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/11/2011 1:03:46 AM | Computer Name = BonnetBouth-PC | Source = Bonjour Service | ID = 100
Description = 356: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 9/11/2011 1:03:46 AM | Computer Name = BonnetBouth-PC | Source = Bonjour Service | ID = 100
Description = 364: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 9/11/2011 1:03:46 AM | Computer Name = BonnetBouth-PC | Source = Bonjour Service | ID = 100
Description = 372: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 9/11/2011 1:03:46 AM | Computer Name = BonnetBouth-PC | Source = Bonjour Service | ID = 100
Description = 380: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 9/11/2011 5:07:35 PM | Computer Name = BonnetBouth-PC | Source = WinMgmt | ID = 10
Description =
Error - 9/11/2011 5:11:48 PM | Computer Name = BonnetBouth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 9/11/2011 5:11:54 PM | Computer Name = BonnetBouth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 9/11/2011 9:26:49 PM | Computer Name = BonnetBouth-PC | Source = WinMgmt | ID = 10
Description =
Error - 9/11/2011 9:34:28 PM | Computer Name = BonnetBouth-PC | Source = Perflib | ID = 1010
Description =
Error - 9/11/2011 9:51:44 PM | Computer Name = BonnetBouth-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 9/10/2011 2:15:48 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/10/2011 7:56:57 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/10/2011 10:04:57 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/11/2011 12:30:50 AM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/11/2011 5:07:14 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/11/2011 5:21:03 PM | Computer Name = BonnetBouth-PC | Source = Microsoft-Windows-Service Pack Installer | ID = 8
Description =
Error - 9/11/2011 9:26:23 PM | Computer Name = BonnetBouth-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:25:08 PM on 9/11/2011 was unexpected.
Error - 9/11/2011 9:26:25 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
Error - 9/11/2011 9:51:09 PM | Computer Name = BonnetBouth-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:49:56 PM on 9/11/2011 was unexpected.
Error - 9/11/2011 9:51:17 PM | Computer Name = BonnetBouth-PC | Source = HTTP | ID = 15016
Description =
< End of report >
#6
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 12 September 2011 - 05:39 AM
Hi HelloAnya,
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt for further review.
#7
HelloAnya
-
- Authentic Member
-
- 8 posts
New Member
Posted 12 September 2011 - 02:54 PM
Ran the scan. Though it looks like I can open Task Manager and Windows Security Alerts now but I'm still suffering from redirects.
ComboFix 11-09-12.03 - Bonnet Bouth 09/12/2011 15:37:15.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1021.136 [GMT -5:00]
Running from: c:\users\Bonnet Bouth\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}
c:\users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\chrome.manifest
c:\users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\chrome\content\_cfg.js
c:\users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\chrome\content\overlay.xul
c:\users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\install.rdf
c:\users\Bonnet Bouth\AppData\Roaming\62F3DCFB7A4CB9CBA38735738A5833B2
c:\users\Bonnet Bouth\AppData\Roaming\62F3DCFB7A4CB9CBA38735738A5833B2\enemies-names.txt
c:\users\Bonnet Bouth\AppData\Roaming\62F3DCFB7A4CB9CBA38735738A5833B2\local.ini
c:\users\Bonnet Bouth\AppData\Roaming\Adobe\plugs
c:\users\Bonnet Bouth\AppData\Roaming\Adobe\shed
c:\users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Zentom System Guard.lnk
c:\windows\system32\mfc100deu.dll
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-12 20:46 . 2011-09-12 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-12 20:46 . 2011-09-12 20:46 -------- d-----w- c:\users\Bonnet Bouth\AppData\Local\temp
2011-09-11 22:10 . 2011-09-11 22:18 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-09-11 22:01 . 2011-09-11 23:32 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-11 22:00 . 2011-09-11 22:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-11 22:00 . 2011-09-11 22:10 -------- d-----w- c:\programdata\Hitman Pro
2011-09-11 21:57 . 2011-09-11 21:57 -------- d-----w- c:\programdata\WindowsSearch
2011-09-11 21:12 . 2011-09-11 21:12 -------- d-----w- c:\windows\system32\EventProviders
2011-09-11 02:11 . 2011-09-11 02:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-11 02:11 . 2011-09-11 02:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-10 18:22 . 2011-08-16 13:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAAD2E28-886A-45C8-A57B-41D63ACB40CB}\mpengine.dll
2011-09-09 02:45 . 2011-09-09 02:46 -------- d-----w- c:\users\Bonnet Bouth\AppData\Local\Microsoft Games
2011-08-31 23:19 . 2008-08-28 03:40 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-08-31 23:19 . 2008-08-28 03:40 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-08-31 23:19 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-08-31 23:19 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-08-31 23:19 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-08-31 23:18 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2011-08-31 23:18 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2011-08-31 23:18 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2011-08-29 01:03 . 2011-08-29 01:03 -------- d-----w- c:\program files\MSXML 4.0
2011-08-26 20:32 . 2008-05-13 22:23 417792 ----a-w- c:\program files\Windows Media Player\Plugins\wmp_scrobbler.dll
2011-08-26 20:32 . 2011-08-26 20:32 -------- d-----w- c:\programdata\Last.fm
2011-08-26 20:29 . 2011-08-26 20:29 -------- d-----w- c:\users\Bonnet Bouth\AppData\Local\Last.fm
2011-08-26 20:29 . 2011-08-26 20:29 -------- d-----w- c:\program files\Last.fm
2011-08-25 21:47 . 2011-08-25 21:47 -------- d-----w- c:\programdata\WEBREG
2011-08-25 21:46 . 2011-08-29 00:59 -------- d-----w- c:\users\Bonnet Bouth\AppData\Local\HP
2011-08-25 21:25 . 2011-08-25 21:47 -------- d-----w- c:\users\Bonnet Bouth\AppData\Roaming\HP
2011-08-25 21:04 . 2011-08-25 21:04 -------- d-----w- c:\programdata\HP Product Assistant
2011-08-25 21:01 . 2011-08-25 21:01 -------- d-----w- c:\program files\Common Files\HP
2011-08-25 21:01 . 2011-08-25 21:01 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-08-25 20:39 . 2009-04-16 19:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2011-08-25 20:38 . 2009-02-10 20:03 966656 ----a-w- c:\windows\system32\hpost_p02d.dll
2011-08-25 20:38 . 2009-02-10 20:03 712704 ----a-w- c:\windows\system32\hposwia_p02d.dll
2011-08-25 20:38 . 2009-02-10 20:03 315392 ----a-w- c:\windows\system32\hposc_p02a.dll
2011-08-25 20:38 . 2008-10-28 10:27 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-08-25 20:38 . 2008-10-28 10:27 309760 ----a-w- c:\windows\system32\difxapi.dll
2011-08-25 20:38 . 2009-04-15 21:53 452408 ----a-w- c:\windows\system32\hpzids01.dll
2011-08-25 20:38 . 2009-04-16 19:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2011-08-25 20:35 . 2011-08-25 21:32 -------- d-----w- c:\program files\HP
