27 replies to this topic

[steve12]

Hi,

When clicking on a link from a search result in Google I am taken to different unknow sites. For example, here is what I got when clicking on a search result for Malwarebytes......http://thecancerconspiracy.com/search.php. If I go back to the search page again it will give me another/different unknow site.

I ran Malwarebytes in Safe mode and it came up clean...in regular mode it gets stuck on desktop.ini.

Superantispyware scan also was clean as wA Spybot and Eset online scan. Kaspersky online scanner gets stuck. I downloaded the free version of it and a quick scan came up clean.

Any help would be greatly appreciated. Thanks.

[GT500]

Please download RSIT from the link below, run it with the default options, and attach the 'log' and 'info' files to a reply:
http://images.malwar...random/RSIT.exe

[steve12]

My daughters laptop on the wireless network seems to also be affected?! Read on the net that sometimes the router needs to be reset/purged with this type of virus?!?!?

Here are my logs, and thanks a million!!


Logfile of random's system information tool 1.06 (written by random/random)
Run by Beatrice at 2009-10-12 10:08:11
Microsoft Windows XP Professional Service Pack 2
System drive C: has 599 MB (2%) free of 35 GB
Total RAM: 512 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:00 AM, on 10/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\ggviewer81-53.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Eraser\eraser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Documents and Settings\Beatrice\My Documents\1 A Brad\Google Search Virus\RSIT.exe
C:\Program Files\trend micro\Beatrice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Save - Flash - Player - {58112A01-1F24-4EFE-A6B2-297DC7CDFEF2} - C:\PROGRA~1\ycysoft\SAVEFL~1\IEFLAS~1.DLL (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

--
End of file - 8753 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-10-14 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-24 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-06 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-10 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-07 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-24 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{58112A01-1F24-4EFE-A6B2-297DC7CDFEF2} - Save - Flash - Player - C:\PROGRA~1\ycysoft\SAVEFL~1\IEFLAS~1.DLL []
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-10-14 437368]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-06-15 307200]
"dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2006-06-14 286720]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-06-27 299008]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup []
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-25 185896]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-24 149280]
"DLCXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 []
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-07-26 1867776]
"Aim6"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-04 39408]
"Eraser"=C:\Program Files\Eraser\eraser.exe [2003-07-25 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\eraser.exe [2003-07-25 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-04-06 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe"="C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1140457287\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1140457287\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1140457287\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1140457287\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\TVU Player\TVUPlayer.exe"="C:\Program Files\TVU Player\TVUPlayer.exe:*:Enabled:TVUPlayer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\dlcxcoms.exe"="C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\CoreFTP\coreftp.exe"="C:\Program Files\CoreFTP\coreftp.exe:*:Enabled:Core FTP App"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application"
"C:\Program Files\eJamming\eJammingAUDiiO\eJammingAUDiiO.exe"="C:\Program Files\eJamming\eJammingAUDiiO\eJammingAUDiiO.exe:*:Enabled:eJammingAUDiiO"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d46025ad-17d8-11de-98d3-006073e4273f}]
shell\AutoRun\command - H:\WDSetup.exe


======List of files/folders created in the last 1 months======

2009-10-12 10:08:20 ----D---- C:\Program Files\trend micro
2009-10-12 10:08:11 ----D---- C:\rsit
2009-10-12 00:17:58 ----D---- C:\Program Files\Common Files\ParetoLogic
2009-10-12 00:17:58 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-10-10 22:52:41 ----D---- C:\Program Files\Sophos
2009-10-07 20:40:27 ----D---- C:\Program Files\SpywareBlaster
2009-10-07 07:48:04 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-07 07:08:02 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-06 15:25:13 ----D---- C:\Program Files\ESET
2009-10-06 11:56:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-29 12:13:32 ----D---- C:\Program Files\VideoSpirit Pro
2009-09-26 15:32:43 ----A---- C:\WINDOWS\iun505.exe
2009-09-26 15:32:42 ----D---- C:\Program Files\PC Drummer Trial Edition
2009-09-25 13:00:00 ----D---- C:\Program Files\HammerHead
2009-09-24 23:10:49 ----D---- C:\Documents and Settings\Beatrice\Application Data\Malwarebytes
2009-09-24 23:10:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-24 23:06:19 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-24 23:06:19 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-24 23:06:19 ----A---- C:\WINDOWS\system32\java.exe
2009-09-24 23:06:19 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-10-12 10:08:21 ----D---- C:\WINDOWS\Temp
2009-10-12 10:08:20 ----D---- C:\Program Files
2009-10-12 09:38:24 ----D---- C:\Program Files\dl_cats
2009-10-12 02:26:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-12 01:25:04 ----D---- C:\Program Files\Eraser
2009-10-12 01:22:40 ----D---- C:\Config.Msi
2009-10-12 00:50:08 ----SHD---- C:\WINDOWS\Installer
2009-10-12 00:49:23 ----D---- C:\WINDOWS\system32
2009-10-12 00:47:08 ----SD---- C:\WINDOWS\Tasks
2009-10-12 00:29:01 ----D---- C:\WINDOWS\Prefetch
2009-10-12 00:17:58 ----D---- C:\Program Files\Common Files
2009-10-11 15:34:14 ----D---- C:\WINDOWS\system32\drivers
2009-10-11 15:14:13 ----A---- C:\WINDOWS\wininit.ini
2009-10-11 13:36:04 ----D---- C:\WINDOWS
2009-10-11 12:04:49 ----D---- C:\WINDOWS\Minidump
2009-10-11 10:24:10 ----D---- C:\Program Files\hjt
2009-10-11 10:04:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-11 10:04:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-09 20:48:25 ----HD---- C:\WINDOWS\inf
2009-10-09 11:25:35 ----D---- C:\Program Files\Mozilla Firefox
2009-10-07 07:48:03 ----D---- C:\Program Files\Kaspersky Lab
2009-10-06 21:09:15 ----SHD---- C:\System Volume Information
2009-10-06 18:57:04 ----D---- C:\Program Files\TVU Player
2009-10-06 09:36:04 ----D---- C:\WINDOWS\BDOSCAN8
2009-10-06 01:20:34 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-05 10:10:32 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-01 06:50:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-01 00:35:53 ----D---- C:\WINDOWS\Help
2009-09-29 20:59:57 ----D---- C:\Documents and Settings\Beatrice\Application Data\Orbit
2009-09-29 17:25:14 ----D---- C:\Downloads
2009-09-25 08:48:21 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-09-25 00:06:10 ----D---- C:\Program Files\Java
2009-09-23 22:18:33 ----D---- C:\Program Files\The Learning Company
2009-09-20 09:20:49 ----D---- C:\Documents and Settings\Beatrice\Application Data\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10240]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2007-02-06 16512]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-10-07 296976]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\System32\DRIVERS\admjoy.sys [2004-08-04 10880]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2004-08-04 36224]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 mf;mf; C:\WINDOWS\System32\DRIVERS\mf.sys [2004-08-04 63744]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 23180]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM); C:\WINDOWS\system32\drivers\adm8830.sys [2001-08-17 747392]
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2005-02-16 18816]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\7D7.tmp []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\Sandra.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 scrcap;scrcap; C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2005-09-30 14336]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 WipeFile;WipeFile; C:\WINDOWS\system32\DRIVERS\WipeFile.sys [2007-03-03 57472]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-04 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-24 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-08-08 53520]
R3 dlcx_device;dlcx_device; C:\WINDOWS\system32\dlcxcoms.exe [2006-05-18 495616]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-07 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2004-08-16 114786]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-10-12 10:09:11

