Suspected Spyware/Adware.

dougifreshhh · 10-30-2009, 11:52 PM

Hello I have been experiencing some trouble with my internet browser freezing and rare crashes during counter strike and low load times on pc boot up or inbetween shutting down programs etc. I am running on Windows Vists Home Premium edition. Here is the DDS log The attach log did not pop up when dds scan finished I am unsure why but the ARK.txt is zipped and attatched. Any help would be great. Thanks,
Doug

DDS (Ver_09-10-26.01) - NTFSX64
Run by DougiFresh at 22:01:57.49 on Fri 10/30/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3998.1719 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\LimeWire\LimeWire.exe
C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\steam\steamapps\dougifresh\counter-strike source\hl2.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Users\DougiFresh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMAN9HSG\wlsetup-custom[1].exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\DougiFresh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [QPService] "c:\program files (x86)\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\users\dougif~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Banner Ad Blocker - c:\program files (x86)\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~2\java\jre16~1.0_0\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~2\kasper~1\kasper~1\adialhk.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2009\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~1\x64\kloehk.dll,c:\progra~2\kasper~1\kasper~1\x64\adialhk.dll

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 38416]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 26128]
R2 ASKService;ASKService;c:\program files (x86)\askbardis\bar\bin\AskService.exe [2009-10-23 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\askbardis\bar\bin\ASKUpgrade.exe [2009-10-23 234888]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-4-20 365952]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2007-10-31 293376]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 126976]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 33296]
S2 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files (x86)\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files (x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-29 93184]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-10-30 07:39:52 0 d-----w- c:\program files\Google
2009-10-29 17:34:03 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-10-29 17:32:40 98816 ----a-w- c:\windows\system32\wudriver.dll
2009-10-29 17:32:40 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2009-10-29 17:32:40 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2009-10-29 17:32:40 35552 ----a-w- c:\windows\syswow64\wups.dll
2009-10-29 17:31:18 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-10-29 17:31:18 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-10-29 17:31:18 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-29 17:31:18 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-10-28 17:59:50 372736 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 17:59:50 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2009-10-28 17:59:48 10624000 ----a-w- c:\windows\syswow64\wmp.dll
2009-10-28 17:59:46 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-28 17:59:46 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-10-26 17:21:13 0 d-----w- c:\programdata\WindowsSearch
2009-10-24 00:12:29 0 d-----w- c:\programdata\Azureus
2009-10-24 00:12:26 0 d-----w- c:\users\dougif~1\appdata\roaming\Azureus
2009-10-24 00:09:17 0 d-----w- c:\program files (x86)\AskBarDis
2009-10-24 00:09:14 0 d-----w- c:\program files (x86)\Vuze
2009-10-21 20:12:17 0 d-----w- c:\programdata\HP Product Assistant
2009-10-21 20:10:57 0 d-----w- c:\program files (x86)\common files\HP
2009-10-21 20:09:48 938496 ----a-w- c:\windows\system32\hpowiax7.dll
2009-10-21 20:09:48 740864 ----a-w- c:\windows\system32\hpotscl6.dll
2009-10-21 20:09:48 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2009-10-21 20:09:48 508928 ----a-w- c:\windows\system32\difxapi.dll
2009-10-21 20:09:48 505344 ----a-w- c:\windows\system32\hpovst15.dll
2009-10-21 20

31 157541 ----a-w- c:\windows\hpoins28.dat
2009-10-21 02:42:59 238960 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 02:29:01 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-21 02:29:01 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-10-21 02:29:00 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-10-21 02:27:21 4691016 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-21 02:27:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-21 02:27:07 558592 ----a-w- c:\windows\system32\EncDec.dll
2009-10-21 02:27:07 428544 ----a-w- c:\windows\syswow64\EncDec.dll
2009-10-21 02:27:06 80896 ----a-w- c:\windows\syswow64\MSNP.ax
2009-10-21 02:27:06 375808 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-21 02:27:06 293376 ----a-w- c:\windows\syswow64\psisdecd.dll
2009-10-21 02:27:06 227328 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-21 02:27:06 217088 ----a-w- c:\windows\syswow64\psisrndr.ax
2009-10-21 02:27:06 177664 ----a-w- c:\windows\syswow64\mpg2splt.ax
2009-10-21 02:27:06 101376 ----a-w- c:\windows\system32\MSNP.ax
2009-10-21 02:26:02 818688 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-21 02:26:02 604672 ----a-w- c:\windows\syswow64\WMSPDMOD.DLL
2009-10-21 02:23:54 268800 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-21 02:23:54 213504 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-10-21 02:20:20 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-21 02:20:05 726528 ----a-w- c:\windows\syswow64\jscript.dll
2009-10-21 02:19:58 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-10-21 02:19:57 61440 ----a-w- c:\windows\syswow64\msasn1.dll
2009-10-21 02:19:55 2608803 ----a-w- c:\windows\system32\wlan.tmf
2009-10-21 02:19:53 353280 ----a-w- c:\windows\system32\wlanmsm.dll
2009-10-21 02:19:52 376832 ----a-w- c:\windows\system32\wlansec.dll
2009-10-21 02:19:52 157184 ----a-w- c:\windows\system32\L2SecHC.dll
2009-10-21 02:19:51 97792 ----a-w- c:\windows\system32\wlanhlp.dll
2009-10-21 02:19:51 86528 ----a-w- c:\windows\system32\wlanapi.dll
2009-10-21 02:19:51 615936 ----a-w- c:\windows\system32\wlansvc.dll
2009-10-21 02:19:51 302592 ----a-w- c:\windows\syswow64\wlansec.dll
2009-10-21 02:19:51 293376 ----a-w- c:\windows\syswow64\wlanmsm.dll
2009-10-21 02:19:51 127488 ----a-w- c:\windows\syswow64\L2SecHC.dll
2009-10-21 01:13:09 65536 --sha-w- c:\users\dougifresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TM.blf
2009-10-21 01:13:09 524288 --sha-w- c:\users\dougifresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TMContainer00000000000000000002.regtrans-ms
2009-10-21 01:13:09 524288 --sha-w- c:\users\dougifresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TMContainer00000000000000000001.regtrans-ms
2009-10-08 17:43:20 0 d-----w- c:\programdata\Yahoo! Companion
2009-10-02 23:08:29 0 d-----w- c:\users\dougif~1\appdata\roaming\LimeWire
2009-10-02 23:07:43 0 d-----w- c:\program files (x86)\LimeWire

==================== Find3M ====================

2009-10-30 19:12:34 737340 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-30 19:12:34 5143100 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 19:12:34 50124 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-30 19:12:34 5012 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-21 20:10:07 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-10-21 20:10:07 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-21 20:10:07 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-21 01:13:28 143387 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-21 01:13:28 104987 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-28 14:59:39 0 ----a-w- c:\users\dougif~1\appdata\roaming\wklnhst.dat
2009-08-28 10:39:32 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:52:18 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:47:24 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:47:23 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-08-27 05:22:15 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-08-27 05:20:52 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-08-27 05:18:40 5940224 ----a-w- c:\windows\syswow64\mshtml.dll
2009-08-27 05:18:37 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-08-27 05:18:37 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-08-27 05:18:00 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-08-27 05:17:43 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-08-27 05:17:43 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-08-27 05:17:42 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-08-27 05:17:42 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-08-27 05:17:41 11069440 ----a-w- c:\windows\syswow64\ieframe.dll
2009-08-27 05:17:35 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-08-27 04:10:33 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 03:42:29 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-08-27 03:42:23 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-08-27 03:41:45 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-08-18 06:33:52 1193832 ----a-w- c:\windows\syswow64\FM20.DLL
2009-08-14 17:29:27 141312 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 17:29:26 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 17920 ----a-w- c:\windows\syswow64\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\syswow64\netiohlp.dll
2009-08-14 15:13:04 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:13:02 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 15:13:01 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 15:12:59 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:12:59 23040 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 15:12:58 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 15:12:57 11264 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16:55 9728 ----a-w- c:\windows\syswow64\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\syswow64\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\syswow64\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\syswow64\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\syswow64\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\syswow64\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\syswow64\finger.exe
2009-04-20 22:53:48 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-20 22:53:47 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:03:39.50 ===============

CatByte · 11-01-2009, 07:46 AM

Hi,

There are no obvious signs of malware in your logs but we can do a couple of scans to check.

