Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Dodgy Startup Homepage keeps re-appearing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Dodgy Startup Homepage keeps re-appearing

Unread postby peanuto » February 28th, 2011, 5:38 pm

Hi there,

I'm hoping you can help with a re-occuring problem I have on my home laptop. I have a normal start up home page for the internet of googlemail (via Mozilla Firefox). However, another tab keeps appearing for a search engine of theprizeday.com/today.php|https (also shown as byteseeker.com). Whenever I go to Options and remove it from the startup area, it disappears for a few weeks, then re-appears. :( It's annoying, but I'm also hoping it is not accessing or causing any damage to my harddrive. I removed a few things dodgy from HijackThis, but it has not helped. I am unsure now what I am looking for and what looks dodgy, so have copied the list below. There are two items at the bottom of this list stating Unknown Owner, but when I fix/delete, they will not delete.
I would be soooo grateful for any advice. Thank you so much. :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:21, on 28/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\IDispChg.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6975882427
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDispChg Service (IDispChgService) - Unknown owner - C:\WINDOWS\system32\IDispChg.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 9814 bytes


Uninstall List:

7-Zip 4.65
ABC (remove only)
ACDSee for PENTAX 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.0.1
BlackBerry Desktop Software 6.0.1
Bluetooth Monitor 2
Canon iP90
Canon iP90 Setup Utility
C-Major Audio
Codec Pack - All In 1 6.0.3.0
Critical Update for Windows Media Player 11 (KB959772)
DVD-RAM Driver
F-Secure Anti-Virus Client Security - Automatic Update Agent
F-Secure Anti-Virus Client Security - E-Mail Scanning
F-Secure Anti-Virus Client Security - Internet Shield
F-Secure Anti-Virus Client Security - Virus & Spy Protection
F-Secure Anti-Virus Client Security - Web Traffic Scanning
GOM Player
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD for TOSHIBA
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 23
K-Lite Codec Pack 2.27 Full
LiveUpdate 2.0 (Symantec Corporation)
Media Access Startup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MobileMe Control Panel
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Demo
neroxml
OGA Notifier 2.0.0048.0
PC Connectivity Solution
PeerGuardian 2.0
QuickAddress Rapid API v3.15
QuickTime
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Internet Explorer 8 (KB961260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
System Search Dispatcher
TOSHIBA Controls
TOSHIBA Display Service for Ext.Monitor
TOSHIBA Mobile Extension3 for Windows XP V3.67.00.XP
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
Winamp
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8 Beta 2
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
WinUAE v0.8.8 R7
peanuto
Active Member
 
Posts: 11
Joined: February 23rd, 2011, 9:52 am
Advertisement
Register to Remove

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby melboy » February 28th, 2011, 7:42 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


========================================


DDS

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Temporarily disable any real-time active protection and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby peanuto » March 1st, 2011, 8:23 pm

Hi Melboy, I've copied the contents of DDS.txt below and attached Attach.txt, as requested on the download. Thank you very much.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Default at 0:06:20.96 on 02/03/2011
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1263.387 [GMT 0:00]

AV: F-Secure Anti-Virus Client Security 6.02 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Anti-Virus Client Security 6.02 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\IDispChg.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Default\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.0.840\ssd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~2.lnk - c:\program files\toshiba\bluetooth monitor\BtMon2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\f-secu~1.lnk - c:\program files\f-secure\backweb\7681197\program\F-Secure Automatic Update.exe
IE: &Block this popup - c:\program files\f-secure\anti-spyware\blockpopups.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program files\f-secure\anti-spyware\ieshield.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/Fac ... oader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 6975882427
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/sh ... rashim.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\default\applic~1\mozilla\firefox\profiles\elfwz3fw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... mplcache=2
FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\elfwz3fw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\elfwz3fw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\media access startup\1.5.0.850\ff\components\HPFFAddOn.dll
FF - plugin: c:\documents and settings\default\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Media Access Startup: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} - c:\program files\media access startup\1.5.0.850\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-9-26 70896]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-11-30 13824]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2005-9-17 6144]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2005-9-17 5888]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\f-secure\backweb\7681197\program\SERVIC~1.EXE [2006-9-26 32807]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\FSfilter.sys [2006-9-26 48816]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2006-9-26 45056]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\win2k\fsgk.sys [2006-9-26 48256]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\FSrec.sys [2006-9-26 16720]
R2 IDispChgService;IDispChg Service;c:\windows\system32\IDispChg.exe [2005-9-17 92848]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.EXE [2005-9-17 126976]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2006-9-26 110642]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\bthprint.sys [2005-9-17 36480]

=============== Created Last 30 ================


==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 0:08:22.86 ===============
You do not have the required permissions to view the files attached to this post.
peanuto
Active Member
 
Posts: 11
Joined: February 23rd, 2011, 9:52 am

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby melboy » March 2nd, 2011, 1:42 pm

Hi

peanuto wrote:and attached Attach.txt, as requested on the download

Please post the logs unless I specifically say to attach them - Thanks
From my welcome speech:
8. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
See Forum Policy on attaching logs


Also, with reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate µTorrent and click on the Change/Remove button to uninstall it.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.


Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
      • DDS.txt
      • Attach.txt
And post them in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby peanuto » March 2nd, 2011, 5:35 pm

Hi,
Sorry, I had originally pasted the info, as you requested, but then read the important instructions on the download and amended it. All pasted below again. I have removed UTorrent, but hadn't used it since 3/2/10.
Thank you


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17/09/2005 16:04:00
System Uptime: 02/03/2011 11:44:00 (10 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) M processor 1.20GHz | IC1005 | 789/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 11.909 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_00011179&REV_83\4&16793A72&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_00011179&REV_83\4&16793A72&0&40F0
Service: E100B

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\769DD03900
Manufacturer: Microsoft
Name: 1394 Net Adapter #3
PNP Device ID: V1394\NIC1394\769DD03900
Service: NIC1394

==== System Restore Points ===================

RP487: 05/01/2011 00:29:39 - Software Distribution Service 3.0
RP488: 06/01/2011 16:50:14 - System Checkpoint
RP489: 07/01/2011 17:56:18 - System Checkpoint
RP490: 09/01/2011 20:55:44 - System Checkpoint
RP491: 11/01/2011 22:26:19 - System Checkpoint
RP492: 13/01/2011 21:45:29 - Software Distribution Service 3.0
RP493: 16/01/2011 20:39:02 - System Checkpoint
RP494: 17/01/2011 20:44:12 - System Checkpoint
RP495: 24/01/2011 22:38:20 - System Checkpoint
RP496: 25/01/2011 21:20:14 - Installed BlackBerry Desktop Software 6.0.1.
RP497: 25/01/2011 21:27:40 - Installed Windows XP Wdf01009.
RP498: 26/01/2011 22:14:17 - System Checkpoint
RP499: 26/01/2011 22:58:45 - Software Distribution Service 3.0
RP500: 27/01/2011 23:19:53 - Software Distribution Service 3.0
RP501: 01/02/2011 21:13:48 - System Checkpoint
RP502: 05/02/2011 11:35:17 - Software Distribution Service 3.0
RP503: 01/01/2000 00:48:36 - System Checkpoint
RP504: 01/01/2000 00:52:09 - Installed Java(TM) 6 Update 23
RP505: 09/02/2011 23:51:59 - Software Distribution Service 3.0
RP506: 11/02/2011 23:12:54 - System Checkpoint
RP507: 11/02/2011 23:55:41 - Software Distribution Service 3.0
RP508: 15/02/2011 22:10:39 - Software Distribution Service 3.0
RP509: 17/02/2011 20:57:19 - System Checkpoint
RP510: 20/02/2011 16:30:50 - System Checkpoint
RP511: 22/02/2011 22:54:43 - System Checkpoint
RP512: 26/02/2011 22:57:07 - System Checkpoint
RP513: 28/02/2011 19:18:04 - System Checkpoint
RP514: 02/03/2011 12:38:28 - System Checkpoint