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D1A81AA-ED90-11D6-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
7-Zip 4.61 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000703}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Advanced PDF Repair v2.0-->C:\PROGRA~1\APDFR\UNWISE.EXE C:\PROGRA~1\APDFR\INSTALL.LOG
Advanced X Video Converter-->"C:\Program Files\XVideoConverter\UI.exe"
AIM 6.0-->C:\Program Files\AIM6\uninst.exe
All Stats Baseball Planner-->C:\BasePlan\UNWISE.EXE C:\BasePlan\INSTALL.LOG
ALO Audio CD Ripper 2.1-->"C:\Program Files\ALO Audio CD Ripper\unins000.exe"
Amazing Slow Downer (remove only)-->"C:\Program Files\Roni Music\Amazing Slow Downer\uninstall.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Camera Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}\setup.exe" -l0x9 -uninst
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E142615E-5ED8-4511-9BF0-0284BFA25766}\Setup.exe" -l0x9 -uninst
Arthur's Birthday-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Living Books\DeIsL1.isu"
Arthur's Wilderness Rescue-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Arthur's Wilderness Rescue\Uninstall.xml"
ASAPI Update-->C:\PROGRA~1\VOB\ASAPIU~1\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
Assistant Coach for Baseball-->C:\ASSTCO~1\UNWISE.EXE C:\ASSTCO~1\INSTALL.LOG
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avery Wizard 3.1-->MsiExec.exe /I{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BlitzIn 2.5-->C:\Program Files\Internet Chess Club\BlitzIn 2.5\b2-uninstall.exe
BlitzIn 2.6-->C:\Program Files\Internet Chess Club\BlitzIn 2.6\b2-uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Caillou® Magic Playhouse™-->C:\Program Files\The Learning Company\Caillou® Magic Playhouse™\uninstall.exe
Cap'n Crunch's Crunchling Adventure™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30AF8281-7FF5-11D3-83D9-00400541A8A5}\setup.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}
Clifford Learning Activities-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Scholastic's Clifford\Clifford Learning Activities\Uninst.isu" -c"C:\Program Files\Scholastic's Clifford\Clifford Learning Activities\_UnInstall.dll"
Clifford Thinking Adventures-->C:\WINDOWS\system32\Clifford Uninstall.exe C:\Program Files\Scholastic's Clifford\Clifford Adventure\
Comic Life-->MsiExec.exe /X{6A1F0A1A-474C-4151-8534-5F61832D88CD}
Convert FLV to MP3 1.0-->"C:\Program Files\Convert FLV to MP3\unins000.exe"
Convert XLS-->"C:\Program Files\Softinterface, Inc\Convert XLS\unins000.exe"
Core FTP LE 1.3c-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
CuteFTP 7 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59D98250-CFEB-4A0B-A737-FC7CADE27852}\Setup.exe" -l0x9
CWA2000-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Alden Leeds\CWAPolynesian\DeIsL1.isu" -c"C:\Program Files\Alden Leeds\CWAPolynesian\_ISREG32.DLL"
Daniusoft DVD to iPod Converter(Build 1.2.40)-->"C:\Program Files\Daniusoft\DVD to iPod Suite\DVD2iPod\unins000.exe"
Daniusoft DVD to iPod Suite(Build 1.2.40)-->"C:\Program Files\Daniusoft\DVD to iPod Suite\unins000.exe"
Daniusoft Video to iPod Converter(Build 1.2.40)-->"C:\Program Files\Daniusoft\DVD to iPod Suite\VideotoiPod\unins000.exe"
Dell PC Fax-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
Disk Cleaner (remove only)-->"C:\Program Files\Disk Cleaner\uninstall.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyRecovery Professional-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1033
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON PERF 1670 Guide-->C:\Program Files\epson\guide\perf1670_e\uninstall.exe
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}\setup.exe" -l0x9 MyUninstall
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
Eraser-->"C:\Program Files\Eraser\unins000.exe"
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip Uninstall-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
File Shredder 2.0-->"C:\Program Files\File Shredder\unins000.exe"
Finale NotePad 2005a-->C:\WINDOWS\unvise32.exe C:\Program Files\Finale NotePad 2005a\uninstal.log
Floppy Disk Manager-->C:\PROGRA~1\FLOPPY~1\UNWISE.EXE C:\PROGRA~1\FLOPPY~1\INSTALL.LOG
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Free FLV Converter V 2.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free History Eraser-->"C:\Program Files\Free History Eraser\unins000.exe"
Fx Video Converter-->C:\PROGRA~1\FXVIDE~1\UNWISE.EXE C:\PROGRA~1\FXVIDE~1\INSTALL.LOG
Google Deskbar-->regsvr32 /u /s "C:\PROGRA~1\Google\GGTASK~1.DLL"
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
GrabPro - Toolbar-->regsvr32 /u /s "C:\Program Files\Orbitdownloader\GrabPro.dll"
HammerHead Rhythm Station-->C:\Program Files\HammerHead\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JPEG Recovery Pro 4.0-->C:\PROGRA~1\JPEGRE~1\UNWISE.EXE C:\WINDOWS\system32\jpegrecoverypro40.log
JumpStart Music-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSMUSIC\DeIsL1.isu
JumpStart Numbers-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSNUMBER\DeIsL1.isu
Jumpstart Preschool v2.4-->C:\WINDOWS\uninst.exe -fC:\KA\PRSCHOOL\DeIsL5.isu
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Keyfinder Advanced 2007 (Trial Version)-->C:\WINDOWS\Keyfinder Advanced 2007 (Trial Version) Uninstaller.exe
K-Lite Codec Pack 2.72 Standard-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Little Bear Rainy Day Activities-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Wonders\Little Bear Rainy Day Activities\Uninst.isu"
Madeline European Adventures-->C:\CWONDERS\MADEA\UNINST.EXE
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft MPEG-4 VKI Video Codec V1/V2/V3-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft Office 2000 Standard-->MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mike's Monstrous Adventure-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D2B1159-89F1-11D6-B2FB-0002A5E32BEF}\setup.exe" Mike's Monstrous Adventure
Movie Converter V3 (remove only)-->C:\Program Files\Movie Converter V3\uninst.exe -c
Movie Joiner-->C:\Program Files\Movie Joiner\uninst.exe -c
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
My Screen Recorder 2.5-->"C:\Program Files\Deskshare\My Screen Recorder\unins000.exe"
Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Fast CD-Burning Plug-in-->C:\WINDOWS\UnWMPBurn.exe /UNINSTALL
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC Drummer Trial Edition 5.11-->C:\WINDOWS\iun505.exe C:\Program Files\PC Drummer Trial Edition\irunin.ini
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Quick Zip 4.60.019-->"C:\Program Files\QuickZip4\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roll-->C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
SCRABBLE®-->C:\PROGRA~1\SHOCKW~1.COM\SCRABBLE\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\SCRABBLE\INSTALL.LOG
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SmartFTP Client-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
SonicWALL Global VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}\setup.exe" -l0x9 -FromCPL
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sophos Anti-Rootkit 1.5.0-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Steinberg Cubase LE-->"C:\Program Files\Steinberg\Cubase LE\Uninstall.exe" "C:\Program Files\Steinberg\Cubase LE\Install.log"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sure Delete 5.1.1-->"C:\Program Files\Sure Delete\unins000.exe"
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Tassman DXi SE 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B23F9E40-E6E5-11D4-89B3-00201856C449}\Setup.exe"
TVUPlayer 1.5.12-->C:\Program Files\TVU Player\uninst.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VideoSpirit Pro 1.40-->C:\Program Files\VideoSpirit Pro\uninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip Self-Extractor-->"C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
ZD Soft Screen Video Decoder-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf
ZOOM H4 ASIO Driver-->ZoomH4Unin.exe