Please do the following:

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC Now button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report

dougifreshhh · 11-03-2009, 11:59 AM

Thank you for the quick response and sorry about my late response,

Here is the MBAM log;

Malwarebytes' Anti-Malware 1.41
Database version: 3081
Windows 6.0.6001 Service Pack 1

11/2/2009 9:04:28 AM
mbam-log-2009-11-02 (09-04-28).txt

Scan type: Quick Scan
Objects scanned: 87133
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And here is the Panda scan results;

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-11-03 10:54:24
PROTECTIONS: 1
MALWARE: 38
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Internet Security Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@atdmt[3].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@fastclick[3].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@mediaplex[3].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@mediaplex[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@yadro[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@statcounter[2].txt
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@counter7.sextracker[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@burstnet[4].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@burstnet[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@serving-sys[4].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@serving-sys[3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@www.burstbeacon[4].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@www.burstbeacon[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@www.burstbeacon[6].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@www.burstbeacon[5].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@server.iad.liveperson[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@advertising[3].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@sextracker[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ads.pointroll[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@questionmarket[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@bluestreak[1].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@xxxcounter[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@adrevolver[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@atwola[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ads.addynamix[1].txt
02261869 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@counter12.sextracker[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

CatByte · 11-03-2009, 05:40 PM

Hi,

Just tracking cookies there, nothing to be too concerned about.

Please do the following:

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

NEXT

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

dougifreshhh · 11-05-2009, 10:50 AM

OTL.TXT

OTL logfile created on: 11/5/2009 9:45:43 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\DougiFresh\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 47.03% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.81 Gb Total Space | 176.29 Gb Free Space | 61.68% Space Free | Partition Type: NTFS
Drive D: | 12.28 Gb Total Space | 1.96 Gb Free Space | 15.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOUGIFRESH-PC
Current User Name: DougiFresh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\DougiFresh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hp\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
PRC - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)

========== Modules (SafeList) ==========

MOD - C:\Users\DougiFresh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\authz.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (ASKUpgrade) -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe ()
SRV - (odserv) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (RichVideo) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LightScribeService) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (hpqwmiex) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Com4QLBEx) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (hpqcxs08) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 05:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (ose) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys ()
DRV:64bit: - (KLBG) -- C:\Windows\SysNative\DRIVERS\klbg.sys ()
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS ()
DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys ()
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (KLFLTDEV) -- C:\Windows\SysNative\DRIVERS\klfltdev.sys ()
DRV:64bit: - (usbvideo) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (NETw3v64) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys ()
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys ()
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/30 17:53:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/08/27 02:50:47 | 00,000,000 | ---D | M]

[2009/10/02 15:08:53 | 00,000,000 | ---D | M] -- C:\Users\DougiFresh\AppData\Roaming\Mozilla\Extensions
[2009/10/02 15:08:53 | 00,000,000 | ---D | M] -- C:\Users\DougiFresh\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/10/23 16:09:17 | 00,000,000 | ---D | M] -- C:\Users\DougiFresh\AppData\Roaming\Mozilla\Firefox\extensions
[2009/10/23 16:09:18 | 00,000,000 | ---D | M] -- C:\Users\DougiFresh\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\DougiFresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\kloehk.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/05 09:44:43 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Users\DougiFresh\Desktop\OTL.exe
[2009/11/04 20:03:44 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\DougiFresh\Desktop\TFC.exe
[2009/11/04 13:37:47 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/04 13:37:46 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/11/02 22:36:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2009/11/01 20:27:56 | 00,000,000 | ---D | C] -- C:\Users\DougiFresh\AppData\Roaming\Malwarebytes
[2009/11/01 20:27:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/01 20:27:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/01 20:27:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/01 20:27:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/10/30 21:08:40 | 00,000,000 | ---D | C] -- C:\Users\DougiFresh\Desktop\gmer
[2009/10/29 23:39:52 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/10/29 09:32:40 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009/10/29 09:32:40 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009/10/29 09:32:40 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009/10/29 09:31:18 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009/10/29 09:31:18 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2009/10/28 09:59:50 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/28 09:59:48 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/28 09:59:46 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/27 07:47:56 | 00,000,000 | ---D | C] -- C:\Users\DougiFresh\Documents\The Quiz Takehome Due Tue
[2009/10/27 07:46:08 | 00,000,000 | ---D | C] -- C:\Users\DougiFresh\Documents\HomeWork(Due Last week)
[2009/10/26 09:21:13 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/10/26 09:21:13 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/10/23 16:13:57 | 00,000,000 | ---D | C] -- C:\Users\DougiFresh\Documents\Azureus Downloads
[2009/10/23 16:12:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2009/10/23 16:12:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2009/10/23 16:12:26 | 00,000,000 | ---D | C] -- C:\Users\DougiFresh\AppData\Roaming\Azureus
[2009/10/23 16:09:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AskBarDis
[2009/10/23 16:09:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2009/10/21 12:12:17 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2009/10/21 12:12:17 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2009/10/21 12:10:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2009/10/21 12:08:42 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/10/20 18:29:01 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2009/10/20 18:29:00 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2009/10/20 18:28:45 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2009/10/20 18:28:44 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2009/10/20 18:28:14 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2009/10/20 18:28:12 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2009/10/20 18:28:12 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2009/10/20 18:28:12 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2009/10/20 18:28:12 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2009/10/20 18:28:12 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2009/10/20 18:28:11 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2009/10/20 18:28:11 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2009/10/20 18:28:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2009/10/20 18:27:07 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/10/20 18:27:06 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/10/20 18:27:06 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/10/20 18:27:06 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/10/20 18:27:06 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/10/20 18:26:02 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/20 18:25:32 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/20 18:25:29 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/20 18:25:27 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/20 18:25:27 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/20 18:25:25 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/20 18:25:25 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/20 18:25:25 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/20 18:25:20 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/20 18:25:15 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/20 18:25:12 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/20 18:25:12 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/20 18:25:12 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/20 18:25:12 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/20 18:25:11 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/20 18:25:11 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/20 18:25:11 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/20 18:25:11 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/20 18:25:11 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/20 18:23:54 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/20 18:20:05 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2009/10/20 18:19:57 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/20 18:19:51 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2009/10/20 18:19:51 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2009/10/20 18:19:51 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2009/10/08 09:43:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2009/10/08 09:43:20 | 00,000,000 | ---D | C] -- C:\Users\DougiFresh\AppData\Roaming\Yahoo!
[2009/10/08 09:43:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion

========== Files - Modified Within 30 Days ==========

[2009/11/05 09:46:52 | 02,359,296 | -HS- | M] () -- C:\Users\DougiFresh\ntuser.dat
[2009/11/05 09:44:46 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\DougiFresh\Desktop\OTL.exe
[2009/11/05 09:40:36 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/05 09:40:36 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/05 09:29:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/05 00:22:15 | 00,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2009/11/05 00:22:15 | 00,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2009/11/04 20:19:34 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/04 20:19:34 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/04 20:19:34 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/04 20:11:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/04 20:11:51 | 41,934,60224 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/04 20:11:07 | 05,146,684 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat
[2009/11/04 20:11:07 | 00,753,724 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat
[2009/11/04 20:11:07 | 00,050,156 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx
[2009/11/04 20:11:07 | 00,005,076 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx
[2009/11/04 20:10:54 | 00,524,288 | -HS- | M] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TMContainer00000000000000000001.regtrans-ms
[2009/11/04 20:10:54 | 00,065,536 | -HS- | M] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TM.blf
[2009/11/04 20:10:52 | 01,940,263 | -H-- | M] () -- C:\Users\DougiFresh\AppData\Local\IconCache.db
[2009/11/04 20:03:47 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\DougiFresh\Desktop\TFC.exe
[2009/11/01 20:27:53 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 21:49:16 | 00,000,792 | ---- | M] () -- C:\Users\DougiFresh\Desktop\Ark.zip
[2009/10/30 21:08:35 | 00,282,833 | ---- | M] () -- C:\Users\DougiFresh\Desktop\gmer.zip
[2009/10/30 21:01:43 | 00,523,776 | ---- | M] () -- C:\Users\DougiFresh\Desktop\dds.scr
[2009/10/26 08:57:47 | 00,000,680 | ---- | M] () -- C:\Users\DougiFresh\AppData\Local\d3d9caps.dat
[2009/10/23 16:21:35 | 00,001,700 | ---- | M] () -- C:\Users\DougiFresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/10/23 16:20:23 | 00,001,754 | ---- | M] () -- C:\Users\DougiFresh\Desktop\LimeWire 5.3.6.lnk
[2009/10/23 16:09:35 | 00,001,687 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/10/21 18:14:52 | 09,236,480 | ---- | M] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/21 14:36:56 | 01,638,912 | ---- | M] () -- C:\Windows\SysNative\mshtml.tlb
[2009/10/21 12:42:05 | 07,126,557 | ---- | M] () -- C:\Users\DougiFresh\Documents\The Quiz Takehome Due Tue..zip
[2009/10/21 12:33:32 | 03,499,289 | ---- | M] () -- C:\Users\DougiFresh\Documents\HomeWork(Due Last week).zip
[2009/10/21 12:19:19 | 00,157,541 | ---- | M] () -- C:\Windows\hpoins28.dat
[2009/10/21 12:18:53 | 00,000,179 | ---- | M] () -- C:\Windows\win.ini
[2009/10/21 12:15:06 | 00,002,058 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 2.5.lnk
[2009/10/21 12:13:29 | 00,002,002 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/10/21 12:12:36 | 00,001,184 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/10/21 02:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/21 00:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/20 20:41:06 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDougiFresh.job
[2009/10/20 17:13:28 | 00,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2009/10/20 17:13:28 | 00,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2009/10/20 17:13:09 | 00,524,288 | -HS- | M] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TMContainer00000000000000000002.regtrans-ms
[2009/10/20 17:04:43 | 00,524,288 | -HS- | M] () -- C:\Users\DougiFresh\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/10/20 17:04:43 | 00,065,536 | -HS- | M] () -- C:\Users\DougiFresh\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/10/14 08:33:34 | 00,010,219 | ---- | M] () -- C:\Users\DougiFresh\Documents\void.docx
[2009/10/08 14:58:27 | 00,014,855 | ---- | M] () -- C:\Users\DougiFresh\Documents\whitemencantjumpessay.docx
[2009/10/08 14:27:15 | 00,000,162 | -H-- | M] () -- C:\Users\DougiFresh\Documents\~$itemencantjumpessay.docx

========== Files Created - No Company Name ==========

[2009/11/04 13:37:46 | 09,236,480 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/11/04 13:37:46 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/11/02 22:36:39 | 00,033,800 | ---- | C] () -- C:\Windows\SysNative\drivers\pavboot64.sys
[2009/11/01 20:27:53 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/01 20:27:20 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/10/30 21:49:11 | 00,000,792 | ---- | C] () -- C:\Users\DougiFresh\Desktop\Ark.zip
[2009/10/30 21:08:29 | 00,282,833 | ---- | C] () -- C:\Users\DougiFresh\Desktop\gmer.zip
[2009/10/30 21:01:40 | 00,523,776 | ---- | C] () -- C:\Users\DougiFresh\Desktop\dds.scr
[2009/10/29 09:34:03 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2009/10/29 09:34:03 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2009/10/29 09:34:03 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2009/10/29 09:34:03 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2009/10/29 09:32:40 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2009/10/29 09:32:40 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2009/10/29 09:32:40 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2009/10/29 09:31:18 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2009/10/29 09:31:18 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2009/10/28 09:59:50 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/10/28 09:59:50 | 00,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2009/10/28 09:59:46 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/10/23 16:21:35 | 00,001,700 | ---- | C] () -- C:\Users\DougiFresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/10/23 16:20:23 | 00,001,754 | ---- | C] () -- C:\Users\DougiFresh\Desktop\LimeWire 5.3.6.lnk
[2009/10/23 16:09:35 | 00,001,687 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/10/21 12:39:19 | 07,126,557 | ---- | C] () -- C:\Users\DougiFresh\Documents\The Quiz Takehome Due Tue..zip
[2009/10/21 12:33:14 | 03,499,289 | ---- | C] () -- C:\Users\DougiFresh\Documents\HomeWork(Due Last week).zip
[2009/10/21 12:15:06 | 00,002,058 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 2.5.lnk
[2009/10/21 12:13:29 | 00,002,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/10/21 12:12:36 | 00,001,184 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/10/21 12:09:48 | 00,938,496 | ---- | C] () -- C:\Windows\SysNative\hpowiax7.dll
[2009/10/21 12:09:48 | 00,740,864 | ---- | C] () -- C:\Windows\SysNative\hpotscl6.dll
[2009/10/21 12:09:48 | 00,551,424 | ---- | C] () -- C:\Windows\SysNative\hppldcoi.dll
[2009/10/21 12:09:48 | 00,508,928 | ---- | C] () -- C:\Windows\SysNative\difxapi.dll
[2009/10/21 12:09:48 | 00,505,344 | ---- | C] () -- C:\Windows\SysNative\hpovst15.dll
[2009/10/21 12

31 | 00,157,541 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/10/20 18:42:59 | 00,238,960 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/10/20 18:29:01 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2009/10/20 18:28:59 | 04,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009/10/20 18:28:47 | 02,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2009/10/20 18:28:44 | 03,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2009/10/20 18:28:16 | 01,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2009/10/20 18:28:15 | 00,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2009/10/20 18:28:13 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2009/10/20 18:28:13 | 00,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2009/10/20 18:28:12 | 00,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2009/10/20 18:28:12 | 00,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2009/10/20 18:28:11 | 00,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2009/10/20 18:28:11 | 00,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2009/10/20 18:28:11 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2009/10/20 18:28:11 | 00,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2009/10/20 18:27:21 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/20 18:27:08 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009/10/20 18:27:07 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009/10/20 18:27:06 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009/10/20 18:27:06 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009/10/20 18:27:06 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009/10/20 18:26:02 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/20 18:25:37 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/10/20 18:25:28 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/10/20 18:25:26 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/10/20 18:25:26 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/10/20 18:25:25 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/10/20 18:25:25 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/20 18:25:25 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/10/20 18:25:20 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/20 18:25:12 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/10/20 18:25:12 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/20 18:25:12 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/20 18:25:12 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/20 18:25:11 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/10/20 18:25:11 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/10/20 18:25:11 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/10/20 18:25:11 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/10/20 18:25:11 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/10/20 18:25:11 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/20 18:23:54 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/10/20 18:20:20 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/20 18:20:05 | 00,818,176 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2009/10/20 18:19:58 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009/10/20 18:19:55 | 02,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2009/10/20 18:19:53 | 00,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2009/10/20 18:19:52 | 00,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2009/10/20 18:19:52 | 00,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2009/10/20 18:19:51 | 00,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2009/10/20 18:19:51 | 00,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2009/10/20 18:19:51 | 00,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2009/10/20 17:20:41 | 01,940,263 | -H-- | C] () -- C:\Users\DougiFresh\AppData\Local\IconCache.db
[2009/10/20 17:13:09 | 00,524,288 | -HS- | C] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TMContainer00000000000000000002.regtrans-ms
[2009/10/20 17:13:09 | 00,524,288 | -HS- | C] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TMContainer00000000000000000001.regtrans-ms
[2009/10/20 17:13:09 | 00,065,536 | -HS- | C] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TM.blf
[2009/10/20 17:12:21 | 41,934,60224 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/14 08:33:32 | 00,010,219 | ---- | C] () -- C:\Users\DougiFresh\Documents\void.docx
[2009/10/08 14:27:15 | 00,000,162 | -H-- | C] () -- C:\Users\DougiFresh\Documents\~$itemencantjumpessay.docx
[2009/10/08 14:27:14 | 00,014,855 | ---- | C] () -- C:\Users\DougiFresh\Documents\whitemencantjumpessay.docx
[2009/09/27 09:32:12 | 00,000,732 | ---- | C] () -- C:\Users\DougiFresh\AppData\Local\d3d9caps64.dat
[2009/08/31 19:03:42 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{47550d35-969f-11de-b9a3-001f16db39e5}.TMContainer00000000000000000002.regtrans-ms
[2009/08/31 19:03:42 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{47550d35-969f-11de-b9a3-001f16db39e5}.TMContainer00000000000000000001.regtrans-ms
[2009/08/31 19:03:42 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2009/08/31 19:03:42 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{47550d35-969f-11de-b9a3-001f16db39e5}.TM.blf
[2009/08/31 19:03:42 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2009/08/31 19:03:42 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2009/08/31 17:10:56 | 00,005,120 | ---- | C] () -- C:\Users\DougiFresh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 16:30:21 | 00,003,423 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/28 06:59:39 | 00,000,000 | ---- | C] () -- C:\Users\DougiFresh\AppData\Roaming\wklnhst.dat
[2009/08/27 15:47:45 | 00,000,680 | ---- | C] () -- C:\Users\DougiFresh\AppData\Local\d3d9caps.dat
[2009/08/26 21:08:58 | 00,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/08/26 04:23:25 | 00,000,000 | ---- | C] () -- C:\Users\DougiFresh\AppData\Local\QSwitch.txt
[2009/08/26 04:23:25 | 00,000,000 | ---- | C] () -- C:\Users\DougiFresh\AppData\Local\DSwitch.txt
[2009/08/26 04:23:25 | 00,000,000 | ---- | C] () -- C:\Users\DougiFresh\AppData\Local\AtStart.txt
[2009/08/26 04:21:00 | 00,075,280 | ---- | C] () -- C:\Users\DougiFresh\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/06/26 07:18:36 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/06/26 07:18:27 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/06/26 07:18:00 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/06/26 07:17:27 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/06/26 07:15:22 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/06/26 07:14:54 | 00,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/04/20 16:00:42 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/20 15:53:32 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/20 15:51:19 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/20 15:49:39 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 18:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 07:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 07:07:25 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 04:34:27 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini

========== LOP Check ==========

[2009/11/03 19:24:56 | 00,000,000 | ---D | M] -- C:\Users\DougiFresh\AppData\Roaming\Azureus
[2009/09/25 13:27:06 | 00,000,000 | ---D | M] -- C:\Users\DougiFresh\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/05 00:23:40 | 00,000,000 | ---D | M] -- C:\Users\DougiFresh\AppData\Roaming\LimeWire
[2009/08/28 06:59:41 | 00,000,000 | ---D | M] -- C:\Users\DougiFresh\AppData\Roaming\Template
[2009/11/04 20:11:56 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/04 20:10:57 | 00,023,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

dougifreshhh · 11-05-2009, 10:51 AM

EXTRAS.TXT

OTL Extras logfile created on: 11/5/2009 9:45:43 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\DougiFresh\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 47.03% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.81 Gb Total Space | 176.29 Gb Free Space | 61.68% Space Free | Partition Type: NTFS
Drive D: | 12.28 Gb Total Space | 1.96 Gb Free Space | 15.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOUGIFRESH-PC
Current User Name: DougiFresh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* ()
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06668C6B-997D-455B-9199-A679C4A8473E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0BE726E8-682B-4FA7-BAC8-6792B1C13E29}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{0E34BF3D-6859-47AD-B945-AB28E4EF8A87}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{1223D847-ADF6-4DFE-8EBC-BE65F3D9555C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{531DC95F-4E89-468D-92FD-1F51E168CA39}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{55B00C9C-7617-43C1-A16C-9E59BD9F13E9}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{85D8F2DB-297E-408F-94AB-11EB9A809DE1}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"TCP Query User{2BE10D40-D231-4E84-89B3-2447BA5A1693}C:\program files (x86)\steam\steamapps\dougifresh\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dougifresh\counter-strike source\hl2.exe |
"TCP Query User{6F88170E-E039-4269-93BD-E5E1587D7B86}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{753DB763-B1D8-43BA-AE57-40BD3F25E69F}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{2A6077AE-007B-4A07-8256-60CFF66571A2}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{4FB31331-C700-426D-956B-41BB87898676}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7FB6640A-D387-44D0-B978-C0DE42044539}C:\program files (x86)\steam\steamapps\dougifresh\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dougifresh\counter-strike source\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ask Toolbar_is1" = Vuze Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2009 9:14:16 PM | Computer Name = DougiFresh-PC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x47e2d72b,
exception code 0xc0000005, fault offset 0x0272553e, process id 0x15a0, application
start time 0x01ca58f62fb439e0.

Error - 10/30/2009 3:45:46 AM | Computer Name = DougiFresh-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ole32.dll, version 6.0.6001.18000, time stamp 0x4791a74c,
exception code 0xc0000005, fault offset 0x00038925, process id 0x12f8, application
start time 0x01ca58f379709900.

Error - 10/30/2009 3:57:53 AM | Computer Name = DougiFresh-PC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x47e2d72b,
exception code 0xc0000005, fault offset 0x0270553e, process id 0x13b4, application
start time 0x01ca5934390ae050.

Error - 10/30/2009 11:35:15 AM | Computer Name = DougiFresh-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2009 11:31:12 PM | Computer Name = DougiFresh-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/1/2009 11:56:35 PM | Computer Name = DougiFresh-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/2/2009 1:07:39 PM | Computer Name = DougiFresh-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/3/2009 12:01:48 AM | Computer Name = DougiFresh-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/3/2009 10:59:55 PM | Computer Name = DougiFresh-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/4/2009 5:31:34 PM | Computer Name = DougiFresh-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/3/2009 2:58:06 AM | Computer Name = DougiFresh-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/3/2009 2:58:05 AM | Computer Name = DougiFresh-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\RkPavproc2.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 11/3/2009 10:58:21 PM | Computer Name = DougiFresh-PC | Source = HTTP | ID = 15016
Description =

Error - 11/3/2009 10:59:58 PM | Computer Name = DougiFresh-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/3/2009 10:59:58 PM | Computer Name = DougiFresh-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/3/2009 10:59:58 PM | Computer Name = DougiFresh-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/3/2009 11:02:15 PM | Computer Name = DougiFresh-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/3/2009 11:02:15 PM | Computer Name = DougiFresh-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/3/2009 11:41:16 PM | Computer Name = DougiFresh-PC | Source = HTTP | ID = 15016
Description =

Error - 11/4/2009 5:30:02 PM | Computer Name = DougiFresh-PC | Source = HTTP | ID = 15016
Description =

< End of report >

CatByte · 11-05-2009, 06:46 PM

Hi,

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.2)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and AppletsTrace and Log Files
- Click OK on Delete Temporary Files Window
  
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

NEXT

P2P - I see you have P2P software azeurus & vuse installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

Also, please advise how your computer is running and if there are any outstanding issues.

**amateur** · 11-19-2009, 07:43 PM

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

11-01-2009, 07:46 AM	#2 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,209 OS: XP sp3	Re: Suspected Spyware/Adware. Hi, There are no obvious signs of malware in your logs but we can do a couple of scans to check. Please do the following: Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXT Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC Now button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report __________________ ASAP & UNITE Member

11-03-2009, 11:59 AM	#3 (permalink)
dougifreshhh Registered User Join Date: Jul 2009 Posts: 13 OS: Windows xp pro sp3	Re: Suspected Spyware/Adware. Thank you for the quick response and sorry about my late response, Here is the MBAM log; Malwarebytes' Anti-Malware 1.41 Database version: 3081 Windows 6.0.6001 Service Pack 1 11/2/2009 9:04:28 AM mbam-log-2009-11-02 (09-04-28).txt Scan type: Quick Scan Objects scanned: 87133 Time elapsed: 3 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And here is the Panda scan results; ;********************************************************************************************************************************************************************************* ANALYSIS: 2009-11-03 10:54:24 PROTECTIONS: 1 MALWARE: 38 SUSPECTS: 0 ;********************************************************************************************************************************************************************************* PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Kaspersky Internet Security Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@trafficmp[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@casalemedia[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@atdmt[3].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@247realmedia[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@fastclick[3].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@tribalfusion[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@mediaplex[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@mediaplex[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@mediaplex[3].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@mediaplex[1].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@revenue[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@com[2].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@yadro[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@statcounter[2].txt 00167764 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@counter7.sextracker[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ad.yieldmanager[3].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@ad.yieldmanager[3].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@apmebf[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@apmebf[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@burstnet[4].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@burstnet[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@burstnet[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@serving-sys[4].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@serving-sys[3].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@bs.serving-sys[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@www.burstbeacon[4].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@www.burstbeacon[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@www.burstbeacon[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@www.burstbeacon[6].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@www.burstbeacon[5].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@adtech[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@server.iad.liveperson[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@stat.onestat[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@advertising[3].txt 00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@sextracker[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@statse.webtrendslive[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ads.pointroll[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ads.pointroll[3].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ads.pointroll[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@overture[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@realmedia[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@questionmarket[3].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@questionmarket[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\dougifresh@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@zedo[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@bluestreak[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@bluestreak[1].txt 00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@xxxcounter[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@adrevolver[2].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@searchportal.information[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@target[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@atwola[1].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@ads.addynamix[1].txt 02261869 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\dougifresh\appdata\roaming\microsoft\windows\cookies\low\dougifresh@counter12.sextracker[1].txt ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== ;===================================================================================================================================================================================