==== Installed Programs ======================

7-Zip 4.65
ABC (remove only)
ACDSee for PENTAX 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.0.1
Bluetooth Monitor 2
C-Major Audio
Canon iP90
Canon iP90 Setup Utility
Codec Pack - All In 1 6.0.3.0
Critical Update for Windows Media Player 11 (KB959772)
DVD-RAM Driver
F-Secure Anti-Virus Client Security - Automatic Update Agent
F-Secure Anti-Virus Client Security - E-Mail Scanning
F-Secure Anti-Virus Client Security - Internet Shield
F-Secure Anti-Virus Client Security - Virus & Spy Protection
F-Secure Anti-Virus Client Security - Web Traffic Scanning
Facebook Plug-In
GOM Player
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD for TOSHIBA
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java(TM) 6 Update 23
K-Lite Codec Pack 2.27 Full
LiveUpdate 2.0 (Symantec Corporation)
Media Access Startup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MobileMe Control Panel
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Demo
neroxml
OGA Notifier 2.0.0048.0
PC Connectivity Solution
PeerGuardian 2.0
QuickAddress Rapid API v3.15
QuickTime
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Internet Explorer 8 (KB961260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
System Search Dispatcher
TOSHIBA Controls
TOSHIBA Display Service for Ext.Monitor
TOSHIBA Mobile Extension3 for Windows XP V3.67.00.XP
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
WebFldrs XP
Winamp
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 Beta 2
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
WinUAE v0.8.8 R7

==== Event Viewer Messages From Past Week ========

27/02/2011 18:16:19, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 00166F116D87 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
26/02/2011 21:36:10, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
26/02/2011 21:35:54, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00166F116D87. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
23/02/2011 23:56:23, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00166F116D87 has been denied by the DHCP server 10.147.207.233 (The DHCP Server sent a DHCPNACK message).
23/02/2011 12:59:10, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 00166F116D87 has been denied by the DHCP server 10.147.207.233 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


DDS (Ver_10-12-12.02) - NTFSx86
Run by Default at 21:25:55.85 on 02/03/2011
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1263.495 [GMT 0:00]

AV: F-Secure Anti-Virus Client Security 6.02 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Anti-Virus Client Security 6.02 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\IDispChg.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Default\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.0.840\ssd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~2.lnk - c:\program files\toshiba\bluetooth monitor\BtMon2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\f-secu~1.lnk - c:\program files\f-secure\backweb\7681197\program\F-Secure Automatic Update.exe
IE: &Block this popup - c:\program files\f-secure\anti-spyware\blockpopups.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program files\f-secure\anti-spyware\ieshield.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/Fac ... oader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 6975882427
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/sh ... rashim.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\default\applic~1\mozilla\firefox\profiles\elfwz3fw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... mplcache=2
FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\elfwz3fw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\elfwz3fw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\media access startup\1.5.0.850\ff\components\HPFFAddOn.dll
FF - plugin: c:\documents and settings\default\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Media Access Startup: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} - c:\program files\media access startup\1.5.0.850\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-9-26 70896]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-11-30 13824]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2005-9-17 6144]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2005-9-17 5888]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\f-secure\backweb\7681197\program\SERVIC~1.EXE [2006-9-26 32807]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\FSfilter.sys [2006-9-26 48816]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2006-9-26 45056]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\win2k\fsgk.sys [2006-9-26 48256]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\FSrec.sys [2006-9-26 16720]
R2 IDispChgService;IDispChg Service;c:\windows\system32\IDispChg.exe [2005-9-17 92848]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.EXE [2005-9-17 126976]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2006-9-26 110642]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\bthprint.sys [2005-9-17 36480]

=============== Created Last 30 ================


==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 21:27:19.70 ===============
peanuto
Active Member
 
Posts: 11
Joined: February 23rd, 2011, 9:52 am

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby melboy » March 2nd, 2011, 6:20 pm

Hi


Uninstall Programs

  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program in the list and click Remove
  • Continue through the list below (one at a time) until all programs have been removed.
  • If something isn't found, please continue with the next entry in the list.
Java Auto Updater
LiveUpdate 2.0 (Symantec Corporation)
Media Access Startup
System Search Dispatcher



Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader X to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 8.2.6
  • Install the new downloaded updated software.
  • Then using the internal updater ensure the software is updated to the current increment 10.0.1
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • Click to download and install any necessary updates.



Update Java Runtime

You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is: Java Runtime Environment Version 6 Update 24.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition JDK 6 Update 24 (JDK or JRE)"
  • Click the Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u24-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2_05
    Java(TM) 6 Update 23
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

Please download TFC by Old Timer to your desktop,

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.


    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.


In your next reply:
  1. MBAM log
  2. DDS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby melboy » March 4th, 2011, 6:54 pm

Hi peanuto

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby peanuto » March 4th, 2011, 7:32 pm

Hi, I was just working my way through the huge helpful list. Thank you for this, I have quarantined over 400 items. MBAM log below.
I have exceeded the maximum number of allowed characters, so I will try to paste the revised DDS.txt in another message.
:)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5953

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18241

01/01/2000 10:52:25
mbam-log-2000-01-01 (10-52-25).txt

Scan type: Quick scan
Objects scanned: 156954
Time elapsed: 15 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 438