2011-08-25 20:33 . 2011-08-25 21:47 -------- d-----w- c:\programdata\HP
2011-08-25 20:26 . 2011-09-10 20:30 -------- d-----w- c:\users\Bonnet Bouth\AppData\Roaming\Skype
2011-08-25 20:25 . 2011-08-25 20:25 -------- d-----r- c:\program files\Skype
2011-08-25 20:25 . 2011-08-25 20:25 -------- d-----w- c:\programdata\Skype
2011-08-25 20:10 . 2011-08-25 20:10 -------- d-----w- c:\users\Bonnet Bouth\AppData\Roaming\Malwarebytes
2011-08-25 20:10 . 2011-08-25 20:10 -------- d-----w- c:\programdata\Malwarebytes
2011-08-25 20:10 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-25 20:10 . 2011-08-25 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-25 20:10 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 03:39 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-25 03:39 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-25 03:39 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-25 03:39 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-25 03:39 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-25 00:44 . 2011-08-25 00:44 -------- d-----w- c:\program files\7-Zip
2011-08-24 20:05 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-08-24 20:05 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-08-24 20:05 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-08-24 20:05 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-24 20:05 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-08-24 20:05 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-24 04:26 . 2011-08-24 04:26 -------- d-----w- c:\users\Bonnet Bouth\AppData\Local\Adobe
2011-08-24 04:25 . 2011-08-24 04:25 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-24 03:31 . 2011-08-24 03:31 -------- d-----w- c:\users\Bonnet Bouth\AppData\Roaming\OpenOffice.org
2011-08-24 03:10 . 2011-08-24 03:11 -------- d-----w- c:\program files\OpenOffice.org 3
2011-08-24 03:09 . 2011-08-24 03:09 -------- d-----w- c:\program files\Common Files\Java
2011-08-24 03:09 . 2011-08-24 03:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-24 03:08 . 2011-08-24 03:08 -------- d-----w- c:\program files\Java
2011-08-24 02:58 . 2011-08-29 05:04 -------- d-----w- c:\users\Bonnet Bouth\AppData\Roaming\Apple Computer
2011-08-24 02:58 . 2011-08-24 02:58 -------- d-----w- c:\users\Bonnet Bouth\AppData\Local\Apple Computer
2011-08-24 02:57 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-24 02:57 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-08-24 02:57 . 2011-08-24 02:57 -------- dc----w- c:\windows\system32\DRVSTORE
2011-08-24 02:56 . 2011-08-24 02:56 -------- d-----w- c:\program files\iPod
2011-08-24 02:56 . 2011-08-26 20:32 -------- d-----w- c:\program files\iTunes
2011-08-24 02:56 . 2011-08-24 02:57 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-24 02:55 . 2011-08-24 02:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-24 02:55 . 2011-08-24 02:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-24 02:55 . 2011-08-24 02:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-24 02:55 . 2011-08-24 02:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-24 02:55 . 2011-08-24 02:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-24 02:55 . 2011-08-24 02:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-24 02:55 . 2011-08-24 02:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-24 02:54 . 2011-08-24 02:55 -------- d-----w- c:\program files\QuickTime
2011-08-24 02:54 . 2011-08-24 02:56 -------- d-----w- c:\programdata\Apple Computer
2011-08-24 02:53 . 2011-08-24 02:53 -------- d-----w- c:\program files\Apple Software Update
2011-08-24 02:51 . 2011-08-24 02:51 -------- d-----w- c:\program files\Bonjour
2011-08-24 02:51 . 2011-08-29 05:03 -------- d-----w- c:\programdata\Apple
2011-08-24 02:51 . 2011-08-24 02:56 -------- d-----w- c:\program files\Common Files\Apple
2011-08-24 02:27 . 2011-08-24 02:29 -------- d-----w- c:\programdata\NVIDIA
2011-08-23 21:02 . 2011-08-23 21:02 -------- d-----w- c:\users\Bonnet Bouth\AppData\Local\Apple
2011-08-23 20:19 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-08-23 20:19 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-08-23 20:19 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-08-23 20:19 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-08-23 20:19 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-08-23 20:19 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-08-23 20:13 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-08-23 20:13 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-08-23 20:10 . 2011-08-29 05:19 -------- d-sh--w- c:\windows\Installer
2011-08-23 20:10 . 2011-08-23 20:10 -------- d-----w- c:\program files\NVIDIA Corporation
2011-08-23 02:38 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-08-23 02:38 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-08-23 02:38 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2011-08-23 02:19 . 2011-02-18 13:31 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2011-08-23 02:19 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-23 02:19 . 2011-04-29 12:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-23 02:19 . 2011-04-29 12:49 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-23 02:19 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-08-23 02:19 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-23 02:19 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-08-23 02:19 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-08-23 02:19 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-08-23 02:17 . 2011-02-22 12:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-08-23 02:16 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-08-23 02:16 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-23 02:16 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\system32\ole32.dll
2011-08-23 02:16 . 2010-06-28 14:31 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-08-23 02:16 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2011-08-23 02:16 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-08-23 02:16 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-08-23 02:16 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-23 02:16 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2011-08-23 02:16 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2011-08-23 02:16 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-07 23:16 . 2011-07-04 19:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
.
c:\users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-11 c:\windows\Tasks\User_Feed_Synchronization-{DA653D74-5569-4830-B652-DB998BCEB604}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
Completion time: 2011-09-12 15:49:19
ComboFix-quarantined-files.txt 2011-09-12 20:49
.
Pre-Run: 39,984,549,888 bytes free
Post-Run: 43,359,776,768 bytes free
.
- - End Of File - - AECB433A4337C34E404007F7B184EACB
#8
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 12 September 2011 - 04:05 PM
Hi HelloAnya,
Please download ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
--------
Run OTL.exe
In your next reply please post the log created by the OTL fix and also the log created by the new scan.