11-03-2009, 05:40 PM	#4 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,209 OS: XP sp3	Re: Suspected Spyware/Adware. Hi, Just tracking cookies there, nothing to be too concerned about. Please do the following: Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean It's normal after running TFC cleaner that the PC will be slower to boot the first time. NEXT Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in. __________________ ASAP & UNITE Member

11-05-2009, 10:50 AM	#5 (permalink)
dougifreshhh Registered User Join Date: Jul 2009 Posts: 13 OS: Windows xp pro sp3	Re: Suspected Spyware/Adware. OTL.TXT OTL logfile created on: 11/5/2009 9:45:43 AM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\DougiFresh\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.90 Gb Total Physical Memory \| 1.84 Gb Available Physical Memory \| 47.03% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 285.81 Gb Total Space \| 176.29 Gb Free Space \| 61.68% Space Free \| Partition Type: NTFS Drive D: \| 12.28 Gb Total Space \| 1.96 Gb Free Space \| 15.94% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOUGIFRESH-PC Current User Name: DougiFresh Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\DougiFresh\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab) PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe () PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe () PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe () PRC - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe () PRC - C:\Program Files (x86)\SMINST\BLService.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hp\QuickPlay\QPService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () PRC - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.) PRC - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) PRC - C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) ========== Modules (SafeList) ========== MOD - C:\Users\DougiFresh\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab) MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\authz.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab) SRV - (ASKUpgrade) -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe () SRV - (ASKService) -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe () SRV - (odserv) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe () SRV - (RichVideo) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (LightScribeService) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (hpqwmiex) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) SRV - (Com4QLBEx) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.) SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (hpqcxs08) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 05:34:14 \| 00,000,000 \| ---D \| M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () SRV - (ose) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys () DRV:64bit: - (KLBG) -- C:\Windows\SysNative\DRIVERS\klbg.sys () DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys () DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS () DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys () DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys () DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys () DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys () DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys () DRV:64bit: - (KLFLTDEV) -- C:\Windows\SysNative\DRIVERS\klfltdev.sys () DRV:64bit: - (usbvideo) -- C:\Windows\SysNative\Drivers\usbvideo.sys () DRV:64bit: - (NETw3v64) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys () DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys () DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys () DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys () DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys () DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys () DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys () DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys () DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys () DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys () DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/30 17:53:28 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/08/27 02:50:47 \| 00,000,000 \| ---D \| M] [2009/10/02 15:08:53 \| 00,000,000 \| ---D \| M] -- C:\Users\DougiFresh\AppData\Roaming\Mozilla\Extensions [2009/10/02 15:08:53 \| 00,000,000 \| ---D \| M] -- C:\Users\DougiFresh\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2009/10/23 16:09:17 \| 00,000,000 \| ---D \| M] -- C:\Users\DougiFresh\AppData\Roaming\Mozilla\Firefox\extensions [2009/10/23 16:09:18 \| 00,000,000 \| ---D \| M] -- C:\Users\DougiFresh\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe () O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe () O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\DougiFresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8:64bit: - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\kloehk.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\x64\adialhk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll () O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll () O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found 64bit:* O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/05 09:44:43 \| 00,528,384 \| ---- \| C] (OldTimer Tools) -- C:\Users\DougiFresh\Desktop\OTL.exe [2009/11/04 20:03:44 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Users\DougiFresh\Desktop\TFC.exe [2009/11/04 13:37:47 \| 05,939,712 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009/11/04 13:37:46 \| 01,638,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb [2009/11/02 22:36:37 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Panda Security [2009/11/01 20:27:56 \| 00,000,000 \| ---D \| C] -- C:\Users\DougiFresh\AppData\Roaming\Malwarebytes [2009/11/01 20:27:50 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2009/11/01 20:27:48 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/11/01 20:27:48 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/11/01 20:27:20 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2009/10/30 21:08:40 \| 00,000,000 \| ---D \| C] -- C:\Users\DougiFresh\Desktop\gmer [2009/10/29 23:39:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Google [2009/10/29 09:32:40 \| 00,575,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2009/10/29 09:32:40 \| 00,087,552 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2009/10/29 09:32:40 \| 00,035,552 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2009/10/29 09:31:18 \| 00,171,608 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2009/10/29 09:31:18 \| 00,033,792 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2009/10/28 09:59:50 \| 00,310,784 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe [2009/10/28 09:59:48 \| 10,624,000 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2009/10/28 09:59:46 \| 08,147,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2009/10/27 07:47:56 \| 00,000,000 \| ---D \| C] -- C:\Users\DougiFresh\Documents\The Quiz Takehome Due Tue [2009/10/27 07:46:08 \| 00,000,000 \| ---D \| C] -- C:\Users\DougiFresh\Documents\HomeWork(Due Last week) [2009/10/26 09:21:13 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\WindowsSearch [2009/10/26 09:21:13 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\WindowsSearch [2009/10/23 16:13:57 \| 00,000,000 \| ---D \| C] -- C:\Users\DougiFresh\Documents\Azureus Downloads [2009/10/23 16:12:29 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Azureus [2009/10/23 16:12:29 