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776C4DC-E894-7C06-2148-5D73CEF5F905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776C4DC-E894-7C06-2148-5D73CEF5F905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\DoubleD\gamingharbor toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\DoubleD\gamingharbor toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\application data\media access startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\application data\media access startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091013-111552.891.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090802-092332.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090802-114309.790.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090802-161801.935.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090803-110304.444.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090803-161909.245.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090803-162910.490.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090804-100355.949.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090806-112046.619.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090806-112448.377.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090806-203849.005.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090807-092704.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090807-151414.426.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090808-092036.240.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090811-185527.559.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090813-192949.278.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090816-215534.409.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090817-210328.009.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090818-214418.476.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090819-210658.712.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090820-213836.756.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090820-213847.491.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090820-214454.989.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090820-215006.206.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090824-195118.478.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090825-194850.837.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090825-202131.048.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090801-204251.151.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090808-123447.584.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090825-202142.004.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090929-221840.676.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091009-104822.309.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090828-131522.696.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090901-210000.329.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090902-232033.020.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090902-232037.196.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090903-093047.655.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090903-093129.886.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090907-203419.396.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090907-231213.930.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090908-220047.669.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090910-225853.116.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090912-133607.853.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090916-220951.259.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090924-191651.270.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090930-235206.034.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091001-184546.883.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091004-150237.850.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091005-211537.428.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091005-215720.747.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091005-215858.087.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091005-235845.082.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091006-001154.717.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091006-213545.227.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091008-110610.935.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091008-114345.467.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091008-152312.066.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091008-181845.402.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091009-121640.217.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091009-172946.999.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091010-104156.026.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091010-222228.057.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091011-103534.022.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091011-210421.336.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091011-210713.103.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091011-210801.803.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091012-084400.715.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091012-125146.882.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091012-144255.845.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091012-200348.135.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091013-092735.337.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091013-162441.063.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091013-201157.435.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091014-085534.851.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091014-091123.685.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091015-115434.127.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091016-095240.409.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091016-132843.799.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091017-000255.607.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091017-000727.067.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091017-092550.784.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091017-233438.143.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091018-095146.556.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091018-100855.465.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091019-115523.914.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091021-202811.991.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091024-120535.857.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091028-201815.981.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091029-224200.474.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091101-182731.102.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091112-143448.409.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091113-200349.797.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091114-131504.495.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091115-215400.169.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091116-214059.897.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091117-234020.102.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091118-194212.489.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091127-135605.559.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091129-225152.477.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091130-220550.121.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091209-092209.943.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091212-144757.320.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091213-151639.920.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091214-171222.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091214-220613.933.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091217-100413.666.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091217-150012.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091217-171227.534.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091220-162948.695.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091221-225151.588.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091222-092300.852.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091229-225713.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091230-224129.524.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100103-152012.932.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100104-195742.331.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100106-205751.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100107-231058.684.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100108-195419.631.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100114-212917.446.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100115-182510.385.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100116-190306.248.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100205-193141.256.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100207-160800.904.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20000105-222103.440.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20081101-220917.955.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090729-225315.380.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090729-232025.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090729-232340.825.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20090730-234636.811.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100215-194424.146.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100216-222243.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100222-221754.383.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100223-195745.023.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100322-210413.145.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100328-230537.979.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100329-202910.916.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100401-230805.264.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100407-220121.137.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100408-205305.926.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100410-172733.557.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100410-194241.115.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100411-124211.747.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100414-171358.895.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100418-140316.974.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100421-183706.910.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100422-221225.052.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100426-103759.922.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100428-211419.741.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100428-214710.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100429-220329.884.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100429-220505.241.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100429-220507.314.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100430-213033.960.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100430-213053.488.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100504-115523.071.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100515-205222.361.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100516-030827.616.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100516-113824.985.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100517-110855.409.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100518-113206.283.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100518-212459.419.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100519-235950.887.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100520-054924.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100520-104134.498.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100520-234814.036.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100521-103557.792.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100521-195746.662.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100521-232823.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100522-101332.904.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100522-101943.117.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100522-102918.582.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100523-185648.444.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100525-184006.806.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100526-200148.403.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100529-120948.473.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100529-173750.770.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100530-112219.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100611-151036.491.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100611-171516.332.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100611-184202.851.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100611-222141.952.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100612-111716.672.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100612-160605.591.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100613-101704.009.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100613-145553.492.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100613-180343.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100613-205759.601.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100614-101541.534.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100614-194522.371.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100615-095720.353.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100617-193212.932.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100619-150636.556.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100624-224344.557.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100627-085934.542.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100627-114233.449.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100629-225808.528.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100701-202824.229.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100704-192239.153.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100705-221448.165.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100706-211650.467.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100707-225759.790.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100707-235740.989.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100707-235743.864.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100712-075334.685.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100712-075425.568.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100714-221932.680.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100714-221950.376.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100723-114525.606.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100726-233915.129.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100726-234822.076.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100727-200411.166.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100802-092506.628.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100802-092530.382.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100802-195519.577.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100802-210128.654.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100803-083847.321.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100803-084046.592.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100803-191520.678.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100807-125952.100.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100811-194516.801.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100815-190808.435.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100816-184803.901.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100816-190644.957.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100817-224204.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100818-180153.856.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100818-180536.977.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100819-213420.988.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100820-194003.933.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100821-174412.745.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100821-175027.914.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100821-175829.597.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100821-175904.116.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100821-195854.670.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100822-095950.771.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100822-115717.549.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100823-100415.738.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100823-105648.862.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100823-105909.314.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100823-105912.769.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100823-110138.278.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100823-110145.489.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100823-171731.603.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100824-101251.489.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100824-202019.329.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100824-224534.400.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100825-101237.551.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100826-114247.444.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100826-190419.918.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100826-191311.573.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100826-191448.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100826-203957.819.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100827-105419.382.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100827-121627.227.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100827-144341.821.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100827-170215.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100827-215107.332.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100827-215156.022.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100828-110649.054.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100828-132635.183.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091018-105830.455.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091118-195430.570.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20091222-092155.027.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100208-210634.639.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100412-211233.405.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100508-115100.752.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100522-002030.740.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100612-103506.239.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100627-085939.339.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100715-181035.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100813-185748.719.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100821-232756.904.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100825-161658.716.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100829-224009.955.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100911-163034.288.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101006-231221.306.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101022-195647.362.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101101-224533.112.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101110-233538.619.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101123-200219.710.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101222-205456.052.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110109-160935.949.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110124-212851.041.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110211-220259.036.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100831-225444.849.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100901-223233.202.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100902-220349.892.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100904-220719.751.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100904-220747.992.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100905-204606.591.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100907-201739.629.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100907-202551.190.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100907-205727.086.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100907-231422.349.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100907-233047.596.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100909-202839.717.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100909-204143.369.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100913-220937.310.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100914-200036.927.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100919-103637.394.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100919-123046.415.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100922-205705.565.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100923-193215.461.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100927-235047.467.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100928-194559.211.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100930-193613.403.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20100930-194543.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101003-120522.506.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101003-160501.333.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101005-212155.762.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101006-231229.348.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101007-191534.856.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101007-191744.112.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101008-214305.342.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101009-165341.679.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101010-145905.279.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101011-002208.457.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101011-191321.976.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101015-231128.735.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101019-194029.180.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101020-000120.926.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101020-182738.944.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101021-171405.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101023-164535.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101023-165939.148.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101024-135052.538.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101025-212037.016.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101026-193325.599.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101026-213044.009.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101027-223931.182.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101027-224126.648.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101028-195149.238.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101028-211242.477.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101029-192453.089.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101029-234753.648.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101031-135809.521.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101102-214938.426.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101102-230133.365.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101103-175434.644.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101104-190916.049.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101104-204540.191.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101105-154137.066.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101105-160950.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101106-194620.620.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101106-194633.018.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101107-113352.569.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101107-180557.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101108-211948.325.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101109-191814.735.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101113-123726.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101114-063352.272.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101114-131825.496.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101114-191508.136.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101114-230333.132.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101115-195258.401.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101116-221235.799.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101119-150009.975.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101121-134431.992.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101121-141904.044.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101121-180844.459.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101122-205859.351.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101122-223242.697.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101124-185454.597.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101125-205617.124.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101125-233105.874.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101126-174433.010.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101126-232052.196.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101127-154459.039.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101213-195418.225.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101216-203031.549.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101217-203821.097.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101217-204124.711.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101219-210454.746.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101221-201444.503.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101222-204705.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101222-213920.631.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20101230-192339.768.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110102-153641.939.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110102-200133.677.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110103-015248.150.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110103-145719.552.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110106-132341.935.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110107-134952.747.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110108-143012.380.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110108-181120.951.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110109-080454.900.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110109-081053.544.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110109-155701.103.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110109-162750.493.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110110-083427.105.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110113-204955.541.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110114-150848.682.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110116-191555.636.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110117-185157.348.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110118-004757.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110118-004843.717.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110118-220906.089.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110119-223654.808.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110119-225307.596.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110119-225502.742.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110119-230144.009.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110125-194948.075.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110125-225131.954.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110126-205356.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110127-202009.481.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110130-220845.229.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110201-215701.024.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110202-171619.019.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110203-211739.433.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110205-113533.706.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110205-132625.420.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110206-235053.295.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110209-232846.025.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110209-232905.973.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110212-115746.118.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110212-172506.563.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110213-220824.411.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110215-193756.337.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110216-203500.596.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110217-175703.347.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110220-143233.051.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110220-172944.889.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110222-223017.795.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110223-133520.251.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110224-000042.404.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110226-214057.092.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110227-184930.833.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110228-175719.341.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110301-233952.615.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110302-002915.755.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110302-121342.993.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\hjhp_20110303-000217.005.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Default\local settings\application data\media access startup\1.5.0.850\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\application data\media access startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\application data\media access startup\1.5.0.850\hjhp_20100726-234613.221.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\application data\media access startup\1.5.0.850\hjhp_20100727-000142.737.log (Adware.DoubleD) -> Quarantined and deleted successfully.
peanuto
Active Member
 
Posts: 11
Joined: February 23rd, 2011, 9:52 am

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby peanuto » March 4th, 2011, 7:34 pm

DDS.txt below...

DDS (Ver_10-12-12.02) - NTFSx86
Run by Default at 11:15:25.87 on 01/01/2000
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1263.474 [GMT 0:00]