Please download ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
--------
Run OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services :OTL FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{94EC7E81-A39C-46BF-850E-FDA80C92B674}: C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\ [2011/09/10 20:15:04 | 000,000,000 | ---D | M] [2011/09/10 20:15:01 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674} [2011/09/10 20:15:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\BONNET BOUTH\APPDATA\LOCAL\{94EC7E81-A39C-46BF-850E-FDA80C92B674} O4 - HKCU..\Run: [parsecfgsvc.exe] File not found :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [start explorer] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- There will be a log produced after the fix that I will need and then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
In your next reply please post the log created by the OTL fix and also the log created by the new scan.
#9
HelloAnya
-
- Authentic Member
-
- 8 posts
New Member
Posted 12 September 2011 - 04:58 PM
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{94EC7E81-A39C-46BF-850E-FDA80C92B674}: C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\ not found.
Folder C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\ not found.
Folder C:\USERS\BONNET BOUTH\APPDATA\LOCAL\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\parsecfgsvc.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bonnet Bouth\Downloads\cmd.bat deleted successfully.
C:\Users\Bonnet Bouth\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Bonnet Bouth
->Temp folder emptied: 48710 bytes
->Temporary Internet Files folder emptied: 15797052 bytes
->Java cache emptied: 2413 bytes
->FireFox cache emptied: 241903157 bytes
->Flash cache emptied: 20867 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3294 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 246.00 mb
OTL by OldTimer - Version 3.2.27.0 log created on 09122011_171951
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL logfile created on: 9/12/2011 5:53:36 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Bonnet Bouth\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.45 Mb Total Physical Memory | 160.03 Mb Available Physical Memory | 15.67% Memory free
2.25 Gb Paging File | 1.13 Gb Available in Paging File | 50.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 40.69 Gb Free Space | 54.62% Space Free | Partition Type: NTFS
Computer Name: BONNETBOUTH-PC | User Name: Bonnet Bouth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Bonnet Bouth\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/25 16:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 18:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/25 16:33:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{94EC7E81-A39C-46BF-850E-FDA80C92B674}: C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\
[2011/07/04 14:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Extensions
[2011/08/29 16:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\extensions
[2011/08/30 00:46:37 | 000,001,959 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\searchplugins\lastfm.xml
[2011/08/22 21:04:33 | 000,004,140 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\searchplugins\youtube.xml
[2011/08/23 22:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/23 22:09:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/25 16:33:29 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
() (No name found) -- C:\USERS\BONNET BOUTH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OIQRKZUQ.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2011/08/24 22:42:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 18:16:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/09/12 17:20:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9547BA5B-9832-4DC0-ADFF-DACC70225BB5}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/12 17:19:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/12 17:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/09/12 17:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/12 15:49:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/12 15:49:21 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\temp
[2011/09/12 15:33:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/12 15:33:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/12 15:33:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/12 15:32:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/12 15:32:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/12 15:32:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/12 15:29:50 | 004,203,719 | R--- | C] (Swearware) -- C:\Users\Bonnet Bouth\Desktop\ComboFix.exe
[2011/09/11 20:26:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/11 17:10:24 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/09/11 17:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/09/11 17:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/09/11 17:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/11 16:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/09/11 16:12:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/10 21:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/10 21:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/09/10 21:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/08 21:45:51 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Microsoft Games
[2011/08/31 18:19:30 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/08/31 18:19:30 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/08/31 18:19:16 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/08/31 18:18:54 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/08/31 18:18:00 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/08/28 20:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/08/26 15:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2011/08/26 15:29:26 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Last.fm
[2011/08/26 15:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2011/08/26 15:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
[2011/08/25 21:02:36 | 000,000,000 | R--D | C] -- C:\Users\Bonnet Bouth\Desktop\School & etc
[2011/08/25 16:50:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\Documents\My Scans
[2011/08/25 16:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/08/25 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\HP
[2011/08/25 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\HP
[2011/08/25 16:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/08/25 16:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/08/25 16:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/08/25 16:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/08/25 15:38:44 | 000,966,656 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_p02d.dll
[2011/08/25 15:38:44 | 000,712,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_p02d.dll
[2011/08/25 15:38:44 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2011/08/25 15:38:44 | 000,315,392 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_p02a.dll
[2011/08/25 15:38:44 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2011/08/25 15:38:25 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/08/25 15:38:22 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l70v.dll
[2011/08/25 15:37:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/25 15:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/08/25 15:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/08/25 15:26:05 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Skype
[2011/08/25 15:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/25 15:25:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/08/25 15:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/08/25 15:10:52 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Malwarebytes
[2011/08/25 15:10:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/25 15:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/25 15:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/25 15:10:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/25 15:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/24 22:39:54 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/08/24 22:39:54 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/08/24 22:39:54 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/08/24 19:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/24 19:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/08/24 15:05:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/08/24 15:05:22 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/08/23 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Adobe
[2011/08/23 23:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/23 23:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/23 23:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/08/23 22:31:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\OpenOffice.org
[2011/08/23 22:12:24 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/08/23 22:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/08/23 22:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/23 22:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/23 22:09:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/23 22:09:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/23 22:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/23 22:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/23 22:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/23 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Apple Computer
[2011/08/23 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Apple Computer
[2011/08/23 21:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/23 21:57:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/08/23 21:57:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/23 21:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/23 21:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/23 21:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/23 21:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/23 21:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/23 21:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/23 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/23 21:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/23 21:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/23 21:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/23 21:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/08/23 16:02:21 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Apple
[2011/08/23 15:19:27 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/08/23 15:19:26 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/08/23 15:19:25 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/08/23 15:19:25 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/08/23 15:19:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/08/23 15:19:21 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/08/23 15:13:53 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/08/23 15:13:51 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/08/23 15:10:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/08/23 15:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/08/22 21:38:19 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/08/22 21:38:17 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/08/22 21:38:07 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/08/22 21:19:17 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/08/22 21:19:15 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/22 21:19:15 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/08/22 21:19:09 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/08/22 21:18:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/08/22 21:18:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/08/22 21:18:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/08/22 21:18:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/08/22 21:18:44 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/08/22 21:18:43 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/08/22 21:18:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/08/22 21:18:43 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/08/22 21:18:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/08/22 21:18:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/08/22 21:18:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/08/22 21:18:21 