Solved HiJackThis log please (2)

Danc20 · Sep 8, 2010

c:\windows\system32\_003692_.tmp.dll
c:\windows\system32\_003693_.tmp.dll
c:\windows\system32\_003695_.tmp.dll
c:\windows\system32\_003696_.tmp.dll
c:\windows\system32\_003700_.tmp.dll
c:\windows\system32\_003701_.tmp.dll
c:\windows\system32\_003703_.tmp.dll
c:\windows\system32\_003706_.tmp.dll
c:\windows\system32\_003708_.tmp.dll
c:\windows\system32\_003709_.tmp.dll
c:\windows\system32\_003710_.tmp.dll
c:\windows\system32\_003711_.tmp.dll
c:\windows\system32\_003714_.tmp.dll
c:\windows\system32\_003715_.tmp.dll
c:\windows\system32\_003716_.tmp.dll
c:\windows\system32\_003717_.tmp.dll
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003723_.tmp.dll
c:\windows\system32\_003725_.tmp.dll
c:\windows\system32\_003726_.tmp.dll
c:\windows\system32\_006755_.tmp.dll
c:\windows\system32\_006756_.tmp.dll
c:\windows\system32\_006757_.tmp.dll
c:\windows\system32\_006758_.tmp.dll
c:\windows\system32\_006765_.tmp.dll
c:\windows\system32\_006766_.tmp.dll
c:\windows\system32\_006767_.tmp.dll
c:\windows\system32\_006769_.tmp.dll
c:\windows\system32\_006770_.tmp.dll
c:\windows\system32\_006773_.tmp.dll
c:\windows\system32\_006774_.tmp.dll
c:\windows\system32\_006776_.tmp.dll
c:\windows\system32\_006777_.tmp.dll
c:\windows\system32\_006778_.tmp.dll
c:\windows\system32\_006780_.tmp.dll
c:\windows\system32\_006783_.tmp.dll
c:\windows\system32\_006784_.tmp.dll
c:\windows\system32\_006788_.tmp.dll
c:\windows\system32\_006789_.tmp.dll
c:\windows\system32\_006791_.tmp.dll
c:\windows\system32\_006794_.tmp.dll
c:\windows\system32\_006796_.tmp.dll
c:\windows\system32\_006797_.tmp.dll
c:\windows\system32\_006798_.tmp.dll
c:\windows\system32\_006799_.tmp.dll
c:\windows\system32\_006802_.tmp.dll
c:\windows\system32\_006803_.tmp.dll
c:\windows\system32\_006804_.tmp.dll
c:\windows\system32\_006805_.tmp.dll
c:\windows\system32\_006806_.tmp.dll
c:\windows\system32\_006811_.tmp.dll
c:\windows\system32\_006813_.tmp.dll
c:\windows\system32\_006814_.tmp.dll
c:\windows\twain_16.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-06 20:59 . 2010-09-06 20:59 -------- d-----w- C:\_OTM
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\Reno 911 Paintball
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\G-Force
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\BitTorrent
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Gwen\Application Data\Viewpoint
2010-09-03 03:56 . 2010-09-03 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-09-02 00:58 . 2010-09-02 00:58 -------- d-----w- c:\documents and settings\Family\Application Data\Registry Mechanic
2010-08-31 20:50 . 2010-08-31 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-08-28 19:38 . 2010-08-28 19:40 -------- d-----w- c:\documents and settings\Family\Application Data\QuickScan
2010-08-27 21:22 . 2010-09-03 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-23 05:10 . 2010-08-23 05:10 -------- d-----w- c:\program files\The Weather Channel FW
2010-08-21 07:13 . 2010-08-21 07:13 -------- d-----w- c:\documents and settings\Gwen\Local Settings\Application Data\Threat Expert
2010-08-21 06:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 06:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 02:40 . 2010-08-21 02:40 -------- d-----w- c:\program files\MSSOAP
2010-08-21 02:39 . 2010-08-21 02:39 164 ----a-w- c:\windows\install.dat
2010-08-19 00:53 . 2010-08-19 00:53 -------- d-----w- c:\program files\MSBuild
2010-08-19 00:52 . 2010-08-19 00:52 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-19 00:52 . 2010-08-19 00:52 -------- d-----w- c:\windows\system32\URTTemp
2010-08-18 22:42 . 2010-08-19 00:51 -------- d-----w- c:\program files\Microsoft Platform SDK
2010-08-10 03:46 . 2010-08-10 06:17 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\FLVService
2010-08-10 03:46 . 2010-08-10 03:46 -------- d-----w- c:\windows\Freecorder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 21:22 . 2010-07-06 22:15 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2010-09-06 07:01 . 2007-08-29 03:37 -------- d-----w- c:\program files\ESET
2010-09-06 05:58 . 2010-07-21 01:44 63488 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-06 05:58 . 2010-07-21 01:44 117760 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-05 03:59 . 2007-07-07 04:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-04 04:22 . 2008-01-26 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-03 04:11 . 2009-12-09 04:00 -------- d-----w- c:\program files\Steam
2010-09-03 04:08 . 2007-05-13 01:29 -------- d-----w- c:\program files\Logitech
2010-09-03 04:08 . 2007-06-16 00:39 -------- d-----w- c:\program files\DivX
2010-09-03 04:06 . 2009-10-12 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-09-02 06:51 . 2010-09-02 06:51 0 ----a-w- c:\documents and settings\Family\ntuser.tmp
2010-09-01 21:39 . 2005-09-23 22:18 98920 ----a-w- c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-31 20:52 . 2007-04-04 00:32 -------- d-----w- c:\documents and settings\Family\Application Data\Uniblue
2010-08-27 21:22 . 2010-08-27 21:22 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-27 20:13 . 2010-02-22 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-25 00:18 . 2007-05-02 04:02 -------- d-----w- c:\documents and settings\Family\Application Data\Creative
2010-08-21 06:18 . 2010-08-21 06:18 7089544 ----a-w- c:\documents and settings\Administrator\Application Data\wruninstall.exe
2010-08-21 06:18 . 2010-08-21 06:18 7089544 ----a-w- c:\documents and settings\Administrator\Application Data\wruninstall.exe
2010-08-20 00:13 . 2005-09-14 19:38 -------- d-----w- c:\program files\Java
2010-08-20 00:11 . 2010-08-20 00:11 503808 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\msvcp71.dll
2010-08-20 00:11 . 2010-08-20 00:11 61440 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ecac15c-n\decora-sse.dll
2010-08-20 00:11 . 2010-08-20 00:11 499712 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\jmc.dll
2010-08-20 00:11 . 2010-08-20 00:11 348160 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\msvcr71.dll
2010-08-20 00:11 . 2010-08-20 00:11 12800 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ecac15c-n\decora-d3d.dll
2010-08-20 00:11 . 2005-09-14 19:38 -------- d-----w- c:\program files\Common Files\Java
2010-08-19 03:23 . 2010-08-02 05:04 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-19 00:50 . 2007-07-22 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-17 07:27 . 2007-09-07 00:36 -------- d-----w- c:\documents and settings\Family\Application Data\LimeWire
2010-08-08 02:53 . 2005-09-23 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 01:44 . 2010-07-21 01:44 52224 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-21 01:44 . 2010-07-21 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-21 01:44 . 2010-07-21 01:44 -------- d-----w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com
2010-07-21 01:42 . 2008-01-21 08:33 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-21 01:35 . 2010-07-21 01:35 -------- d-----w- c:\documents and settings\Family\Application Data\AVS4YOU
2010-07-21 01:27 . 2009-12-04 00:57 -------- d-----w- c:\documents and settings\Family\Application Data\Amazon
2010-07-18 23:29 . 2010-07-18 23:29 -------- d-----w- c:\documents and settings\Family\Application Data\BigBrainz
2010-07-18 22:20 . 2010-07-18 22:20 388096 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-17 12:00 . 2010-06-16 20:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 05:32 . 2010-07-15 05:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-11 22:31 . 2010-04-15 23:37 -------- d-----w- c:\documents and settings\Family\Application Data\SanDisk
2010-07-11 21:41 . 2009-08-23 03:27 -------- d-----w- c:\program files\SanDisk
2010-07-11 21:29 . 2010-07-11 21:29 -------- d-----w- c:\program files\Python31
2010-07-11 08:03 . 2010-07-11 08:03 -------- d-----w- c:\documents and settings\Family\Application Data\ssorgatem productions
2010-07-06 17:29 . 2010-07-15 05:32 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-06 17:28 . 2010-05-12 03:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 2010-05-09 03:34 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-19 20:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2010-05-09 03:34 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 20:55 . 2009-12-28 04:59 75636 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-21 15:27 . 2010-05-09 03:34 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 05:09 . 2010-06-19 05:09 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-19 03:16 . 2009-10-17 23:07 87 ----a-w- c:\documents and settings\Family\jagex_runescape_preferences2.dat
2010-06-19 03:16 . 2008-08-20 02:34 45 ----a-w- c:\documents and settings\Family\jagex_runescape_preferences.dat
2010-06-19 03:14 . 2010-06-19 03:14 0 ----a-w- c:\documents and settings\Family\jagex__preferences3.dat
2010-06-17 14:03 . 2004-08-19 20:49 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 20:43 . 2010-06-16 20:43 503808 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\msvcp71.dll
2010-06-16 20:43 . 2010-06-16 20:43 499712 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\jmc.dll
2010-06-16 20:43 . 2010-06-16 20:43 348160 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\msvcr71.dll
2010-06-16 20:43 . 2010-06-16 20:43 61440 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66ef6111-n\decora-sse.dll
2010-06-16 20:43 . 2010-06-16 20:43 12800 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66ef6111-n\decora-d3d.dll
2010-06-14 07:41 . 2004-08-19 20:49 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-13 04:11 . 2010-06-13 04:11 25214 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{4E1CE76A-B1FF-48FB-813F-22094537D143}\_E8445D1F15C9D9AE94D47B.exe
2010-06-13 04:11 . 2010-06-13 04:11 25214 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{4E1CE76A-B1FF-48FB-813F-22094537D143}\_C13252BF82CA8110419144.exe
2010-06-13 04:11 . 2010-06-13 04:11 25214 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{4E1CE76A-B1FF-48FB-813F-22094537D143}\_6FEFF9B68218417F98F549.exe
2010-06-13 04:11 . 2010-06-13 04:11 25214 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{4E1CE76A-B1FF-48FB-813F-22094537D143}\_1DF2F493C354ABFB693331.exe
2004-05-21 08:30 . 2005-10-06 20:57 52736 ----a-w- c:\program files\cryptainerlemobile.exe
2009-10-20 02:59 . 2010-05-02 04:49 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-11-24 21:14 . 2009-11-24 21:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 20:10 . 2009-11-28 20:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2005-10-24 19:13 . 2005-10-24 19:13 66560 --sha-r- c:\windows\MOTA113.exe
2006-03-22 00:35 . 2005-12-02 21:02 56 --sha-r- c:\windows\system32\2F0796B60D.sys
2005-06-26 23:32 . 2005-06-26 23:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 06:37 . 2005-06-22 06:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 08:00 . 2004-01-25 08:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-03-22 00:35 . 2006-03-16 23:34 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2005-02-28 21:16 . 2005-02-28 21:16 240128 --sha-r- c:\windows\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Administrator\Application Data\wruninstall.exe [2010-8-20 7089544]

