Free Malware Removal Forum

by **Chicobtd** » September 6th, 2009, 10:29 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:31 PM, on 9/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Common Files\AOL\1247059926\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\System\Update.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AOL 9.1\waol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (file missing)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [xqbulwtnajd] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\icxefwbeyglotz.dll"
O4 - HKLM\..\Run: [Tsenem] rundll32.exe "C:\WINDOWS\Qcujog.dat",e
O4 - HKLM\..\Run: [Gfebidelujol] rundll32.exe "C:\WINDOWS\Pfahuvasaxoga.dll",e
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1247059926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SystemUpdate] C:\System\Update.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SystemUpdate] C:\System\Update.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\brandon\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .8.110.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-cl ... ynoCAB.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4828179328
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAC71CB3-F4D3-4D2D-B774-9760CC01167B}: NameServer = 68.87.85.102,68.87.69.150
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8546 bytes

by **deltalima** » September 7th, 2009, 3:20 pm

Hi Chicobtd,

Welcome to the Malware Removal forums.
My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
If after 5 days you have not responded to this topic, it will be closed, and you will need to start a new one.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

by **Chicobtd** » September 7th, 2009, 3:25 pm

hello deltalima, i hope you can help these pop ups can get annoying, it also seems like they are bogging down my load times on web pages, is that possible?

by **deltalima** » September 8th, 2009, 10:32 am

Hi Chicobtd,

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Frostwire

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW. Plus any other P2P applications you may have installed, thank you.

LIST OF PROGRAMS USING HIJACKTHIS

Open HijackThis.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please copy and paste the contents of this log in your next reply.

See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Now please run a new HijackThis scan and post the log back here along with details of any further problems that you may be experiencing.

by **Chicobtd** » September 8th, 2009, 3:54 pm

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Age of Conan - Hyborian Adventures
AGEIA PhysX v7.11.13
AIM 6
AOL Uninstaller (Choose which Products to Remove)
ArcSoft VideoImpression 1.6
AVI Movie Player
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Ceville 1.0
Comcast High-Speed Internet Install Wizard
Critical Update for Windows Media Player 11 (KB959772)
DivX 4.12 Codec
Download Manager 2.3.7
EA Download Manager
Elven Legacy
Fantasy Wars
FATE
GE 98067 MiniCam Pro
Hamachi 1.0.3.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Internet Saving Optimizer
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Marvell Miniport Driver
Mass Effect
Media Access Startup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.2)
MSXML 6.0 Parser (KB925673)
NVIDIA Drivers
NVIDIA PureVideo Decoder
OpenOffice.org 3.1
ProtectDisc Driver, Version 11
RayV
Realtek High Definition Audio Driver
RON Tool Mxlivemedia
Search Assistant Searchersmart
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyware Doctor 6.1
System Search Dispatcher
Tales of Monkey Island - Launch of the Screaming Narwhal
The Playa
The Sims™ 3
Titan Quest
Titan Quest Immortal Throne
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Ventrilo Client
Viewpoint Media Player
Vista Codec Package
VLC media player 0.9.2
Warhammer Online - Age of Reckoning
Winamp
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:57 PM, on 9/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Common Files\AOL\1247059926\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\System\Update.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (file missing)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [xqbulwtnajd] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\icxefwbeyglotz.dll"
O4 - HKLM\..\Run: [Tsenem] rundll32.exe "C:\WINDOWS\Qcujog.dat",e
O4 - HKLM\..\Run: [Gfebidelujol] rundll32.exe "C:\WINDOWS\Pfahuvasaxoga.dll",e
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1247059926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SystemUpdate] C:\System\Update.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SystemUpdate] C:\System\Update.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\brandon\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .8.110.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-cl ... ynoCAB.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4828179328
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8336 bytes

by **deltalima** » September 9th, 2009, 10:41 am

Hi Chicobtd,

Please confirm that Frostwire has been completely removed form the PC.

Next

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight Internet Saving Optimizer, click Remove.
highlight Java(TM) 6 Update 7, click Remove.
Close the Add or Remove Programs and the Control Panel windows.

Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

RSIT

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT
Click Continue at the disclaimer screen
Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
Copy & paste the contents of both logs in your next reply along with the contents of the log from Malwarebytes Anti-Malware

Also please let me know how the computer is running now.

by **Chicobtd** » September 9th, 2009, 4:38 pm

info.txt logfile of random's system information tool 1.06 2009-09-09 13:20:38

======Uninstall list======

-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Age of Conan - Hyborian Adventures-->"C:\Program Files\Funcom\Age of Conan\unins000.exe"
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
ArcSoft VideoImpression 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A92133DC-E95D-477A-925C-0DB183C3C3D0}\Setup.exe" -l0x9
AVI Movie Player-->C:\Program Files\AVI Movie Player\uninstall.exe
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Ceville 1.0-->C:\Program Files\Kalypso\Ceville\uninst.exe
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX 4.12 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
Elven Legacy-->"C:\Program Files\Paradox Interactive\Elven Legacy\unins000.exe"
Fantasy Wars-->"C:\Program Files\Nobilis\Fantasy Wars\unins000.exe"
FATE-->"C:\Program Files\WildGames\FATE\Uninstall.exe"
GE 98067 MiniCam Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PureVideo Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
RayV-->C:\Program Files\RayV\RayV\uninstall.exe
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
RON Tool Mxlivemedia-->C:\WINDOWS\system32\fqydysccqinsbed.exe
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.1-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Tales of Monkey Island - Launch of the Screaming Narwhal-->C:\Program Files\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland101.exe
The Playa-->"C:\Program Files\The Playa\uninstall.exe"
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0009 -removeonly
Titan Quest Immortal Throne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x9 -removeonly
Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Uninstall AOL Emergency Connect Utility 1.0-->C:\Program Files\Common Files\AOL\ECU\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warhammer Online - Age of Reckoning -->C:\Program Files\Electronic Arts\Warhammer Online - Age of Reckoning\uninst2.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: HOME-913FN14T9K
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D60EA96B7. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 371
Source Name: Dhcp
Time Written: 20090803192149.000000-420
Event Type: warning
User:

Computer Name: HOME-913FN14T9K
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D60EA96B7. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 366
Source Name: Dhcp
Time Written: 20090803192140.000000-420
Event Type: warning
User:

Computer Name: HOME-913FN14T9K
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D60EA96B7. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 363
Source Name: Dhcp
Time Written: 20090803192128.000000-420
Event Type: warning
User:

Computer Name: HOME-913FN14T9K
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 360
Source Name: W32Time
Time Written: 20090803192127.000000-420
Event Type: error
User:

Computer Name: HOME-913FN14T9K
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 359
Source Name: W32Time
Time Written: 20090803192127.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: HOME-913FN14T9K
Event Code: 0
Message: Configuration section system.serviceModel.activation does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 143
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090110015017.000000-420
Event Type: warning
User:

Computer Name: HOME-913FN14T9K
Event Code: 0
Message: Configuration section system.runtime.serialization does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 142
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090110015017.000000-420
Event Type: warning
User:

Computer Name: HOME-913FN14T9K
Event Code: 0
Message: Configuration section system.serviceModel does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 141
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090110015017.000000-420
Event Type: warning
User:

Computer Name: HOME-913FN14T9K
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 139
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090110015017.000000-420
Event Type: warning
User:

Computer Name: HOME-913FN14T9K
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 131
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090110014746.000000-420
Event Type: warning
User:

=====Security event log=====

Computer Name: HOME-913FN14T9K
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.

Logon Process Name: Winlogon\MSGina

Record Number: 6754
Source Name: Security
Time Written: 20090729043504.000000-420
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-913FN14T9K
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.

Logon Process Name: Winlogon

Record Number: 6753
Source Name: Security
Time Written: 20090729043504.000000-420
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-913FN14T9K
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.

Logon Process Name: KSecDD

Record Number: 6752
Source Name: Security
Time Written: 20090729043504.000000-420
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-913FN14T9K
Event Code: 514
Message: An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.

Authentication Package Name: C:\WINDOWS\system32\msv1_0.dll : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Record Number: 6751
Source Name: Security
Time Written: 20090729043504.000000-420
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-913FN14T9K
Event Code: 514
Message: An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.