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/22 21:18:20 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/22 21:18:19 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/22 21:18:19 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/22 21:18:19 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/22 21:18:19 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/22 21:18:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/22 21:18:19 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/22 21:18:19 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/22 21:18:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/08/22 21:18:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/22 21:18:19 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/22 21:17:38 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/08/22 21:17:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/08/22 21:17:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/08/22 21:17:29 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/22 21:17:29 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/22 21:17:18 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/08/22 21:17:18 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/08/22 21:17:13 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/08/22 21:17:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2011/08/22 21:17:08 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/08/22 21:17:08 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/08/22 21:17:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/08/22 21:16:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/08/22 21:16:25 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/08/22 21:16:22 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/08/22 21:16:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011/08/22 21:15:45 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/08/22 21:15:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/08/22 21:15:11 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/08/22 21:14:38 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/08/22 21:14:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/08/22 21:14:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/08/22 21:14:02 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/08/22 21:14:00 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/08/22 21:13:57 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/08/22 21:11:01 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/08/22 21:11:01 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/08/22 21:11:01 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/08/22 21:11:01 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/08/22 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Macromedia
[2011/08/22 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Adobe
[2011/08/22 21:06:16 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/22 21:06:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/08/22 21:01:41 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/08/22 21:01:38 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/08/22 21:01:38 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/08/22 21:01:38 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/08/22 21:01:37 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/08/22 21:01:37 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/08/22 21:01:37 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/08/22 21:01:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/08/22 21:01:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2011/08/22 21:01:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2011/08/22 21:01:15 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/08/22 21:01:14 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/08/22 21:01:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/08/22 21:01:14 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/08/22 21:01:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/08/22 21:01:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/08/22 21:01:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/08/22 21:01:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/08/22 21:01:00 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/08/22 21:01:00 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/08/22 21:01:00 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/08/22 21:00:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011/08/22 21:00:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011/08/22 21:00:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/08/22 21:00:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/08/22 21:00:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/08/22 21:00:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/08/22 21:00:15 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/08/22 21:00:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/08/22 20:59:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 20:59:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011/08/22 20:59:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/08/22 20:59:16 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/08/22 20:59:13 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/08/22 20:59:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/08/22 20:59:02 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/08/22 20:59:02 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/08/22 20:59:00 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
========== Files - Modified Within 30 Days ==========
[2011/09/12 17:22:48 | 000,035,573 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/12 17:22:47 | 000,035,573 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/12 17:22:22 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/12 17:22:22 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/12 17:22:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/12 17:22:16 | 1069,772,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/12 17:20:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/12 17:17:35 | 000,000,913 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/12 17:17:23 | 000,000,733 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\NTREGOPT.lnk
[2011/09/12 17:17:23 | 000,000,714 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\ERUNT.lnk
[2011/09/12 16:52:36 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DA653D74-5569-4830-B652-DB998BCEB604}.job
[2011/09/12 15:30:40 | 004,203,719 | R--- | M] (Swearware) -- C:\Users\Bonnet Bouth\Desktop\ComboFix.exe
[2011/09/11 21:04:35 | 000,000,512 | ---- | M] () -- C:\Users\Bonnet Bouth\Documents\MBR.dat
[2011/09/11 20:51:05 | 154,544,747 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/11 20:32:48 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/11 20:32:48 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/11 18:32:49 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/09/11 17:18:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/09/11 17:00:59 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/10 21:11:46 | 000,001,079 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/10 21:11:46 | 000,001,055 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\Spybot - Search & Destroy.lnk
[2011/09/08 20:05:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/01 14:44:10 | 000,256,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/31 10:07:24 | 000,000,938 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/30 18:05:36 | 000,001,664 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/29 00:03:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/08/28 22:56:26 | 000,023,225 | ---- | M] () -- C:\Users\Bonnet Bouth\Documents\The Awakening.odt
[2011/08/26 15:29:20 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2011/08/25 16:47:47 | 000,201,562 | ---- | M] () -- C:\Windows\hpoins40.dat
[2011/08/25 16:05:19 | 000,201,495 | ---- | M] () -- C:\Windows\hpoins40.dat.temp
[2011/08/25 16:04:40 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/08/25 16:03:24 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/25 16:02:36 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2011/08/25 15:40:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/25 15:25:57 | 000,001,878 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\Skype.lnk
[2011/08/25 15:10:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 23:25:46 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/23 22:32:03 | 000,001,028 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/08/23 22:08:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/23 22:08:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/23 22:08:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/23 22:08:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/23 21:58:08 | 000,001,664 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\iTunes.lnk
[2011/08/23 21:55:03 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/23 15:03:46 | 000,000,680 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Local\d3d9caps.dat
========== Files Created - No Company Name ==========
[2011/09/12 17:17:35 | 000,000,913 | ---- | C] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/12 17:17:23 | 000,000,733 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\NTREGOPT.lnk
[2011/09/12 17:17:23 | 000,000,714 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\ERUNT.lnk
[2011/09/12 15:33:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/12 15:33:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/12 15:33:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/12 15:33:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/12 15:33:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/11 21:04:35 | 000,000,512 | ---- | C] () -- C:\Users\Bonnet Bouth\Documents\MBR.dat
[2011/09/11 20:26:22 | 154,544,747 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/11 17:01:09 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/09/11 17:00:59 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/10 21:11:46 | 000,001,079 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/10 21:11:46 | 000,001,055 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\Spybot - Search & Destroy.lnk
[2011/08/31 10:07:24 | 000,000,938 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/30 18:05:36 | 000,001,664 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/29 00:03:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/08/28 22:54:53 | 000,023,225 | ---- | C] () -- C:\Users\Bonnet Bouth\Documents\The Awakening.odt
[2011/08/26 15:29:20 | 000,000,733 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2011/08/25 16:29:38 | 000,201,495 | ---- | C] () -- C:\Windows\hpoins40.dat.temp
[2011/08/25 16:29:38 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
[2011/08/25 16:04:40 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/08/25 16:03:24 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/25 16:02:36 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2011/08/25 15:55:43 | 000,201,562 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011/08/25 15:40:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/25 15:25:57 | 000,001,878 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\Skype.lnk
[2011/08/25 15:10:27 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 23:25:46 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/23 23:25:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/23 22:32:03 | 000,001,028 | ---- | C] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/08/23 21:58:08 | 000,001,664 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\iTunes.lnk
[2011/08/23 21:55:03 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/23 21:53:42 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/23 21:29:44 | 000,035,573 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/08/23 21:29:44 | 000,035,573 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/08/22 21:17:38 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/07/04 16:38:54 | 000,000,680 | ---- | C] () -- C:\Users\Bonnet Bouth\AppData\Local\d3d9caps.dat
[2009/05/22 05:04:30 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2008/01/20 21:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,256,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
< End of report >
========== SERVICES/DRIVERS ==========
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{94EC7E81-A39C-46BF-850E-FDA80C92B674}: C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\ not found.