======Security center information======

AV: Kaspersky Anti-Virus
FW: Kaspersky Anti-Hacker (disabled)

======System event log======

Computer Name: BEATRICE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 86931
Source Name: Tcpip
Time Written: 20090913100754.000000-240
Event Type: warning
User:

Computer Name: BEATRICE
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 86899
Source Name: W32Time
Time Written: 20090913001525.000000-240
Event Type: warning
User:

Computer Name: BEATRICE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 86890
Source Name: Tcpip
Time Written: 20090912104119.000000-240
Event Type: warning
User:

Computer Name: BEATRICE
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 86853
Source Name: W32Time
Time Written: 20090911204803.000000-240
Event Type: warning
User:

Computer Name: BEATRICE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 86848
Source Name: Tcpip
Time Written: 20090911071905.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: BEATRICE
Event Code: 1517
Message: Windows saved user BEATRICE\Beatrice registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7415
Source Name: Userenv
Time Written: 20090418221301.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BEATRICE
Event Code: 1001
Message: Detection of product '{00020409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Record Number: 7411
Source Name: MsiInstaller
Time Written: 20090418195826.000000-240
Event Type: warning
User: BEATRICE\Beatrice

Computer Name: BEATRICE
Event Code: 1517
Message: Windows saved user BEATRICE\Beatrice registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7392
Source Name: Userenv
Time Written: 20090417013343.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BEATRICE
Event Code: 1517
Message: Windows saved user BEATRICE\Beatrice registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7386
Source Name: Userenv
Time Written: 20090416212708.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BEATRICE
Event Code: 1517
Message: Windows saved user BEATRICE\Beatrice registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7371
Source Name: Userenv
Time Written: 20090415201020.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0803
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------

[GT500]

Step 1
[indent]
I have attached a file to this message called AvengerScript.txt which you should save on your desktop. After saving AvengerScript.txt, please download The Avenger from the following link:
http://swandog46.gee...r2/download.php

 AvengerScript.txt   78bytes   51 downloads

Use The Avenger to open the AvengerScript text file that you saved on your desktop, and then click the 'Execute' button in The Avenger. It will restart your computer, and use the information in AvengerScript.txt to clean up your computer a bit.