Authentication Package Name: C:\WINDOWS\system32\wdigest.dll : WDigest

Record Number: 6750
Source Name: Security
Time Written: 20090729043504.000000-420
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by brandon at 2009-09-09 13:20:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 201 GB (42%) free of 477 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:34 PM, on 9/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Common Files\AOL\1247059926\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AOL 9.1\waol.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\Content.IE5\FNIOODU5\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\brandon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1247059926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\brandon\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .8.110.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-cl ... ynoCAB.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4828179328
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8197 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-25 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-08-30 286720]
"HostManager"=C:\Program Files\Common Files\AOL\1247059926\ee\AOLSoftware.exe [2008-06-24 41824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-28 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-07-22 1181064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-18 49968]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-05-14 1103216]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]
"RayV"=C:\Program Files\RayV\RayV\RayV.exe [2009-08-19 2487592]
"AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-11-06 50472]
"Octoshape Streaming Services"=C:\Documents and Settings\brandon\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\brandon\Start Menu\Programs\Startup
FrostWire On Startup.lnk - C:\Program Files\FrostWire\FrostWire.exe
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Documents and Settings\brandon\Local Settings\netdetect.exe"="C:\Documents and Settings\brandon\Local Settings\netdetect.exe:*:Enabled:netdetect"
"C:\Documents and Settings\brandon\Local Settings\Temp\Blizzard Launcher Temporary - 84fbe7a8\Launcher.exe"="C:\Documents and Settings\brandon\Local Settings\Temp\Blizzard Launcher Temporary - 84fbe7a8\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\brandon\Local Settings\Temp\Blizzard Launcher Temporary - 97856660\Launcher.exe"="C:\Documents and Settings\brandon\Local Settings\Temp\Blizzard Launcher Temporary - 97856660\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft Public Test\WoW-0.1.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft Public Test\WoW-0.1.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft Public Test\Launcher.exe"="C:\Program Files\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Codemasters\Rise of the Argonauts\Binaries\RiseOfTheArgonauts.exe"="C:\Program Files\Codemasters\Rise of the Argonauts\Binaries\RiseOfTheArgonauts.exe:*:Enabled:RiseOfTheArgonauts"
"C:\Program Files\World of Warcraft Public Test\WoW-0.1.0.9684-to-0.1.0.9704-enUS-downloader.exe"="C:\Program Files\World of Warcraft Public Test\WoW-0.1.0.9684-to-0.1.0.9704-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe"="C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient"
"C:\Documents and Settings\brandon\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\brandon\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver"
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\brandon\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\brandon\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe"="C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe"="C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\AOL\1247059926\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1247059926\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe"="C:\Program Files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe:*:Enabled:Elven Legacy"
"C:\Program Files\RayV\RayV\RayV.exe"="C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV"
"C:\Program Files\RayV\RayV\RayV.dll"="C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-09-09 13:20:22 ----D---- C:\rsit
2009-09-09 11:38:08 ----D---- C:\Documents and Settings\brandon\Application Data\Malwarebytes
2009-09-09 11:38:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-09 11:38:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-09 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 03:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 03:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-08 06:01:38 ----D---- C:\Documents and Settings\brandon\Application Data\AVS4YOU
2009-09-08 06:01:36 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-09-08 05:59:28 ----D---- C:\Program Files\Common Files\AVSMedia
2009-09-08 05:59:28 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-09-08 05:59:28 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-09-08 05:59:27 ----D---- C:\Program Files\AVS4YOU
2009-09-08 05:59:27 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-09-08 05:59:27 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2009-09-06 19:16:32 ----D---- C:\Program Files\Trend Micro
2009-09-06 08:47:34 ----A---- C:\WINDOWS\system32\KDSInterface.txt
2009-09-06 08:38:49 ----D---- C:\Program Files\Common Files\PC Tools
2009-09-06 08:38:45 ----D---- C:\Program Files\Spyware Doctor
2009-09-06 08:38:45 ----D---- C:\Documents and Settings\brandon\Application Data\PC Tools
