Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
2 Pages V   1 2 >  
 Closed TopicStart new topic
Virtemonde/Monder removal from XP [RESOLVED], all standard programs have failed, I've included the HJT/VBG logs
thinkbomb
post Nov 29 2008, 02:37 PM
Post #1


Member
**
Posts: 10
OS: XP
So I have a nasty Trojan on my XP system. Virtemonde/Monder class.

Here's a list of the programs that I've tried using thus far (several times each):

AVG Free = Identifies, claims to remove, never lasts
Spybot = Identifies, claims to fix, doesn't last
AdAware = Identifies, claims to fix, doesn't last
VundoFix.exe = didn't identify
Virtumondobegon = didn't identify

I've also ran the Clean System function to no avail.


As such, here's the report logs from HJT and VBG. Hopefully someone here will be able to help me out. =\


Thanks in advance!
Attached File(s)
Attached File  hijackthislog.txt ( 12.5K ) Number of downloads: 50
Attached File  VBG.TXT ( 2.03K ) Number of downloads: 10
 
Go to the top of the page
 
+Quote Post
Rorschach112
post Nov 29 2008, 05:52 PM
Post #2


GeekU Teacher
Group Icon
Posts: 21,884
From: Dublin
OS: XP
Hello

Don't attach the logs

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
Go to the top of the page
 
+Quote Post
thinkbomb
post Dec 1 2008, 03:45 PM
Post #3


Member
**
Posts: 10
OS: XP
was busy yesterday, didn't get around to running the scan until just now.


Here's the LopR scan results (I'm assuming you want me to paste them into the post itself rather than attaching a text file, so here ya go)



Thanks again for the help! biggrin.gif



================================================================




--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : Ryan ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:22 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Mon 12/01/2008|14:34 )

--------------------\\ Listing folders in APPLIC~1

[10/04/2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/17/2008|03:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[07/15/2007|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ACD Systems
[06/18/2008|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/06/2005|05:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[11/17/2008|03:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/14/2006|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/19/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[07/19/2008|12:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[08/28/2008|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[08/06/2005|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[12/04/2005|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[12/22/2005|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Electronic Arts
[07/23/2007|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/28/2007|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[11/29/2008|04:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/11/2008|02:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[10/22/2008|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/17/2006|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[11/14/2005|06:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[08/17/2005|11:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[07/13/2007|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[09/02/2008|05:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Rockwell Software
[08/28/2008|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[10/16/2008|07:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[11/28/2007|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[08/06/2005|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[02/26/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SYSTEMAX Software Development
[04/14/2007|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/06/2005|01:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[03/01/2008|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[10/20/2008|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[08/06/2005|11:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[10/22/2008|08:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[11/29/2007|09:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio
[12/01/2008|12:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> WTablet

[08/28/2008|11:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[11/20/2008|12:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> WTablet

[08/05/2007|02:08] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> acccore
[01/07/2007|12:09] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> ACD Systems
[03/01/2007|12:47] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Active Disk
[02/04/2008|11:37] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Adobe
[02/03/2007|12:35] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> AdobeAUM
[06/18/2008|10:25] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> AdobeUM
[11/29/2008|06:47] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> AdwareAlert
[10/01/2007|04:56] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Aim
[11/28/2008|07:41] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Antispyware
[02/25/2006|10:26] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Apple Computer
[10/26/2005|09:21] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Azureus
[03/01/2007|10:51] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars Demo
[09/13/2005|08:33] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> CoreFTP
[09/17/2007|11:14] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> GetRightToGo
[08/06/2005|08:32] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> GlobalSCAPE
[07/07/2006|10:34] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Google
[07/18/2008|02:48] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Hamachi
[08/28/2005|02:24] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Help
[08/06/2005|11:17] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Identities
[05/18/2006|03:15] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> IMVU
[09/25/2008|07:52] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> InstallShield
[08/05/2007|01:22] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> InterTrust
[02/09/2008|09:14] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Lavasoft
[06/25/2008|12:01] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Leadertech
[02/17/2006|08:51] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> LucasArts
[08/28/2008|07:29] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Macromedia
[11/29/2008|04:54] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Malwarebytes
[04/27/2006|01:19] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Media Player Classic
[03/25/2008|09:23] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Microsoft
[07/27/2008|08:41] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Mozilla
[12/19/2006|01:54] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> My Battle for Middle-earth™ II Files
[01/06/2007|10:42] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> My The Lord of the Rings, The Rise of the Witch-king Files
[08/20/2006|04:59] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Opera
[02/17/2006|08:58] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Petroglyph
[12/10/2007|07:06] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> QQ Games Plugin
[07/20/2007|09:46] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Real
[09/02/2008|05:48] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Rockwell Software
[11/29/2007|09:11] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Roxio
[10/23/2006|12:18] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> SecuROM
[10/23/2008|12:36] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Skype
[10/23/2008|12:15] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> skypePM
[06/07/2007|01:29] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> SmartFTP
[04/25/2007|06:18] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Sonic Focus
[04/27/2007|12:40] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Stamps.com Internet Postage
[08/15/2005|10:15] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Sun
[02/26/2008|09:51] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> SYSTEMAX Software Development
[10/08/2005|01:37] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Talkback
[01/28/2006|09:55] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Ventrilo
[03/13/2008|11:37] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> vlc
[09/30/2008|06:17] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Winamp
[10/22/2008|08:41] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Windows Desktop Search
[11/28/2008|09:14] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Windows Search
[12/01/2008|12:58] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> WTablet
[06/28/2006|10:18] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Yahoo!
[08/12/2005|07:52] C:\DOCUME~1\Ryan\APPLIC~1\<DIR> Yahoo! Messenger

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/01/2008 01:03 PM][--a------] C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
[11/29/2008 01:05 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/01/2008 01:18 PM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[12/01/2008 12:57 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/21/2007|07:26] C:\Program Files\<DIR> 2Wire
[11/21/2007|07:26] C:\Program Files\<DIR> Actiontec
[12/27/2006|04:09] C:\Program Files\<DIR> Activision
[08/05/2007|01:22] C:\Program Files\<DIR> Adobe
[11/29/2008|06:47] C:\Program Files\<DIR> AdwareAlert
[10/01/2007|04:56] C:\Program Files\<DIR> AIM
[11/17/2008|03:12] C:\Program Files\<DIR> AIM6
[11/28/2008|07:41] C:\Program Files\<DIR> Antispyware
[10/01/2007|04:56] C:\Program Files\<DIR> AOD
[08/27/2008|09:48] C:\Program Files\<DIR> Apple Software Update
[03/24/2008|11:34] C:\Program Files\<DIR> AVG
[11/20/2005|09:41] C:\Program Files\<DIR> AXE Games
[08/04/2007|10:38] C:\Program Files\<DIR> Azureus
[01/23/2008|01:16] C:\Program Files\<DIR> BitLord
[08/10/2005|09:35] C:\Program Files\<DIR> Bradbury
[10/16/2008|07:09] C:\Program Files\<DIR> Common Files
[08/06/2005|11:03] C:\Program Files\<DIR> ComPlus Applications
[08/06/2005|11:48] C:\Program Files\<DIR> CONEXANT
[11/28/2008|08:10] C:\Program Files\<DIR> Coupons
[08/06/2005|12:01] C:\Program Files\<DIR> CyberLink
[03/01/2007|12:42] C:\Program Files\<DIR> DAEMON Tools
[08/06/2005|05:42] C:\Program Files\<DIR> directx
[04/26/2007|11:11] C:\Program Files\<DIR> DivX
[06/08/2007|10:18] C:\Program Files\<DIR> DreamWorks Interactive
[10/25/2006|10:47] C:\Program Files\<DIR> EA GAMES
[03/01/2007|10:43] C:\Program Files\<DIR> Electronic Arts
[02/08/2008|01:10] C:\Program Files\<DIR> eMusic Download Manager
[11/05/2008|03:05] C:\Program Files\<DIR> Enigma Software Group
[11/05/2008|12:01] C:\Program Files\<DIR> File Scanner Library (Spybot - Search & Destroy)
[12/30/2006|12:24] C:\Program Files\<DIR> Flash
[08/26/2008|07:14] C:\Program Files\<DIR> Google
[05/24/2006|09:14] C:\Program Files\<DIR> Hamachi
[08/06/2005|01:22] C:\Program Files\<DIR> HighMAT CD Writing Wizard
[11/29/2008|01:24] C:\Program Files\<DIR> Hijackthis
[04/22/2006|11:37] C:\Program Files\<DIR> HP
[10/27/2008|04:21] C:\Program Files\<DIR> IDT
[10/27/2008|04:21] C:\Program Files\<DIR> InstallShield Installation Information
[08/05/2007|12:19] C:\Program Files\<DIR> Intel
[10/27/2008|04:21] C:\Program Files\<DIR> Intel Audio Studio
[03/28/2006|02:41] C:\Program Files\<DIR> Intel Corporation
[04/08/2007|12:36] C:\Program Files\<DIR> Intel Desktop Boards
[11/29/2008|10:05] C:\Program Files\<DIR> Internet Explorer
[02/08/2008|01:08] C:\Program Files\<DIR> Iomega
[10/04/2008|12:29] C:\Program Files\<DIR> iPod
[10/04/2008|12:30] C:\Program Files\<DIR> iTunes
[11/23/2008|11:09] C:\Program Files\<DIR> Java
[04/22/2006|12:09] C:\Program Files\<DIR> Keyboard-Mouse-Set
[07/13/2007|07:29] C:\Program Files\<DIR> K-Lite Codec Pack
[04/22/2006|12:18] C:\Program Files\<DIR> Logitech
[02/17/2006|08:44] C:\Program Files\<DIR> LucasArts
[10/15/2008|06:57] C:\Program Files\<DIR> Macromedia
[11/29/2008|04:54] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/28/2008|07:33] C:\Program Files\<DIR> Messenger
[08/11/2008|02:19] C:\Program Files\<DIR> Messenger Plus! Live
[04/06/2008|08:27] C:\Program Files\<DIR> MetaStream
[08/06/2005|12:06] C:\Program Files\<DIR> Microsoft ActiveSync
[05/06/2006|03:26] C:\Program Files\<DIR> Microsoft AntiSpyware
[08/06/2005|11:08] C:\Program Files\<DIR> microsoft frontpage
[09/02/2008|05:42] C:\Program Files\<DIR> Microsoft Office
[10/22/2008|08:41] C:\Program Files\<DIR> Microsoft Silverlight
[08/06/2005|12:05] C:\Program Files\<DIR> Microsoft Visual Studio
[08/06/2005|12:12] C:\Program Files\<DIR> Microsoft Works
[08/06/2005|12:06] C:\Program Files\<DIR> Microsoft.NET
[09/25/2008|07:51] C:\Program Files\<DIR> Minitab 15
[11/05/2008|12:01] C:\Program Files\<DIR> Misc. Support Library (Spybot - Search & Destroy)
[08/28/2008|07:27] C:\Program Files\<DIR> Movie Maker
[12/01/2008|01:03] C:\Program Files\<DIR> Mozilla Firefox
[11/29/2007|09:53] C:\Program Files\<DIR> mp3DirectCut
[06/30/2008|01:40] C:\Program Files\<DIR> MSECache
[08/06/2005|11:02] C:\Program Files\<DIR> MSN
[11/16/2005|09:18] C:\Program Files\<DIR> MSN Games
[08/06/2005|11:03] C:\Program Files\<DIR> MSN Gaming Zone
[08/06/2005|12:16] C:\Program Files\<DIR> MsnMusic
[08/06/2005|11:24] C:\Program Files\<DIR> MSXML 4.0
[08/15/2006|02:01] C:\Program Files\<DIR> MusicMatch
[02/08/2008|01:16] C:\Program Files\<DIR> NCSoft
[08/28/2008|07:21] C:\Program Files\<DIR> NetMeeting
[02/01/2006|07:19] C:\Program Files\<DIR> NewSoft
[08/06/2005|12:01] C:\Program Files\<DIR> NewTech Infosystems
[04/26/2008|02:42] C:\Program Files\<DIR> Noitu Love 2
[08/04/2007|10:48] C:\Program Files\<DIR> OGPlanet
[08/06/2005|11:03] C:\Program Files\<DIR> Online Services
[07/19/2008|12:27] C:\Program Files\<DIR> Open Canvas
[10/30/2008|01:09] C:\Program Files\<DIR> Opera
[08/28/2008|07:21] C:\Program Files\<DIR> Outlook Express
[06/15/2008|11:20] C:\Program Files\<DIR> PaintTool SAI English Pack
[08/17/2006|03:06] C:\Program Files\<DIR> Photoshop Elements
[08/13/2006|12:03] C:\Program Files\<DIR> PSE
[09/20/2008|12:18] C:\Program Files\<DIR> QuickTime
[04/29/2008|09:06] C:\Program Files\<DIR> Qwest
[09/02/2008|05:43] C:\Program Files\<DIR> Rockwell Software
[11/19/2008|04:44] C:\Program Files\<DIR> Saga
[11/01/2008|10:10] C:\Program Files\<DIR> SAI
[12/26/2006|04:43] C:\Program Files\<DIR> ScanExpress A3 USB
[11/05/2008|12:01] C:\Program Files\<DIR> SDHelper (Spybot - Search & Destroy)
[09/28/2008|06:08] C:\Program Files\<DIR> Shareaza
[10/16/2008|07:09] C:\Program Files\<DIR> Skype
[07/15/2007|11:23] C:\Program Files\<DIR> SmartFTP
[09/13/2005|08:36] C:\Program Files\<DIR> SmartFTP Client Setup Files
[06/21/2007|01:32] C:\Program Files\<DIR> Sound Forge
[11/13/2007|09:40] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/03/2007|07:20] C:\Program Files\<DIR> Stamps.com Internet Postage
[12/01/2008|12:59] C:\Program Files\<DIR> Steam
[10/10/2007|11:11] C:\Program Files\<DIR> SystemRequirementsLab
[01/31/2007|02:59] C:\Program Files\<DIR> Tablet
[08/13/2006|12:03] C:\Program Files\<DIR> Tapwave
[11/05/2008|12:01] C:\Program Files\<DIR> TeaTimer (Spybot - Search & Destroy)
[12/26/2006|04:43] C:\Program Files\<DIR> Temp
[08/27/2007|08:58] C:\Program Files\<DIR> THQ
[07/15/2007|11:25] C:\Program Files\<DIR> Trillian
[08/06/2005|11:17] C:\Program Files\<DIR> Uninstall Information
[03/13/2008|11:36] C:\Program Files\<DIR> VideoLAN
[11/03/2007|07:25] C:\Program Files\<DIR> Warcraft III
[03/18/2008|03:53] C:\Program Files\<DIR> WIFI_LINK
[10/01/2008|10:34] C:\Program Files\<DIR> Winamp
[12/12/2006|09:22] C:\Program Files\<DIR> Windows Defender
[10/22/2008|08:40] C:\Program Files\<DIR> Windows Desktop Search
[03/01/2008|10:54] C:\Program Files\<DIR> Windows Live
[11/27/2008|11:47] C:\Program Files\<DIR> Windows Live Safety Center
[03/18/2007|11:22] C:\Program Files\<DIR> Windows Media Connect
[03/20/2007|10:23] C:\Program Files\<DIR> Windows Media Connect 2
[08/28/2008|07:21] C:\Program Files\<DIR> Windows Media Player
[08/28/2008|07:21] C:\Program Files\<DIR> Windows NT
[08/06/2005|11:05] C:\Program Files\<DIR> WindowsUpdate
[03/13/2007|12:07] C:\Program Files\<DIR> WinRAR
[04/10/2007|01:48] C:\Program Files\<DIR> WS_FTP
[08/06/2005|11:08] C:\Program Files\<DIR> xerox
[12/15/2006|09:52] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[06/18/2008|10:29] C:\Program Files\Common Files\<DIR> Adobe
[12/15/2006|09:42] C:\Program Files\Common Files\<DIR> AOL
[11/28/2008|07:56] C:\Program Files\Common Files\<DIR> Apple
[01/21/2008|11:01] C:\Program Files\Common Files\<DIR> Canon
[09/02/2008|05:42] C:\Program Files\Common Files\<DIR> Crystal Decisions
[09/02/2008|05:42] C:\Program Files\Common Files\<DIR> DESIGNER
[02/01/2008|07:13] C:\Program Files\Common Files\<DIR> DirectX
[04/13/2007|11:55] C:\Program Files\Common Files\<DIR> Download Manager
[11/30/2006|06:50] C:\Program Files\Common Files\<DIR> EasyInfo
[08/28/2008|08:33] C:\Program Files\Common Files\<DIR> Electronic Arts Shared
[11/28/2007|08:40] C:\Program Files\Common Files\<DIR> InstallShield
[08/15/2005|10:13] C:\Program Files\Common Files\<DIR> Java
[08/06/2005|12:06] C:\Program Files\Common Files\<DIR> L&H
[04/22/2006|12:18] C:\Program Files\Common Files\<DIR> Logitech
[08/10/2005|09:35] C:\Program Files\Common Files\<DIR> Macromedia
[06/30/2008|01:40] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/06/2005|11:05] C:\Program Files\Common Files\<DIR> MSSoap
[08/06/2005|12:01] C:\Program Files\Common Files\<DIR> muvee Technologies
[08/06/2005|12:01] C:\Program Files\Common Files\<DIR> NewTech Infosystems
[08/11/2005|06:40] C:\Program Files\Common Files\<DIR> NSV
[08/11/2005|06:39] C:\Program Files\Common Files\<DIR> Nullsoft
[08/06/2005|06:45] C:\Program Files\Common Files\<DIR> ODBC
[08/28/2008|07:55] C:\Program Files\Common Files\<DIR> Roxio Shared
[08/06/2005|11:05] C:\Program Files\Common Files\<DIR> Services
[10/16/2008|07:09] C:\Program Files\Common Files\<DIR> Skype
[08/06/2005|06:45] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/21/2007|07:26] C:\Program Files\Common Files\<DIR> supportsoft
[08/28/2008|07:21] C:\Program Files\Common Files\<DIR> System
[08/10/2005|09:35] C:\Program Files\Common Files\<DIR> Vbox
[01/18/2008|05:02] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[11/25/2007|04:15] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 39 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Ryan\LOCALS~1\Temp\nstmp
C:\DOCUME~1\Ryan\LOCALS~1\Temp\nswE.tmp
C:\DOCUME~1\Ryan\LOCALS~1\Temp\nswF.tmp
C:\DOCUME~1\Ryan\LOCALS~1\Temp\nsy10.tmp
C:\DOCUME~1\Ryan\LOCALS~1\Temp\nsyF.tmp
C:\DOCUME~1\Ryan\Cookies\ryan@adopt.euroclick[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 14:37:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 109

--------------------\\ Searching for other infections

--------------------\\ ROGUES ..

C:\DOCUME~1\Ryan\APPLIC~1\AdwareAlert
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\AdwareAlert
C:\PROGRA~1\AdwareAlert

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Ryan\Application Data\My Battle for Middle-earth™ II Files\MapPreviews\userdata_maps_crackofsauron_crackofsauron.tga
C:\DOCUME~1\Ryan\Application Data\My Battle for Middle-earth™ II Files\Maps\CrackOfSauron
C:\DOCUME~1\Ryan\Application Data\My Battle for Middle-earth™ II Files\Maps\CrackOfSauron\CrackOfSauron.map
C:\DOCUME~1\Ryan\Application Data\My Battle for Middle-earth™ II Files\Maps\CrackOfSauron\CrackOfSauron.tga
C:\DOCUME~1\Ryan\Favorites\Random Stuff\SeriAll.Com - Serials, Keys, Keygen, Cracks.url
C:\DOCUME~1\Ryan\Favorites\Reference\Temp\Tolkien Crackpot Theories.url


[F:11811][D:355]-> C:\DOCUME~1\Ryan\LOCALS~1\Temp
[F:462][D:0]-> C:\DOCUME~1\Ryan\Cookies
[F:3393][D:31]-> C:\DOCUME~1\Ryan\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 12/01/2008|14:40 - Option : [1]

--------------------\\ Scan completed at 14:40:25
Go to the top of the page
 
+Quote Post
Rorschach112
post Dec 1 2008, 04:25 PM
Post #4


GeekU Teacher
Group Icon
Posts: 21,884
From: Dublin
OS: XP
Hello

Please download the OTMoveIt3 by OldTimer or from here.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    :Processes
    explorer.exe

    :Services

    :Reg

    :Files
    C:\DOCUME~1\Ryan\APPLIC~1\AdwareAlert
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\AdwareAlert
    C:\PROGRA~1\AdwareAlert
    C:\DOCUME~1\Ryan\Favorites\Random Stuff\SeriAll.Com - Serials, Keys, Keygen, Cracks.url

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Go to the top of the page
 
+Quote Post
thinkbomb
post Dec 1 2008, 04:54 PM
Post #5


Member
**
Posts: 10
OS: XP
Move it Results

===========================


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\DOCUME~1\Ryan\APPLIC~1\AdwareAlert\Settings moved successfully.
C:\DOCUME~1\Ryan\APPLIC~1\AdwareAlert\Log moved successfully.
C:\DOCUME~1\Ryan\APPLIC~1\AdwareAlert moved successfully.
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\AdwareAlert moved successfully.
C:\PROGRA~1\AdwareAlert\FilterDrv moved successfully.
C:\PROGRA~1\AdwareAlert moved successfully.
C:\DOCUME~1\Ryan\Favorites\Random Stuff\SeriAll.Com - Serials, Keys, Keygen, Cracks.url moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12012008_154115

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.



===============================================




Info.txt




=======================================



info.txt logfile of random's system information tool 1.04 2008-12-01 15:51:07

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AdobeÆ PhotoshopÆ Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AdwareAlert-->MsiExec.exe /X{2DEAC2CD-E17C-4A9B-8296-04CB1877CC1E}
AdwareAlert-->MsiExec.exe /X{98A860A1-CB66-4800-BDC8-23B721C7F01A}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arena 10.0 (CPR 7)-->MsiExec.exe /I{BD78DE74-95DB-429D-A66F-6306BCEDA640}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"C:\Program Files\THQ\Company of Heroes\Uninstall_English.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crush'Em 2.0-->C:\WINDOWS\Crush'Em 2.0\UNWISE.EXE C:\WINDOWS\Crush'Em 2.0\install.log
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x9 UNINSTALL
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
Intel Audio Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}\setup.exe" -l0x9
Intel Audio Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AC7761F-7B49-482A-9BA1-E223D32D2B64}\setup.exe" -l0x9
Intel® PRO Network Connections 12.2.41.0-->MsiExec.exe /i{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85} ARPREMOVE=1
Intel® Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 2.2.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam-->MsiExec.exe /I{26AA53D5-1307-48F9-A80F-A4D25F5849D4}
Macromedia HomeSite 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}\Setup.exe" AnyText
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MAME Classic-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\MAME Classic\ST6UNST.LOG"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Minitab 15 English-->MsiExec.exe /I{4AAC5AE8-EDE6-44D4-AA87-E90870178FDC}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NTI DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Office-Web Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{235C3A50-559F-4CAA-BAC3-4CC9ABF51976}\Setup.exe"
Opera 9.62-->MsiExec.exe /X{D9226EB1-C528-48AC-B423-BD9240E1F60B}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Puzzl'Em 1.0 Beta2-->C:\WINDOWS\Puzzl'Em1.0Beta2\UNWISE.EXE C:\WINDOWS\Puzzl'Em1.0Beta2\install.log
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
ScanExpress A3 USB v1.4-->C:\WINDOWS\twain_32\L3U16\UNINST.EXE
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skypeô 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sound Forge 4.0 for Windows 95 and Windows NT (x86)-->C:\Program Files\Sound Forge\UNINST32.EXE C:\WINDOWS\FORGE32.INI
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tablet-->C:\Program Files\Tablet\Remove.exe /u
The Battle for Middle-earth ™ II-->C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\EAUninstall.exe
The Lord of the Rings, The Rise of the Witch-king-->C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\EAUninstall.exe
The Neverhood-->C:\Program Files\DreamWorks Interactive\Neverhood\setup95.exe /uninstall
Three Dirty Dwarves-->C:\WINDOWS\uninst.exe -f"C:\Sega\Three Dirty Dwarves\DeIsL1.isu"
TopStyle Lite (Version 3.0)-->C:\WINDOWS\unlite3.exe "C:\Program Files\Bradbury\TopStyle3"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WebCam for MSN Messenger-->Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf
WIFI LINK IEEE 802.11 b+g Wireless LAN - USB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Rockwell Software\RSCommon;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------




=====================================================




Log.txt







=================================


Logfile of random's system information tool 1.04 (written by random/random)
Run by Ryan at 2008-12-01 15:50:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (20%) free of 153 GB
Total RAM: 1022 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:01 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
c:\windows\softwaredistribution\download\install\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\gtwatch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Mouse\panel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\twain_32\L3U16\WATCH.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Ryan\Desktop\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\Ryan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://images.google.com/imghp?tab=wi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9be54e9b-fe4c-4ec7-8acf-25c10736f596} - C:\WINDOWS\system32\niwofuzu.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hesejanofi] Rundll32.exe "C:\WINDOWS\system32\kugatugi.dll",s
O4 - HKLM\..\Run: [e8415f0b] rundll32.exe "C:\WINDOWS\system32\nadejafi.dll",b
O4 - HKLM\..\Run: [CPMeb726c97] Rundll32.exe "c:\windows\system32\habanuvo.dll",a
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NewShortcut1.lnk = ?
O4 - Global Startup: Office-Web Mouse.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WL Utility.lnk = C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ryan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148367134875
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43C9050F-5E34-4088-9454-0126BBC5CB5C}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\hidekeli.dll c:\windows\system32\fasijilu.dll c:\windows\system32\habanuvo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\habanuvo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\habanuvo.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\windows\softwaredistribution\download\install\STacSV.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 12375 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9be54e9b-fe4c-4ec7-8acf-25c10736f596}]
C:\WINDOWS\system32\niwofuzu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-23 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2003-06-30 188416]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2003-06-30 65536]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Gtwatch"=C:\WINDOWS\gtwatch.exe [2001-08-24 45056]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2008-03-27 9142272]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-10 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-23 136600]
"hesejanofi"=C:\WINDOWS\system32\kugatugi.dll []
"e8415f0b"=C:\WINDOWS\system32\nadejafi.dll [2008-12-01 86581]
"CPMeb726c97"=c:\windows\system32\habanuvo.dll [2008-12-01 93749]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"Aim6"= []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-10-16 4347120]
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe -boot []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
NewShortcut1.lnk - C:\Program Files\HP\HP Mouse\panel.exe
Office-Web Mouse.lnk - C:\Program Files\Keyboard-Mouse-Set\Office-Web Center\panel.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe
Watch.lnk - C:\WINDOWS\twain_32\L3U16\WATCH.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WL Utility.lnk - C:\Program Files\WIFI_LINK\WL_Utility\ZDWlan.exe

C:\Documents and Settings\Ryan\Start Menu\Programs\Startup
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll C:\WINDOWS\system32\hidekeli.dll c:\windows\system32\fasijilu.dll c:\windows\system32\habanuvo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\habanuvo.dll [2008-12-01 93749]<