Please refer to the following screenshot for the location of the 'Open' button:
[indent][/indent]

After running The Avenger, please attach the log to a reply so that I know if it did it's job right.
[/indent]


Step 2
[indent]
Update Malwarebytes' Anti-Malware and run a scan with Windows booted normally. You may need to add the following files to the exclusions list in your anti-virus:

• C:\WINDOWS\system32\drivers\mbam.sys
  
  
• C:\WINDOWS\system32\drivers\mbamswissarmy.sys
  
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

Please remove anything that Malwarebytes' Anti-Malware finds, and attach the log to a reply.
[/indent]


Step 3
[indent]
Reset your router just in case. Make sure that you write down all of the settings in your router that you will need to replace after it has been reset. If you do not know how to do this, then give me the make and model of the router and I will try to put together some instructions.

Also note that another common form of infection is for malware to spread using Windows File Sharing (even if it isn't set up). This allows one infected computer on your network to infect every other computer on your network. If you do not share files over a Windows network, then you may want to check and see if your router has a setting called "AP Isolation" which should prevent the computers connected to the router from seeing each other, and thus prevent malware from spreading in that fashion.
[/indent]


Step 4
[indent]
Download RootRepeal from the link below, and extract it onto your desktop:
http://ad13.geekstog.../RootRepeal.zip

Run RootRepeal, click the 'Scan' button in the lower-left corner, and when it's done click the "Save Report" button in the lower-right corner. Attach that report to a reply.
[/indent]

[steve12]

I received the following error when trying to execute Avenger after opening script as per your instructions:

Error: Invalid script.A valid script must begin with a command directive.
Aborting execution!

[GT500]

OK, we'll try this a little differently. Copy the text inside the following code box into the white box in The Avenger, and then click the 'Execute' button:

Drivers to delete:
MEMSWEEP2

Files to delete:
C:\WINDOWS\system32\7D7.tmp

[steve12]

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Oct 12 15:44:13 2009

15:44:13: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Oct 12 15:44:39 2009

15:44:39: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Oct 12 15:46:12 2009

15:46:12: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "MEMSWEEP2" deleted successfully.

Error: file "C:\WINDOWS\system32\7D7.tmp" not found!
Deletion of file "C:\WINDOWS\system32\7D7.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[GT500]

OK, it looks like the silly thing finally did it's job.

Do you have the logs from Malwarebytes' Anti-Malware and RootRepeal?

[steve12]

RootRepeal keeps crashing my PC...never really gets running. 3rd try gave me a blue screen of death.

I'll run Malwarebytes now and post the log.

[GT500]

steve12 said:

I'll run Malwarebytes now and post the log.

OK.

[steve12]

Malwarebytes keeps crashing before finishing. Last try it ran for 4 plus hours for Quick Scan and then got hung up.....

So, I can't produce a log....

[GT500]

OK, we're going to need to dig a little deeper. Please download ComboFix from the link below, save it on your desktop, run it, and attach the log to a reply:
http://download.blee...Bs/ComboFix.exe

[steve12]

ComboFix 09-10-13.01 - Beatrice 10/13/2009 23:39.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.284 [GMT -4:00]
Running from: c:\documents and settings\Beatrice\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
.
ADS - netcfgx.dll: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\desktop
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Readme.txt
c:\windows\system32\open.ico

Infected copy of c:\windows\system32\drivers\ultra.sys was found and disinfected
Restored copy from - Kitty ate it :^)
.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-12 14:08 . 2009-10-12 14:09 -------- d-----w- c:\program files\trend micro
2009-10-12 14:08 . 2009-10-12 14:09 -------- d-----w- C:\rsit
2009-10-12 04:17 . 2009-10-12 04:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-12 04:17 . 2009-10-12 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-12 04:16 . 2009-10-12 04:16 -------- d-----w- c:\documents and settings\Beatrice\Local Settings\Application Data\Downloaded Installations
2009-10-11 02:52 . 2009-10-11 02:52 -------- d-----w- c:\program files\Sophos
2009-10-08 00:40 . 2009-10-08 00:40 -------- d-----w- c:\program files\SpywareBlaster
2009-10-07 11:51 . 2009-10-07 11:51 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-07 11:50 . 2009-10-07 11:55 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-07 11:50 . 2009-10-07 11:55 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-07 11:48 . 2009-10-14 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-07 11:08 . 2009-10-07 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-06 19:25 . 2009-10-06 19:25 -------- d-----w- c:\program files\ESET
2009-10-06 15:56 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 15:56 . 2009-10-06 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 15:56 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-06 05:32 . 2009-10-06 05:32 -------- d-----w- c:\documents and settings\Bumblebea\Application Data\Malwarebytes
2009-09-29 21:27 . 2009-09-29 21:27 -------- d-----w- c:\documents and settings\Michy\Application Data\AdobeUM
2009-09-29 21:25 . 2009-09-29 21:27 -------- d-----w- c:\documents and settings\Michy\Local Settings\Application Data\Adobe
2009-09-29 21:18 . 2009-09-29 21:18 -------- d-----w- c:\documents and settings\Michy\Local Settings\Application Data\WMTools Downloaded Files
2009-09-29 21:18 . 2009-09-29 21:18 -------- d-----w- c:\documents and settings\Michy\Application Data\Malwarebytes
2009-09-29 16:13 . 2009-09-29 16:25 -------- d-----w- c:\program files\VideoSpirit Pro
2009-09-26 19:32 . 2009-09-26 19:32 286720 ----a-w- c:\windows\iun505.exe
2009-09-26 19:32 . 2009-09-26 19:32 -------- d-----w- c:\program files\PC Drummer Trial Edition
2009-09-25 17:00 . 2009-09-25 17:00 -------- d-----w- c:\program files\HammerHead
2009-09-25 03:10 . 2009-09-25 03:10 -------- d-----w- c:\documents and settings\Beatrice\Application Data\Malwarebytes
2009-09-25 03:10 . 2009-09-25 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 03:06 . 2009-09-25 03:05 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 04:15 . 2007-04-15 19:31 -------- d-----w- c:\program files\dl_cats
2009-10-14 03:26 . 2009-05-26 01:41 -------- d-----w- c:\program files\Eraser
2009-10-11 14:24 . 2005-03-30 15:04 -------- d-----w- c:\program files\hjt
2009-10-07 11:48 . 2005-09-06 13:36 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-07 01:15 . 2005-08-21 17:30 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-06 22:57 . 2006-06-28 20:27 -------- d-----w- c:\program files\TVU Player
2009-10-06 05:20 . 2008-12-09 15:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-30 00:59 . 2008-05-19 17:34 -------- d-----w- c:\documents and settings\Beatrice\Application Data\Orbit
2009-09-29 21:27 . 2009-02-20 15:33 -------- d-----w- c:\documents and settings\Michy\Application Data\Orbit
2009-09-29 02:17 . 2005-03-19 19:45 33872 ----a-w- c:\documents and settings\Beatrice\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 12:48 . 2008-12-09 03:06 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-09-25 04:06 . 2005-03-20 17:48 -------- d-----w- c:\program files\Java
2009-09-24 02:18 . 2008-05-02 23:10 -------- d-----w- c:\program files\The Learning Company
2009-09-20 13:20 . 2009-08-19 01:07 -------- d-----w- c:\documents and settings\Beatrice\Application Data\uTorrent
2009-09-09 04:26 . 2009-09-09 03:05 -------- d-----w- c:\documents and settings\Beatrice\Application Data\ICAClient
2009-09-09 03:05 . 2009-09-09 03:05 -------- d-----w- c:\program files\Citrix
2009-09-05 22:17 . 2007-05-07 12:48 -------- d-----w- c:\documents and settings\Beatrice\Application Data\CoreFTP
2009-09-02 13:01 . 2009-09-02 13:01 86016 ----a-w- c:\windows\system32\DirShowEXDD.dll
2009-08-19 01:07 . 2009-08-19 01:07 -------- d-----w- c:\program files\AskSearch
2009-08-06 23:24 . 2004-08-03 19:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-03 18:59 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-08-05 17:40 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-03 18:59 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-03-19 17:15 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2001-08-23 15:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-03 19:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-03-19 17:15 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2001-08-23 15:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\atl.dll
2005-08-15 16:21 . 2005-08-15 16:21 13500200 ----a-w- c:\program files\kav5.0trial_personalen.exe
2008-12-19 17:52 . 2006-02-12 15:11 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 17:52 . 2006-02-12 15:11 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 17:52 . 2007-08-10 13:02 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 17:52 . 2007-08-10 13:02 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 17:52 . 2006-02-12 15:11 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-04-16 02:29 . 2007-04-16 00:52 56 --sh--r- c:\windows\system32\05A597BF8C.sys
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2007-04-16 02:29 . 2007-04-16 00:52 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 1867776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-05 39408]
"Eraser"="c:\program files\Eraser\eraser.exe" [2003-07-25 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 299008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-26 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-25 149280]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-20 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-04-06 16:25 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TVU Player\\TVUPlayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57462:TCP"= 57462:TCP:Pando P2P TCP Listening Port
"57462:UDP"= 57462:UDP:Pando P2P UDP Listening Port

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2/12/2007 3:58 PM 10240]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [7/13/2005 11:31 AM 78032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [7/13/2005 11:27 AM 23180]
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [3/19/2005 8:01 AM 747392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 10:21 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [3/3/2007 7:20 PM 57472]
.
Contents of the 'Scheduled Tasks' folder

2009-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 02:21]

2009-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 02:21]

2009-10-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optonline.net/Home
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.msn.com
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Beatrice\Application Data\Mozilla\Firefox\Profiles\ob3clmij.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
AddRemove-Arthur's Birthday - c:\program files\Living Books\DeIsL1.isu
AddRemove-Convert XLS_is1 - c:\program files\Softinterface
AddRemove-Finale NotePad 2005a - c:\windows\unvise32.exe
AddRemove-RollerCoaster Tycoon Setup - c:\windows\UniFish3.exe
AddRemove-TVUPlayer - c:\program files\TVU Player\uninst.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 00:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1856)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3096)
c:\progra~1\Google\GGTASK~1.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Google\ggviewer81-53.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-14 0:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-14 04:26

Pre-Run: 241,811,456 bytes free
Post-Run: 565,919,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

266 --- E O F --- 2009-09-10 03:54

[GT500]

I have attached a file to this message called CFScript.txt which will tell ComboFix how to remove some of the bad things I saw in your ComboFix log. Please save CFScript onto your desktop, and then download a fresh copy of ComboFix from the link below, and make sure to save it on your desktop as well. Once you have both CFScript and ComboFix saved to your desktop, hold down the left mouse button on top of the icon for CFScript, and drag it on top of the ComboFix icon, and then let go. This should start ComboFix again. Make sure, when it finishes, to attach the new log to a reply so that I can verify that it deleted what it was supposed to.
http://download.blee...Bs/ComboFix.exe

 CFScript.txt   258bytes   50 downloads

[steve12]

ComboFix 09-10-14.01 - Beatrice 10/14/2009 16:29.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.234 [GMT -4:00]
Running from: c:\documents and settings\Beatrice\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Beatrice\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
.

((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-12 14:08 . 2009-10-12 14:09 -------- d-----w- c:\program files\trend micro
2009-10-12 14:08 . 2009-10-12 14:09 -------- d-----w- C:\rsit
2009-10-12 04:17 . 2009-10-12 04:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-12 04:17 . 2009-10-12 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-12 04:16 . 2009-10-12 04:16 -------- d-----w- c:\documents and settings\Beatrice\Local Settings\Application Data\Downloaded Installations
2009-10-11 02:52 . 2009-10-11 02:52 -------- d-----w- c:\program files\Sophos
2009-10-08 00:40 . 2009-10-08 00:40 -------- d-----w- c:\program files\SpywareBlaster
2009-10-07 11:51 . 2009-10-07 11:51 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-07 11:50 . 2009-10-14 13:15 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-07 11:50 . 2009-10-14 13:15 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-07 11:48 . 2009-10-14 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-07 11:08 . 2009-10-07 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-06 19:25 . 2009-10-06 19:25 -------- d-----w- c:\program files\ESET
2009-10-06 15:56 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 15:56 . 2009-10-06 15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 15:56 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-06 05:32 . 2009-10-06 05:32 -------- d-----w- c:\documents and settings\Bumblebea\Application Data\Malwarebytes
2009-09-29 21:27 . 2009-09-29 21:27 -------- d-----w- c:\documents and settings\Michy\Application Data\AdobeUM
2009-09-29 21:25 . 2009-09-29 21:27 -------- d-----w- c:\documents and settings\Michy\Local Settings\Application Data\Adobe
2009-09-29 21:18 . 2009-09-29 21:18 -------- d-----w- c:\documents and settings\Michy\Local Settings\Application Data\WMTools Downloaded Files
2009-09-29 21:18 . 2009-09-29 21:18 -------- d-----w- c:\documents and settings\Michy\Application Data\Malwarebytes
2009-09-29 16:13 . 2009-09-29 16:25 -------- d-----w- c:\program files\VideoSpirit Pro
2009-09-26 19:32 . 2009-09-26 19:32 286720 ----a-w- c:\windows\iun505.exe
2009-09-26 19:32 . 2009-09-26 19:32 -------- d-----w- c:\program files\PC Drummer Trial Edition
2009-09-25 17:00 . 2009-09-25 17:00 -------- d-----w- c:\program files\HammerHead
2009-09-25 03:10 . 2009-09-25 03:10 -------- d-----w- c:\documents and settings\Beatrice\Application Data\Malwarebytes
2009-09-25 03:10 . 2009-09-25 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 03:06 . 2009-09-25 03:05 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 20:51 . 2007-04-15 19:31 -------- d-----w- c:\program files\dl_cats
2009-10-14 05:02 . 2009-05-26 01:41 -------- d-----w- c:\program files\Eraser
2009-10-11 14:24 . 2005-03-30 15:04 -------- d-----w- c:\program files\hjt
2009-10-07 11:48 . 2005-09-06 13:36 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-07 01:15 . 2005-08-21 17:30 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-06 22:57 . 2006-06-28 20:27 -------- d-----w- c:\program files\TVU Player
2009-10-06 05:20 . 2008-12-09 15:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-30 00:59 . 2008-05-19 17:34 -------- d-----w- c:\documents and settings\Beatrice\Application Data\Orbit
2009-09-29 21:27 . 2009-02-20 15:33 -------- d-----w- c:\documents and settings\Michy\Application Data\Orbit
2009-09-29 02:17 . 2005-03-19 19:45 33872 ----a-w- c:\documents and settings\Beatrice\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 12:48 . 2008-12-09 03:06 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-09-25 05:56 . 2004-01-08 20:23 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-25 04:06 . 2005-03-20 17:48 -------- d-----w- c:\program files\Java
2009-09-24 02:18 . 2008-05-02 23:10 -------- d-----w- c:\program files\The Learning Company
2009-09-20 13:20 . 2009-08-19 01:07 -------- d-----w- c:\documents and settings\Beatrice\Application Data\uTorrent
2009-09-11 14:33 . 2001-08-23 15:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 04:26 . 2009-09-09 03:05 -------- d-----w- c:\documents and settings\Beatrice\Application Data\ICAClient
2009-09-09 03:05 . 2009-09-09 03:05 -------- d-----w- c:\program files\Citrix
2009-09-05 22:17 . 2007-05-07 12:48 -------- d-----w- c:\documents and settings\Beatrice\Application Data\CoreFTP
2009-09-04 20:45 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 13:01 . 2009-09-02 13:01 86016 ----a-w- c:\windows\system32\DirShowEXDD.dll
2009-08-26 08:16 . 2001-08-23 15:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-19 01:07 . 2009-08-19 01:07 -------- d-----w- c:\program files\AskSearch
2009-08-06 23:24 . 2004-08-03 19:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-03 18:59 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-08-05 17:40 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-03 18:59 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-03-19 17:15 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2001-08-23 15:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-03 19:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-03-19 17:15 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2001-08-23 15:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2001-08-23 15:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2001-08-17 13:48 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-17 18:55 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27 . 2001-08-23 15:00 1435648 ------w- c:\windows\system32\query.dll
2005-08-15 16:21 . 2005-08-15 16:21 13500200 ----a-w- c:\program files\kav5.0trial_personalen.exe
2008-12-19 17:52 . 2006-02-12 15:11 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 17:52 . 2006-02-12 15:11 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 17:52 . 2007-08-10 13:02 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 17:52 . 2007-08-10 13:02 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 17:52 . 2006-02-12 15:11 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-04-16 02:29 . 2007-04-16 00:52 56 --sh--r- c:\windows\system32\05A597BF8C.sys
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2007-04-16 02:29 . 2007-04-16 00:52 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-14_04.15.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-14 20:49 . 2009-10-14 20:49 16384 c:\windows\temp\Perflib_Perfdata_1dc.dat
- 2007-01-13 23:14 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2007-01-13 23:14 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2003-08-15 18:31 . 2009-09-25 05:56 39424 c:\windows\system32\pngfilt.dll
- 2003-08-15 18:31 . 2009-06-26 16:18 39424 c:\windows\system32\pngfilt.dll
+ 2001-08-23 15:00 . 2009-09-25 05:56 16384 c:\windows\system32\jsproxy.dll
- 2001-08-23 15:00 . 2009-06-26 16:18 16384 c:\windows\system32\jsproxy.dll
- 2004-08-26 16:17 . 2009-06-26 16:18 96256 c:\windows\system32\inseng.dll
+ 2004-08-26 16:17 . 2009-09-25 05:56 96256 c:\windows\system32\inseng.dll
- 2004-08-04 07:56 . 2009-06-26 16:18 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 07:56 . 2009-09-25 05:56 55808 c:\windows\system32\extmgr.dll
- 2006-05-10 05:23 . 2009-06-26 16:18 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-05-10 05:23 . 2009-09-25 05:56 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-09-04 20:45 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2006-05-10 05:22 . 2009-09-25 05:56 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2009-06-26 16:18 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2009-06-26 16:18 96256 c:\windows\system32\dllcache\inseng.dll
+ 2006-05-10 05:22 . 2009-09-25 05:56 96256 c:\windows\system32\dllcache\inseng.dll
+ 2009-02-20 08:30 . 2009-09-25 05:56 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:30 . 2009-06-26 16:18 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2006-05-09 11:00 . 2009-09-18 09:56 18432 c:\windows\system32\dllcache\iedw.exe
- 2006-05-09 11:00 . 2009-06-22 11:38 18432 c:\windows\system32\dllcache\iedw.exe
- 2006-05-10 05:22 . 2009-06-26 16:18 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-05-10 05:22 . 2009-09-25 05:56 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2005-05-17 00:25 . 2009-09-18 09:33 352768 c:\windows\system32\xpsp3res.dll
- 2005-05-17 00:25 . 2009-06-22 11:26 352768 c:\windows\system32\xpsp3res.dll
+ 2004-08-04 07:56 . 2009-04-10 05:01 530280 c:\windows\system32\wmspdmod.dll
+ 2004-09-23 21:07 . 2009-09-25 05:56 624640 c:\windows\system32\urlmon.dll
+ 2004-08-20 21:41 . 2009-09-25 05:56 473600 c:\windows\system32\shlwapi.dll
+ 2001-08-23 15:00 . 2009-09-25 05:56 532480 c:\windows\system32\mstime.dll
- 2001-08-23 15:00 . 2009-06-26 16:18 532480 c:\windows\system32\mstime.dll
- 2001-08-23 15:00 . 2009-06-26 16:18 146432 c:\windows\system32\msrating.dll
+ 2001-08-23 15:00 . 2009-09-25 05:56 146432 c:\windows\system32\msrating.dll
+ 2001-08-23 15:00 . 2009-09-25 05:56 449024 c:\windows\system32\mshtmled.dll
- 2001-08-23 15:00 . 2009-06-26 16:18 449024 c:\windows\system32\mshtmled.dll
- 2001-08-23 15:00 . 2009-06-26 16:18 251392 c:\windows\system32\iepeers.dll
+ 2001-08-23 15:00 . 2009-09-25 05:56 251392 c:\windows\system32\iepeers.dll
- 2001-08-23 15:00 . 2009-06-26 16:18 205312 c:\windows\system32\dxtrans.dll
+ 2001-08-23 15:00 . 2009-09-25 05:56 205312 c:\windows\system32\dxtrans.dll
+ 2001-08-23 15:00 . 2009-09-25 05:56 357888 c:\windows\system32\dxtmsft.dll
- 2001-08-23 15:00 . 2009-06-26 16:18 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 07:56 . 2009-04-10 05:01 530280 c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-05-10 05:23 . 2009-09-25 05:56 662016 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:23 . 2009-09-25 05:56 624640 c:\windows\system32\dllcache\urlmon.dll
- 2006-08-21 14:52 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-08-21 14:52 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-05-10 05:23 . 2009-09-25 05:56 473600 c:\windows\system32\dllcache\shlwapi.dll
- 2009-06-25 08:44 . 2009-06-25 08:44 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-06-25 08:44 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll
- 2006-05-10 05:23 . 2009-06-26 16:18 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2009-09-25 05:56 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2009-09-25 05:56 146432 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:23 . 2009-06-26 16:18 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:23 . 2009-09-25 05:56 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:23 . 2009-06-26 16:18 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:22 . 2009-06-26 16:18 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:22 . 2009-09-25 05:56 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:22 . 2009-06-26 16:18 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2009-09-25 05:56 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2009-09-25 05:56 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:22 . 2009-06-26 16:18 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-05-10 05:22 . 2009-09-25 05:56 151040 c:\windows\system32\dllcache\cdfview.dll
- 2006-05-10 05:22 . 2009-06-26 16:18 151040 c:\windows\system32\dllcache\cdfview.dll
- 2001-08-23 15:00 . 2009-06-26 16:18 151040 c:\windows\system32\cdfview.dll
+ 2001-08-23 15:00 . 2009-09-25 05:56 151040 c:\windows\system32\cdfview.dll
+ 2009-10-13 18:26 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2004-08-27 17:57 . 2009-09-25 05:56 1506304 c:\windows\system32\shdocvw.dll
- 2004-08-27 17:57 . 2009-07-18 16:20 1506304 c:\windows\system32\shdocvw.dll
+ 2004-09-29 06:45 . 2009-09-25 05:56 3063296 c:\windows\system32\mshtml.dll
- 2006-05-29 15:30 . 2009-07-18 16:20 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-05-29 15:30 . 2009-09-25 05:56 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-06-22 05:06 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
- 2006-06-22 05:06 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll
+ 2006-12-19 14:17 . 2009-08-04 14:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-08-04 13:13 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2006-12-19 12:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 12:55 . 2009-08-04 13:13 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-12-19 14:15 . 2009-08-04 13:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2009-09-25 05:56 3063296 c:\windows\system32\dllcache\mshtml.dll
- 2006-05-10 05:22 . 2009-06-26 16:18 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-05-10 05:22 . 2009-09-25 05:56 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-05-10 05:22 . 2009-09-25 05:56 1023488 c:\windows\system32\dllcache\browseui.dll
- 2006-05-10 05:22 . 2009-06-26 16:18 1023488 c:\windows\system32\dllcache\browseui.dll
- 2001-08-23 15:00 . 2009-06-26 16:18 1054208 c:\windows\system32\danim.dll
+ 2001-08-23 15:00 . 2009-09-25 05:56 1054208 c:\windows\system32\danim.dll
+ 2004-01-16 09:29 . 2009-09-25 05:56 1023488 c:\windows\system32\browseui.dll
- 2004-01-16 09:29 . 2009-06-26 16:18 1023488 c:\windows\system32\browseui.dll
+ 2005-03-02 00:59 . 2009-08-04 14:00 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-08-04 13:13 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:34 . 2009-08-04 13:13 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:57 . 2009-08-04 13:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 1867776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-05 39408]
"Eraser"="c:\program files\Eraser\eraser.exe" [2003-07-25 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 299008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-26 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-25 149280]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-20 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-04-06 16:25 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TVU Player\\TVUPlayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57462:TCP"= 57462:TCP:Pando P2P TCP Listening Port
"57462:UDP"= 57462:UDP:Pando P2P UDP Listening Port