c:\documents and settings\Gwen\Start Menu\Programs\Startup\
Download Manager.lnk - c:\program files\Snocap\Download Manager\NodeStarter.exe [2008-1-30 352256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

Danc20 · Sep 8, 2010

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Susteen\\DataPilot\\DpLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Family\\Desktop\\Neutral\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Snocap\\Download Manager\\active\\downloadmgr.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\rfconnelly2@comcast.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\rfconnelly2@comcast.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4050:TCP"= 4050:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [12/11/2009 3:52 PM 74088]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/2/2009 1:00 PM 135336]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/11/2009 3:52 PM 1078632]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [5/21/2004 1:30 AM 100728]
S1 SABKUTIL;SABKUTIL;\??\g:\computer protection\Super AntiSpyWare\SABKUTIL.sys --> g:\computer protection\Super AntiSpyWare\SABKUTIL.sys [?]
S1 SASDIFSV;SASDIFSV;\??\g:\computer protection\SASDIFSV.SYS --> g:\computer protection\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\g:\computer protection\SASKUTIL.SYS --> g:\computer protection\SASKUTIL.SYS [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 10:28 AM 1355928]
S3 atidgllk;atidgllk;c:\dell\Drivers\R103296\atidgllk.sys [11/6/2005 10:49 PM 5120]
S3 CQX;Susteen Virtual Serial Port Driver;c:\windows\system32\drivers\CQX.SYS [3/21/2003 10:44 AM 38144]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\kernexplorer.sys [8/11/2010 11:16 PM 15008]
S3 Mraucdsg;Mraucdsg; [x]
S3 TMPassthruMP;TMPassthruMP; [x]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 1:14 PM 133104]
S4 IS360service;IS360service;g:\computer protection\IObit Security 360\IS360srv.exe --> g:\computer protection\IObit Security 360\IS360srv.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 03:17]

2010-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\Family\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CTCheck - f:\e drive program files\Creative ZEN\ZEN Media Explorer\CTCheck.exe
SafeBoot-Wdf01000.sys
MSConfigStartUp-CTFMON - (no file)
AddRemove-Eraser_is1 - f:\joseph\Eraser\unins000.exe
AddRemove-Graboid Video - f:\e drive program files\Graboid\uninst.exe
AddRemove-IObit Security 360_is1 - g:\computer protection\IObit Security 360\unins000.exe
AddRemove-MP3MyMP3_is1 - f:\e drive program files\MP3MyMP3 3.0\unins000.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 14:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\4b0\3149402]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\5ac\000A2700151426B7]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\781\070415301827]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\ATI Drivers]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software\Modem Helper]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\Konfabulator.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\mplayer2.exe\SupportedTypes]
@DACL=(02 0000)
".aa"=""
".aif"=""
".aifc"=""
".aiff"=""
".asf"=""
".asx"=""
".au"=""
".avi"=""
".cda"=""
".dvr-ms"=""
".m1v"=""
".m2v"=""
".m3u"=""
".mid"=""
".midi"=""
".mod"=""
".mp2"=""
".mp2v"=""
".mp3"=""
".mpa"=""
".mpe"=""
".mpeg"=""
".mpg"=""
".mpv2"=""
".rmi"=""
".snd"=""
".wav"=""
".wax"=""
".wm"=""
".wma"=""
".wmd"=""
".wms"=""
".wmv"=""
".wmx"=""
".wmz"=""
".wpl"=""
".wvx"=""

[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\SupportedTypes]
@DACL=(02 0000)
@=""
".mp3"=""
".m3u"=""
".cda"=""
".wav"=""
".mpg"=""
".mpeg"=""
".mpv"=""
".mps"=""
".m2v"=""
".m1v"=""
".mpe"=""
".mpa"=""
".avi"=""
".mp4"=""
".m4e"=""
".rt"=""
".rnx"=""
".rmp"=""
".rms"=""
".rjs"=""
".ra"=""
".rax"=""
".rm"=""
".rmvb"=""
".rp"=""
".ram"=""
".rmm"=""
".rsml"=""
".rv"=""
".rvx"=""
".rmj"=""
".rjt"=""
".rmx"=""
".wma"=""
".wmv"=""
".wax"=""
".asx"=""
".asf"=""
".wm"=""
".wmx"=""
".wvx"=""
".mov"=""
".qt"=""
".aac"=""
".m4a"=""
".m4p"=""
".mp2"=""
".mp1"=""
".mpga"=""
".pls"=""
".xpl"=""
".smi"=""
".smil"=""
".ssm"=""
".sdp"=""
".au"=""
".aif"=""
".aiff"=""
".mid"=""
".midi"=""
".rmi"=""
".acp"=""
".lmsff"=""
".lqt"=""
".lavs"=""
".lar"=""
".la1"=""
".rpl"=""
".3gp"=""
".amr"=""
".awb"=""
".3g2"=""
".divx"=""
".rpm"=""

[HKEY_LOCAL_MACHINE\software\Classes\Applications\YahooWidgetEngine.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\bittorrent\Content Type]
@DACL=(02 0000)
@="application/x-bittorrent"

Danc20 · Sep 8, 2010

[HKEY_LOCAL_MACHINE\software\Classes\bittorrent\DefaultIcon]
@DACL=(02 0000)
"OldDefault"="\"c:\\Documents and Settings\\Family\\Desktop\\Daniel\\BitComet\\BitComet.exe\",1"

[HKEY_LOCAL_MACHINE\software\Classes\bittorrent\shell]
@DACL=(02 0000)
@="open"

[HKEY_LOCAL_MACHINE\software\Classes\bwpfile\Shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\InProcServer32]
@DACL=(02 0000)
"ThreadingModel"="Apartment"
"InprocServer32"=multi:"2F$_Vn-}f(YR]eAR6.jiOUTLOOKNonBootFiles>zYbuUK-pf(BZ)L[lj+'(\00\00"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\Shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\shellex]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\ShellFolder]
@DACL=(02 0000)
"Attributes"=hex:72,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7587D-871C-4944-9CEE-FDF6F70AAB60}\InprocServer32]
@DACL=(02 0000)
"Settings"=hex:34,00,00,00,23,66,53,9f,98,07,b5,5b,b1,32,66,b5,66,eb,32,66,91,
5b,35,65,00,9a,e7,65,ef,5b,5b,5b,5b,5b,ef,23,b1,eb,35,02,6a,d8,28,28,fb,02,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\DefaultIcon]
@DACL=(02 0000)
@="c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmjblaunch.exe,1"

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\InstallInfo]
@DACL=(02 0000)
"HideIconsCommand"="\"c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\refreshicon.exe\" /h"
"ShowIconsCommand"="\"c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\refreshicon.exe\" /s"
"ReinstallCommand"="\"c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\refreshicon.exe\" /i"
"IconsVisible"=dword:00000001
"OEMShowIcons"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Cygnus Solutions\Cygwin\mounts v2]
@Class="cygnus"
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Cygnus Solutions\Cygwin\Program Options]
@Class="cygnus"
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Digital Praise\Guitar Praise]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\EPSON America Inc.\EPSON Stylus CX9400Fax Series Scanner Driver Update]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack\MozillaOrgSunbirdTrunkWin322006100618]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack\MozillaOrgThunderbird15Win322006090918]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
@DACL=(02 0000)
"ieuser.exe"=dword:00000001
"iexplore.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
@DACL=(02 0000)
"YahooMusicEngine.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
@DACL=(02 0000)
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@DACL=(02 0000)
"msiexec.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
@DACL=(02 0000)
"iexplore.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
@DACL=(02 0000)
"helppane.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
@DACL=(02 0000)
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
@DACL=(02 0000)
"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
@DACL=(02 0000)
"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\11.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\7.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\9.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\MLS]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1\0,0,800,600]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\G-Force]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\SoftSkies]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Schemes]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
"NoServices"=dword:00000000
"ServiceExtra"="Partner=Dell&MachineID=GF84H81\00\00????i\00Ÿ'?\06\00'??\1d\00?'\00'\00\00?\06???\06??z\00?\06??\00'??\00'?'\00\00\00\00\00\00?? \00????Ÿ'\00'\00\00\00'?\06???\06?\01\04\00?\06???\06??????????\00'\00\00???????\06\00'??\03\00?'\00'???\06???\06??????????????\0e\00???\06?\06\00\00???????'\00'???\06?\06?\06??\08\00??????Ÿ'????????????Ÿ'???????\06\00'Ÿ'?\06\01\00???'?\06???'?????'????z"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\MediaGuide]
@DACL=(02 0000)
"FriendlyName"="Media Guide"
"ColorPlayer"="#0063B0"
"ImageLargeURL"="http://images.metaservices.microsoft.com/svcswitch/WindowsMediaPlayer11_30x30.png"
"ImageMenuURL"="http://images.metaservices.microsoft.com/svcswitch/wm_com_v_rgb_15x15.png"
"Task1ButtonText"="Media Guide"
"Task1ButtonTip"="Media Guide"
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\Napster]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\firefox.exe]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions\iMesh]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions\OverDrive, Inc.]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{EC9B8ACF-09C1-4C7B-A6BA-F5CBC478CA71}]
@DACL=(02 0000)
"FriendlyName"="res://MMRadioWMPPlugin.dll/RT_STRING/#102"
"Description"="res://MMRadioWMPPlugin.dll/RT_STRING/#103"
"Capabilities"=dword:c2000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.m2v]
@DACL=(02 0000)
"Extension.Handler"="mpegfile"
"Permissions"=dword:0000000f
"PerceivedType"="video"
"MediaType.Description"="Movie Clip"
"MediaType.DescriptionID"="9902"
"MediaType.Icon"="quartz.dll,-103"
"Extension.MIME"="video/mpeg"
"ReplaceApps"="mplayer2.exe|amovie.ocx|mplayer.exe|iexplore.exe"
"SuperiorApps"="wmplayer.exe"
"MCIHandler"="MPEGVideo"
"Shell.Open"="/prefetch:9 /Open \"%L\""
"Shell.AltVerb.Cmd"="/prefetch:9 /Play \"%L\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.m4a]
@DACL=(02 0000)
"Permissions"=dword:0000000f
"Runtime"=dword:00000007

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.mod]
@DACL=(02 0000)
"Extension.Handler"="mpegfile"
"Permissions"=dword:0000000f
"PerceivedType"="video"
"MediaType.Description"="Movie Clip"
"MediaType.DescriptionID"="9902"
"MediaType.Icon"="quartz.dll,-103"
"Extension.MIME"="video/mpeg"
"ReplaceApps"="mplayer2.exe|amovie.ocx|mplayer.exe|iexplore.exe"
"SuperiorApps"="wmplayer.exe"
"MCIHandler"="MPEGVideo"
"Shell.Open"="/prefetch:9 /Open \"%L\""
"Shell.AltVerb.Cmd"="/prefetch:9 /Play \"%L\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.mp4]
@DACL=(02 0000)
"Permissions"=dword:0000000f
"Runtime"=dword:00000007

[HKEY_LOCAL_MACHINE\software\NetGame\MPlugin_USA\1.5.0.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Sibelius Software\Scorch\Preferences]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Symantec\SharedUsage]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\ViewSonic Corporation\ViewSonic Monitor Drivers]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.\SharedDlls]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3820)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
.
**************************************************************************
.
Completion time: 2010-09-08 14:35:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-08 21:35

Pre-Run: 9,262,993,408 bytes free
Post-Run: 9,490,038,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - EE43FA4E584D3EC3BF115C2C17334291

Danc20 · Sep 8, 2010

I got a notice saying "A change has been detected in your IE search Page. Http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

I rejected the page redirection.

Attached is the scotty notice I got. I will reject it unless you tell me to do otherwise in time. Thanks for your help, it removed some bad stuff which is good

.

Edit: I remembered before, Scotty also asked me to approve a startup program called Shell32.dll I think. I clicked yes, but now might be regretting it. It is on my mom's also and I keep clicking no or exit (although when I clicked no it says it's not good because it is a windows component or something). Any direction on what to do about this I appreciate.

Eset Nod32 Online Scanner Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7de763e74e0c2d4a89b49b1790248b36
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-09 03:55:53
# local_time=2010-09-08 08:55:53 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 9689266 9689266 0 0
# compatibility_mode=1797 16775125 100 100 201470 58772556 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=299251
# found=0
# cleaned=0
# scan_time=6164

Danc20 · Sep 9, 2010

A new development has occurred. Something got into my e-mail address and somehow sent a url link to some of my contacts. I was wondering, should I install/reinstall my antivirus program? I cannot seem to scan when two people are on an account, it scans on the other persons account (weird). They have a manual delete option with a registry cleaner which should be safe, but I'll wait for you on this.

Bobbye · Sep 9, 2010

Please disable 'Scotty' while I am helping you. In fact, I recommend putting a muzzle on 'Scotty' for good!
There are multiple antivirus programs running:
AntiVir Desktop
Auslogics Antivirus
F-Secure
Panda Security
pb]Please decide which you want to keep and remove the other. Multiple AV programs can actually make a system more vulnerable[/B]
======================================
Several file sharing programs are running:
LimeWire, BitTorrent, Azureus/Vuze
I recommend that all of these progrms be removed for the following reasons:

Even if you are using a "safe" P2P program, it is only the program that is safe.
As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
Malware writers use these program to include malicious content.
Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
The 'sharing' also includes malware that the shared system has on it.
Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
=========================================
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:

Code:

File::
c:\documents and settings\Family\ntuser.tmp
c:\windows\MOTA113.exe
c:\windows\system32\2F0796B60D.sys
g:\computer protection\IObit Security 360\IS360srv.exe
g:\computer protection\SASKUTIL.SYS
g:\computer protection\Super AntiSpyWare\SABKUTIL.sys
c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
c:\program files\Panda Security
Folder::
c:\documents and settings\Gwen\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\F-Secure
c:\documents and settings\Family\Application Data\Registry Mechanic
c:\windows\system32\URTTemp
c:\documents and settings\Gwen\Local Settings\Application Data\Threat Expert
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Family\Application Data\Uniblue
c:\documents and settings\Family\Application Data\LimeWire
RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\bittorrent\DefaultIcon]
"OldDefault"=-
[HKEY_LOCAL_MACHINE\software\Classes\bittorrent\shell]
[HKEY_LOCAL_MACHINE\software\Classes\bwpfile\Shell]
[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\SupportedType s]
[HKEY_LOCAL_MACHINE\software\Classes\Applications\mplayer2.exe\SupportedType s]
[HKEY_LOCAL_MACHINE\software\Classes\Applications\Konfabulator.exe\shell]
[HKEY_LOCAL_MACHINE\software\Classes\bittorrent\Content Type]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\InProcServer32]
"ThreadingModel"
"InprocServer32"
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP T]
"devenv.exe"
"dexplore.exe
"helppane.exe
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\7.0]
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\9.0]
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\MLS]

RegLock::
[HKEY_LOCAL_MACHINE\software\4b0\3149402]
[HKEY_LOCAL_MACHINE\software\5ac\000A2700151426B7]
[HKEY_LOCAL_MACHINE\software\781\070415301827]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\InProcServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7587D-871C-4944-9CEE-FDF6F70AAB60}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Driver::
Mraucdsg
TMPassthruMP
IS360service
SABKUTIL
SASDIFSV
SASKUTIL

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please aste into your next reply.
====================
We'll have to do another round of script due to all the locked Registry keys.

Bobbye · Sep 9, 2010

They have a manual delete option with a registry cleaner which should be safe, but I'll wait for you on this.

Just wait on this- the system is a bit of a mess right now. Do not- repeat- Do Not use a Registry cleaner or make any changes to the Registry.

It is possible that someone who had your email address in the Contacts got a mass mailing virus that sent mail to everyone in the address book. Please understand this system needs to be kept status quo while I'm helping clean it. Doing other things changes what I have to work with in the logs.

Danc20 · Sep 9, 2010

I would only like to keep Avira, but as far as I have seen all the other ones have been uninstalled.

I feel the same way about PsP. I don't illegally download anything nowadays. Unfortunately it's my brother/dad who do, otherwise I would uninstall it right away.

Before I do the ComboFix, does it matter that my Dad made me not an admin? It was out of my hands before I could say anything. He was doing it to try to fix Avira from scanning awkwardly, but it didn't work. I will probably run ComboFix again when he gives me back the admin rights, but in case it matters that that happened and I can get you before he does that I just wanted to post this.

Great! This is exciting

. Log on the way.

Bobbye · Sep 10, 2010

See if a right click> Run as Administrator works.

Danc20 · Sep 10, 2010

ComboFix 10-09-09.04 - Family 09/10/2010 14:25:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.496 [GMT -7:00]
Running from: c:\documents and settings\Family\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Family\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Auslogics Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863B6054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863BFADC-FFA4-00E7-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863FC054-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {864C49BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83BDB054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853EA054-FFA4-00E7-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85965054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D1BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D4174C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9F434-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DF7054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E2D054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3B8DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3C32C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3EB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E5EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E64324-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6558C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6575C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6595C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E66BC4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E67BC4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E67C34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E68634-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6A054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6B39C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6DB54-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E70DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E71AF4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E7231C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E744EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E7E054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EA5B5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EAD7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EB3DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EDB6AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EFDB4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F0658C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F36214-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F87C54-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F98A34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F9C28C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FB0054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FD8DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FDFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE04EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE1304-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE229C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE99DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE9C5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FF2494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FF3694-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FF6DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FFD054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86011C64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860153F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86019DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86025054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86028304-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860289D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860291E4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8602DAC4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86030874-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86031474-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8603E554-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8604391C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86043DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860595A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86060DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860743B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8607DDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8608393C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860A02B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860A1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860A5844-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860AA6AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860B78EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860C4C6C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860CE1BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860DD32C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860E2DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EBDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EDB2C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EE354-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860F7C6C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610628C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861088BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610983C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610B2DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610CB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610D264-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8611ADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8612E9CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86135B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8614391C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8614758C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861549BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8615B054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86189594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8619BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861A8644-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861B1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861C1C4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861C6264-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861C7DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861D620C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861D7984-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861DBC5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861ED594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861F91E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861F937C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86204D94-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8622232C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86247054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86255DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8625F3CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86281CE4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86287514-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86287B2C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862A45BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862AE25C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862B2CAC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C09B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C3494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C7C4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C83C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862DBB3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862DFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86306DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8630DB4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632926C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86334C9C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86369894-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8637028C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8637A644-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86384A34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86388A54-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638B414-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86390754-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86392C5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A170C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A39B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A73FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A89C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863AB494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863ADCBC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B541C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B9DDC-FFA4-00EF-0D24-347CA8A3377C}

Danc20 · Sep 10, 2010

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BA9C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BE60C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C389C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C8554-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863CA9BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D158C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D219C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D4284-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D81DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863DA384-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863DF24C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E683C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E84C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F1504-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F6DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86408BAC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86411514-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864233D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86425054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642B3FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8643C054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644213C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86447C3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644C55C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645244C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645247C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8646E41C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86485DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8648720C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86498434-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864AB45C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864D941C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E724C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E93FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F1694-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F19B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F3054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F3724-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F6A5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F71F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F81D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F9374-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864FC554-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864FF74C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8650BC34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865117EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865169CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651ADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86520AA4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652D7CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652F054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652F564-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865302BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8653CB3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86541C3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86542A14-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86550ACC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86564B44-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86564B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8656F054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8657574C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8658E6F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865973FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8659E2DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8659FA34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865BE054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865DC7A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865F72F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86697DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8669DC4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866AB834-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866AE054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866AEDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866BA9BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866BF3FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C0594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C3594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C5AB4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C693C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866CEDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866D3D9C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866EA904-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86702494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {867092FC-FFA4-00EF-0D24-347CA8A3377C}

FILE ::
"c:\documents and settings\Family\ntuser.tmp"
"c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll"
"c:\program files\Panda Security"
"c:\windows\MOTA113.exe"
"c:\windows\system32\2F0796B60D.sys"
"g:\computer protection\IObit Security 360\IS360srv.exe"
"g:\computer protection\SASKUTIL.SYS"
"g:\computer protection\Super AntiSpyWare\SABKUTIL.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\F-Secure
c:\documents and settings\All Users\Application Data\F-Secure\Daas2\cert\fsc (revoke hq).crl
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Family\Application Data\LimeWire
c:\documents and settings\Family\Application Data\LimeWire\414splashfree.png
c:\documents and settings\Family\Application Data\LimeWire\bugs.data
c:\documents and settings\Family\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Family\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Family\Application Data\LimeWire\downloads.dat
c:\documents and settings\Family\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Family\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Family\Application Data\LimeWire\filters.props
c:\documents and settings\Family\Application Data\LimeWire\gnutella.net
c:\documents and settings\Family\Application Data\LimeWire\installation.props
c:\documents and settings\Family\Application Data\LimeWire\library.dat
c:\documents and settings\Family\Application Data\LimeWire\limewire.props
c:\documents and settings\Family\Application Data\LimeWire\mojito.props
c:\documents and settings\Family\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Family\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Family\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Family\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Family\Application Data\LimeWire\questions.props
c:\documents and settings\Family\Application Data\LimeWire\responses.cache
c:\documents and settings\Family\Application Data\LimeWire\simpp.xml
c:\documents and settings\Family\Application Data\LimeWire\spam.dat
c:\documents and settings\Family\Application Data\LimeWire\tables.props
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Family\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Family\Application Data\LimeWire\ttree.cache
c:\documents and settings\Family\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Family\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Family\Application Data\LimeWire\version.xml
c:\documents and settings\Family\Application Data\LimeWire\versions.props
c:\documents and settings\Family\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Family\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Family\Application Data\LimeWire\xml\data\video.sxml2
c:\documents and settings\Family\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Family\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Family\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Family\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Family\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Family\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Family\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Family\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Family\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Family\Application Data\LimeWire\xml\schemas\video.xsd
c:\documents and settings\Family\Application Data\Registry Mechanic
c:\documents and settings\Family\Application Data\Registry Mechanic\SystemReport.txt
c:\documents and settings\Family\Application Data\Uniblue
c:\documents and settings\Family\Application Data\Uniblue\Registry Booster\1175646823.zip
c:\documents and settings\Family\Application Data\Uniblue\Registry Booster\SystemRestore.dat
c:\documents and settings\Family\Application Data\Uniblue\RegistryBooster\backup\20100831.141723.zip
c:\documents and settings\Family\Application Data\Uniblue\RegistryBooster\error.log
c:\documents and settings\Family\Application Data\Uniblue\RegistryBooster\history\20100831-141712_repair.xml
c:\documents and settings\Family\Application Data\Uniblue\RegistryBooster\history\latest_scan_results.html
c:\documents and settings\Family\Application Data\Uniblue\RegistryBooster\last_scan.dat
c:\documents and settings\Family\Application Data\Uniblue\RegistryBooster\settings.dat
c:\documents and settings\Family\Application Data\Uniblue\RegistryBooster\track_installs.txt
c:\documents and settings\Family\ntuser.tmp
c:\documents and settings\Gwen\Application Data\Viewpoint
c:\documents and settings\Gwen\Local Settings\Application Data\Threat Expert
c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
c:\windows\MOTA113.exe
c:\windows\system32\2F0796B60D.sys
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IS360SERVICE
-------\Legacy_MRAUCDSG
-------\Legacy_SASDIFSV
-------\Legacy_SASKUTIL
-------\Service_IS360service
-------\Service_Mraucdsg
-------\Service_SABKUTIL
-------\Service_SASDIFSV
-------\Service_SASKUTIL
-------\Service_TMPassthruMP

Danc20 · Sep 10, 2010

((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-09-06 20:59 . 2010-09-06 20:59 -------- d-----w- C:\_OTM
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\Reno 911 Paintball
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\G-Force
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\BitTorrent
2010-08-31 20:50 . 2010-08-31 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-08-28 19:38 . 2010-08-28 19:40 -------- d-----w- c:\documents and settings\Family\Application Data\QuickScan
2010-08-27 21:22 . 2010-09-03 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-23 05:10 . 2010-08-23 05:10 -------- d-----w- c:\program files\The Weather Channel FW
2010-08-21 06:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 06:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 02:40 . 2010-08-21 02:40 -------- d-----w- c:\program files\MSSOAP
2010-08-21 02:39 . 2010-08-21 02:39 164 ----a-w- c:\windows\install.dat
2010-08-19 00:53 . 2010-08-19 00:53 -------- d-----w- c:\program files\MSBuild
2010-08-19 00:52 . 2010-08-19 00:52 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-18 22:42 . 2010-08-19 00:51 -------- d-----w- c:\program files\Microsoft Platform SDK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 21:37 . 2010-07-06 22:15 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2010-09-06 07:01 . 2007-08-29 03:37 -------- d-----w- c:\program files\ESET
2010-09-06 05:58 . 2010-07-21 01:44 63488 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-06 05:58 . 2010-07-21 01:44 117760 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-04 04:22 . 2008-01-26 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-03 04:11 . 2009-12-09 04:00 -------- d-----w- c:\program files\Steam
2010-09-03 04:08 . 2007-05-13 01:29 -------- d-----w- c:\program files\Logitech
2010-09-03 04:08 . 2007-06-16 00:39 -------- d-----w- c:\program files\DivX
2010-09-03 04:06 . 2009-10-12 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-09-01 21:39 . 2005-09-23 22:18 98920 ----a-w- c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-27 21:22 . 2010-08-27 21:22 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-27 20:13 . 2010-02-22 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-25 00:18 . 2007-05-02 04:02 -------- d-----w- c:\documents and settings\Family\Application Data\Creative
2010-08-21 06:18 . 2010-08-21 06:18 7089544 ----a-w- c:\documents and settings\Administrator\Application Data\wruninstall.exe
2010-08-21 06:18 . 2010-08-21 06:18 7089544 ----a-w- c:\documents and settings\Administrator\Application Data\wruninstall.exe
2010-08-20 00:13 . 2005-09-14 19:38 -------- d-----w- c:\program files\Java
2010-08-20 00:11 . 2010-08-20 00:11 503808 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\msvcp71.dll
2010-08-20 00:11 . 2010-08-20 00:11 61440 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ecac15c-n\decora-sse.dll
2010-08-20 00:11 . 2010-08-20 00:11 499712 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\jmc.dll
2010-08-20 00:11 . 2010-08-20 00:11 348160 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\msvcr71.dll
2010-08-20 00:11 . 2010-08-20 00:11 12800 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ecac15c-n\decora-d3d.dll
2010-08-20 00:11 . 2005-09-14 19:38 -------- d-----w- c:\program files\Common Files\Java
2010-08-19 03:23 . 2010-08-02 05:04 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-19 00:50 . 2007-07-22 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-08 02:53 . 2005-09-23 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 01:44 . 2010-07-21 01:44 52224 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-21 01:44 . 2010-07-21 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-21 01:44 . 2010-07-21 01:44 -------- d-----w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com
2010-07-21 01:42 . 2008-01-21 08:33 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-21 01:35 . 2010-07-21 01:35 -------- d-----w- c:\documents and settings\Family\Application Data\AVS4YOU
2010-07-21 01:27 . 2009-12-04 00:57 -------- d-----w- c:\documents and settings\Family\Application Data\Amazon
2010-07-18 23:29 . 2010-07-18 23:29 -------- d-----w- c:\documents and settings\Family\Application Data\BigBrainz
2010-07-18 22:20 . 2010-07-18 22:20 388096 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-17 12:00 . 2010-06-16 20:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 05:32 . 2010-07-15 05:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-06 17:29 . 2010-07-15 05:32 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-06 17:28 . 2010-05-12 03:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 2010-05-09 03:34 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-19 20:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2010-05-09 03:34 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 20:55 . 2009-12-28 04:59 75636 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-21 15:27 . 2010-05-09 03:34 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 05:09 . 2010-06-19 05:09 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-19 03:16 . 2009-10-17 23:07 87 ----a-w- c:\documents and settings\Family\jagex_runescape_preferences2.dat
2010-06-19 03:16 . 2008-08-20 02:34 45 ----a-w- c:\documents and settings\Family\jagex_runescape_preferences.dat
2010-06-19 03:14 . 2010-06-19 03:14 0 ----a-w- c:\documents and settings\Family\jagex__preferences3.dat
2010-06-17 14:03 . 2004-08-19 20:49 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 20:43 . 2010-06-16 20:43 503808 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\msvcp71.dll
2010-06-16 20:43 . 2010-06-16 20:43 499712 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\jmc.dll
2010-06-16 20:43 . 2010-06-16 20:43 348160 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\msvcr71.dll
2010-06-16 20:43 . 2010-06-16 20:43 61440 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66ef6111-n\decora-sse.dll
2010-06-16 20:43 . 2010-06-16 20:43 12800 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66ef6111-n\decora-d3d.dll
2010-06-14 14:31 . 2004-08-19 21:04 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-19 20:49 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-13 04:11 . 2010-06-13 04:11 25214 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{4E1CE76A-B1FF-48FB-813F-22094537D143}\_E8445D1F15C9D9AE94D47B.exe
2010-06-13 04:11 . 2010-06-13 04:11 25214 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{4E1CE76A-B1FF-48FB-813F-22094537D143}\_C13252BF82CA8110419144.exe
2010-06-13 04:11 . 2010-06-13 04:11 25214 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{4E1CE76A-B1FF-48FB-813F-22094537D143}\_6FEFF9B68218417F98F549.exe
2010-06-13 04:11 . 2010-06-13 04:11 25214 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{4E1CE76A-B1FF-48FB-813F-22094537D143}\_1DF2F493C354ABFB693331.exe
2004-05-21 08:30 . 2005-10-06 20:57 52736 ----a-w- c:\program files\cryptainerlemobile.exe
2009-10-20 02:59 . 2010-05-02 04:49 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-11-24 21:14 . 2009-11-24 21:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 20:10 . 2009-11-28 20:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2005-06-26 23:32 . 2005-06-26 23:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 06:37 . 2005-06-22 06:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 08:00 . 2004-01-25 08:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-03-22 00:35 . 2006-03-16 23:34 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2005-02-28 21:16 . 2005-02-28 21:16 240128 --sha-r- c:\windows\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Administrator\Application Data\wruninstall.exe [2010-8-20 7089544]

c:\documents and settings\Gwen\Start Menu\Programs\Startup\
Download Manager.lnk - c:\program files\Snocap\Download Manager\NodeStarter.exe [2008-1-30 352256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Susteen\\DataPilot\\DpLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Family\\Desktop\\Neutral\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Snocap\\Download Manager\\active\\downloadmgr.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\rfconnelly2@comcast.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\rfconnelly2@comcast.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4050:TCP"= 4050:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [12/11/2009 3:52 PM 74088]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/2/2009 1:00 PM 135336]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/11/2009 3:52 PM 1078632]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [5/21/2004 1:30 AM 100728]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\AAWService.exe" --> g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 atidgllk;atidgllk;c:\dell\Drivers\R103296\atidgllk.sys [11/6/2005 10:49 PM 5120]
S3 CQX;Susteen Virtual Serial Port Driver;c:\windows\system32\drivers\CQX.SYS [3/21/2003 10:44 AM 38144]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\KernExplorer.sys --> g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 1:14 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\Family\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Advanced SystemCare 3_is1 - g:\computer protection\Advanced SystemCare 3\unins000.exe
AddRemove-FormatFactory - g:\g drive program files\FormatFactory\uninst.exe
AddRemove-WinGimp-2.0_is1 - g:\g drive program files\GIMP-2.0\setup\unins000.exe
AddRemove-{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 - g:\computer protection\Auslogics Disk Defrag\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 14:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

Danc20 · Sep 10, 2010

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\4b0\3149402\413\1]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\5ac\000A2700151426B7\1209\1]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\781\070415301827\b2b5\1]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\ATI Drivers]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software\Modem Helper]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\Konfabulator.exe\shell\open\command]
@DACL=(02 0000)
"command"=multi:"N_M9j=UIS?,uL&u`JN$V>DyxtqG8LQ?oFCd2zzP2g \"%1\"\00\00"

[HKEY_LOCAL_MACHINE\software\Classes\Applications\mplayer2.exe\SupportedTypes]
@DACL=(02 0000)
".aa"=""
".aif"=""
".aifc"=""
".aiff"=""
".asf"=""
".asx"=""
".au"=""
".avi"=""
".cda"=""
".dvr-ms"=""
".m1v"=""
".m2v"=""
".m3u"=""
".mid"=""
".midi"=""
".mod"=""
".mp2"=""
".mp2v"=""
".mp3"=""
".mpa"=""
".mpe"=""
".mpeg"=""
".mpg"=""
".mpv2"=""
".rmi"=""
".snd"=""
".wav"=""
".wax"=""
".wm"=""
".wma"=""
".wmd"=""
".wms"=""
".wmv"=""
".wmx"=""
".wmz"=""
".wpl"=""
".wvx"=""

[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\SupportedTypes]
@DACL=(02 0000)
@=""
".mp3"=""
".m3u"=""
".cda"=""
".wav"=""
".mpg"=""
".mpeg"=""
".mpv"=""
".mps"=""
".m2v"=""
".m1v"=""
".mpe"=""
".mpa"=""
".avi"=""
".mp4"=""
".m4e"=""
".rt"=""
".rnx"=""
".rmp"=""
".rms"=""
".rjs"=""
".ra"=""
".rax"=""
".rm"=""
".rmvb"=""
".rp"=""
".ram"=""
".rmm"=""
".rsml"=""
".rv"=""
".rvx"=""
".rmj"=""
".rjt"=""
".rmx"=""
".wma"=""
".wmv"=""
".wax"=""
".asx"=""
".asf"=""
".wm"=""
".wmx"=""
".wvx"=""
".mov"=""
".qt"=""
".aac"=""
".m4a"=""
".m4p"=""
".mp2"=""
".mp1"=""
".mpga"=""
".pls"=""
".xpl"=""
".smi"=""
".smil"=""
".ssm"=""
".sdp"=""
".au"=""
".aif"=""
".aiff"=""
".mid"=""
".midi"=""
".rmi"=""
".acp"=""
".lmsff"=""
".lqt"=""
".lavs"=""
".lar"=""
".la1"=""
".rpl"=""
".3gp"=""
".amr"=""
".awb"=""
".3g2"=""
".divx"=""
".rpm"=""

[HKEY_LOCAL_MACHINE\software\Classes\Applications\YahooWidgetEngine.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\bittorrent\shell\open\command]
@DACL=(02 0000)
"OldDefault"="\"c:\\Documents and Settings\\Family\\Desktop\\Daniel\\BitComet\\BitComet.exe\" \"%1\" /dummy"
"backup"="\"c:\\Documents and Settings\\Family\\Desktop\\Daniel\\BitComet\\BitComet.exe\" \"%1\" /dummy"

[HKEY_LOCAL_MACHINE\software\Classes\bittorrent\shell\open\ddeexec]
@DACL=(02 0000)
@="%1"

[HKEY_LOCAL_MACHINE\software\Classes\bwpfile\Shell\open\command]
@DACL=(02 0000)
@="c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\7.2.0.137-8876480SL\\Program\\PrvCnt.exe \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\Shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\shellex]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\ShellFolder]
@DACL=(02 0000)
"Attributes"=hex:72,00,00,00

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\DefaultIcon]
@DACL=(02 0000)
@="c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmjblaunch.exe,1"

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\InstallInfo]
@DACL=(02 0000)
"HideIconsCommand"="\"c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\refreshicon.exe\" /h"
"ShowIconsCommand"="\"c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\refreshicon.exe\" /s"
"ReinstallCommand"="\"c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\refreshicon.exe\" /i"
"IconsVisible"=dword:00000001
"OEMShowIcons"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Cygnus Solutions\Cygwin\mounts v2]
@Class="cygnus"
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Cygnus Solutions\Cygwin\Program Options]
@Class="cygnus"
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Digital Praise\Guitar Praise]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\EPSON America Inc.\EPSON Stylus CX9400Fax Series Scanner Driver Update]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack\MozillaOrgSunbirdTrunkWin322006100618]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack\MozillaOrgThunderbird15Win322006090918]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
@DACL=(02 0000)
"ieuser.exe"=dword:00000001
"iexplore.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
@DACL=(02 0000)
"YahooMusicEngine.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
@DACL=(02 0000)
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@DACL=(02 0000)
"msiexec.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
@DACL=(02 0000)
"iexplore.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
@DACL=(02 0000)
"helppane.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
@DACL=(02 0000)
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
@DACL=(02 0000)
"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
@DACL=(02 0000)
"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\11.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1\0,0,800,600]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\G-Force]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\SoftSkies]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Schemes]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
"NoServices"=dword:00000000
"ServiceExtra"="Partner=Dell&MachineID=GF84H81\00\00????i\00Ÿ'?\06\00'??\1d\00?'\00'\00\00?\06???\06??z\00?\06??\00'??\00'?'\00\00\00\00\00\00?? \00????Ÿ'\00'\00\00\00'?\06???\06?\01\04\00?\06???\06??????????\00'\00\00???????\06\00'??\03\00?'\00'???\06???\06??????????????\0e\00???\06?\06\00\00???????'\00'???\06?\06?\06??\08\00??????Ÿ'????????????Ÿ'???????\06\00'Ÿ'?\06\01\00???'?\06???'?????'????z"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\MediaGuide]
@DACL=(02 0000)
"FriendlyName"="Media Guide"
"ColorPlayer"="#0063B0"
"ImageLargeURL"="http://images.metaservices.microsoft.com/svcswitch/WindowsMediaPlayer11_30x30.png"
"ImageMenuURL"="http://images.metaservices.microsoft.com/svcswitch/wm_com_v_rgb_15x15.png"
"Task1ButtonText"="Media Guide"
"Task1ButtonTip"="Media Guide"
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\Napster]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\firefox.exe]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions\iMesh]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions\OverDrive, Inc.]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{EC9B8ACF-09C1-4C7B-A6BA-F5CBC478CA71}]
@DACL=(02 0000)
"FriendlyName"="res://MMRadioWMPPlugin.dll/RT_STRING/#102"
"Description"="res://MMRadioWMPPlugin.dll/RT_STRING/#103"
"Capabilities"=dword:c2000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.m2v]
@DACL=(02 0000)
"Extension.Handler"="mpegfile"
"Permissions"=dword:0000000f
"PerceivedType"="video"
"MediaType.Description"="Movie Clip"
"MediaType.DescriptionID"="9902"
"MediaType.Icon"="quartz.dll,-103"
"Extension.MIME"="video/mpeg"
"ReplaceApps"="mplayer2.exe|amovie.ocx|mplayer.exe|iexplore.exe"
"SuperiorApps"="wmplayer.exe"
"MCIHandler"="MPEGVideo"
"Shell.Open"="/prefetch:9 /Open \"%L\""
"Shell.AltVerb.Cmd"="/prefetch:9 /Play \"%L\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.m4a]
@DACL=(02 0000)
"Permissions"=dword:0000000f
"Runtime"=dword:00000007

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.mod]
@DACL=(02 0000)
"Extension.Handler"="mpegfile"
"Permissions"=dword:0000000f
"PerceivedType"="video"
"MediaType.Description"="Movie Clip"
"MediaType.DescriptionID"="9902"
"MediaType.Icon"="quartz.dll,-103"
"Extension.MIME"="video/mpeg"
"ReplaceApps"="mplayer2.exe|amovie.ocx|mplayer.exe|iexplore.exe"
"SuperiorApps"="wmplayer.exe"
"MCIHandler"="MPEGVideo"
"Shell.Open"="/prefetch:9 /Open \"%L\""
"Shell.AltVerb.Cmd"="/prefetch:9 /Play \"%L\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.mp4]
@DACL=(02 0000)
"Permissions"=dword:0000000f
"Runtime"=dword:00000007

[HKEY_LOCAL_MACHINE\software\NetGame\MPlugin_USA\1.5.0.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Sibelius Software\Scorch\Preferences]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Symantec\SharedUsage]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\ViewSonic Corporation\ViewSonic Monitor Drivers]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.\SharedDlls]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3368)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
.
**************************************************************************
.
Completion time: 2010-09-10 14:48:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-10 21:48
ComboFix2.txt 2010-09-08 21:35

Pre-Run: 9,247,707,136 bytes free
Post-Run: 9,213,157,376 bytes free

- - End Of File - - A4736603017AFA6C8B51B43A1595A584

Danc20 · Sep 10, 2010

I turned Scotty off during the beginning, but on reboot during the log report Scotty caught another attempt at changing the homepage, twice. My mom's user account got the same change in the .jpg I sent, which I rejected. But no other notifications besides that so sounds like an improvement

.

I would really like to get rid of the other antivirus programs besides Avira, but I uninstalled them all a while ago and my tech level threshold only goes that far without being dangerous.

Bobbye · Sep 12, 2010

Please run this Custom CFScript

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:

Code:

File::
c:\documents and settings\Administrator\Application Data\wruninstall.exe
c:\documents and settings\Administrator\Application Data\wruninstall.exe
g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\AAWService.exe
g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\KernExplorer.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\ShellFolder]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\bittorrent\shell\open\command]
@DACL=(02 0000)
"OldDefault"=-
"backup"=-
[HKEY_LOCAL_MACHINE\software\Classes\bittorrent\shell\open\ddeexec]
[HKEY_LOCAL_MACHINE\software\Classes\bwpfile\Shell\open\command]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\Shell]
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"=-
"iexplore.exe"=-
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP T]
"devenv.exe"=-
"dexplore.exe"=-
"helppane.exe"=-
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"waol.exe"=-
"cs.exe"=-
"wm.exe"=-
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\shellex]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\ShellFolder]
"Attributes"=-
[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\InstallInfo]
"HideIconsCommand"=-
"ShowIconsCommand"=-
"ReinstallCommand"=-
"IconsVisible"=-
"OEMShowIcons"=-

Driver::
Lavasoft Ad-Aware Service
Lavasoft Kernexplorer

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into your next reply.
=============================================
And we may have to run script yet again for more locked Registry keys.

Danc20 · Sep 12, 2010

I ran the scan, but unfortunately forgot to turn on the external G drive so I think there were some files/things not deleted. Should I run the same thing again or a modified version?

The asking to Google redirect came twice on my account, rejected each time.

Here is the log:

ComboFix 10-09-12.01 - Family 09/12/2010 14:49:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.454 [GMT -7:00]
Running from: c:\documents and settings\Family\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Family\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Auslogics Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863B6054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863BFADC-FFA4-00E7-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863FC054-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {864C49BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83BDB054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853EA054-FFA4-00E7-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85965054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D1BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D4174C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9F434-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DF7054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E2D054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3B8DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3C32C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3EB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E5EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E64324-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6558C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6575C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6595C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E66BC4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E67BC4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E67C34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E68634-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6A054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6B39C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6DB54-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E70DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E71AF4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E7231C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E744EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E7E054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EA5B5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EAD7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EB3DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EDB6AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EFDB4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F0658C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F36214-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F87C54-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F98A34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F9C28C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FB0054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FD8DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FDFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE04EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE1304-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE229C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE99DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE9C5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FF2494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FF3694-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FF6DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FFD054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86011C64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860153F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86019DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86025054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86028304-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860289D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860291E4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8602DAC4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86030874-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86031474-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8603E554-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8604391C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86043DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860595A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86060DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860743B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8607DDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8608393C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860A02B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860A1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860A5844-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860AA6AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860B78EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860C4C6C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860CE1BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860DD32C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860E2DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EBDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EDB2C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EE354-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860F7C6C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610628C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861088BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610983C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610B2DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610CB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610D264-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled*

Danc20 · Sep 12, 2010

(Updated) {8611ADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8612E9CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86135B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8614391C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8614758C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861549BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8615B054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86189594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8619BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861A8644-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861B1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861C1C4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861C6264-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861C7DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861D620C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861D7984-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861DBC5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861ED594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861F91E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861F937C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86204D94-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8622232C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86247054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86255DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8625F3CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86281CE4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86287514-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86287B2C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862A45BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862AE25C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862B2CAC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C09B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C3494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C7C4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C83C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862DBB3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862DFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86306DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8630DB4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632926C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86334C9C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86369894-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8637028C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8637A644-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86384A34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86388A54-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638B414-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86390754-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86392C5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A170C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A39B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A73FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A89C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863AB494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863ADCBC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B541C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B9DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BA9C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BE60C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C389C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C8554-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863CA9BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D158C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D219C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D4284-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D81DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863DA384-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863DF24C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E683C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E84C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F1504-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F6DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86408BAC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86411514-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864233D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86425054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642B3FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8643C054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644213C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86447C3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644C55C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645244C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645247C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8646E41C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86485DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8648720C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86498434-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864AB45C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864D941C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E724C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E93FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F1694-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F19B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F3054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F3724-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F6A5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F71F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F81D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F9374-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864FC554-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864FF74C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8650BC34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865117EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865169CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651ADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86520AA4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652D7CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652F054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652F564-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865302BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8653CB3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86541C3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86542A14-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86550ACC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86564B44-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86564B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8656F054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8657574C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8658E6F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865973FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8659E2DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8659FA34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865BE054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865DC7A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865F72F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86697DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8669DC4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866AB834-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866AE054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866AEDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866BA9BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866BF3FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C0594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C3594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C5AB4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C693C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866CEDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866D3D9C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866EA904-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86702494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {867092FC-FFA4-00EF-0D24-347CA8A3377C}

FILE ::
"c:\documents and settings\Administrator\Application Data\wruninstall.exe"
"g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\AAWService.exe"
"g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\KernExplorer.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\wruninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LAVASOFT_AD-AWARE_SERVICE
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Service_Lavasoft Ad-Aware Service
-------\Service_Lavasoft Kernexplorer

Danc20 · Sep 12, 2010

((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-06 20:59 . 2010-09-06 20:59 -------- d-----w- C:\_OTM
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\Reno 911 Paintball
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\G-Force
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\BitTorrent
2010-08-31 20:50 . 2010-08-31 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-08-28 19:38 . 2010-08-28 19:40 -------- d-----w- c:\documents and settings\Family\Application Data\QuickScan
2010-08-27 21:22 . 2010-09-03 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-23 05:10 . 2010-08-23 05:10 -------- d-----w- c:\program files\The Weather Channel FW
2010-08-21 06:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 06:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 02:40 . 2010-08-21 02:40 -------- d-----w- c:\program files\MSSOAP
2010-08-21 02:39 . 2010-08-21 02:39 164 ----a-w- c:\windows\install.dat
2010-08-19 00:53 . 2010-08-19 00:53 -------- d-----w- c:\program files\MSBuild
2010-08-19 00:52 . 2010-08-19 00:52 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-18 22:42 . 2010-08-19 00:51 -------- d-----w- c:\program files\Microsoft Platform SDK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 22:00 . 2010-07-06 22:15 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2010-09-12 04:16 . 2009-12-09 04:00 -------- d-----w- c:\program files\Steam
2010-09-06 07:01 . 2007-08-29 03:37 -------- d-----w- c:\program files\ESET
2010-09-06 05:58 . 2010-07-21 01:44 63488 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-06 05:58 . 2010-07-21 01:44 117760 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-04 04:22 . 2008-01-26 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-03 04:08 . 2007-05-13 01:29 -------- d-----w- c:\program files\Logitech
2010-09-03 04:08 . 2007-06-16 00:39 -------- d-----w- c:\program files\DivX
2010-09-03 04:06 . 2009-10-12 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-09-01 21:39 . 2005-09-23 22:18 98920 ----a-w- c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-27 21:22 . 2010-08-27 21:22 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-27 20:13 . 2010-02-22 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-25 00:18 . 2007-05-02 04:02 -------- d-----w- c:\documents and settings\Family\Application Data\Creative
2010-08-20 00:13 . 2005-09-14 19:38 -------- d-----w- c:\program files\Java
2010-08-20 00:11 . 2010-08-20 00:11 503808 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\msvcp71.dll
2010-08-20 00:11 . 2010-08-20 00:11 61440 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ecac15c-n\decora-sse.dll
2010-08-20 00:11 . 2010-08-20 00:11 499712 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\jmc.dll
2010-08-20 00:11 . 2010-08-20 00:11 348160 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\msvcr71.dll
2010-08-20 00:11 . 2010-08-20 00:11 12800 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ecac15c-n\decora-d3d.dll
2010-08-20 00:11 . 2005-09-14 19:38 -------- d-----w- c:\program files\Common Files\Java
2010-08-19 03:23 . 2010-08-02 05:04 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-19 00:50 . 2007-07-22 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-08 02:53 . 2005-09-23 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 01:44 . 2010-07-21 01:44 52224 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-21 01:44 . 2010-07-21 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-21 01:44 . 2010-07-21 01:44 -------- d-----w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com
2010-07-21 01:42 . 2008-01-21 08:33 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-21 01:35 . 2010-07-21 01:35 -------- d-----w- c:\documents and settings\Family\Application Data\AVS4YOU
2010-07-21 01:27 . 2009-12-04 00:57 -------- d-----w- c:\documents and settings\Family\Application Data\Amazon
2010-07-18 23:29 . 2010-07-18 23:29 -------- d-----w- c:\documents and settings\Family\Application Data\BigBrainz
2010-07-18 22:20 . 2010-07-18 22:20 388096 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-17 12:00 . 2010-06-16 20:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 05:32 . 2010-07-15 05:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-06 17:29 . 2010-07-15 05:32 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-06 17:28 . 2010-05-12 03:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 2010-05-09 03:34 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-19 20:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2010-05-09 03:34 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 20:55 . 2009-12-28 04:59 75636 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-21 15:27 . 2010-05-09 03:34 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 05:09 . 2010-06-19 05:09 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-19 03:16 . 2009-10-17 23:07 87 ----a-w- c:\documents and settings\Family\jagex_runescape_preferences2.dat
2010-06-19 03:16 . 2008-08-20 02:34 45 ----a-w- c:\documents and settings\Family\jagex_runescape_preferences.dat
2010-06-19 03:14 . 2010-06-19 03:14 0 ----a-w- c:\documents and settings\Family\jagex__preferences3.dat
2010-06-17 14:03 . 2004-08-19 20:49 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 20:43 . 2010-06-16 20:43 503808 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\msvcp71.dll
2010-06-16 20:43 . 2010-06-16 20:43 499712 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\jmc.dll
2010-06-16 20:43 . 2010-06-16 20:43 348160 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\msvcr71.dll
2010-06-16 20:43 . 2010-06-16 20:43 61440 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66ef6111-n\decora-sse.dll
2010-06-16 20:43 . 2010-06-16 20:43 12800 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66ef6111-n\decora-d3d.dll
2004-05-21 08:30 . 2005-10-06 20:57 52736 ----a-w- c:\program files\cryptainerlemobile.exe
2009-10-20 02:59 . 2010-05-02 04:49 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-11-24 21:14 . 2009-11-24 21:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 20:10 . 2009-11-28 20:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2005-06-26 23:32 . 2005-06-26 23:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 06:37 . 2005-06-22 06:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 08:00 . 2004-01-25 08:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-03-22 00:35 . 2006-03-16 23:34 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2005-02-28 21:16 . 2005-02-28 21:16 240128 --sha-r- c:\windows\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\Gwen\Start Menu\Programs\Startup\
Download Manager.lnk - c:\program files\Snocap\Download Manager\NodeStarter.exe [2008-1-30 352256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Susteen\\DataPilot\\DpLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Family\\Desktop\\Neutral\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Snocap\\Download Manager\\active\\downloadmgr.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\rfconnelly2@comcast.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Steam\\SteamApps\\rfconnelly2@comcast.net\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4050:TCP"= 4050:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [12/11/2009 3:52 PM 74088]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/2/2009 1:00 PM 135336]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/11/2009 3:52 PM 1078632]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [5/21/2004 1:30 AM 100728]
S3 atidgllk;atidgllk;c:\dell\Drivers\R103296\atidgllk.sys [11/6/2005 10:49 PM 5120]
S3 CQX;Susteen Virtual Serial Port Driver;c:\windows\system32\drivers\CQX.SYS [3/21/2003 10:44 AM 38144]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 1:14 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\Family\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

Danc20 · Sep 12, 2010

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 15:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\4b0\3149402\413\1]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\5ac\000A2700151426B7\1209\1]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\781\070415301827\b2b5\1]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\ATI Drivers]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software\Modem Helper]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\Konfabulator.exe\shell\open\command]
@DACL=(02 0000)
"command"=multi:"N_M9j=UIS?,uL&u`JN$V>DyxtqG8LQ?oFCd2zzP2g \"%1\"\00\00"

[HKEY_LOCAL_MACHINE\software\Classes\Applications\mplayer2.exe\SupportedTypes]
@DACL=(02 0000)
".aa"=""
".aif"=""
".aifc"=""
".aiff"=""
".asf"=""
".asx"=""
".au"=""
".avi"=""
".cda"=""
".dvr-ms"=""
".m1v"=""
".m2v"=""
".m3u"=""
".mid"=""
".midi"=""
".mod"=""
".mp2"=""
".mp2v"=""
".mp3"=""
".mpa"=""
".mpe"=""
".mpeg"=""
".mpg"=""
".mpv2"=""
".rmi"=""
".snd"=""
".wav"=""
".wax"=""
".wm"=""
".wma"=""
".wmd"=""
".wms"=""
".wmv"=""
".wmx"=""
".wmz"=""
".wpl"=""
".wvx"=""

[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\SupportedTypes]
@DACL=(02 0000)
@=""
".mp3"=""
".m3u"=""
".cda"=""
".wav"=""
".mpg"=""
".mpeg"=""
".mpv"=""
".mps"=""
".m2v"=""
".m1v"=""
".mpe"=""
".mpa"=""
".avi"=""
".mp4"=""
".m4e"=""
".rt"=""
".rnx"=""
".rmp"=""
".rms"=""
".rjs"=""
".ra"=""
".rax"=""
".rm"=""
".rmvb"=""
".rp"=""
".ram"=""
".rmm"=""
".rsml"=""
".rv"=""
".rvx"=""
".rmj"=""
".rjt"=""
".rmx"=""
".wma"=""
".wmv"=""
".wax"=""
".asx"=""
".asf"=""
".wm"=""
".wmx"=""
".wvx"=""
".mov"=""
".qt"=""
".aac"=""
".m4a"=""
".m4p"=""
".mp2"=""
".mp1"=""
".mpga"=""
".pls"=""
".xpl"=""
".smi"=""
".smil"=""
".ssm"=""
".sdp"=""
".au"=""
".aif"=""
".aiff"=""
".mid"=""
".midi"=""
".rmi"=""
".acp"=""
".lmsff"=""
".lqt"=""
".lavs"=""
".lar"=""
".la1"=""
".rpl"=""
".3gp"=""
".amr"=""
".awb"=""
".3g2"=""
".divx"=""
".rpm"=""

[HKEY_LOCAL_MACHINE\software\Classes\Applications\YahooWidgetEngine.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\Shell\Explore\Command]
@DACL=(02 0000)
@="c:\\Program Files\\Windows Messaging\\exchng32.exe /j"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\Shell\Open\Command]
@DACL=(02 0000)
@="\"c:\\PROGRA~1\\MICROS~4\\Office10\\OUTLOOK.EXE\""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\shellex\PropertySheetHandlers\{00020D75-0000-0000-C000-000000000046}]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\DefaultIcon]
@DACL=(02 0000)
@="c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmjblaunch.exe,1"