2009-09-06 08:38:45 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-09-06 04:55:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-31 02:28:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-31 02:28:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-31 02:28:09 ----A---- C:\WINDOWS\system32\java.exe
2009-08-28 20:25:57 ----D---- C:\Documents and Settings\brandon\Application Data\OpenOffice.org
2009-08-28 20:24:20 ----D---- C:\Program Files\JRE
2009-08-28 20:24:15 ----D---- C:\Program Files\OpenOffice.org 3
2009-08-28 20:23:57 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-26 22:40:51 ----D---- C:\Program Files\Hamachi
2009-08-26 03:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-21 17:42:30 ----A---- C:\aolconnfix.txt
2009-08-21 17:42:30 ----A---- C:\aolconnfix.exe
2009-08-21 11:22:28 ----D---- C:\Documents and Settings\brandon\Application Data\RayV
2009-08-21 11:22:25 ----D---- C:\Program Files\RayV
2009-08-17 12:08:46 ----A---- C:\WINDOWS\ODBC.INI
2009-08-17 12:08:15 ----D---- C:\Program Files\Microsoft ActiveSync
2009-08-17 12:08:12 ----D---- C:\WINDOWS\ShellNew
2009-08-17 12:08:08 ----D---- C:\Program Files\Common Files\Designer
2009-08-17 12:07:52 ----D---- C:\Program Files\Microsoft Office
2009-08-13 03:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-12 03:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 03:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 03:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-12 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-12 03:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 03:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-12 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-11 03:03:36 ----D---- C:\351d4010be6b95ee9db665fea8e9
2009-08-11 03:03:23 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-10 12:40:28 ----A---- C:\WINDOWS\ibutejigucinep.dll
2009-08-05 21:16:02 ----RA---- C:\WINDOWS\system32\psfind.dll
2009-08-05 21:01:48 ----D---- C:\Program Files\THQ
2009-08-05 05:59:33 ----D---- C:\Documents and Settings\brandon\Application Data\dvdcss
2009-08-04 20:26:57 ----D---- C:\Program Files\WildGames
2009-08-04 20:25:52 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-08-03 19:00:42 ----D---- C:\Program Files\support.com
2009-08-03 19:00:29 ----D---- C:\Program Files\Common Files\SupportSoft
2009-07-27 23:14:43 ----D---- C:\Documents and Settings\brandon\Application Data\Google
2009-07-27 21:49:52 ----D---- C:\Program Files\Common Files\Adobe
2009-07-27 21:49:37 ----D---- C:\Program Files\Adobe
2009-07-27 21:49:28 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-27 21:49:26 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-27 21:48:44 ----D---- C:\Program Files\NOS
2009-07-27 21:48:44 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-27 07:34:20 ----D---- C:\Documents and Settings\All Users\Application Data\media center programs
2009-07-27 07:34:14 ----D---- C:\Program Files\Funcom
2009-07-27 00:45:53 ----D---- C:\Program Files\Nobilis
2009-07-22 22:52:07 ----D---- C:\Program Files\Paradox Interactive
2009-07-16 11:11:05 ----A---- C:\Documents and Settings\brandon\Application Data\ceville_console_history.txt
2009-07-16 10:53:09 ----D---- C:\Program Files\Kalypso
2009-07-15 03:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 11:07:05 ----D---- C:\ProgramData
2009-07-14 11:07:05 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-07-14 11:00:29 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2009-07-14 11:00:28 ----D---- C:\Program Files\Microsoft WSE
2009-07-14 10:52:54 ----RASHD---- C:\System
2009-07-10 12:42:01 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-07-10 12:42:01 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-07-10 12:42:01 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-07-10 12:42:00 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-07-10 12:42:00 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-07-10 12:42:00 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-07-10 12:41:58 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-07-10 12:41:41 ----HD---- C:\WINDOWS\msdownld.tmp
2009-07-10 12:36:22 ----D---- C:\Program Files\Telltale Games
2009-07-09 09:14:30 ----D---- C:\Programmi
2009-07-09 07:14:06 ----D---- C:\WINDOWS\nview
2009-07-09 07:14:06 ----A---- C:\WINDOWS\system32\nvuninst.exe
2009-07-09 07:14:06 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-07-08 19:40:14 ----D---- C:\Program Files\LucasArts
2009-07-08 06:34:03 ----D---- C:\Documents and Settings\brandon\Application Data\AOL
2009-07-08 06:33:30 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2009-07-08 06:33:06 ----D---- C:\Program Files\Common Files\Nullsoft
2009-07-08 06:32:17 ----D---- C:\Program Files\AOL
2009-07-08 06:32:05 ----D---- C:\WINDOWS\aolshare
2009-07-08 06:32:04 ----D---- C:\Program Files\Common Files\aolshare
2009-07-08 06:32:04 ----D---- C:\Program Files\AOL 9.1
2009-07-07 14:48:27 ----D---- C:\Program Files\Common Files\NSV
2009-07-05 14:06:16 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-07-02 00:34:55 ----D---- C:\Program Files\Common Files\BioWare
2009-07-02 00:20:22 ----D---- C:\Program Files\Mass Effect
2009-06-26 02:56:55 ----D---- C:\Program Files\Microsoft Silverlight
2009-06-25 23:26:44 ----A---- C:\WINDOWS\War3Unin.exe
2009-06-25 23:24:03 ----D---- C:\Program Files\Warcraft III
2009-06-12 05:10:04 ----D---- C:\Program Files\Electronic Arts
2009-06-11 03:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 3 months======