Folder C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\ not found.
Folder C:\USERS\BONNET BOUTH\APPDATA\LOCAL\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\parsecfgsvc.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bonnet Bouth\Downloads\cmd.bat deleted successfully.
C:\Users\Bonnet Bouth\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Bonnet Bouth
->Temp folder emptied: 48710 bytes
->Temporary Internet Files folder emptied: 15797052 bytes
->Java cache emptied: 2413 bytes
->FireFox cache emptied: 241903157 bytes
->Flash cache emptied: 20867 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3294 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 246.00 mb
OTL by OldTimer - Version 3.2.27.0 log created on 09122011_171951
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL logfile created on: 9/12/2011 5:53:36 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Bonnet Bouth\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.45 Mb Total Physical Memory | 160.03 Mb Available Physical Memory | 15.67% Memory free
2.25 Gb Paging File | 1.13 Gb Available in Paging File | 50.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 40.69 Gb Free Space | 54.62% Space Free | Partition Type: NTFS
Computer Name: BONNETBOUTH-PC | User Name: Bonnet Bouth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Bonnet Bouth\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/25 16:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 18:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/25 16:33:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{94EC7E81-A39C-46BF-850E-FDA80C92B674}: C:\Users\Bonnet Bouth\AppData\Local\{94EC7E81-A39C-46BF-850E-FDA80C92B674}\
[2011/07/04 14:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Extensions
[2011/08/29 16:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\extensions
[2011/08/30 00:46:37 | 000,001,959 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\searchplugins\lastfm.xml
[2011/08/22 21:04:33 | 000,004,140 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Mozilla\Firefox\Profiles\oiqrkzuq.default\searchplugins\youtube.xml
[2011/08/23 22:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/23 22:09:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/25 16:33:29 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
() (No name found) -- C:\USERS\BONNET BOUTH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OIQRKZUQ.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2011/08/24 22:42:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 18:16:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/09/12 17:20:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9547BA5B-9832-4DC0-ADFF-DACC70225BB5}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/12 17:19:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/12 17:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/09/12 17:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/12 15:49:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/12 15:49:21 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\temp
[2011/09/12 15:33:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/12 15:33:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/12 15:33:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/12 15:32:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/12 15:32:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/12 15:32:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/12 15:29:50 | 004,203,719 | R--- | C] (Swearware) -- C:\Users\Bonnet Bouth\Desktop\ComboFix.exe
[2011/09/11 20:26:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/11 17:10:24 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/09/11 17:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/09/11 17:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/09/11 17:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/11 16:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/09/11 16:12:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/10 21:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/10 21:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/09/10 21:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/08 21:45:51 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Microsoft Games
[2011/08/31 18:19:30 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/08/31 18:19:30 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/08/31 18:19:16 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/08/31 18:18:54 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/08/31 18:18:00 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/08/28 20:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/08/26 15:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2011/08/26 15:29:26 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Last.fm
[2011/08/26 15:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2011/08/26 15:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
[2011/08/25 21:02:36 | 000,000,000 | R--D | C] -- C:\Users\Bonnet Bouth\Desktop\School & etc
[2011/08/25 16:50:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\Documents\My Scans
[2011/08/25 16:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/08/25 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\HP
[2011/08/25 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\HP
[2011/08/25 16:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/08/25 16:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/08/25 16:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/08/25 16:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/08/25 15:38:44 | 000,966,656 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_p02d.dll
[2011/08/25 15:38:44 | 000,712,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_p02d.dll
[2011/08/25 15:38:44 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2011/08/25 15:38:44 | 000,315,392 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_p02a.dll
[2011/08/25 15:38:44 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2011/08/25 15:38:25 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/08/25 15:38:22 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l70v.dll
[2011/08/25 15:37:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/25 15:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/08/25 15:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/08/25 15:26:05 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Skype
[2011/08/25 15:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/25 15:25:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/08/25 15:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/08/25 15:10:52 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Malwarebytes
[2011/08/25 15:10:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/25 15:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/25 15:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/25 15:10:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/25 15:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/24 22:39:54 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/08/24 22:39:54 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/08/24 22:39:54 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/08/24 19:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/24 19:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/08/24 15:05:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/08/24 15:05:22 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/08/23 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Adobe
[2011/08/23 23:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/23 23:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/23 23:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/08/23 22:31:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\OpenOffice.org
[2011/08/23 22:12:24 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/08/23 22:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/08/23 22:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/23 22:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/23 22:09:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/23 22:09:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/23 22:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/23 22:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/23 22:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/23 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Apple Computer
[2011/08/23 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Apple Computer
[2011/08/23 21:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/23 21:57:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/08/23 21:57:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/23 21:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/23 21:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/23 21:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/23 21:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/23 21:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/23 21:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/23 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/23 21:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/23 21:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/23 21:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/23 21:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/08/23 16:02:21 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Local\Apple
[2011/08/23 15:19:27 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/08/23 15:19:26 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/08/23 15:19:25 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/08/23 15:19:25 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/08/23 15:19:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/08/23 15:19:21 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/08/23 15:13:53 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/08/23 15:13:51 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/08/23 15:10:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/08/23 15:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/08/22 21:38:19 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/08/22 21:38:17 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/08/22 21:38:07 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/08/22 21:19:17 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/08/22 21:19:15 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/22 21:19:15 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/08/22 21:19:09 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/08/22 21:18:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/08/22 21:18:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/08/22 21:18:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/08/22 21:18:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/08/22 21:18:44 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/08/22 21:18:43 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/08/22 21:18:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/08/22 21:18:43 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/08/22 21:18:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/08/22 21:18:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/08/22 21:18:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/08/22 21:18:21 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/22 21:18:20 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/22 21:18:19 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/22 21:18:19 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/22 21:18:19 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/22 21:18:19 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/22 21:18:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/22 21:18:19 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/22 21:18:19 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/22 21:18:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/08/22 21:18:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/22 