AV: F-Secure Anti-Virus Client Security 6.02 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Anti-Virus Client Security 6.02 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\IDispChg.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Default\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~2.lnk - c:\program files\toshiba\bluetooth monitor\BtMon2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\f-secu~1.lnk - c:\program files\f-secure\backweb\7681197\program\F-Secure Automatic Update.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Block this popup - c:\program files\f-secure\anti-spyware\blockpopups.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program files\f-secure\anti-spyware\ieshield.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/Fac ... oader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 6975882427
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/sh ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\default\applic~1\mozilla\firefox\profiles\elfwz3fw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/Service ... mplcache=2
FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\elfwz3fw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\elfwz3fw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\default\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-9-26 70896]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-11-30 13824]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2005-9-17 6144]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2005-9-17 5888]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\f-secure\backweb\7681197\program\SERVIC~1.EXE [2006-9-26 32807]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\FSfilter.sys [2006-9-26 48816]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2006-9-26 45056]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\win2k\fsgk.sys [2006-9-26 48256]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\FSrec.sys [2006-9-26 16720]
R2 IDispChgService;IDispChg Service;c:\windows\system32\IDispChg.exe [2005-9-17 92848]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.EXE [2005-9-17 126976]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2006-9-26 110642]
S3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\bthprint.sys [2005-9-17 36480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2011-03-03 22:43:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-03 00:39:19 -------- d-----w- c:\docume~1\default\locals~1\applic~1\Temp
2011-03-03 00:31:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2011-03-03 00:31:07 -------- d-----w- c:\program files\McAfee Security Scan
2011-01-30 15:45:12 135568 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 15:45:12 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-25 22:19:41 -------- d-----w- c:\docume~1\default\applic~1\Blackberry Desktop
2011-01-25 21:27:40 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-01-25 21:23:37 -------- d-----w- c:\docume~1\default\locals~1\applic~1\Research In Motion
2011-01-25 21:23:33 -------- d-----w- c:\docume~1\default\applic~1\Research In Motion
2011-01-25 21:22:48 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2011-01-25 21:21:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion
2011-01-25 21:20:32 -------- d-----w- c:\program files\common files\Research In Motion
2011-01-25 21:20:31 -------- d-----w- c:\program files\Research In Motion
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2010-12-16 20:31:35 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-11-09 14:52:35 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
2010-11-09 14:52:35 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
2010-10-31 18:52:07 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-10-14 23:51:19 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 23:51:06 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-05 21:30:17 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-05 21:30:16 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-05 21:30:15 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-09-30 13:37:04 12278608 ----a-w- c:\program files\common files\microsoft shared\office11\MSO.DLL
2010-08-22 19:42:34 507904 ----a-r- c:\windows\system32\btwapi.dll
2010-08-17 13:17:06 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-16 12:05:55 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll
2010-07-14 21:10:51 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 21:56:35 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-07-07 21:56:34 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-06-24 21:53:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-24 21:53:45 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-06-16 13:53:32 75776 ----a-w- c:\windows\system32\drivers\RimUsb.sys
2010-06-16 13:53:32 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-05-06 21:32:42 -------- d-----w- c:\docume~1\default\applic~1\Facebook
2010-04-20 05:30:08 290048 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-04-16 08:49:08 503296 ----a-w- c:\program files\common files\microsoft shared\office11\USP10.DLL
2010-03-30 23:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 23:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-30 11:24:40 317440 -c----w- c:\windows\system32\dllcache\mp4sdecd.dll
2010-03-16 20:39:01 -------- d-----w- c:\program files\GRETECH
2010-03-16 20:27:29 -------- d-----w- c:\program files\Trend Micro
2010-03-12 08:42:36 -------- d-----w- c:\docume~1\default\applic~1\Office Genuine Advantage
2010-03-05 14:37:40 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
2010-03-01 22:16:06 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-22 12:00:36 1430360 ----a-w- c:\program files\common files\system\msmapi\1033\MSMAPI32.DLL
2010-01-13 14:01:25 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2009-12-16 18:43:27 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2009-11-27 17:11:44 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:07:34 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2009-11-07 00:07:08 49488 ----a-w- c:\windows\system32\netfxperf.dll
2009-11-07 00:07:04 297808 ----a-w- c:\windows\system32\mscoree.dll
2009-11-07 00:06:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-10-22 15:44:54 732488 ----a-w- c:\program files\common files\system\msmapi\1033\MSPST32.DLL
2009-10-20 16:20:16 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-10-09 09:54:46 -------- d-----w- c:\program files\uTorrent
2009-09-04 21:03:36 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 13:50:48 2594632 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
2009-08-25 18:56:24 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-25 18:55:39 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-08-25 18:53:46 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-25 18:53:45 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-25 18:53:45 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-25 18:53:45 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-08-25 18:53:44 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-25 18:53:42 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-25 18:53:41 -------- d-----w- C:\ed4a1cac3897b29563711ad73c8c
2009-08-04 18:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-03 15:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-27 23:17:41 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2009-07-21 00:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 19:01:06 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-06-25 08:25:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 08:25:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-24 11:18:41 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-10 14:13:29 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 08:19:38 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-06-07 22:37:33 -------- d-----w- c:\program files\Samsung
2009-05-18 00:46:44 31048 ----a-w- c:\program files\common files\system\msmapi\1033\DUMPSTER.DLL
2009-05-18 00:28:42 7255872 ----a-w- c:\program files\common files\microsoft shared\web components\10\OWC10.DLL
2009-05-07 15:32:35 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-04-21 21:40:22 118616 ----a-w- c:\program files\common files\system\msmapi\1033\CONTAB32.DLL
2009-04-17 03:42:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-04-17 03:42:19 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-04-17 03:42:18 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-04-17 03:42:14 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-04-17 03:42:06 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 03:42:03 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-04-17 03:42:01 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-04-17 03:39:43 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-04-15 14:51:25 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-14 17:56:03 -------- d-----w- c:\docume~1\default\locals~1\applic~1\Ahead
2009-04-14 17:31:46 -------- d-----w- c:\program files\Nero
2009-04-09 18:46:48 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2009-04-09 18:46:48 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2009-04-09 18:46:48 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2009-04-09 18:46:48 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2009-04-09 18:46:48 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2009-04-09 18:46:48 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2009-04-09 18:46:48 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2009-03-29 00:15:45 -------- d-----w- c:\docume~1\default\applic~1\Samsung
2009-03-28 23:15:24 174592 ----a-w- c:\windows\system32\framedyn.dll
2009-03-28 23:13:58 83592 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2009-03-28 23:13:58 15112 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2009-03-28 23:13:58 12424 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2009-03-28 23:13:58 12424 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2009-03-28 23:13:58 12424 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2009-03-28 23:13:58 12424 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2009-03-28 23:13:58 109704 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2009-03-28 23:13:57 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-03-28 23:11:20 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-03-24 16:47:14 8058192 ----a-w- c:\program files\common files\microsoft shared\web components\11\OWC11.DLL
2009-03-21 14:06:58 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2009-03-12 19:04:30 709976 ----a-w- c:\program files\common files\system\msmapi\1033\EMSMDB32.DLL
2009-02-15 23:25:30 135000 ----a-w- c:\program files\common files\system\msmapi\1033\EMSUI32.DLL
2009-02-15 23:25:22 657232 ----a-w- c:\program files\common files\system\msmapi\1033\OUTEX.DLL
2009-02-15 23:25:20 282968 ----a-w- c:\program files\common files\system\msmapi\1033\PSTPRX32.DLL
2009-02-15 23:25:18 265544 ----a-w- c:\program files\common files\system\msmapi\1033\EMSABP32.DLL
2009-02-15 23:25:18 240984 ----a-w- c:\program files\common files\system\msmapi\1033\SCNPST64.DLL
2009-02-15 23:25:14 232280 ----a-w- c:\program files\common files\system\msmapi\1033\SCNPST32.DLL
2009-02-03 19:59:07 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-01-04 16:41:10 -------- d-----w- C:\479eec6133ccd8f78ab40ad5a9acf162
2008-12-21 21:57:03 -------- d-----w- c:\windows\ie8updates
2008-12-19 14:51:21 -------- d-sh--w- c:\documents and settings\default\PrivacIE
2008-12-19 13:42:36 -------- dc-h--w- c:\windows\ie8
2008-12-05 06:54:55 149504 -c----w- c:\windows\system32\dllcache\schannel.dll
2008-11-28 23:35:26 -------- d-----w- C:\54b2d352ebc130f39217ed1e37
2008-11-24 23:42:34 -------- d-----w- c:\program files\iPod
2008-11-24 23:42:18 -------- d-----w- c:\program files\iTunes
2008-11-24 23:42:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 23:39:24 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2008-11-24 23:39:24 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2008-11-24 23:39:24 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2008-11-24 23:39:24 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2008-11-24 23:39:24 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2008-11-24 23:39:24 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2008-11-24 23:39:24 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2008-11-24 23:33:18 32000 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2008-11-12 22:14:01 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 22:12:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2008-11-04 10:30:54 90112 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30:54 57344 -c--a-w- c:\windows\system32\QuickTime.qts
2008-10-30 23:06:18 -------- d-----w- c:\windows\system32\scripting
2008-10-30 23:06:14 -------- d-----w- c:\windows\l2schemas
2008-10-30 23:06:13 -------- d-----w- c:\windows\system32\en
2008-10-30 23:06:12 -------- d-----w- c:\windows\system32\bits
2008-10-30 22:56:01 -------- d-----w- c:\windows\network diagnostic
2008-10-28 18:20:07 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 22:36:34 276992 -c----w- c:\windows\system32\wmphoto.dll
2008-10-23 22:36:24 69120 -c----w- c:\windows\system32\wlanapi.dll
2008-10-23 22:36:16 712704 -c----w- c:\windows\system32\windowscodecs.dll