2009-09-09 13:19:27 ----D---- C:\WINDOWS\Prefetch
2009-09-09 12:57:32 ----D---- C:\WINDOWS\Temp
2009-09-09 12:30:35 ----D---- C:\Program Files\Mozilla Firefox
2009-09-09 12:29:16 ----A---- C:\WINDOWS\win.ini
2009-09-09 12:28:59 ----D---- C:\WINDOWS\system32\drivers
2009-09-09 12:28:49 ----D---- C:\Documents and Settings\brandon\Application Data\Hamachi
2009-09-09 12:27:52 ----D---- C:\WINDOWS
2009-09-09 12:27:51 ----D---- C:\WINDOWS\system32
2009-09-09 12:27:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-09 12:25:01 ----RD---- C:\Program Files
2009-09-09 11:42:32 ----SHD---- C:\WINDOWS\Installer
2009-09-09 11:42:21 ----D---- C:\Program Files\Java
2009-09-09 11:42:21 ----D---- C:\Program Files\Common Files
2009-09-09 03:39:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-09 03:38:39 ----D---- C:\Documents and Settings\brandon\Application Data\uTorrent
2009-09-09 03:00:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 03:00:53 ----HD---- C:\WINDOWS\inf
2009-09-09 03:00:48 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 03:00:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-07 20:18:39 ----A---- C:\WINDOWS\videoimp.ini
2009-09-06 08:31:38 ----D---- C:\Documents and Settings\brandon\Application Data\FrostWire
2009-09-06 08:22:28 ----D---- C:\DELL
2009-09-02 03:02:23 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-29 15:46:36 ----D---- C:\Documents and Settings\brandon\Application Data\Mozilla
2009-08-28 20:25:09 ----RSD---- C:\WINDOWS\assembly
2009-08-28 20:24:31 ----RSD---- C:\WINDOWS\Fonts
2009-08-28 17:26:50 ----D---- C:\Documents and Settings\brandon\Application Data\Octoshape
2009-08-28 14:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-17 12:10:11 ----SD---- C:\Documents and Settings\brandon\Application Data\Microsoft
2009-08-17 12:08:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-17 12:07:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-17 12:04:17 ----D---- C:\WINDOWS\system
2009-08-13 08:16:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-12 03:03:33 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-12 03:02:49 ----D---- C:\Program Files\Outlook Express
2009-08-11 03:07:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-11 03:07:00 ----D---- C:\WINDOWS\WinSxS
2009-08-11 03:04:13 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-11 03:04:10 ----D---- C:\WINDOWS\system32\en-US
2009-08-05 21:26:59 ----D---- C:\WINDOWS\system32\DirectX
2009-08-05 21:23:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-05 14:09:12 ----D---- C:\Program Files\Yahoo!
2009-08-05 14:07:35 ----D---- C:\ArmyBuilderEX
2009-08-05 14:07:07 ----D---- C:\Program Files\Curse
2009-08-05 02:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-05 00:19:00 ----A---- C:\NvLog.txt
2009-08-04 20:25:09 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-08-04 01:36:32 ----D---- C:\Program Files\Common Files\AOL
2009-07-29 04:43:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-29 04:35:00 ----D---- C:\Program Files\Internet Explorer
2009-07-27 21:50:32 ----D---- C:\Documents and Settings\brandon\Application Data\Adobe
2009-07-19 06:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 12:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-14 04:03:14 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:43:24 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-09 07:14:12 ----D---- C:\WINDOWS\Help
2009-07-08 06:33:26 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-07-05 14:24:56 ----D---- C:\Program Files\AIM6
2009-07-05 14:07:15 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-06-29 09:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\occache.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\mstime.dll
2009-06-29 09:12:18 ----N---- C:\WINDOWS\system32\msrating.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 09:12:16 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 09:12:14 ----N---- C:\WINDOWS\system32\corpol.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 04:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 04:07:11 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 01:33:39 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 01:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-16 12:16:17 ----D---- C:\Program Files\Download Manager
2009-06-16 12:16:15 ----D---- C:\Documents and Settings\brandon\Application Data\IGN_DLM
2009-06-16 10:45:01 ----D---- C:\Program Files\World of Warcraft
2009-06-16 07:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 07:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-12 05:31:39 ----A---- C:\WINDOWS\system32\telnet.exe
2009-06-10 09:19:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-10 07:13:29 ----A---- C:\WINDOWS\system32\avifil32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-07-27 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-07-27 25416]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-26 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-03 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
R3 snpstd2;GE 98067 MiniCam Pro; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-12-16 347264]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2006-07-26 248832]
S3 ar1bwrco;ar1bwrco; C:\WINDOWS\system32\drivers\ar1bwrco.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

by **Chicobtd** » September 9th, 2009, 4:39 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2766
Windows 5.1.2600 Service Pack 3

9/9/2009 12:25:01 PM
mbam-log-2009-09-09 (12-25-01).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 217484
Time elapsed: 44 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 30
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 24
Files Infected: 398

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Pfahuvasaxoga.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b4c79ec7-37ad-8c5a-d703-f9b2c978060f} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gfebidelujol (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systemupdate (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tsenem (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xqbulwtnajd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systemupdate (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Pfahuvasaxoga.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP347\A0040383.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036431.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036449.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036432.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036433.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036434.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036435.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036436.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036437.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036438.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036439.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036440.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036441.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036442.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036443.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036444.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036445.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036446.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036447.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036448.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036450.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36C40B73-AD74-4CB7-8B36-FD309D1A04B7}\RP312\A0036451.rbf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-063503.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-063543.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-063702.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-063744.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-063906.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-090605.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-131606.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-142114.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-211458.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-212451.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-212840.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-220758.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-221951.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-222701.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-003122.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-022323.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-022614.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-022714.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-024339.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-054522.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-055658.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-060927.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-063039.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-065127.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-065213.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-065259.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-131241.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-045904.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-051720.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-004541.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-190719.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-052943.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-202405.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-222316.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-000922.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-154105.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-050431.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-115503.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-122942.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-132658.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-132739.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-132756.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-135901.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-141943.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-142749.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-183212.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-202145.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-203554.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-025032.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-034432.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-034527.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-034949.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-204657.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-020524.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-031819.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-034302.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-050905.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-051232.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-051426.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-051522.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-051639.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-052725.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-054218.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-195924.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-215629.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-223059.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-224103.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-225824.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-053135.220.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-053203.079.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-062717.970.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-084432.548.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-085056.829.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-091546.892.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-100407.939.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-104926.533.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-110830.204.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-044651.141.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-085310.985.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-151425.829.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-202257.126.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-044944.907.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-071822.594.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-180718.704.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-202805.360.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-013241.594.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-095931.876.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-122535.657.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-131730.376.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-134000.626.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-144345.516.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-160030.969.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090817-001955.532.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090817-012433.001.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090817-012956.673.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090817-071847.860.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090817-135229.423.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090819-183007.719.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090819-183930.251.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090819-190034.016.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090820-100247.996.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090820-185617.133.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090820-194431.883.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090820-194846.383.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090820-204912.493.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090821-152041.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090821-152746.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090821-214344.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-081542.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-162344.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-165702.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090823-064829.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-045637.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-101932.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-131717.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-132444.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-133438.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-133533.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-140750.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-162208.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-175004.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-142829.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-171852.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-203639.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-211425.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-055620.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-110046.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-140325.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-183048.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-223907.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-224304.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-224653.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-224848.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-224919.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-225039.