21:18:19 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/22 21:17:38 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/08/22 21:17:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/08/22 21:17:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/08/22 21:17:29 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/22 21:17:29 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/22 21:17:18 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/08/22 21:17:18 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/08/22 21:17:13 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/08/22 21:17:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2011/08/22 21:17:08 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/08/22 21:17:08 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/08/22 21:17:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/08/22 21:16:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/08/22 21:16:25 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/08/22 21:16:22 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/08/22 21:16:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011/08/22 21:15:45 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/08/22 21:15:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/08/22 21:15:11 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/08/22 21:14:38 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/08/22 21:14:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/08/22 21:14:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/08/22 21:14:02 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/08/22 21:14:00 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/08/22 21:13:57 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/08/22 21:11:01 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/08/22 21:11:01 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/08/22 21:11:01 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/08/22 21:11:01 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/08/22 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Macromedia
[2011/08/22 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Bonnet Bouth\AppData\Roaming\Adobe
[2011/08/22 21:06:16 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/22 21:06:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/08/22 21:01:41 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/08/22 21:01:38 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/08/22 21:01:38 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/08/22 21:01:38 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/08/22 21:01:37 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/08/22 21:01:37 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/08/22 21:01:37 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/08/22 21:01:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/08/22 21:01:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2011/08/22 21:01:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2011/08/22 21:01:15 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/08/22 21:01:14 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/08/22 21:01:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/08/22 21:01:14 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/08/22 21:01:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/08/22 21:01:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/08/22 21:01:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/08/22 21:01:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/08/22 21:01:00 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/08/22 21:01:00 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/08/22 21:01:00 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/08/22 21:00:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011/08/22 21:00:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011/08/22 21:00:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/08/22 21:00:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/08/22 21:00:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/08/22 21:00:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/08/22 21:00:15 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/08/22 21:00:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/08/22 20:59:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 20:59:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011/08/22 20:59:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/08/22 20:59:16 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/08/22 20:59:13 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/08/22 20:59:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/08/22 20:59:02 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/08/22 20:59:02 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/08/22 20:59:00 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
========== Files - Modified Within 30 Days ==========
[2011/09/12 17:22:48 | 000,035,573 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/12 17:22:47 | 000,035,573 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/12 17:22:22 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/12 17:22:22 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/12 17:22:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/12 17:22:16 | 1069,772,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/12 17:20:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/12 17:17:35 | 000,000,913 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/12 17:17:23 | 000,000,733 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\NTREGOPT.lnk
[2011/09/12 17:17:23 | 000,000,714 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\ERUNT.lnk
[2011/09/12 16:52:36 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DA653D74-5569-4830-B652-DB998BCEB604}.job
[2011/09/12 15:30:40 | 004,203,719 | R--- | M] (Swearware) -- C:\Users\Bonnet Bouth\Desktop\ComboFix.exe
[2011/09/11 21:04:35 | 000,000,512 | ---- | M] () -- C:\Users\Bonnet Bouth\Documents\MBR.dat
[2011/09/11 20:51:05 | 154,544,747 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/11 20:32:48 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/11 20:32:48 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/11 18:32:49 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/09/11 17:18:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/09/11 17:00:59 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/10 21:11:46 | 000,001,079 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/10 21:11:46 | 000,001,055 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\Spybot - Search & Destroy.lnk
[2011/09/08 20:05:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/01 14:44:10 | 000,256,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/31 10:07:24 | 000,000,938 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/30 18:05:36 | 000,001,664 | ---- | M] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/29 00:03:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/08/28 22:56:26 | 000,023,225 | ---- | M] () -- C:\Users\Bonnet Bouth\Documents\The Awakening.odt
[2011/08/26 15:29:20 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2011/08/25 16:47:47 | 000,201,562 | ---- | M] () -- C:\Windows\hpoins40.dat
[2011/08/25 16:05:19 | 000,201,495 | ---- | M] () -- C:\Windows\hpoins40.dat.temp
[2011/08/25 16:04:40 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/08/25 16:03:24 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/25 16:02:36 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2011/08/25 15:40:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/25 15:25:57 | 000,001,878 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\Skype.lnk
[2011/08/25 15:10:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 23:25:46 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/23 22:32:03 | 000,001,028 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/08/23 22:08:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/23 22:08:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/23 22:08:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/23 22:08:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/23 21:58:08 | 000,001,664 | ---- | M] () -- C:\Users\Bonnet Bouth\Desktop\iTunes.lnk
[2011/08/23 21:55:03 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/23 15:03:46 | 000,000,680 | ---- | M] () -- C:\Users\Bonnet Bouth\AppData\Local\d3d9caps.dat
========== Files Created - No Company Name ==========
[2011/09/12 17:17:35 | 000,000,913 | ---- | C] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/12 17:17:23 | 000,000,733 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\NTREGOPT.lnk
[2011/09/12 17:17:23 | 000,000,714 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\ERUNT.lnk
[2011/09/12 15:33:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/12 15:33:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/12 15:33:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/12 15:33:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/12 15:33:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/11 21:04:35 | 000,000,512 | ---- | C] () -- C:\Users\Bonnet Bouth\Documents\MBR.dat
[2011/09/11 20:26:22 | 154,544,747 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/11 17:01:09 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/09/11 17:00:59 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/10 21:11:46 | 000,001,079 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/10 21:11:46 | 000,001,055 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\Spybot - Search & Destroy.lnk
[2011/08/31 10:07:24 | 000,000,938 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/30 18:05:36 | 000,001,664 | ---- | C] () -- C:\Users\Bonnet Bouth\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/29 00:03:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/08/28 22:54:53 | 000,023,225 | ---- | C] () -- C:\Users\Bonnet Bouth\Documents\The Awakening.odt
[2011/08/26 15:29:20 | 000,000,733 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2011/08/25 16:29:38 | 000,201,495 | ---- | C] () -- C:\Windows\hpoins40.dat.temp
[2011/08/25 16:29:38 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
[2011/08/25 16:04:40 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/08/25 16:03:24 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/25 16:02:36 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2011/08/25 15:55:43 | 000,201,562 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011/08/25 15:40:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/25 15:25:57 | 000,001,878 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\Skype.lnk
[2011/08/25 15:10:27 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 23:25:46 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/23 23:25:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/23 22:32:03 | 000,001,028 | ---- | C] () -- C:\Users\Bonnet Bouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/08/23 21:58:08 | 000,001,664 | ---- | C] () -- C:\Users\Bonnet Bouth\Desktop\iTunes.lnk
[2011/08/23 21:55:03 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/23 21:53:42 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/23 21:29:44 | 000,035,573 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/08/23 21:29:44 | 000,035,573 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/08/22 21:17:38 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/07/04 16:38:54 | 000,000,680 | ---- | C] () -- C:\Users\Bonnet Bouth\AppData\Local\d3d9caps.dat
[2009/05/22 05:04:30 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2008/01/20 21:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,256,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
< End of report >
#10
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 12 September 2011 - 07:32 PM
Hi HelloAnya,
I see that you have Malwarebytes on your computer already. Please open that and then do an Update. Once Malwarebytes has been updated please run a Quick Scan. A log will be created that I will need in your next reply.