2008-10-23 22:36:16 346112 -c----w- c:\windows\system32\windowscodecsext.dll
2008-10-23 22:35:34 50688 -c----w- c:\windows\system32\tspkg.dll
2008-10-23 22:35:33 53248 -c----w- c:\windows\system32\tsgqec.dll
2008-10-23 22:33:56 412160 -c----w- c:\windows\system32\photometadatahandler.dll
2008-10-23 22:32:59 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2008-10-23 22:31:59 241152 -c--a-w- c:\windows\system32\dllcache\migwiza.exe
2008-10-23 22:30:43 189440 -c--a-w- c:\windows\system32\dllcache\smtpadm.dll
2008-10-23 22:30:43 10752 -c--a-w- c:\windows\system32\dllcache\smtpapi.dll
2008-10-23 22:30:43 10752 -c----w- c:\windows\system32\smtpapi.dll
2008-10-23 22:30:42 9728 -c--a-w- c:\windows\system32\dllcache\rwnh.dll
2008-10-23 22:30:42 9728 -c----w- c:\windows\system32\rwnh.dll
2008-10-23 22:30:42 221696 -c--a-w- c:\windows\system32\dllcache\seo.dll
2008-10-23 22:30:01 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2008-10-23 22:28:59 17920 -c--a-w- c:\windows\system32\dllcache\cobramsg.dll
2008-10-23 22:28:43 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll
2008-10-23 22:28:43 7168 -c----w- c:\windows\system32\bitsprx4.dll
2008-10-23 22:28:42 233472 -c--a-w- c:\windows\system32\dllcache\azroles.dll
2008-10-23 22:28:42 233472 -c----w- c:\windows\system32\azroles.dll
2008-10-23 22:28:03 136192 -c--a-w- c:\windows\system32\dllcache\aaclient.dll
2008-10-23 22:28:03 136192 -c----w- c:\windows\system32\aaclient.dll
2008-10-23 12:36:14 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 18:53:43 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 18:53:41 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 18:53:39 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 18:53:37 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-11 23:06:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Channel4
2008-10-06 18:12:14 -------- d-----w- c:\program files\Windows Media Connect 2
2008-10-06 18:09:24 -------- d-----w- c:\windows\system32\LogFiles
2008-09-06 18:16:28 -------- d-----w- c:\program files\K-Lite Codec Pack
2008-09-02 19:34:38 -------- d-----w- c:\program files\MSXML 4.0
2008-08-31 21:39:34 1425912 ----a-w- c:\program files\common files\microsoft shared\office11\MSXML5.DLL
2008-08-30 16:18:33 -------- d-----w- c:\program files\ABC
2008-08-22 03:16:40 637984 -c----w- c:\windows\system32\dllcache\iexplore.exe
2008-08-22 03:15:56 1216512 ------w- c:\windows\system32\ieframe.dll.mui
2008-08-22 03:14:40 10240 -c----w- c:\windows\system32\advpack.dll.mui
2008-08-22 03:08:56 658944 -c----w- c:\program files\internet explorer\iedvtool.dll
2008-08-22 03:08:40 217088 -c----w- c:\program files\internet explorer\jsprofilerui.dll
2008-08-22 03:08:34 15360 -c----w- c:\program files\internet explorer\ExtExport.exe
2008-08-22 03:08:32 118272 -c----w- c:\program files\internet explorer\JSProfilerCore.dll
2008-08-22 03:08:28 382976 -c----w- c:\program files\internet explorer\jsdbgui.dll
2008-08-22 03:08:22 120832 -c----w- c:\program files\internet explorer\jsdebuggeride.dll
2008-08-22 03:07:50 193536 -c----w- c:\windows\system32\dllcache\msrating.dll
2008-08-22 03:07:50 116224 -c----w- c:\windows\system32\dllcache\occache.dll
2008-08-22 03:07:14 259072 -c----w- c:\program files\internet explorer\ieproxy.dll
2008-08-22 03:06:44 385024 -c----w- c:\windows\system32\dllcache\iedkcs32.dll
2008-08-22 03:06:24 162304 -c----w- c:\windows\system32\dllcache\ie4uinit.exe
2008-08-22 03:06:16 128512 -c----w- c:\windows\system32\dllcache\advpack.dll
2008-08-22 03:05:24 186880 -c----w- c:\windows\system32\dllcache\iepeers.dll
2008-08-22 03:05:16 346624 -c----w- c:\windows\system32\dllcache\dxtmsft.dll
2008-08-22 03:05:14 45056 -c----w- c:\windows\system32\dllcache\pngfilt.dll
2008-08-22 03:05:14 35840 -c----w- c:\windows\system32\dllcache\imgutil.dll
2008-08-22 03:05:10 217088 -c----w- c:\windows\system32\dllcache\dxtrans.dll
2008-08-22 03:05:08 70656 -c----w- c:\windows\system32\dllcache\mshtmled.dll
2008-08-22 03:05:00 48640 -c----w- c:\windows\system32\PrivacIE.dll
2008-08-22 03:04:54 45568 -c----w- c:\windows\system32\dllcache\mshta.exe
2008-08-22 03:00:28 68608 -c----w- c:\windows\system32\dllcache\hmmapi.dll
2008-08-17 14:28:44 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2008-08-15 20:21:15 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2008-08-05 17:55:38 355832 -c----w- c:\program files\internet explorer\pdm.dll
2008-08-05 17:55:38 265720 -c--a-w- c:\windows\system32\msdbg2.dll
2008-07-29 20:10:04 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-29 20:10:04 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-29 20:10:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-29 18:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-29 18:59:58 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-29 18:59:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 18:24:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-29 18:24:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-29 18:24:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2008-07-29 18:24:50 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-29 04:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 10:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 10:16:58 158720 ----a-w- c:\windows\system32\mscorier.dll
2008-07-25 10:16:58 158720 ----a-w- c:\program files\internet explorer\mui\0409\mscorier.dll
2008-07-07 20:26:58 253952 -c----w- c:\windows\system32\dllcache\es.dll
2008-06-26 08:15:29 1499136 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2008-06-24 16:43:16 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2008-06-20 17:46:57 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2008-06-20 17:46:57 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2008-06-20 11:40:08 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2008-06-17 19:02:19 8462336 -c----w- c:\windows\system32\dllcache\shell32.dll
2008-06-14 12:19:43 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2008-06-14 12:19:03 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2008-06-12 14:23:32 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2008-06-12 11:27:56 134144 -c----w- c:\program files\internet explorer\sqmapi.dll
2008-06-12 11:27:52 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2008-06-12 11:27:52 1022976 -c----w- c:\windows\system32\dllcache\browseui.dll
2008-06-12 11:27:44 24576 -c--a-w- c:\windows\system32\nlsdl.dll
2008-06-12 11:27:42 26112 -c--a-w- c:\windows\system32\idndl.dll
2008-06-12 11:27:42 23552 ----a-w- c:\windows\system32\normaliz.dll
2008-06-04 22:29:39 -------- d-----w- c:\documents and settings\default\Phone Browser
2008-05-09 10:53:40 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2008-05-09 10:53:39 552960 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2008-05-09 10:53:39 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2008-05-07 09:07:23 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2008-05-07 05:12:40 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2008-04-21 06:44:29 5699584 -c--a-w- c:\windows\system32\dllcache\mshtml.dll
2008-04-11 22:33:45 -------- d-----w- c:\program files\Kontiki
2008-04-11 22:33:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kontiki
2008-04-11 22:33:43 -------- d-----w- C:\logs3
2008-03-18 13:54:28 -------- d-----w- c:\docume~1\default\locals~1\applic~1\Apple
2008-03-18 13:52:26 -------- d-----w- c:\docume~1\default\locals~1\applic~1\Apple Computer
2008-03-08 11:57:17 -------- d-----w- c:\docume~1\default\applic~1\ACD Systems
2008-03-08 11:46:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\ACD Systems
2008-03-08 11:45:49 -------- d-----w- c:\program files\ACD Systems
2008-03-08 11:45:48 -------- d-----w- c:\program files\common files\ACD Systems
2008-03-08 11:45:31 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2008-03-08 11:42:24 -------- d-----w- c:\windows\Downloaded Installations
2008-01-30 21:16:27 737280 ----a-w- c:\windows\iun6002.exe
2008-01-30 21:16:18 -------- d-----w- c:\program files\Codec Pack - All In 1
2008-01-29 11:02:30 107368 -c--a-w- c:\windows\system32\GEARAspi.dll
2008-01-29 11:01:28 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2007-12-14 18:47:46 238080 ----a-w- c:\program files\common files\microsoft shared\msclientdatamgr\MSCDM.DLL
2007-11-28 09:33:38 743424 ----a-w- c:\program files\common files\system\msmapi\1033\CDO.DLL
2007-11-25 23:43:08 245408 ----a-w- c:\windows\system32\unicows.dll
2007-11-22 23:10:25 -------- d-----w- c:\docume~1\default\locals~1\applic~1\Google
2007-11-22 23:00:58 -------- d-----w- C:\Downloads
2007-11-22 22:42:03 -------- d-----w- c:\program files\BitComet
2007-11-19 20:59:36 119816 ----a-w- c:\program files\common files\microsoft shared\textconv\MSCONV97.DLL
2007-11-19 19:42:20 54280 ----a-w- c:\program files\common files\system\msmapi\1033\SCANOST.EXE
2007-11-19 19:38:20 109064 ----a-w- c:\program files\common files\system\msmapi\1033\EMABLT32.DLL
2007-11-07 08:12:28 232960 ----a-w- C:\VC_RED.MSI
2007-11-07 08:03:18 97296 ----a-w- C:\install.res.1036.dll
2007-11-07 08:03:18 96272 ----a-w- C:\install.res.3082.dll
2007-11-07 08:03:18 96272 ----a-w- C:\install.res.1031.dll
2007-11-07 08:03:18 95248 ----a-w- C:\install.res.1040.dll
2007-11-07 08:03:18 91152 ----a-w- C:\install.res.1033.dll
2007-11-07 08:03:18 81424 ----a-w- C:\install.res.1041.dll
2007-11-07 08:03:18 79888 ----a-w- C:\install.res.1042.dll
2007-11-07 08:03:18 76304 ----a-w- C:\install.res.1028.dll
2007-11-07 08:03:18 75792 ----a-w- C:\install.res.2052.dll
2007-11-07 08:03:18 668672 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
2007-11-07 08:03:18 562688 ----a-w- C:\install.exe
2007-11-05 16:18:52 781312 -c--a-w- c:\program files\common files\system\msmapi\1033\MAPIR.DLL
2007-11-04 22:47:58 -------- d-----w- c:\docume~1\default\applic~1\.ABC
2007-11-04 22:36:32 -------- d-----w- c:\program files\PeerGuardian2
2007-11-03 13:05:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Winamp Toolbar
2007-11-03 13:05:09 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2007-11-03 13:05:08 1669120 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2007-11-03 13:04:21 -------- d-----w- c:\windows\RegisteredPackages
2007-10-14 11:38:17 -------- d--h--w- c:\program files\Zero G Registry
2007-10-14 11:37:56 -------- d--h--w- c:\documents and settings\default\InstallAnywhere
2007-10-13 21:51:10 -------- d-----w- c:\program files\WinUAE
2007-10-13 21:48:27 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2007-10-04 18:45:12 -------- d-----w- c:\program files\PC Connectivity Solution
2007-10-04 18:45:02 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2007-08-28 16:05:12 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
2007-06-18 16:05:02 1103280 ----a-w- c:\program files\common files\microsoft shared\office11\RICHED20.DLL
2007-06-14 14:43:14 14728 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\1033\MSPFLTRS.DLL
2007-06-03 18:09:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2007-06-02 14:12:53 274288 ----a-w- c:\windows\system32\mucltui.dll
2007-06-02 14:12:53 215920 ----a-w- c:\windows\system32\muweb.dll
2007-06-02 14:12:53 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2007-06-01 23:30:53 -------- d-----w- c:\documents and settings\default\Contacts
2007-06-01 23:25:14 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2007-06-01 23:25:13 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2007-06-01 23:25:11 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2007-06-01 23:25:11 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2007-06-01 23:24:17 -------- d-----w- c:\program files\Windows Live Toolbar
2007-05-31 12:50:10 1168736 -c--a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPSRVUTL.DLL
2007-05-03 13:12:32 59744 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPOCRDC.EXE
2007-05-02 12:45:26 2123104 -c--a-w- c:\program files\common files\system\ole db\MSOLAP80.DLL
2007-04-30 14:11:38 89440 -c--a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPENCODE.DLL
2007-04-19 13:16:14 807256 -c--a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPWEC.DLL
2007-04-19 13:10:38 131424 -c--a-w- c:\program files\common files\microsoft shared\translat\MSB1CORE.DLL
2007-04-19 13:10:34 126304 -c--a-w- c:\program files\common files\microsoft shared\msinfo\OINFOP11.EXE
2007-04-19 13:10:06 52576 -c--a-w- c:\program files\common files\microsoft shared\translat\MSB1XTOR.DLL
2007-04-19 13:09:48 1061720 -c--a-w- c:\program files\common files\microsoft shared\snapshot viewer\OMFC.DLL
2007-04-19 13:09:30 167256 -c--a-w- c:\program files\common files\microsoft shared\smart tag\IETAG.DLL
2007-04-19 12:58:26 34656 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\TWRECC.DLL
2007-04-19 12:57:40 46432 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL
2007-04-19 12:56:58 29024 -c--a-w- c:\program files\common files\microsoft shared\euro\MSOEURO.DLL
2007-04-19 12:55:16 53088 -c--a-w- c:\program files\common files\microsoft shared\web components\11\DFUICOM.EXE
2007-04-19 12:55:16 148312 ----a-w- c:\program files\common files\microsoft shared\web components\11\ATP.DLL
2007-04-19 12:54:32 50016 -c--a-w- c:\program files\common files\microsoft shared\snapshot viewer\SNAPVIEW.EXE
2007-04-19 12:49:28 383328 -c--a-w- c:\program files\common files\microsoft shared\msorun\MSORUN.DLL