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-225146.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-225249.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-225853.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-232427.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-112551.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-123253.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-123657.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-165704.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-180728.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-204409.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-205710.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-211050.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-235252.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-001359.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-005252.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-010120.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-010830.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-013117.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-110908.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-114626.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-114639.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-115328.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-142122.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-143317.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-150149.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-161604.856.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-162502.059.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-172620.418.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-184638.371.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-223857.246.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-231917.746.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-002343.168.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-002857.231.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-003706.121.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-004259.621.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-072800.090.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-073033.028.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-114626.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-154648.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-210119.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-211032.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-212226.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-212313.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-215833.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090829-235914.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090830-003031.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090830-005239.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090830-130803.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090830-213457.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-000809.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-001500.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-012726.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-020757.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-020845.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-021044.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-021046.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-022822.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-022823.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-040254.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-040432.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-054100.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-103202.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-103504.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-111652.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-112556.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-141111.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-160659.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-190019.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-191523.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-192443.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-192658.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-195653.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-204914.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-204932.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-223007.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090901-002037.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090901-042013.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090901-042043.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090901-124121.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090901-141855.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090901-193353.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-002208.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-002226.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-002241.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-030318.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-030319.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-203020.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-212303.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-011119.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-022133.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-022334.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-022443.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-023817.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-024726.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-085709.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-090221.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-142401.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-173720.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-185903.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090903-225124.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090904-001946.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090904-033119.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090904-033340.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090904-121253.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-005051.552.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-005857.739.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-005912.505.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-185147.567.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-221637.614.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-233848.724.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090905-234442.489.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-001547.395.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-005742.224.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-010100.208.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-043902.520.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-050736.802.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-082814.458.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-083123.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-083231.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-084246.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-085514.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-093949.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-094128.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-163122.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-164212.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-172558.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-174502.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-181426.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-191748.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090906-210233.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090907-165715.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090907-211910.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090908-020352.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090908-060133.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090908-124311.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090908-190214.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090908-214527.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090908-230141.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090908-233555.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090909-075328.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090909-081430.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Application Data\Media Access Startup\1.5.0.850\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\01c9eb2893468d1fba80553d2b75bd30.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\867b44b1158783875052f103c3a2f11a.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\bc83ac54dd36e7479704363c8fbd7e43.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\c14631dd1d688aa0ae8e9c9dd396c653.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\brandon\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxuctjqiov.dll-uninst.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\System\Update.exe (Backdoor.Bifrose) -> Delete on reboot.
C:\WINDOWS\Qcujog.dat (Trojan.Agent) -> Delete on reboot.

by **Chicobtd** » September 9th, 2009, 4:43 pm

still seems the same, still getting pop ups like these https://secure0rder.com/offers/?c=s0nbm ... ex&r=99181 even though i got rid of alot of infected files. I even ran the scanner twice, second time found nothing.

by **deltalima** » September 10th, 2009, 8:01 am

Hi Chicobtd,

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

by **silver** » September 14th, 2009, 8:54 pm

Due to a Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal

Free Malware Removal Forum

Trying to get rid of popups, have tried everything

Trying to get rid of popups, have tried everything

Re: Trying to get rid of popups, have tried everything

Re: Trying to get rid of popups, have tried everything

Re: Trying to get rid of popups, have tried everything

Re: Trying to get rid of popups, have tried everything

Re: Trying to get rid of popups, have tried everything

Re: Trying to get rid of popups, have tried everything

Re: Trying to get rid of popups, have tried everything

Re: Trying to get rid of popups, have tried everything

Re: Trying to get rid of popups, have tried everything

Re: Trying to get rid of popups, have tried everything

Who is online