----------
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
----------
In your next reply please post the logs created by Malwarebytes and ESET Online Scanner.
Let me know how your system is running now.
I see that you have Malwarebytes on your computer already. Please open that and then do an Update. Once Malwarebytes has been updated please run a Quick Scan. A log will be created that I will need in your next reply.
----------
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
- Do not use this instance of your browser for anything besides doing this scan
- When the scan is complete and the results saved, close that instance of your browser
- Open a new one the usual way and post the results in this topic.
- Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button. - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop. - Double click on the
icon on your desktop.
- Click on
- Check
- Click the Start button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is Unchecked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time. - When the scan completes, push
- Push
, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply. - Push the Back button.
- Push Finish
----------
In your next reply please post the logs created by Malwarebytes and ESET Online Scanner.
Let me know how your system is running now.
Register to Remove
#11
HelloAnya
-
- Authentic Member
-
- 8 posts
New Member
Posted 12 September 2011 - 10:20 PM
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7707
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
9/12/2011 9:06:43 PM
mbam-log-2011-09-12 (21-06-43).txt
Scan type: Quick scan
Objects scanned: 162963
Time elapsed: 5 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
C:\Qoobox\Quarantine\C\Users\Bonnet Bouth\AppData\Roaming\62F3DCFB7A4CB9CBA38735738A5833B2\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Qoobox\Quarantine\C\Users\Bonnet Bouth\AppData\Roaming\62F3DCFB7A4CB9CBA38735738A5833B2\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
#12
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 13 September 2011 - 05:19 AM
Hi HelloAnya,
How is your system running now?
#13
HelloAnya
-
- Authentic Member
-
- 8 posts
New Member
Posted 15 September 2011 - 02:21 PM
No redirects at all now! Thank you Jeff, is there still more to do?
#14
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 15 September 2011 - 03:30 PM
Hi HelloAnya,
----------
Please download JavaRa to your desktop and unzip it to its own
folder
I see that you are running Windows Vista Service Pack 1. The most recent version of Windows Vista is Service Pack 2. It is very important to keep your Windows up-to-date to help prevent future infections. You can get all necessary downloads by going to Start > All Programs > Windows Update. Download and install any updates that are already showing and then press Check for Updates to download and install additional updates. This may take some time but be patient as this is very important.
----------
Once you have all of that completed, please run DDS once more and post the logs that are created into the next reply.
Glad to hear that your system is running better, but stick with me we are almost done.No redirects at all now! Thank you Jeff, is there still more to do?
----------
Please download JavaRa to your desktop and unzip it to its own
folder
- Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
click Remove Older Versions. - Accept any prompts.
- Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
Java Runtime Environment (JRE) version for your computer.
I see that you are running Windows Vista Service Pack 1. The most recent version of Windows Vista is Service Pack 2. It is very important to keep your Windows up-to-date to help prevent future infections. You can get all necessary downloads by going to Start > All Programs > Windows Update. Download and install any updates that are already showing and then press Check for Updates to download and install additional updates. This may take some time but be patient as this is very important.
----------
Once you have all of that completed, please run DDS once more and post the logs that are created into the next reply.
#15
HelloAnya
-
- Authentic Member
-
- 8 posts
New Member
Posted 15 September 2011 - 04:50 PM
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Thu Sep 15 16:39:01 2011
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
Found and removed: Applications\java.exe
Found and removed: Applications\javaw.exe
Found and removed: JavaPlugin.FamilyVersionSupport
Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}
Found and removed: JavaScript
Found and removed: JavaScript Author
Found and removed: JavaScript1.1
Found and removed: JavaScript1.1 Author
Found and removed: JavaScript1.2
Found and removed: JavaScript1.2 Author
Found and removed: SOFTWARE\Classes\JavaPlugin
Found and removed: SOFTWARE\Classes\JavaPlugin.160_22
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_22
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_22
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_22
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2
Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5
------------------------------------
Finished reporting.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Bonnet Bouth at 17:31:51.57 on Thu 09/15/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.0.0
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1021.273 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bonnet Bouth\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\bonnet~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\bonnet~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bonnet~1\appdata\roaming\mozilla\firefox\profiles\oiqrkzuq.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-10 1153368]
.
=============== Created Last 30 ================
.