2007-04-19 12:47:42 297304 ----a-w- c:\program files\common files\microsoft shared\smart tag\MOFL.DLL
2007-04-19 12:47:40 186208 -c--a-w- c:\program files\common files\microsoft shared\smart tag\FPERSON.DLL
2007-04-19 12:47:40 171872 ----a-w- c:\program files\common files\microsoft shared\smart tag\FPLACE.DLL
2007-04-19 12:47:38 159072 ----a-w- c:\program files\common files\microsoft shared\smart tag\FSTOCK.DLL
2007-04-19 12:47:38 130904 ----a-w- c:\program files\common files\microsoft shared\smart tag\FNAME.DLL
2007-04-19 12:47:38 126808 ----a-w- c:\program files\common files\microsoft shared\smart tag\FDATE.DLL
2007-04-10 17:21:08 163256 ----a-w- c:\program files\mozilla firefox\plugins\np-mswmp.dll
2007-04-09 18:44:00 637784 -c--a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
2007-04-09 12:24:06 1025416 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPCORE.DLL
2007-04-09 12:24:04 793480 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPFILT.DLL
2007-04-09 12:24:04 758664 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIGRAPH.DLL
2007-04-09 12:24:04 453512 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\MDIVWCTL.DLL
2007-04-09 12:24:00 367496 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPVIEW.EXE
2007-04-09 12:23:58 46472 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIUI.DLL
2007-04-09 12:23:58 231816 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\MDIINK.DLL
2007-04-09 12:23:58 130952 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPSCAN.EXE
2007-04-09 12:23:54 28552 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIPPR.DLL
2007-04-09 12:23:54 28040 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIMON.DLL
2007-04-09 12:23:52 25992 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPGIMME.DLL
2007-03-31 16:11:43 -------- d-----w- c:\docume~1\default\locals~1\applic~1\Identities
2007-03-30 09:54:06 1054856 -c--a-w- c:\program files\common files\microsoft shared\proof\MSSP3ES.DLL
2007-03-22 18:31:06 151904 ----a-w- c:\program files\common files\microsoft shared\office11\1033\ALRTINTL.DLL
2007-03-22 18:29:32 44888 -c--a-w- c:\program files\common files\microsoft shared\office11\MSSH.DLL
2007-03-22 18:29:28 43360 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
2007-03-22 18:29:28 39264 -c--a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
2007-03-22 18:29:24 39256 -c--a-w- c:\program files\common files\microsoft shared\web folders\MSOSV.DLL
2007-03-22 18:29:16 20824 -c--a-w- c:\program files\common files\microsoft shared\office11\MSMH.DLL
2007-03-22 18:29:16 14704 -c--a-w- c:\program files\common files\microsoft shared\smart tag\SmartTagInstall.exe
2007-03-22 18:29:14 1753952 ----a-w- c:\program files\common files\microsoft shared\office11\1033\MSOINTL.DLL
2007-03-22 18:29:10 13664 -c--a-w- c:\program files\common files\microsoft shared\web folders\1033\MSOSVINT.DLL
2007-03-22 18:26:28 17248 -c--a-w- c:\program files\common files\microsoft shared\textconv\WPEQU532.DLL
2007-03-22 18:25:54 124248 -c--a-w- c:\program files\common files\microsoft shared\office11\UCS20.DLL
2007-03-22 18:23:30 19296 -c--a-w- c:\program files\common files\microsoft shared\msinfo\OINFOS11.DLL
2007-03-22 18:17:04 35440 -c--a-w- c:\windows\system32\FM20ENU.DLL
2007-03-22 18:16:52 542048 -c--a-w- c:\program files\common files\microsoft shared\web components\11\1033\OWCI11.DLL
2007-03-22 18:13:38 58720 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXMLED.EXE
2007-03-22 18:13:38 45408 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXEV.DLL
2007-03-22 18:08:14 149856 -c--a-w- c:\program files\common files\system\msmapi\1033\CNFNOT32.EXE
2007-03-22 18:07:14 45920 -c--a-w- c:\program files\common files\system\msmapi\1033\SCANPST.EXE
2007-03-22 18:06:34 15712 -c--a-w- c:\program files\common files\system\msmapi\1033\BJABLR32.DLL
2007-03-22 18:05:32 60256 ----a-w- c:\program files\common files\microsoft shared\office11\1033\LCCWIZ.DLL
2007-03-22 18:03:40 20832 ----a-w- c:\program files\common files\microsoft shared\smart tag\1033\STINTL.DLL
2007-03-05 08:47:16 243200 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\1033\MSPLCRES.DLL
2007-03-05 08:47:10 6144 -c--a-w- c:\program files\common files\microsoft shared\modi\11.0\OCRPS.DLL
2007-02-17 19:02:59 -------- d-----w- c:\docume~1\default\locals~1\applic~1\Adobe
2007-02-10 21:49:42 -------- d-s---w- c:\documents and settings\default\UserData
2006-11-26 12:47:00 -------- d-----w- c:\docume~1\default\applic~1\F-Secure
2006-11-21 18:38:34 -------- d--h--w- c:\windows\system32\GroupPolicy
2006-11-02 15:09:50 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2006-11-02 07:39:58 1536 ----a-w- c:\program files\common files\microsoft shared\ink\PENUSA.DLL
2006-11-02 06:22:54 444136 ------w- c:\windows\system32\drivers\wdf01000.sys
2006-11-02 06:22:52 37608 ------w- c:\windows\system32\drivers\wdfldr.sys
2006-10-18 19:05:26 204288 ------w- c:\program files\windows media player\wmpnscfg.exe
2006-10-18 19:05:24 913408 ------w- c:\program files\windows media player\wmpnetwk.exe
2006-10-18 19:05:16 232448 -c----w- c:\windows\system32\l3codecp.acm
2006-10-18 19:05:02 25600 ------w- c:\program files\windows media player\wmpenc.exe
2006-10-18 19:05:00 241664 ------w- c:\program files\windows media player\wmlaunch.exe
2006-10-18 19:04:40 493568 ------w- c:\program files\windows media player\wmdbexport.exe
2006-10-18 19:04:30 36864 ------w- c:\program files\windows media player\wmpshare.exe
2006-10-18 19:00:46 249856 ------w- c:\windows\system32\drmupgds.exe
2006-10-18 19:00:14 17408 -c----w- c:\windows\system32\wpdshextautoplay.exe
2006-10-14 08:13:25 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll
2006-10-02 14:28:42 312128 -c----w- c:\windows\system32\msdelta.dll
2006-09-28 19:13:26 95344 -c----w- c:\windows\system32\WUDFCoinstaller.dll
2006-09-28 18:00:34 82944 ------w- c:\windows\system32\drivers\WudfRd.sys
2006-09-28 17:56:38 316416 -c----w- c:\windows\system32\WUDFx.dll
2006-09-28 17:56:38 146432 -c----w- c:\windows\system32\WudfHost.exe
2006-09-28 17:56:16 165376 -c----w- c:\windows\system32\WudfPlatform.dll
2006-09-28 17:56:14 55808 ------w- c:\windows\system32\WudfSvc.dll
2006-09-28 17:55:50 77568 ------w- c:\windows\system32\drivers\WudfPf.sys
2006-09-28 16:13:44 162632 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\1033\VBE6INTL.DLL
2006-09-26 22:11:27 -------- d-----w- c:\docume~1\default\applic~1\IsolatedStorage
2006-09-26 22:11:18 -------- d-----w- c:\docume~1\default\locals~1\applic~1\ApplicationHistory
2006-09-26 21:58:45 -------- d-----w- C:\f309e94a5f08a6167be7d037
2006-09-26 21:30:55 70896 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2006-09-26 21:30:55 33584 ----a-w- c:\windows\system32\drivers\fsndis5.sys
2006-09-26 21:30:40 118842 ------r- c:\windows\bwUnin-6.3.2.116-7681197L.exe
2006-09-26 21:30:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2006-09-26 21:29:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\fssg
2006-09-26 21:29:28 -------- d-----w- c:\program files\F-Secure
2006-09-26 21:26:17 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2006-09-26 21:26:17 28040 ----a-w- c:\windows\system32\mdimon.dll
2006-09-26 21:24:56 -------- d-----w- c:\program files\common files\L&H
2006-09-26 21:24:32 -------- d-----w- c:\program files\Microsoft ActiveSync
2006-09-26 21:23:07 -------- d-----w- c:\windows\SHELLNEW
2006-09-26 20:54:48 221184 -c--a-w- c:\windows\system32\wmpns.dll
2006-08-24 15:15:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
2006-08-21 20:08:18 551232 -c--a-w- c:\program files\common files\microsoft shared\proof\MSSP3FR.DLL
2006-06-27 18:00:26 410928 ------w- c:\program files\windows media player\LegitLibM.dll
2006-03-17 00:38:01 28672 ------w- c:\windows\system32\verclsid.exe
2005-12-19 06:23:40 679936 -c--a-w- c:\windows\system32\divx_xx0c.dll
2005-12-19 06:23:40 679936 -c--a-w- c:\windows\system32\divx_xx07.dll
2005-12-19 06:23:40 663552 -c--a-w- c:\windows\system32\divx_xx11.dll
2005-11-08 15:59:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sales Wizard
2005-10-04 12:17:38 530120 -c--a-w- c:\program files\common files\microsoft shared\equation\EQNEDT32.EXE
2005-09-20 14:44:52 204800 -c--a-w- c:\windows\system32\IVIresizeW7.dll
2005-09-20 14:44:52 20480 -c--a-w- c:\windows\system32\IVIresize.dll
2005-09-20 14:44:52 200704 -c--a-w- c:\windows\system32\IVIresizeA6.dll
2005-09-20 14:44:52 192512 -c--a-w- c:\windows\system32\IVIresizeP6.dll
2005-09-20 14:44:52 192512 -c--a-w- c:\windows\system32\IVIresizeM6.dll
2005-09-20 14:44:52 188416 -c--a-w- c:\windows\system32\IVIresizePX.dll
2005-09-20 14:44:42 -------- d-----w- c:\program files\InterVideo
2005-09-20 14:44:20 212992 -c----w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2005-09-20 11:33:58 843984 ----a-w- c:\program files\common files\system\ole db\MSDAIPP.DLL
2005-09-20 11:33:58 163536 -c--a-w- c:\program files\common files\system\ole db\MSDAPML.DLL
2005-09-20 11:33:08 1293008 ----a-w- c:\program files\common files\microsoft shared\web folders\MSONSEXT.DLL
2005-09-19 15:37:56 25088 -c--a-w- c:\windows\ctl3d32.dll
2005-09-19 09:04:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2005-09-19 08:25:34 -------- d-----w- c:\windows\system32\appmgmt
2005-09-18 10:49:50 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2005-09-18 10:48:01 7680 -c--a-w- c:\windows\system32\CNMVS71.DLL
2005-09-18 10:48:01 55808 -c--a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP71.DLL
2005-09-18 10:48:01 18432 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD71.DLL
2005-09-18 10:48:01 124928 ----a-w- c:\windows\system32\CNMLM71.DLL
2005-09-18 10:47:54 86016 ----a-r- c:\windows\system32\CNMCP71.exe
2005-09-18 10:47:42 -------- d--h--w- C:\BJPrinter
2005-09-18 10:47:24 -------- d-----w- c:\windows\StartHtmico
2005-09-18 10:47:24 -------- d-----w- c:\windows\IP90
2005-09-18 10:46:59 -------- d-----w- c:\program files\Canon
2005-09-18 10:11:31 -------- d-----w- c:\windows\system32\URTTemp
2005-09-18 09:54:31 -------- d-----w- c:\program files\InterActual
2005-09-18 08:13:53 458752 -c--a-w- c:\windows\system32\w29NCPA.dll
2005-09-18 08:13:53 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
2005-09-18 08:13:53 1654784 -c--a-w- c:\windows\system32\W29MLRES.DLL
2005-09-17 17:03:02 -------- d-----w- c:\windows\system32\PreInstall
2005-09-17 17:02:53 -------- d--h--w- c:\windows\$hf_mig$
2005-09-17 16:52:43 -------- d-----w- c:\windows\system32\SoftwareDistribution
2005-09-17 16:49:00 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2005-09-17 16:49:00 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2005-09-17 16:48:57 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2005-09-17 16:35:42 991232 -c--a-w- c:\windows\system32\W70MLRES.DLL
2005-09-17 16:35:42 970752 -c--a-w- c:\windows\system32\W20MLRES.DLL
2005-09-17 16:22:41 28672 -c--a-w- c:\windows\system32\DelRunOnceReg.exe
2005-09-17 16:21:40 88361 ----a-w- c:\windows\agrsmmsg.exe
2005-09-17 16:21:40 77824 ----a-w- c:\windows\system32\tosmreg.exe
2005-09-17 16:21:40 64512 -c----w- c:\windows\agrsmdel.exe
2005-09-17 16:21:40 45056 -c--a-w- c:\windows\system32\csellang.dll
2005-09-17 16:21:40 110592 -c--a-w- c:\windows\system32\cselect.exe
2005-09-17 16:21:40 -------- d-----w- c:\program files\ltmoh
2005-09-17 16:21:26 -------- d-----w- c:\windows\Options
2005-09-17 16:21:17 1268234 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2005-09-17 16:20:37 5888 ----a-w- c:\windows\system32\drivers\TMEI3E.SYS
2005-09-17 16:20:37 49152 ----a-w- c:\windows\TMEVALDD.DLL
2005-09-17 16:20:37 217088 -c--a-w- c:\windows\system32\TMEPROP.CPL
2005-09-17 16:19:51 438976 -c--a-w- c:\windows\system32\MSHFLXGD.OCX
2005-09-17 16:19:51 203976 -c--a-w- c:\windows\system32\RICHTX32.OCX
2005-09-17 16:19:51 140488 -c--a-w- c:\windows\system32\comdlg32.ocx
2005-09-17 16:19:51 103744 -c--a-w- c:\windows\system32\MSCOMM32.OCX
2005-09-17 16:19:50 647872 -c--a-w- c:\windows\system32\MSCOMCT2.OCX
2005-09-17 16:19:03 38425 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2005-09-17 16:19:03 38425 ----a-w- c:\windows\system32\drivers\smcirda.sys
2005-09-17 16:16:32 6144 ----a-r- c:\windows\system32\drivers\Thpevm.sys
2005-09-17 16:11:36 90480 ------w- c:\windows\system32\drivers\meiudf.sys
2005-09-17 16:11:36 155648 ------w- c:\windows\system32\RAMASST.exe
2005-09-17 16:11:36 135168 ------w- c:\windows\system32\DVDMenu.dll
2005-09-17 16:11:36 106496 ------w- c:\windows\system32\DVDRAMSV.exe
2005-09-17 16:11:36 -------- d-----w- c:\program files\DVD-RAM
2005-09-17 16:08:19 92848 ----a-w- c:\windows\system32\IDispChg.exe
2005-09-17 16:06:06 98304 ----a-w- c:\windows\system32\TCtrlCommon.dll
2005-09-17 16:03:13 159744 ----a-w- c:\windows\system32\igfxres.dll
2005-09-17 16:01:20 9216 ----a-w- c:\windows\system32\drivers\TVALZ.SYS
2005-09-17 16:01:20 53248 -c--a-w- c:\windows\system32\InsSecRc.scr
2005-09-17 16:01:20 53248 -c--a-w- c:\windows\system32\InsSec.scr
2005-09-17 16:01:20 32768 -c--a-w- c:\windows\system32\TWarnMsg.exe
2005-09-17 16:01:20 253952 ----a-w- c:\windows\system32\00THotkey.exe
2005-09-17 16:01:20 24576 ----a-w- c:\windows\system32\Tsci.dll
2005-09-17 16:01:20 24576 ----a-w- c:\windows\system32\Thci.dll
2005-09-17 16:01:20 24576 ----a-w- c:\windows\system32\000StTHK.exe
2005-09-17 16:01:16 306688 ----a-w- c:\windows\IsUninst.exe