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Cygnus Solutions\Cygwin\mounts v2]
@Class="cygnus"
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Cygnus Solutions\Cygwin\Program Options]
@Class="cygnus"
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Digital Praise\Guitar Praise]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\EPSON America Inc.\EPSON Stylus CX9400Fax Series Scanner Driver Update]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack\MozillaOrgSunbirdTrunkWin322006100618]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack\MozillaOrgThunderbird15Win322006090918]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
@DACL=(02 0000)
"YahooMusicEngine.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
@DACL=(02 0000)
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@DACL=(02 0000)
"msiexec.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
@DACL=(02 0000)
"iexplore.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
@DACL=(02 0000)
"helppane.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
@DACL=(02 0000)
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
@DACL=(02 0000)
"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
@DACL=(02 0000)
"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\11.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1\0,0,800,600]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\G-Force]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\SoftSkies]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Schemes]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
"NoServices"=dword:00000000
"ServiceExtra"="Partner=Dell&MachineID=GF84H81\00\00????i\00Ÿ'?\06\00'??\1d\00?'\00'\00\00?\06???\06??z\00?\06??\00'??\00'?'\00\00\00\00\00\00?? \00????Ÿ'\00'\00\00\00'?\06???\06?\01\04\00?\06???\06??????????\00'\00\00???????\06\00'??\03\00?'\00'???\06???\06??????????????\0e\00???\06?\06\00\00???????'\00'???\06?\06?\06??\08\00??????Ÿ'????????????Ÿ'???????\06\00'Ÿ'?\06\01\00???'?\06???'?????'????z"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\MediaGuide]
@DACL=(02 0000)
"FriendlyName"="Media Guide"
"ColorPlayer"="#0063B0"
"ImageLargeURL"="http://images.metaservices.microsoft.com/svcswitch/WindowsMediaPlayer11_30x30.png"
"ImageMenuURL"="http://images.metaservices.microsoft.com/svcswitch/wm_com_v_rgb_15x15.png"
"Task1ButtonText"="Media Guide"
"Task1ButtonTip"="Media Guide"
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\Napster]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\firefox.exe]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions\iMesh]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions\OverDrive, Inc.]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{EC9B8ACF-09C1-4C7B-A6BA-F5CBC478CA71}]
@DACL=(02 0000)
"FriendlyName"="res://MMRadioWMPPlugin.dll/RT_STRING/#102"
"Description"="res://MMRadioWMPPlugin.dll/RT_STRING/#103"
"Capabilities"=dword:c2000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.m2v]
@DACL=(02 0000)
"Extension.Handler"="mpegfile"
"Permissions"=dword:0000000f
"PerceivedType"="video"
"MediaType.Description"="Movie Clip"
"MediaType.DescriptionID"="9902"
"MediaType.Icon"="quartz.dll,-103"
"Extension.MIME"="video/mpeg"
"ReplaceApps"="mplayer2.exe|amovie.ocx|mplayer.exe|iexplore.exe"
"SuperiorApps"="wmplayer.exe"
"MCIHandler"="MPEGVideo"
"Shell.Open"="/prefetch:9 /Open \"%L\""
"Shell.AltVerb.Cmd"="/prefetch:9 /Play \"%L\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.m4a]
@DACL=(02 0000)
"Permissions"=dword:0000000f
"Runtime"=dword:00000007

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.mod]
@DACL=(02 0000)
"Extension.Handler"="mpegfile"
"Permissions"=dword:0000000f
"PerceivedType"="video"
"MediaType.Description"="Movie Clip"
"MediaType.DescriptionID"="9902"
"MediaType.Icon"="quartz.dll,-103"
"Extension.MIME"="video/mpeg"
"ReplaceApps"="mplayer2.exe|amovie.ocx|mplayer.exe|iexplore.exe"
"SuperiorApps"="wmplayer.exe"
"MCIHandler"="MPEGVideo"
"Shell.Open"="/prefetch:9 /Open \"%L\""
"Shell.AltVerb.Cmd"="/prefetch:9 /Play \"%L\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.mp4]
@DACL=(02 0000)
"Permissions"=dword:0000000f
"Runtime"=dword:00000007

[HKEY_LOCAL_MACHINE\software\NetGame\MPlugin_USA\1.5.0.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Sibelius Software\Scorch\Preferences]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Symantec\SharedUsage]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\ViewSonic Corporation\ViewSonic Monitor Drivers]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.\SharedDlls]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2240)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
.
**************************************************************************
.
Completion time: 2010-09-12 15:11:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-12 22:11
ComboFix2.txt 2010-09-10 21:48
ComboFix3.txt 2010-09-08 21:35

Pre-Run: 8,947,585,024 bytes free
Post-Run: 8,965,292,032 bytes free

- - End Of File - - 13D457FE4F887BB63EEA7F2D9DC42AD5

Bobbye · Sep 13, 2010

Do you have any idea why so many of the Registry keys are locked?

I need to know specifically what problems, malware related, that you are still having.

Danc20 · Sep 13, 2010

Registry Locks
I do not know why the registry keys are locked. Once when I first tried to update to Windows SP3 I could not and I learned that I needed to reset the registry to default (permissions?)? It worked after then, but maybe this could be a reason?

Another possibility could be something with different user accounts installing different programs and maybe it locks the keys for the rest of the users who did not install that particular program?

Malware Issues
Well the odd request to change my home page affect me every time I use ComboFix during the restart.

I have not checked if I can update or not, but that was a problem that affected me. The updates had to do with .NET Framework and Microsoft Silverlight, but I am assuming that I might not be able to do any updates as it doesn't give me any other options but those updates. I can give you the update numbers if you want.

Background of Malware Issues - Optional if you don't want to read it.

I just wanted to possibly bring up a little bit of history that I think now might be important and maybe I should have said this before.

Before I came to you, and at the start of my troubles I of course could not update. What I found out though later on was that I:

1: Had a Winlogon Notify error (O20 - Winlogon Notify: !SASWinLogon - Invalid registry found).
2: Had Viewpoint Media Toolbar (as you know) and uninstalled it.
3: Think that both of these signified a Vundo virus or a varient of one.

When I was doing online scans (before asking here for help) Panda Security did Swfview.dll (a .dll of Viewpoint) and was labeled as Virtumonde (which is Vundo) and I suspect where Vundo came into my system.

I did a few things, even running VundoFix.

The importance of this is that I just wanted to say I have two old logs - the VundoFix log and the Nod32 log which removed some Win32/Genetik Trojan (which might be a varient or attached to Vundo) among other stuff

Bottom line I just was wondering if you wanted to check the logs. Oddly enough, Vundo Fix did not find anything, but a day or so ago when I was cleaning out .txt's I realized for the first time that VundoFix could not access some folders to scan. System Volume Information being one of them, where Eset caught six Win 32 Genetik Trojans. Anyways, I was just wondering if this might aid you seeing folders that weren't scanned by VundoFix or where viruses were caught possibly linked to Vundo.

I thought I had removed it by removing old java files (with JavaRA) and taking off system restore points and following a tutorial (which VundoFix was a part of), but maybe it is not completely gone? Maybe I should scan again and try to scan specifically in the folders that weren't scanned?

If you want to see my first post the link is here.

Thanks a bunch, sorry if this is any bit stressful,

Daniel.

Bobbye · Sep 13, 2010

Okay, sit back and let me be the stressed one! I will take this up first thing in the morning. I'm beat right now and an going to close down for the night.

Danc20 · Sep 13, 2010

Ha, will do

Sleep easy!

Bobbye · Sep 14, 2010

Oky, let's not go backwards! It appears that Vundo is no longer on the system.

As for this: Malware Issues
Explain please>> "change my home page affect me every time I use ComboFix during the restart."
Never assume>> "but I am assuming that I might not be able to do any updates"
Update problem caused by malware are usually only for security programs, which can include Windows updates in general The Net framework problem wouldn't be malware related.

I don't need to see any old logs:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the Active X control to install
Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
Click Scan
Wait for the scan to finish
Re-enable your Antivirus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

===========================

Download the HijackThis Installer HERE and save to the desktop:

Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Danc20 · Sep 14, 2010

I got a notice saying "A change has been detected in your IE search Page. Http://www.microsoft.com/isapi/redir...ie&ar=iesearch

I rejected the page redirection.

Should I try to do the updates? I just didn't want to do it because you said no system changes without your permission.

I'll edit this post and post the logs after I run the Eset/HiJackThis scan.

I am sort of wondering/highly suspicious if this might be something in my ActiveX things or that my Winlogon.exe file is still hijacked? Maybe Vundo is gone but WinLogon is still having issues? There is a SUPERAntispyware tool that resets the winlogon.exe thing, but just making you aware of that if you are not already, I won't use it without your permission.

I have other irregularities with my system, but I am not sure it is necessary to explain. Can I try an Ad-aware scan?

Solved HiJackThis log please (2)

Posts: 42 +0

Posts: 42 +0

Posts: 42 +0

Posts: 42 +0

Attachments

Posts: 42 +0

Posts: 16,313 +36

Posts: 16,313 +36

Posts: 42 +0

Posts: 16,313 +36

Posts: 42 +0

Posts: 42 +0

Posts: 42 +0

Posts: 42 +0

Posts: 42 +0

Posts: 16,313 +36

Posts: 42 +0

Posts: 42 +0

Posts: 42 +0

Posts: 42 +0

Posts: 16,313 +36

Posts: 42 +0

Posts: 16,313 +36

Posts: 42 +0

Posts: 16,313 +36

Posts: 42 +0

Similar threads