2011-09-15 22:15:16 -------- d-----w- c:\windows\system32\eu-ES
2011-09-15 22:15:16 -------- d-----w- c:\windows\system32\ca-ES
2011-09-15 22:15:15 -------- d-----w- c:\windows\system32\vi-VN
2011-09-13 02:32:09 -------- d-----w- c:\program files\ESET
2011-09-12 22:19:51 -------- d-----w- C:\_OTL
2011-09-12 20:49:25 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-12 20:49:21 -------- d-----w- c:\users\bonnet~1\appdata\local\temp
2011-09-12 20:33:11 98816 ----a-w- c:\windows\sed.exe
2011-09-12 20:33:11 518144 ----a-w- c:\windows\SWREG.exe
2011-09-12 20:33:11 256000 ----a-w- c:\windows\PEV.exe
2011-09-12 20:33:11 208896 ----a-w- c:\windows\MBR.exe
2011-09-12 20:32:49 -------- d-----w- C:\ComboFix
2011-09-11 22:10:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-09-11 22:01:09 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-11 22:00:58 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-11 22:00:42 -------- d-----w- c:\progra~2\Hitman Pro
2011-09-11 21:12:44 -------- d-----w- c:\windows\system32\EventProviders
2011-09-11 02:11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-11 02:11:40 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-09-10 18:22:07 7152464 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{baad2e28-886a-45c8-a57b-41d63acb40cb}\mpengine.dll
2011-09-09 02:45:51 -------- d-----w- c:\users\bonnet~1\appdata\local\Microsoft Games
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-08-31 23:19:17 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-08-31 23:19:16 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-08-29 01:03:04 -------- d-----w- c:\program files\MSXML 4.0
2011-08-26 20:32:45 417792 ----a-w- c:\program files\windows media player\plugins\wmp_scrobbler.dll
2011-08-26 20:32:39 -------- d-----w- c:\progra~2\Last.fm
2011-08-26 20:29:26 -------- d-----w- c:\users\bonnet~1\appdata\local\Last.fm
2011-08-26 20:29:18 -------- d-----w- c:\program files\Last.fm
2011-08-25 21:47:17 -------- d-----w- c:\progra~2\WEBREG
2011-08-25 21:46:41 -------- d-----w- c:\users\bonnet~1\appdata\local\HP
2011-08-25 21:01:45 -------- d-----w- c:\program files\common files\HP
2011-08-25 21:01:08 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-08-25 20:39:44 312832 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
2011-08-25 20:39:44 312832 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\1_hpfpp70v.dll
2011-08-25 20:38:44 966656 ----a-w- c:\windows\system32\hpost_p02d.dll
2011-08-25 20:38:44 712704 ----a-w- c:\windows\system32\hposwia_p02d.dll
2011-08-25 20:38:44 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-08-25 20:38:44 315392 ----a-w- c:\windows\system32\hposc_p02a.dll
2011-08-25 20:38:44 309760 ----a-w- c:\windows\system32\difxapi.dll
2011-08-25 20:38:25 452408 ----a-w- c:\windows\system32\hpzids01.dll
2011-08-25 20:38:22 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2011-08-25 20:35:32 -------- d-----w- c:\program files\HP
2011-08-25 20:25:56 -------- d-----r- c:\program files\Skype
2011-08-25 20:10:52 -------- d-----w- c:\users\bonnet~1\appdata\roaming\Malwarebytes
2011-08-25 20:10:27 -------- d-----w- c:\progra~2\Malwarebytes
2011-08-25 20:10:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 20:10:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-25 03:39:54 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-25 03:39:54 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-25 03:39:54 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-25 03:39:54 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-25 03:39:54 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-24 20:36:16 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-08-24 20:36:11 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-24 20:36:09 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-08-24 20:36:09 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-08-24 20:36:07 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-08-24 20:36:07 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-08-24 20:36:05 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-08-24 20:36:04 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-08-24 20:36:01 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2011-08-24 20:36:01 1576960 ----a-w- c:\windows\system32\tquery.dll
2011-08-24 20:34:59 450560 ----a-w- c:\windows\system32\comdlg32.dll
2011-08-24 20:33:59 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-08-24 20:33:59 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-08-24 20:33:59 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-08-24 20:33:59 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-08-24 20:33:59 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-08-24 20:33:59 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-08-24 20:33:59 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-08-24 20:33:55 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-08-24 20:33:48 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-08-24 20:33:48 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-08-24 20:33:33 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-08-24 20:05:30 17920 ----a-w- c:\windows\system32\netevent.dll
2011-08-24 20:05:30 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-08-24 20:05:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-24 20:05:22 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-24 20:05:22 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-08-24 20:05:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-24 04:26:59 -------- d-----w- c:\users\bonnet~1\appdata\local\Adobe
2011-08-24 03:31:22 -------- d-----w- c:\users\bonnet~1\appdata\roaming\OpenOffice.org
2011-08-24 03:10:18 -------- d-----w- c:\program files\OpenOffice.org 3
2011-08-24 03:09:11 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-24 02:58:22 -------- d-----w- c:\users\bonnet~1\appdata\local\Apple Computer
2011-08-24 02:57:51 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-24 02:57:51 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-08-24 02:56:55 -------- d-----w- c:\program files\iPod
2011-08-24 02:56:47 -------- d-----w- c:\program files\iTunes
2011-08-24 02:56:47 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-24 02:55:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-24 02:55:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-24 02:55:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-24 02:55:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-24 02:55:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-24 02:55:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-24 02:55:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-24 02:51:35 -------- d-----w- c:\program files\Bonjour
2011-08-23 21:02:21 -------- d-----w- c:\users\bonnet~1\appdata\local\Apple
2011-08-23 20:10:17 -------- d-sh--w- c:\windows\Installer
2011-08-23 20:10:07 -------- d-----w- c:\program files\NVIDIA Corporation
2011-08-23 02:18:58 502272 ----a-w- c:\windows\system32\usp10.dll
2011-08-23 02:17:40 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-08-23 02:16:58 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-08-23 02:16:34 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-23 02:16:32 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-08-23 02:16:31 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-08-23 02:16:28 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-08-23 02:16:25 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-08-23 02:16:23 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-23 02:16:19 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-23 02:15:39 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-08-23 02:15:28 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-08-23 02:15:26 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-08-23 02:15:26 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-08-23 02:15:26 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-08-23 02:15:21 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-08-23 02:15:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-08-23 02:15:16 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-08-23 02:15:11 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-08-23 02:15:05 7152464 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-08-23 02:15:04 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-08-23 02:14:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-23 02:14:12 623616 ----a-w- c:\windows\system32\localspl.dll
2011-08-23 02:14:08 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-23 02:14:06 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-08-23 02:14:06 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-08-23 02:14:04 36864 ----a-w- c:\windows\system32\rtutils.dll
2011-08-23 02:14:00 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-08-23 02:14:00 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-08-23 02:13:57 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-08-23 02:11:07 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-08-23 02:11:07 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-23 02:11:07 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-23 02:11:07 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-23 02:11:06 9728 ----a-w- c:\windows\system32\lsass.exe
2011-08-23 02:11:06 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-23 02:11:01 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-08-23 02:11:01 322560 ----a-w- c:\windows\system32\sbe.dll
2011-08-23 02:11:01 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-23 02:11:01 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-08-23 02:06:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-23 02:01:41 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-08-23 02:01:37 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-08-23 02:01:01 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-08-23 02:01:00 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-08-23 02:01:00 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-08-23 02:01:00 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-08-23 02:01:00 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-08-23 02:00:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-23 02:00:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-08-23 02:00:15 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-08-23 02:00:15 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-08-23 02:00:11 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-08-23 02:00:03 81920 ----a-w- c:\windows\system32\consent.exe
2011-08-23 02:00:02 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-08-23 01:59:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 01:59:09 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-08-23 01:59:01 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-08-23 01:58:57 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-08-23 01:58:52 243712 ----a-w- c:\windows\system32\rastls.dll
2011-08-23 01:58:48 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-08-23 01:58:48 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-08-23 01:58:48 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-23 01:58:48 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-08-23 01:58:48 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-08-23 01:58:46 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-23 01:58:46 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
==================== Find3M ====================
.
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 17:33:02.73 ===============
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