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-16 12:05:55 1288192 ----a-w- c:\windows\system32\ole32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-18 17:45:17 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 07:43:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-16 15:36:56 406016 ----a-w- c:\windows\system32\usp10.dll
2010-03-30 11:24:40 317440 ------w- c:\windows\system32\mp4sdecd.dll
2010-03-29 23:52:26 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-05 18:27:45 1291776 ----a-w- c:\windows\system32\quartz.dll
2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-24 06:59:40 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 14:46:07 282654 ----a-w- c:\windows\system32\msaud32.acm
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:17:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-06 19:24:10 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 10:05:44 1372672 ------w- c:\windows\system32\msxml6.dll
2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-13 22:43:24 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-12 12:31:40 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 08:19:38 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-01 22:02:22 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-06 14:22:18 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10:48 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10:48 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10:48 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10:48 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-02-06 11:11:05 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 10:39:08 35328 ----a-w- c:\windows\system32\sc.exe
2009-02-06 10:10:02 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2008-11-07 18:55:30 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2008-10-23 12:36:14 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-08-22 03:08:34 1415680 ----a-w- c:\windows\system32\inetcpl.cpl
2008-08-22 03:08:06 878592 ----a-w- c:\windows\system32\wininet.dll
2008-08-22 03:08:00 43008 -c--a-w- c:\windows\system32\licmgr10.dll
2008-08-22 03:07:08 18944 -c--a-w- c:\windows\system32\corpol.dll
2008-08-22 03:06:36 434176 ----a-w- c:\windows\system32\vbscript.dll
2008-08-22 03:06:30 72704 -c--a-w- c:\windows\system32\admparse.dll
2008-08-22 03:06:24 71680 -c--a-w- c:\windows\system32\iesetup.dll
2008-08-22 03:05:14 35840 ----a-w- c:\windows\system32\imgutil.dll
2008-08-22 03:05:00 48128 -c--a-w- c:\windows\system32\mshtmler.dll
2008-08-22 03:04:58 1659392 ----a-w- c:\windows\system32\mshtml.tlb
2008-08-22 03:04:54 45568 ----a-w- c:\windows\system32\mshta.exe
2008-08-22 03:04:50 66560 ----a-w- c:\windows\system32\tdc.ocx
2008-08-22 02:57:56 156160 ----a-w- c:\windows\system32\msls31.dll
2008-07-07 20:26:58 253952 ----a-w- c:\windows\system32\es.dll
2008-06-24 17:12:58 295936 ------w- c:\windows\system32\wmpeffects.dll
2008-06-24 16:43:16 74240 ----a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46:57 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-18 05:03:08 938496 ----a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 01:09:22 100864 ----a-w- c:\windows\system32\logagent.exe
2008-06-12 14:23:32 956928 ----a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23:32 91648 ----a-w- c:\windows\system32\mtxoci.dll