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2/12/2007 3:58 PM 10240]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [7/13/2005 11:31 AM 78032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [7/13/2005 11:27 AM 23180]
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [3/19/2005 8:01 AM 747392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2009 10:21 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [3/3/2007 7:20 PM 57472]
.
Contents of the 'Scheduled Tasks' folder

2009-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 02:21]

2009-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 02:21]

2009-10-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optonline.net/Home
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.msn.com
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Beatrice\Application Data\Mozilla\Firefox\Profiles\ob3clmij.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 16:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3412)
c:\progra~1\Google\GGTASK~1.DLL
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\WgaTray.exe
c:\program files\Google\ggviewer81-53.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-14 17:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-14 21:02
ComboFix2.txt 2009-10-14 04:26

Pre-Run: 304,488,448 bytes free
Post-Run: 340,660,224 bytes free

350 --- E O F --- 2009-10-14 05:10

[GT500]

I have attached a file to this message called AvengerScript.txt which you should save on your desktop. After saving AvengerScript.txt, please download The Avenger from the following link:
http://swandog46.gee...r2/download.php

Use The Avenger to open the AvengerScript text file that you saved on your desktop, and then click the 'Execute' button in The Avenger. It will restart your computer, and use the information in AvengerScript.txt to clean up your computer a bit.

If you cannot find the 'Open' button, then please refer to the screenshot linked below:
http://malwarebytes.gt500.org/screenshots/...open_script.png

 AvengerScript.txt   52bytes   48 downloads

[steve12]

Got this error message again when trying to execute script :

Error: Invalid script.A valid script must begin with a command directive.
Aborting execution

[steve12]

I changed the alignment of the script to this and it will run now...( instead of the text all being on one line)

Files to delete:

c:\windows\system32\05A597BF8C.sys

Should I proceed?

[steve12]

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Oct 12 15:44:13 2009

15:44:13: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Oct 12 15:44:39 2009

15:44:39: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Oct 12 15:46:12 2009

15:46:12: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "MEMSWEEP2" deleted successfully.

Error: file "C:\WINDOWS\system32\7D7.tmp" not found!
Deletion of file "C:\WINDOWS\system32\7D7.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Oct 14 22:54:09 2009

22:54:09: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Oct 14 22:54:49 2009

22:54:49: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\05A597BF8C.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[GT500]

Sorry for the delay in replying. It looks like Avenger killed the file, but just to be sure get me a fresh ComboFix log and I'll see if it's gone.