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Azureus [2009/10/23 16:12:26 \| 00,000,000 \| ---D \| C] -- C:\Users\DougiFresh\AppData\Roaming\Azureus [2009/10/23 16:09:17 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\AskBarDis [2009/10/23 16:09:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Vuze [2009/10/21 12:12:17 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\HP Product Assistant [2009/10/21 12:12:17 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\HP Product Assistant [2009/10/21 12:10:57 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\HP [2009/10/21 12:08:42 \| 00,000,000 \| -H-D \| C] -- C:\Config.Msi [2009/10/20 18:29:01 \| 00,028,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2009/10/20 18:29:00 \| 04,240,384 \| ---- \| C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2009/10/20 18:28:45 \| 02,386,944 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL [2009/10/20 18:28:44 \| 02,868,224 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2009/10/20 18:28:14 \| 00,104,960 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll [2009/10/20 18:28:12 \| 00,027,136 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE [2009/10/20 18:28:12 \| 00,019,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE [2009/10/20 18:28:12 \| 00,010,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe [2009/10/20 18:28:12 \| 00,009,728 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE [2009/10/20 18:28:12 \| 00,008,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE [2009/10/20 18:28:11 \| 00,017,920 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE [2009/10/20 18:28:11 \| 00,017,920 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2009/10/20 18:28:11 \| 00,011,264 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE [2009/10/20 18:27:07 \| 00,428,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2009/10/20 18:27:06 \| 00,293,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2009/10/20 18:27:06 \| 00,217,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2009/10/20 18:27:06 \| 00,177,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2009/10/20 18:27:06 \| 00,080,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2009/10/20 18:26:02 \| 00,604,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL [2009/10/20 18:25:32 \| 11,069,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll [2009/10/20 18:25:29 \| 01,985,536 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll [2009/10/20 18:25:27 \| 01,208,832 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll [2009/10/20 18:25:27 \| 00,916,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2009/10/20 18:25:25 \| 00,594,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2009/10/20 18:25:25 \| 00,387,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2009/10/20 18:25:25 \| 00,206,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2009/10/20 18:25:20 \| 01,469,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2009/10/20 18:25:15 \| 00,164,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2009/10/20 18:25:12 \| 00,184,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2009/10/20 18:25:12 \| 00,133,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2009/10/20 18:25:12 \| 00,109,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2009/10/20 18:25:12 \| 00,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2009/10/20 18:25:11 \| 00,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2009/10/20 18:25:11 \| 00,071,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2009/10/20 18:25:11 \| 00,055,808 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2009/10/20 18:25:11 \| 00,025,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2009/10/20 18:25:11 \| 00,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2009/10/20 18:23:54 \| 00,213,504 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll [2009/10/20 18:20:05 \| 00,726,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2009/10/20 18:19:57 \| 00,061,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll [2009/10/20 18:19:51 \| 00,302,592 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll [2009/10/20 18:19:51 \| 00,293,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll [2009/10/20 18:19:51 \| 00,127,488 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll [2009/10/08 09:43:20 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Yahoo! Companion [2009/10/08 09:43:20 \| 00,000,000 \| ---D \| C] -- C:\Users\DougiFresh\AppData\Roaming\Yahoo! [2009/10/08 09:43:20 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Yahoo! Companion ========== Files - Modified Within 30 Days ========== [2009/11/05 09:46:52 \| 02,359,296 \| -HS- \| M] () -- C:\Users\DougiFresh\ntuser.dat [2009/11/05 09:44:46 \| 00,528,384 \| ---- \| M] (OldTimer Tools) -- C:\Users\DougiFresh\Desktop\OTL.exe [2009/11/05 09:40:36 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/05 09:40:36 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/05 09:29:54 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/11/05 00:22:15 \| 00,000,290 \| ---- \| M] () -- C:\ProgramData\hpqp.ini [2009/11/05 00:22:15 \| 00,000,290 \| ---- \| M] () -- C:\ProgramData\hpqp.ini [2009/11/04 20:19:34 \| 00,690,960 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/11/04 20:19:34 \| 00,595,684 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2009/11/04 20:19:34 \| 00,101,350 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2009/11/04 20:11:56 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/11/04 20:11:51 \| 41,934,60224 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/04 20:11:07 \| 05,146,684 \| -HS- \| M] () -- C:\Windows\SysNative\drivers\fidbox.dat [2009/11/04 20:11:07 \| 00,753,724 \| -HS- \| M] () -- C:\Windows\SysNative\drivers\fidbox2.dat [2009/11/04 20:11:07 \| 00,050,156 \| -HS- \| M] () -- C:\Windows\SysNative\drivers\fidbox.idx [2009/11/04 20:11:07 \| 00,005,076 \| -HS- \| M] () -- C:\Windows\SysNative\drivers\fidbox2.idx [2009/11/04 20:10:54 \| 00,524,288 \| -HS- \| M] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TMContainer00000000000000000001.regtrans-ms [2009/11/04 20:10:54 \| 00,065,536 \| -HS- \| M] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TM.blf [2009/11/04 20:10:52 \| 01,940,263 \| -H-- \| M] () -- C:\Users\DougiFresh\AppData\Local\IconCache.db [2009/11/04 20:03:47 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Users\DougiFresh\Desktop\TFC.exe [2009/11/01 20:27:53 \| 00,000,848 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/30 21:49:16 \| 00,000,792 \| ---- \| M] () -- C:\Users\DougiFresh\Desktop\Ark.zip [2009/10/30 21:08:35 \| 00,282,833 \| ---- \| M] () -- C:\Users\DougiFresh\Desktop\gmer.zip [2009/10/30 21:01:43 \| 00,523,776 \| ---- \| M] () -- C:\Users\DougiFresh\Desktop\dds.scr [2009/10/26 08:57:47 \| 00,000,680 \| ---- \| M] () -- C:\Users\DougiFresh\AppData\Local\d3d9caps.dat [2009/10/23 16:21:35 \| 00,001,700 \| ---- \| M] () -- C:\Users\DougiFresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk [2009/10/23 16:20:23 \| 00,001,754 \| ---- \| M] () -- C:\Users\DougiFresh\Desktop\LimeWire 5.3.6.lnk [2009/10/23 16:09:35 \| 00,001,687 \| ---- \| M] () -- C:\Users\Public\Desktop\Vuze.lnk [2009/10/21 18:14:52 \| 09,236,480 \| ---- \| M] () -- C:\Windows\SysNative\mshtml.dll [2009/10/21 14:36:56 \| 01,638,912 \| ---- \| M] () -- C:\Windows\SysNative\mshtml.tlb [2009/10/21 12:42:05 \| 07,126,557 \| ---- \| M] () -- C:\Users\DougiFresh\Documents\The Quiz Takehome Due Tue..zip [2009/10/21 12:33:32 \| 03,499,289 \| ---- \| M] () -- C:\Users\DougiFresh\Documents\HomeWork(Due Last week).zip [2009/10/21 12:19:19 \| 00,157,541 \| ---- \| M] () -- C:\Windows\hpoins28.dat [2009/10/21 12:18:53 \| 00,000,179 \| ---- \| M] () -- C:\Windows\win.ini [2009/10/21 12:15:06 \| 00,002,058 \| ---- \| M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 2.5.lnk [2009/10/21 12:13:29 \| 00,002,002 \| ---- \| M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/10/21 12:12:36 \| 00,001,184 \| ---- \| M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2009/10/21 02:40:08 \| 05,939,712 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009/10/21 00:19:16 \| 01,638,912 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb [2009/10/20 20:41:06 \| 00,000,354 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForDougiFresh.job [2009/10/20 17:13:28 \| 00,143,387 \| ---- \| M] () -- C:\Windows\SysNative\drivers\klin.dat [2009/10/20 17:13:28 \| 00,104,987 \| ---- \| M] () -- C:\Windows\SysNative\drivers\klick.dat [2009/10/20 17:13:09 \| 00,524,288 \| -HS- \| M] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TMContainer00000000000000000002.regtrans-ms [2009/10/20 17:04:43 \| 00,524,288 \| -HS- \| M] () -- C:\Users\DougiFresh\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009/10/20 17:04:43 \| 00,065,536 \| -HS- \| M] () -- C:\Users\DougiFresh\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2009/10/14 08:33:34 \| 00,010,219 \| ---- \| M] () -- C:\Users\DougiFresh\Documents\void.docx [2009/10/08 14:58:27 \| 00,014,855 \| ---- \| M] () -- C:\Users\DougiFresh\Documents\whitemencantjumpessay.docx [2009/10/08 14:27:15 \| 00,000,162 \| -H-- \| M] () -- C:\Users\DougiFresh\Documents\~$itemencantjumpessay.docx ========== Files Created - No Company Name ========== [2009/11/04 13:37:46 \| 09,236,480 \| ---- \| C] () -- C:\Windows\SysNative\mshtml.dll [2009/11/04 13:37:46 \| 01,638,912 \| ---- \| C] () -- C:\Windows\SysNative\mshtml.tlb [2009/11/02 22:36:39 \| 00,033,800 \| ---- \| C] () -- C:\Windows\SysNative\drivers\pavboot64.sys [2009/11/01 20:27:53 \| 00,000,848 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/01 20:27:20 \| 00,022,104 \| ---- \| C] () -- C:\Windows\SysNative\drivers\mbam.sys [2009/10/30 21:49:11 \| 00,000,792 \| ---- \| C] () -- C:\Users\DougiFresh\Desktop\Ark.zip [2009/10/30 21:08:29 \| 00,282,833 \| ---- \| C] () -- C:\Users\DougiFresh\Desktop\gmer.zip [2009/10/30 21:01:40 \| 00,523,776 \| ---- \| C] () -- C:\Users\DougiFresh\Desktop\dds.scr [2009/10/29 09:34:03 \| 02,621,440 \| ---- \| C] () -- C:\Windows\SysNative\wucltux.dll [2009/10/29 09:34:03 \| 02,424,024 \| ---- \| C] () -- C:\Windows\SysNative\wuaueng.dll [2009/10/29 09:34:03 \| 00,057,560 \| ---- \| C] () -- C:\Windows\SysNative\wuauclt.exe [2009/10/29 09:34:03 \| 00,043,744 \| ---- \| C] () -- C:\Windows\SysNative\wups2.dll [2009/10/29 09:32:40 \| 00,700,640 \| ---- \| C] () -- C:\Windows\SysNative\wuapi.dll [2009/10/29 09:32:40 \| 00,098,816 \| ---- \| C] () -- C:\Windows\SysNative\wudriver.dll [2009/10/29 09:32:40 \| 00,038,112 \| ---- \| C] () -- C:\Windows\SysNative\wups.dll [2009/10/29 09:31:18 \| 00,185,416 \| ---- \| C] () -- C:\Windows\SysNative\wuwebv.dll [2009/10/29 09:31:18 \| 00,036,864 \| ---- \| C] () -- C:\Windows\SysNative\wuapp.exe [2009/10/28 09:59:50 \| 13,426,176 \| ---- \| C] () -- C:\Windows\SysNative\wmp.dll [2009/10/28 09:59:50 \| 00,372,736 \| ---- \| C] () -- C:\Windows\SysNative\unregmp2.exe [2009/10/28 09:59:46 \| 08,147,968 \| ---- \| C] () -- C:\Windows\SysNative\wmploc.DLL [2009/10/23 16:21:35 \| 00,001,700 \| ---- \| C] () -- C:\Users\DougiFresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk [2009/10/23 16:20:23 \| 00,001,754 \| ---- \| C] () -- C:\Users\DougiFresh\Desktop\LimeWire 5.3.6.lnk [2009/10/23 16:09:35 \| 00,001,687 \| ---- \| C] () -- C:\Users\Public\Desktop\Vuze.lnk [2009/10/21 12:39:19 \| 07,126,557 \| ---- \| C] () -- C:\Users\DougiFresh\Documents\The Quiz Takehome Due Tue..zip [2009/10/21 12:33:14 \| 03,499,289 \| ---- \| C] () -- C:\Users\DougiFresh\Documents\HomeWork(Due Last week).zip [2009/10/21 12:15:06 \| 00,002,058 \| ---- \| C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 2.5.lnk [2009/10/21 12:13:29 \| 00,002,002 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/10/21 12:12:36 \| 00,001,184 \| ---- \| C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2009/10/21 12:09:48 \| 00,938,496 \| ---- \| C] () -- C:\Windows\SysNative\hpowiax7.dll [2009/10/21 12:09:48 \| 00,740,864 \| ---- \| C] () -- C:\Windows\SysNative\hpotscl6.dll [2009/10/21 12:09:48 \| 00,551,424 \| ---- \| C] () -- C:\Windows\SysNative\hppldcoi.dll [2009/10/21 12:09:48 \| 00,508,928 \| ---- \| C] () -- C:\Windows\SysNative\difxapi.dll [2009/10/21 12:09:48 \| 00,505,344 \| ---- \| C] () -- C:\Windows\SysNative\hpovst15.dll [2009/10/21 1231 \| 00,157,541 \| ---- \| C] () -- C:\Windows\hpoins28.dat [2009/10/20 18:42:59 \| 00,238,960 \| ---- \| C] () -- C:\Windows\SysNative\MpSigStub.exe [2009/10/20 18:29:01 \| 00,032,256 \| ---- \| C] () -- C:\Windows\SysNative\Apphlpdm.dll [2009/10/20 18:28:59 \| 04,240,384 \| ---- \| C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2009/10/20 18:28:47 \| 02,900,480 \| ---- \| C] () -- C:\Windows\SysNative\WMVCORE.DLL [2009/10/20 18:28:44 \| 03,547,136 \| ---- \| C] () -- C:\Windows\SysNative\mf.dll [2009/10/20 18:28:16 \| 01,418,840 \| ---- \| C] () -- C:\Windows\SysNative\drivers\tcpip.sys [2009/10/20 18:28:15 \| 00,141,312 \| ---- \| C] () -- C:\Windows\SysNative\netiohlp.dll [2009/10/20 18:28:13 \| 00,032,256 \| ---- \| C] () -- C:\Windows\SysNative\NETSTAT.EXE [2009/10/20 18:28:13 \| 00,023,040 \| ---- \| C] () -- C:\Windows\SysNative\ARP.EXE [2009/10/20 18:28:12 \| 00,012,800 \| ---- \| C] () -- C:\Windows\SysNative\MRINFO.EXE [2009/10/20 18:28:12 \| 00,010,752 \| ---- \| C] () -- C:\Windows\SysNative\TCPSVCS.EXE [2009/10/20 18:28:11 \| 00,021,504 \| ---- \| C] () -- C:\Windows\SysNative\ROUTE.EXE [2009/10/20 18:28:11 \| 00,017,920 \| ---- \| C] () -- C:\Windows\SysNative\netevent.dll [2009/10/20 18:28:11 \| 00,011,264 \| ---- \| C] () -- C:\Windows\SysNative\finger.exe [2009/10/20 18:28:11 \| 00,010,240 \| ---- \| C] () -- C:\Windows\SysNative\HOSTNAME.EXE [2009/10/20 18:27:21 \| 04,691,016 \| ---- \| C] () -- C:\Windows\SysNative\ntoskrnl.exe [2009/10/20 18:27:08 \| 00,289,792 \| ---- \| C] () -- C:\Windows\SysNative\psisrndr.ax [2009/10/20 18:27:07 \| 00,558,592 \| ---- \| C] () -- C:\Windows\SysNative\EncDec.dll [2009/10/20 18:27:06 \| 00,375,808 \| ---- \| C] () -- C:\Windows\SysNative\psisdecd.dll [2009/10/20 18:27:06 \| 00,227,328 \| ---- \| C] () -- C:\Windows\SysNative\mpg2splt.ax [2009/10/20 18:27:06 \| 00,101,376 \| ---- \| C] () -- C:\Windows\SysNative\MSNP.ax [2009/10/20 18:26:02 \| 00,818,688 \| ---- \| C] () -- C:\Windows\SysNative\WMSPDMOD.DLL [2009/10/20 18:25:37 \| 12,461,568 \| ---- \| C] () -- C:\Windows\SysNative\ieframe.dll [2009/10/20 18:25:28 \| 02,334,208 \| ---- \| C] () -- C:\Windows\SysNative\iertutil.dll [2009/10/20 18:25:26 \| 01,484,288 \| ---- \| C] () -- C:\Windows\SysNative\urlmon.dll [2009/10/20 18:25:26 \| 01,147,904 \| ---- \| C] () -- C:\Windows\SysNative\wininet.dll [2009/10/20 18:25:25 \| 00,700,928 \| ---- \| C] () -- C:\Windows\SysNative\msfeeds.dll [2009/10/20 18:25:25 \| 00,459,776 \| ---- \| C] () -- C:\Windows\SysNative\iedkcs32.dll [2009/10/20 18:25:25 \| 00,243,712 \| ---- \| C] () -- C:\Windows\SysNative\occache.dll [2009/10/20 18:25:20 \| 01,538,560 \| ---- \| C] () -- C:\Windows\SysNative\inetcpl.cpl [2009/10/20 18:25:12 \| 00,252,416 \| ---- \| C] () -- C:\Windows\SysNative\iepeers.dll [2009/10/20 18:25:12 \| 00,162,816 \| ---- \| C] () -- C:\Windows\SysNative\ieUnatt.exe [2009/10/20 18:25:12 \| 00,071,680 \| ---- \| C] () -- C:\Windows\SysNative\msfeedsbs.dll [2009/10/20 18:25:12 \| 00,070,656 \| ---- \| C] () -- C:\Windows\SysNative\ie4uinit.exe [2009/10/20 18:25:11 \| 00,219,136 \| ---- \| C] () -- C:\Windows\SysNative\ieui.dll [2009/10/20 18:25:11 \| 00,132,096 \| ---- \| C] () -- C:\Windows\SysNative\iesysprep.dll [2009/10/20 18:25:11 \| 00,077,312 \| ---- \| C] () -- C:\Windows\SysNative\iesetup.dll [2009/10/20 18:25:11 \| 00,072,192 \| ---- \| C] () -- C:\Windows\SysNative\iernonce.dll [2009/10/20 18:25:11 \| 00,031,744 \| ---- \| C] () -- C:\Windows\SysNative\jsproxy.dll [2009/10/20 18:25:11 \| 00,012,288 \| ---- \| C] () -- C:\Windows\SysNative\msfeedssync.exe [2009/10/20 18:23:54 \| 00,268,800 \| ---- \| C] () -- C:\Windows\SysNative\msv1_0.dll [2009/10/20 18:20:20 \| 00,174,592 \| ---- \| C] () -- C:\Windows\SysNative\drivers\srv2.sys [2009/10/20 18:20:05 \| 00,818,176 \| ---- \| C] () -- C:\Windows\SysNative\jscript.dll [2009/10/20 18:19:58 \| 00,082,944 \| ---- \| C] () -- C:\Windows\SysNative\msasn1.dll [2009/10/20 18:19:55 \| 02,608,803 \| ---- \| C] () -- C:\Windows\SysNative\wlan.tmf [2009/10/20 18:19:53 \| 00,353,280 \| ---- \| C] () -- C:\Windows\SysNative\wlanmsm.dll [2009/10/20 18:19:52 \| 00,376,832 \| ---- \| C] () -- C:\Windows\SysNative\wlansec.dll [2009/10/20 18:19:52 \| 00,157,184 \| ---- \| C] () -- C:\Windows\SysNative\L2SecHC.dll [2009/10/20 18:19:51 \| 00,615,936 \| ---- \| C] () -- C:\Windows\SysNative\wlansvc.dll [2009/10/20 18:19:51 \| 00,097,792 \| ---- \| C] () -- C:\Windows\SysNative\wlanhlp.dll [2009/10/20 18:19:51 \| 00,086,528 \| ---- \| C] () -- C:\Windows\SysNative\wlanapi.dll [2009/10/20 17:20:41 \| 01,940,263 \| -H-- \| C] () -- C:\Users\DougiFresh\AppData\Local\IconCache.db [2009/10/20 17:13:09 \| 00,524,288 \| -HS- \| C] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TMContainer00000000000000000002.regtrans-ms [2009/10/20 17:13:09 \| 00,524,288 \| -HS- \| C] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TMContainer00000000000000000001.regtrans-ms [2009/10/20 17:13:09 \| 00,065,536 \| -HS- \| C] () -- C:\Users\DougiFresh\ntuser.dat{1cda0e13-bddd-11de-bafa-ec3b72c6a6ad}.TM.blf [2009/10/20 17:12:21 \| 41,934,60224 \| -HS- \| C] () -- C:\hiberfil.sys [2009/10/14 08:33:32 \| 00,010,219 \| ---- \| C] () -- C:\Users\DougiFresh\Documents\void.docx [2009/10/08 14:27:15 \| 00,000,162 \| -H-- \| C] () -- C:\Users\DougiFresh\Documents\~$itemencantjumpessay.docx [2009/10/08 14:27:14 \| 00,014,855 \| ---- \| C] () -- C:\Users\DougiFresh\Documents\whitemencantjumpessay.docx [2009/09/27 09:32:12 \| 00,000,732 \| ---- \| C] () -- C:\Users\DougiFresh\AppData\Local\d3d9caps64.dat [2009/08/31 19:03:42 \| 00,524,288 \| -HS- \| C] () -- C:\ProgramData\ntuser.dat{47550d35-969f-11de-b9a3-001f16db39e5}.TMContainer00000000000000000002.regtrans-ms [2009/08/31 19:03:42 \| 00,524,288 \| -HS- \| C] () -- C:\ProgramData\ntuser.dat{47550d35-969f-11de-b9a3-001f16db39e5}.TMContainer00000000000000000001.regtrans-ms [2009/08/31 19:03:42 \| 00,262,144 \| ---- \| C] () -- C:\ProgramData\ntuser.dat [2009/08/31 19:03:42 \| 00,065,536 \| -HS- \| C] () -- C:\ProgramData\ntuser.dat{47550d35-969f-11de-b9a3-001f16db39e5}.TM.blf [2009/08/31 19:03:42 \| 00,005,120 \| -H-- \| C] () -- C:\ProgramData\ntuser.dat.LOG1 [2009/08/31 19:03:42 \| 00,000,000 \| -H-- \| C] () -- C:\ProgramData\ntuser.dat.LOG2 [2009/08/31 17:10:56 \| 00,005,120 \| ---- \| C] () -- C:\Users\DougiFresh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/31 16:30:21 \| 00,003,423 \| ---- \| C] () -- C:\ProgramData\hpzinstall.log [2009/08/28 06:59:39 \| 00,000,000 \| ---- \| C] () -- C:\Users\DougiFresh\AppData\Roaming\wklnhst.dat [2009/08/27 15:47:45 \| 00,000,680 \| ---- \| C] () -- C:\Users\DougiFresh\AppData\Local\d3d9caps.dat [2009/08/26 21:08:58 \| 00,000,021 \| ---- \| C] () -- C:\ProgramData\hpqp.txt [2009/08/26 04:23:25 \| 00,000,000 \| ---- \| C] () -- C:\Users\DougiFresh\AppData\Local\QSwitch.txt [2009/08/26 04:23:25 \| 00,000,000 \| ---- \| C] () -- C:\Users\DougiFresh\AppData\Local\DSwitch.txt [2009/08/26 04:23:25 \| 00,000,000 \| ---- \| C] () -- C:\Users\DougiFresh\AppData\Local\AtStart.txt [2009/08/26 04:21:00 \| 00,075,280 \| ---- \| C] () -- C:\Users\DougiFresh\AppData\Local\GDIPFONTCACHEV1.DAT [2009/06/26 07:18:36 \| 00,000,105 \| ---- \| C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2009/06/26 07:18:27 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2009/06/26 07:18:00 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2009/06/26 07:17:27 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2009/06/26 07:15:22 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2009/06/26 07:14:54 \| 00,000,290 \| ---- \| C] () -- C:\ProgramData\hpqp.ini [2009/04/20 16:00:42 \| 00,000,109 \| ---- \| C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2009/04/20 15:53:32 \| 00,000,110 \| ---- \| C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2009/04/20 15:51:19 \| 00,000,105 \| ---- \| C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2009/04/20 15:49:39 \| 00,000,107 \| ---- \| C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2008/01/20 18:50:05 \| 00,060,124 \| ---- \| C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 18:49:49 \| 00,368,640 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006/11/02 07:25:49 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files (x86)\desktop.ini [2006/11/02 07:07:25 \| 00,030,808 \| ---- \| C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2006/11/02 07:07:25 \| 00,029,779 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 07:07:25 \| 00,026,489 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 07:07:25 \| 00,026,040 \| ---- \| C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 04:34:27 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 04:34:27 \| 00,000,179 \| ---- \| C] () -- C:\Windows\win.ini ========== LOP Check ========== [2009/11/03 19:24:56 \| 00,000,000 \| ---D \| M] -- C:\Users\DougiFresh\AppData\Roaming\Azureus [2009/09/25 13:27:06 \| 00,000,000 \| ---D \| M] -- C:\Users\DougiFresh\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/11/05 00:23:40 \| 00,000,000 \| ---D \| M] -- C:\Users\DougiFresh\AppData\Roaming\LimeWire [2009/08/28 06:59:41 \| 00,000,000 \| ---D \| M] -- C:\Users\DougiFresh\AppData\Roaming\Template [2009/11/04 20:11:56 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\Tasks\SA.DAT [2009/11/04 20:10:57 \| 00,023,650 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >

11-05-2009, 06:46 PM	#7 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,209 OS: XP sp3	Re: Suspected Spyware/Adware. Hi, Please do the following: Visit ADOBEand download the latest version of Acrobat Reader (version 9.2) Having the latest updates ensures there are no security vulnerabilities in your system. NEXT Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop. Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and AppletsTrace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. NEXT P2P - I see you have P2P software azeurus & vuse installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. Please see this topic for more information: Perils of P2P File Sharing. I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. Also, please advise how your computer is running and if there are any outstanding issues. __________________ ASAP & UNITE Member

11-19-2009, 07:43 PM	#8 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,539 OS: XP SP3	Re: Suspected Spyware/Adware. Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: http://www.techsupportforum.com/secu...oval-help.html __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006