============= FINISH: 11:21:14.20 ===============
peanuto
Active Member
 
Posts: 11
Joined: February 23rd, 2011, 9:52 am

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby melboy » March 4th, 2011, 8:14 pm

I'm afraid I have unpleasant news for you. There is evidence of an infection on your computer that is a Password Stealer. It allows outsiders to monitor your Internet activity and private information. It then sends the stolen data to a remote server controlled by criminals.

http://www.microsoft.com/security/porta ... Zbot.gen!W
http://www.threatexpert.com/report.aspx ... 7150ef002a

    If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being: Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.

I am sorry to be the bearer of bad news, but it is best that you know the full impact of this infection.

Please read this for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Should you have any questions please feel free to ask.



TFC

You should still have this on your desktop.

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby melboy » March 6th, 2011, 7:33 pm

Hi peanuto

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby peanuto » March 7th, 2011, 5:24 pm

Hi Melboy, I have ran the TFC and ESET, but after I closed the ESET, the log disappeared before I managed to copy it on here. There were 4 infected files, of which, one was ITunes Trojan and one was Adware.DoubleD. I only briefly looked at the others and cannot rembember what they were.
I have amended passwords, but I have had the dodgy start up page for a few months now and have not had any suspicious activity happening. Thank you very much for your help. :) :) :)
peanuto
Active Member
 
Posts: 11
Joined: February 23rd, 2011, 9:52 am

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby melboy » March 7th, 2011, 5:41 pm

Is the log still available to view at C:\Program Files\ESET\EsetOnlineScanner\log.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby peanuto » March 7th, 2011, 6:18 pm

No, that is where I found it before, but after closing down ESET, the log strangely disappeared from that folder. I asked for uninstall on close though.
peanuto
Active Member
 
Posts: 11
Joined: February 23rd, 2011, 9:52 am

Re: Dodgy Startup Homepage keeps re-appearing

Unread postby melboy » March 7th, 2011, 7:15 pm

Hi

Can you run the scan again please. It's important that we clear all infected files from the computer. Save a copy of the log to your desktop & don't uninstall the application just yet - It can be uninstalled later via add/remove programs. Thanks.


TFC

You should still have this on your desktop.

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 128 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware