Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spyware Guard 2009

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Spyware Guard 2009

Unread postby deinonychus73 » March 27th, 2009, 8:05 pm

Hello,

I am working on this computer for a friend. They had a Spyware Guard 2009 infection, among others. Malware Bytes, SUPER Anti Spyware and AVG 8.5 seem to have knocked out the infection, however there is still some sluggishness especially at start up, which seems to be related to avgrsx.exe (the AVG Resident Shield) especially for the first 5 to 10 minutes after start up. It seems to improve if you tell AVG to do an update as soon as you start the computer, so I'm not sure.

I would sincerely appreciate it if someone could look over the HJT log from this computer which I just did after a fresh reboot and let me know if there is anything else hiding in there that should come out. Thanks so much!

Logfile of HijackThis v1.99.1
Scan saved at 4:49:50 PM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\GE\98059 Keyboard and Mouse\mouse32a.exe
C:\Program Files\GE\98059 Keyboard and Mouse\kbdap32a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Terragon Media
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\GE\98059 Keyboard and Mouse\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\GE\98059 Keyboard and Mouse\kbdap32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.charter.com/sdccommon/do ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/do ... gctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/do ... gctlcm.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Dream%20Chronicles%202%20-%20The%20Eternal%20Maze/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} -
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21154ac4476320bddc ... xIE601.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8002858392
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://games.bigfishgames.com/en_luxor2 ... uncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/cus ... gned33.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/ha ... angman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bu ... eRdxIE.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/fa ... lyfeud.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Registe ... lashax.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} -
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral ... 10,0,910,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: mzbgwu.dll fygmnb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
deinonychus73
Active Member
 
Posts: 12
Joined: March 27th, 2009, 7:53 pm
Advertisement
Register to Remove

Re: Spyware Guard 2009

Unread postby MikeSwim07 » March 28th, 2009, 10:12 am

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 5 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Spyware Guard 2009

Unread postby deinonychus73 » March 29th, 2009, 12:47 am

Hi Michael,

Here is the Uninstall list from my friend's machine. Thank you.

3D Groove Playback Engine
3D Pinball Express
7 Sultans Online Casino
Abra Academy: Returning Cast (remove only)
Adobe Acrobat 4.0, 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Agatha Christie: Peril at End House (remove only)
Aloha Solitaire
Aloha TriPeaks
Amazing Adventures: The Lost Tomb (remove only)
America Online (Choose which version to remove)
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
Arcade! Classic Arcade Pack 5.0
AudibleManager
AVG 8.5
Azada (remove only)
Backup Dell-Installed Programs
Backyard Skateboarding
Bejeweled 2 Deluxe
Big Fish Games Client
Blood Ties (remove only)
Can You See What I See?
CCleaner (remove only)
CDBurnerXP Pro 3
ClueFinders(R) 3rd Grade Adventures
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Contextual Platform Worldadmarketplace
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
DM9XInst
Dream Chronicles (remove only)
Dream Chronicles 2 - The Eternal Maze
Dream Day First Home (remove only)
Dream Day Honeymoon (remove only)
ebgcInfra
ebgcRes
ebgcRes
ebgcRes
ebgcRes
ebgcRes
ebgcSDK
ebgcSDK
EnglishHarbourCasino
Escape the Museum
Fatal Illusion
Forgotten Riddles - The Mayan Princess (remove only)
Forgotten Riddles: The Moonlight Sonatas
GE Keyboard and Mouse 98059
Glary Utilities 2.12.0.658
Granny in Paradise
Great Secrets: Da Vinci (remove only)
Hidden Expedition: Everest (remove only)
Hidden Relics (remove only)
Hidden Secrets: The Nightmare (remove only)
Hide & Secret
Highlight Viewer (Windows Live Toolbar)
HijackThis 1.99.1
Holly: A Christmas Tale (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hoyle Board Games 2003
Hoyle Casino 2003
HP Driver Diagnostics
hp instant support
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
Intertops Casino
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Jewel Quest
Legend of Aladdin (remove only)
LEGO My World First Steps
Lucky Nugget Online Casino
Macromedia Shockwave Player
Magic Inlay
Magic Match Adventures
Mah Jong Medley
Mah Jong Quest
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Mario Forever 4.0
Mario Forever v 2.16 !
Math 1-2
MGI PhotoSuite 8.1 (Remove Only)
MGI VideoWave III (Remove Only)
MicroMan's Crazy Computers v3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft DirectX 9.0 SDK
Microsoft Encarta Encyclopedia Standard 2001
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Pandora's Box
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets and Trips 2001
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Miss Teri Tale
Move Networks Player for Internet Explorer
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Myst IV - Revelation
Mystery Case Files - Huntsville
Mystery Case Files: Madame Fate (remove only)
Mystery in London (remove only)
Mystery of Unicorn Castle
Mystery P.I. - The Vegas Heist
Mysteryville
Mysteryville 2
Mythic Pearls: The Legend of Tirnanog (remove only)
NiBiRu
NSIS Media Extension
NVIDIA Windows 2000/XP Display Drivers
PCFriendly
PCsync
Performance Solution Worldadmarketplace
PodUtil 3.0.3
Polly Pride Pet Detective
Puzzle Detective
Puzzle Inlay
QuickTime
QuickTime 3.0
RD Platinum v5.0
RichFX Player
Riddle of the Sphinx (remove only)
Royal Vegas Online Casino
SafeCast Shared Components
Secure Game Player
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Smart Menus (Windows Live Toolbar)
Sound Blaster Live! Value
SpywareBlaster 4.1
Sunset Studio
SUPERAntiSpyware Free Edition
SuperslotsCasino
The ClueFinders(R) Mystery of the Missing Amulet(TM)
The Hidden Object Show
The Nightshift Code (remove only)
The Scruffs (remove only)
The Secret of Margrave Manor
Titanic
Travelogue 360: Rome - The Curse of the Necklace (remove only)
Tri-Peaks Solitaire To Go
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Wild Jack Casino
Windows Easy Transfer
Windows Imaging Component
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Wonderland
Wonderland - Secret Worlds
deinonychus73
Active Member
 
Posts: 12
Joined: March 27th, 2009, 7:53 pm

Re: Spyware Guard 2009

Unread postby MikeSwim07 » March 30th, 2009, 8:59 am

In your log, I notice signs of Symantec Anti-Virus. Have you ever had this installed? If so, what components were installed?

Update HijackThis

You aren't running the latest version of HijackThis. Please update it and post a fresh log.
  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyze This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please post the new Hijackthis log and please tell me about Norton/Symantec.

Thanks
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Spyware Guard 2009

Unread postby deinonychus73 » March 30th, 2009, 3:33 pm

Hello again Michael,

I don't know if Symantec AV was installed on this machine previously, but I do know that an expired version of McAffee was installed before I removed it and put AVG Free 8.5 on it. I noticed the references to Symantec also. Can I remove those?

Here is the updated HJT log using the Trend Micro link you gave me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:29 PM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\GE\98059 Keyboard and Mouse\mouse32a.exe
C:\Program Files\GE\98059 Keyboard and Mouse\kbdap32a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Terragon Media
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\GE\98059 Keyboard and Mouse\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\GE\98059 Keyboard and Mouse\kbdap32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.charter.com/sdccommon/do ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/do ... gctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/do ... gctlcm.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Dream%20Chronicles%202%20-%20The%20Eternal%20Maze/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} -
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21154ac4476320bddc ... xIE601.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8002858392
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://games.bigfishgames.com/en_luxor2 ... uncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/cus ... gned33.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/ha ... angman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bu ... eRdxIE.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/fa ... lyfeud.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Registe ... lashax.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} -
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral ... 10,0,910,0
O20 - AppInit_DLLs: mzbgwu.dll fygmnb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10789 bytes


Thanks!
deinonychus73
Active Member
 
Posts: 12
Joined: March 27th, 2009, 7:53 pm

Re: Spyware Guard 2009

Unread postby MikeSwim07 » March 30th, 2009, 4:55 pm

I will instruct you on how to remove traces of Symantec later.

Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post both logs that RSIT creates.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Spyware Guard 2009

Unread postby deinonychus73 » March 30th, 2009, 8:28 pm

Here are the results for info.txt:

info.txt logfile of random's system information tool 1.06 2009-03-30 17:26:51

======Uninstall list======

-->C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->C:\WINDOWS\IsUninst.exe -f
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
3D Pinball Express-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\3D Pinball Express\DeIsL6.isu" -cC:\PROGRA~1\Cosmi\3DPINB~1\_ISREG32.DLL
7 Sultans Online Casino-->C:\PROGRA~1\7sultans\UNWISE.EXE C:\PROGRA~1\7sultans\INSTALL.LOG
Abra Academy: Returning Cast (remove only)-->"C:\Program Files\Abra Academy - Returning Cast\Uninstall.exe"
Adobe Acrobat 4.0, 5.0-->C:\WINDOWS\ISUNINST.EXE -f
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Agatha Christie: Peril at End House (remove only)-->"C:\Program Files\Agatha Christie - Peril at End House\Uninstall.exe"
Aloha Solitaire-->C:\PROGRA~1\GAMEHO~1\ALOHAS~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\ALOHAS~1\INSTALL.LOG
Aloha TriPeaks-->C:\PROGRA~1\GAMEHO~1\ALOHAT~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\ALOHAT~1\INSTALL.LOG
Amazing Adventures: The Lost Tomb (remove only)-->"C:\Program Files\Amazing Adventures - The Lost Tomb\Uninstall.exe"
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arcade! Classic Arcade Pack 5.0-->C:\Program Files\Arcade!\uninst.exe
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azada (remove only)-->"C:\Program Files\Azada\Uninstall.exe"
Backup Dell-Installed Programs-->MsiExec.exe /X{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}
Backyard Skateboarding-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37003C6E-DC86-4233-B5CE-665D82DFA7EB}\Setup.exe" -l0x9
Bejeweled 2 Deluxe-->"C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\install.log"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Blood Ties (remove only)-->"C:\Program Files\Blood Ties\Uninstall.exe"
Can You See What I See?-->C:\Program Files\Can You See What I See\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
ClueFinders(R) 3rd Grade Adventures-->C:\Program Files\The Learning Company\ClueFinders(R) 3rd Grade Adventures\uninstall.exe
Conexant HSF V92 56K RTAD Speakerphone PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0
Contextual Platform Worldadmarketplace-->C:\WINDOWS\system32\3f1e2cca-68e6-5dbd-3147-69adfd45d29d.exe
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DM9XInst-->c:\Program Files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ WinXP
Dream Chronicles (remove only)-->"C:\Program Files\Dream Chronicles\Uninstall.exe"
Dream Chronicles 2 - The Eternal Maze-->C:\Program Files\Dream Chronicles 2 - The Eternal Maze\uninstall.exe
Dream Day First Home (remove only)-->"C:\Program Files\Dream Day First Home\Uninstall.exe"
Dream Day Honeymoon (remove only)-->"C:\Program Files\Dream Day Honeymoon\Uninstall.exe"
ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes-->MsiExec.exe /X{3F9FCB1B-7AED-405E-A02D-9500670AA97C}
ebgcRes-->MsiExec.exe /X{81511622-A267-4CE2-AFC0-1ADD208020F9}
ebgcRes-->MsiExec.exe /X{9D64A22F-7AA6-41CE-8D55-5E711D3CB703}
ebgcRes-->MsiExec.exe /X{C0589AF1-C587-4146-B658-E297CB7D410E}
ebgcRes-->MsiExec.exe /X{FB4D9987-045E-4E03-A7A3-0A16EE39B211}
ebgcSDK-->MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
ebgcSDK-->MsiExec.exe /X{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}
EnglishHarbourCasino-->C:\Program Files\InstallShield Installation Information\{DD74F997-797A-4CC7-B56E-A5540F5A6917}\setup.exe -runfromtemp -l0x0009 -removeonly
Escape the Museum-->"C:\Program Files\Escape the Museum\Uninstall.exe"
Fatal Illusion-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Fatal Illusion\Uninst.isu"
Forgotten Riddles - The Mayan Princess (remove only)-->"C:\Program Files\Forgotten Riddles - The Mayan Princess\Uninstall.exe"
Forgotten Riddles: The Moonlight Sonatas-->"C:\Program Files\Forgotten Riddles - The Moonlight Sonatas\Uninstall.exe"
GE Keyboard and Mouse 98059-->C:\Program Files\GE\98059 Keyboard and Mouse\uninst00.exe
Glary Utilities 2.12.0.658-->"C:\Program Files\Glary Utilities\unins000.exe"
Granny in Paradise-->C:\PROGRA~1\GAMEHO~1\GRANNY~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\GRANNY~1\INSTALL.LOG
Great Secrets: Da Vinci (remove only)-->"C:\Program Files\Great Secrets - Da Vinci\Uninstall.exe"
Hidden Expedition: Everest (remove only)-->"C:\Program Files\Hidden Expedition - Everest\Uninstall.exe"
Hidden Relics (remove only)-->"C:\Program Files\Hidden Relics\Uninstall.exe"
Hidden Secrets: The Nightmare (remove only)-->"C:\Program Files\Hidden Secrets - The Nightmare\Uninstall.exe"
Hide & Secret-->C:\Program Files\Hide & Secret\uninstall.exe
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holly: A Christmas Tale (remove only)-->"C:\Program Files\Holly - A Christmas Tale\Uninstall.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hoyle Board Games 2003-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{37F9D0BD-9AED-4EE6-BCA3-BA0749636E04}
Hoyle Casino 2003-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F5FA055-84C1-459B-B0B6-D48D210AE50A}
HP Driver Diagnostics-->MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
hp instant support-->C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Intertops Casino-->C:\PROGRA~1\INTERT~1\UNWISE.EXE C:\PROGRA~1\INTERT~1\INSTALL.LOG
InterVideo WinDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jewel Quest-->"C:\Program Files\Oberon Media\Jewel Quest\Uninstall.exe" "C:\Program Files\Oberon Media\Jewel Quest\install.log"
Legend of Aladdin (remove only)-->"C:\Program Files\Games\Legend of Aladdin\Uninstall.exe"
LEGO My World First Steps-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA4E4163-4CE3-11D4-9532-005004039EB0}\setup.exe"
Lucky Nugget Online Casino-->C:\PROGRA~1\LUCKYN~1\UNWISE.EXE C:\PROGRA~1\LUCKYN~1\INSTALL.LOG
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Magic Inlay-->C:\PROGRA~1\GAMEHO~1\MAGICI~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAGICI~1\INSTALL.LOG
Magic Match Adventures-->C:\Program Files\Magic Match Adventures\uninstall.exe
Mah Jong Medley-->C:\PROGRA~1\GAMEHO~1\MAHJON~4\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAHJON~4\INSTALL.LOG
Mah Jong Quest-->C:\PROGRA~1\GAMEHO~1\MAHJON~3\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAHJON~3\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Mario Forever 4.0-->C:\Program Files\Mario Forever\uninst.exe
Mario Forever v 2.16 !-->C:\Buziol Games\Mario Forever\UnMario.exe
Math 1-2-->C:\WINDOWS\unvise.exe C:\Program Files\sz8020\uninstal.log
MGI PhotoSuite 8.1 (Remove Only)-->C:\WINDOWS\IsUninst.exe -f
MGI VideoWave III (Remove Only)-->C:\WINDOWS\IsUninst.exe -f
MicroMan's Crazy Computers v3.0-->"C:\Program Files\HipSoft\Crazy Computers\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft DirectX 9.0 SDK-->MsiExec.exe /I{9BB98644-282F-4B35-8851-1E04F6E1A33C}
Microsoft Encarta Encyclopedia Standard 2001-->MsiExec.exe /I{01001202-5D65-445A-B3B4-3DCE72BA0C6C}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money Plus-->"C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Pandora's Box-->C:\Program Files\Microsoft Games\Pandora's Box\setup /runtemp /uninstall
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Streets and Trips 2001-->MsiExec.exe /I{3D719053-5593-11D3-8F25-0060085C1758}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Microsoft Word 2000 SR-1-->MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2001 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe E:\
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
Miss Teri Tale-->"C:\Program Files\Miss Teri Tale\Uninstall.exe"
Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Gail Church\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Myst IV - Revelation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x9
Mystery Case Files - Huntsville-->"C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\install.log"
Mystery Case Files: Madame Fate (remove only)-->"C:\Program Files\Mystery Case Files - Madame Fate\Uninstall.exe"
Mystery in London (remove only)-->"C:\Program Files\Mystery in London\Uninstall.exe"
Mystery of Unicorn Castle-->"C:\Program Files\Mystery of Unicorn Castle\Uninstall.exe"
Mystery P.I. - The Vegas Heist-->C:\Program Files\Mystery P.I. - The Vegas Heist\uninstall.exe
Mysteryville 2-->C:\Program Files\Mysteryville 2\uninstall.exe
Mysteryville-->C:\Program Files\Mysteryville\uninstall.exe
Mythic Pearls: The Legend of Tirnanog (remove only)-->"C:\Program Files\Mythic Pearls - The Legend of Tirnanog\Uninstall.exe"
NiBiRu-->"C:\Program Files\The Adventure Company\Nibiru\unins000.exe"
NSIS Media Extension-->C:\Program Files\Common Files\NSIS\uninst.exe
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
PCsync-->MsiExec.exe /X{DDBC8703-AA18-491F-97BE-98D4543A901B}
Performance Solution Worldadmarketplace-->C:\WINDOWS\system32\dclucekawrbrnasu.exe
PodUtil 3.0.3-->"C:\Program Files\PodUtil\unins000.exe"
Polly Pride Pet Detective-->C:\Program Files\Polly Pride Pet Detective\uninstall.exe
Puzzle Detective-->C:\Program Files\Puzzle Detective\uninstall.exe
Puzzle Inlay-->C:\PROGRA~1\GAMEHO~1\PUZZLE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\PUZZLE~1\INSTALL.LOG
QuickTime 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\System32\QTUninst.dll
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RD Platinum v5.0-->"C:\Program Files\Angle Interactive\RD Platinum v5.0\Uninstall.exe" "C:\Program Files\Angle Interactive\RD Platinum v5.0\install.log" -u
RichFX Player-->RunDll32 C:\PROGRA~1\COMMON~1\RichFX\npvpg004.dll,Uninstall_Player
Riddle of the Sphinx (remove only)-->"C:\Program Files\Riddle of the Sphinx\Uninstall.exe"
Royal Vegas Online Casino-->C:\PROGRA~1\ROYALV~1\UNWISE.EXE C:\PROGRA~1\ROYALV~1\INSTALL.LOG
SafeCast Shared Components-->C:\WINDOWS\CDAC13BA.EXE /uninstall
Secure Game Player-->C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sound Blaster Live! Value-->C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Sunset Studio-->C:\Program Files\Sunset Studio\uninstall.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SuperslotsCasino-->C:\Program Files\InstallShield Installation Information\{C2BBED5D-079B-4653-A9AC-F32A531074BA}\setup.exe -runfromtemp -l0x0009 -removeonly
The ClueFinders(R) Mystery of the Missing Amulet(TM)-->C:\Program Files\The Learning Company\The ClueFinders(R) Mystery of the Missing Amulet(TM)\uninstall.exe
The Hidden Object Show-->C:\Program Files\The Hidden Object Show\uninstall.exe
The Nightshift Code (remove only)-->"C:\Program Files\The Nightshift Code\Uninstall.exe"
The Scruffs (remove only)-->"C:\Program Files\The Scruffs\Uninstall.exe"
The Secret of Margrave Manor-->"C:\Program Files\The Secret of Margrave Manor\Uninstall.exe"
Titanic-->C:\Program Files\CyberFlix\Titanic\TITANIC.EXE -U
Travelogue 360: Rome - The Curse of the Necklace (remove only)-->"C:\Program Files\Travelogue 360 Rome - The Curse of the Necklace\Uninstall.exe"
Tri-Peaks Solitaire To Go-->"C:\Program Files\Oberon Media\Tri-Peaks Solitaire To Go\Uninstall.exe" "C:\Program Files\Oberon Media\Tri-Peaks Solitaire To Go\install.log"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Wild Jack Casino-->C:\PROGRA~1\wildjack\UNWISE.EXE C:\PROGRA~1\wildjack\INSTALL.LOG
Windows Easy Transfer-->"C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wonderland - Secret Worlds-->"C:\Program Files\Oberon Media\Wonderland - Secret Worlds\Uninstall.exe" "C:\Program Files\Oberon Media\Wonderland - Secret Worlds\install.log"
Wonderland-->"C:\Program Files\Oberon Media\Wonderland\Uninstall.exe" "C:\Program Files\Oberon Media\Wonderland\install.log"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 desktop.kazaa.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com
127.0.0.1 media.altnet.com
127.0.0.1 www.altnet.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: GAILCHURCH
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 24260
Source Name: Service Control Manager
Time Written: 20090118162800.000000-480
Event Type: error
User:

Computer Name: GAILCHURCH
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 24257
Source Name: Service Control Manager
Time Written: 20090118162800.000000-480
Event Type: error
User:

Computer Name: GAILCHURCH
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 24254
Source Name: Service Control Manager
Time Written: 20090118162759.000000-480
Event Type: error
User:

Computer Name: GAILCHURCH
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 24251
Source Name: Service Control Manager
Time Written: 20090118162759.000000-480
Event Type: error
User:

Computer Name: GAILCHURCH
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 24248
Source Name: Service Control Manager
Time Written: 20090118162759.000000-480
Event Type: error
User:

=====Application event log=====

Computer Name: GAILCHURCH
Event Code: 101
Message:
Record Number: 100753
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081108070302.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GAILCHURCH
Event Code: 101
Message:
Record Number: 100751
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081108065802.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GAILCHURCH
Event Code: 101
Message:
Record Number: 100749
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081108065302.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GAILCHURCH
Event Code: 101
Message:
Record Number: 100747
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081108064802.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GAILCHURCH
Event Code: 101
Message:
Record Number: 100745
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081108064302.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

And log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Gail Church at 2009-03-30 17:26:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 42 GB (55%) free of 76 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:44 PM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\GE\98059 Keyboard and Mouse\mouse32a.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\GE\98059 Keyboard and Mouse\kbdap32a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Gail Church\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Gail Church.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Terragon Media
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\GE\98059 Keyboard and Mouse\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\GE\98059 Keyboard and Mouse\kbdap32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.charter.com/sdccommon/do ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/do ... gctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/do ... gctlcm.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Dream%20Chronicles%202%20-%20The%20Eternal%20Maze/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} -
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21154ac4476320bddc ... xIE601.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8002858392
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://games.bigfishgames.com/en_luxor2 ... uncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/cus ... gned33.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/ha ... angman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bu ... eRdxIE.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/fa ... lyfeud.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Registe ... lashax.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} -
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral ... 10,0,910,0
O20 - AppInit_DLLs: mzbgwu.dll fygmnb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10802 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\bwhgzfqp.job
C:\WINDOWS\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DIAGENT"=C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE [2001-08-30 172122]
"UpdReg"=C:\WINDOWS\Updreg.exe [2000-05-11 90112]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe [2000-12-12 192512]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-05-02 4640768]
"FLMOFFICE4DMOUSE"=C:\Program Files\GE\98059 Keyboard and Mouse\mouse32a.exe [2006-07-13 360448]
"OFFICEKB"=C:\Program Files\GE\98059 Keyboard and Mouse\kbdap32a.exe [2006-07-13 381440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-23 136600]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-19 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acdf57ee]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotbar]
C:\Program Files\Hotbar\bin\4.4.2.0\HbInst.exe /Upgrade []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Startup Options]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2000-08-08 311350]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realteke]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywareguard]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TimeSink Ad Client]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uizjnvsvars]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2000-08-08 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2003-08-21 36953]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE [2003-08-21 229450]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [2000-08-08 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2000-08-08 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RealDownload.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gail Church^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Documents and Settings\Gail Church\Start Menu\Programs\Startup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="mzbgwu.dll fygmnb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-19 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5BACC17E-BDF7-405B-BC68-ECB506395118}"= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\pmnoonNF

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Gail Church\Local Settings\Temporary Internet Files\Content.IE5\KTQBGLEJ\incredimail_install[1].exe"="C:\Documents and Settings\Gail Church\Local Settings\Temporary Internet Files\Content.IE5\KTQBGLEJ\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======List of files/folders created in the last 1 months======

2009-03-30 17:26:21 ----DC---- C:\rsit
2009-03-30 12:27:51 ----D---- C:\Program Files\Trend Micro
2009-03-24 22:04:24 ----D---- C:\Program Files\CCleaner
2009-03-24 22:00:58 ----D---- C:\Program Files\DAVICOM
2009-03-24 20:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-03-23 22:18:36 ----D---- C:\WINDOWS\system32\XPSViewer
2009-03-23 22:18:23 ----D---- C:\Program Files\MSBuild
2009-03-23 22:18:05 ----D---- C:\Program Files\SpywareBlaster
2009-03-23 22:17:58 ----D---- C:\Program Files\Reference Assemblies
2009-03-23 22:16:58 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-03-23 22:16:57 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-03-23 22:16:56 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-03-23 22:16:55 ----DC---- C:\15e2293335053a30d9e115711e87
2009-03-23 22:15:33 ----D---- C:\WINDOWS\SxsCaPendDel
2009-03-23 22:05:38 ----DC---- C:\46f62b026903d2add76948de964235
2009-03-23 22:04:54 ----DC---- C:\92ddd2298cd0ece200b3f5
2009-03-23 21:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-23 21:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-23 21:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-23 21:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-23 21:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-23 20:12:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-23 20:12:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-23 20:12:01 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-23 20:12:00 ----A---- C:\WINDOWS\system32\java.exe
2009-03-19 22:33:12 ----HDC---- C:\$AVG8.VAULT$
2009-03-19 22:20:56 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-19 22:20:17 ----D---- C:\Program Files\AVG
2009-03-19 22:20:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-19 12:25:03 ----D---- C:\Documents and Settings\Gail Church\Application Data\Malwarebytes
2009-03-18 22:55:50 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-18 22:37:27 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-18 22:37:27 ----D---- C:\Documents and Settings\Gail Church\Application Data\SUPERAntiSpyware.com
2009-03-18 22:36:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-18 22:21:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-18 22:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-18 20:34:01 ----DC---- C:\HijackThis
2009-03-18 19:30:52 ----D---- C:\Documents and Settings\Gail Church\Application Data\GlarySoft
2009-03-18 19:24:31 ----D---- C:\Program Files\Glary Utilities
2009-03-01 15:25:49 ----SH---- C:\WINDOWS\system32\fqutxigb.ini

======List of files/folders modified in the last 1 months======

2009-03-30 17:23:03 ----D---- C:\Program Files\Mozilla Firefox
2009-03-30 17:18:33 ----D---- C:\WINDOWS\Temp
2009-03-30 16:45:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-30 12:28:05 ----D---- C:\WINDOWS\Prefetch
2009-03-30 12:27:51 ----RD---- C:\Program Files
2009-03-30 12:17:40 ----D---- C:\WINDOWS
2009-03-27 20:52:03 ----D---- C:\WINDOWS\system32\drivers
2009-03-26 21:58:15 ----A---- C:\WINDOWS\win.ini
2009-03-26 20:48:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-26 17:13:14 ----D---- C:\WINDOWS\system32\config
2009-03-25 17:09:07 ----D---- C:\WINDOWS\system32
2009-03-25 17:09:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-25 17:08:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-24 22:07:44 ----D---- C:\WINDOWS\Debug
2009-03-24 22:02:03 ----HD---- C:\WINDOWS\inf
2009-03-24 22:01:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-24 22:00:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-24 20:35:26 ----SD---- C:\WINDOWS\Tasks
2009-03-24 20:19:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-24 20:18:42 ----D---- C:\Program Files\Windows Live
2009-03-24 20:18:40 ----SHD---- C:\WINDOWS\Installer
2009-03-24 20:07:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-24 14:06:24 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-24 14:06:15 ----RSD---- C:\WINDOWS\assembly
2009-03-23 22:28:35 ----D---- C:\WINDOWS\WinSxS
2009-03-23 22:18:25 ----D---- C:\WINDOWS\system32\en-US
2009-03-23 22:18:07 ----RSD---- C:\WINDOWS\Fonts
2009-03-23 21:17:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-23 21:04:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-23 21:01:19 ----D---- C:\Program Files\Internet Explorer
2009-03-23 21:01:00 ----D---- C:\WINDOWS\ie7updates
2009-03-23 20:22:41 ----D---- C:\Documents and Settings\Gail Church\Application Data\Mozilla
2009-03-23 20:11:16 ----D---- C:\Program Files\Java
2009-03-19 23:47:02 ----D---- C:\Program Files\Jackpot Capital
2009-03-19 22:18:43 ----SD---- C:\Documents and Settings\Gail Church\Application Data\Microsoft
2009-03-19 16:18:04 ----SHD---- C:\System Volume Information
2009-03-19 16:18:04 ----D---- C:\WINDOWS\system32\Restore
2009-03-19 16:16:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-19 16:14:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-19 12:21:36 ----D---- C:\Program Files\hbinst
2009-03-19 12:21:32 ----D---- C:\Documents and Settings\Gail Church\Application Data\Google
2009-03-19 12:20:59 ----D---- C:\Program Files\VVSN
2009-03-19 07:42:44 ----ASH---- C:\WINDOWS\system32\FNnoonmp.ini
2009-03-19 07:39:57 ----ASH---- C:\WINDOWS\system32\FNnoonmp.ini2
2009-03-18 22:36:51 ----D---- C:\Program Files\Common Files
2009-03-18 20:44:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-18 20:09:24 ----RASHC---- C:\boot.ini
2009-03-18 20:09:24 ----A---- C:\WINDOWS\system.ini
2009-03-18 20:02:57 ----SHD---- C:\RECYCLER
2009-03-18 20:00:02 ----D---- C:\Documents and Settings
2009-03-01 15:25:24 ----A---- C:\WINDOWS\system32\a7fc9390-.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-19 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-19 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-27 108552]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-05-14 10368]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2001-07-18 310899]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2001-07-18 127405]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2001-07-18 426783]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2001-07-18 217019]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\spkpnt.sys [2001-07-18 80449]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2001-07-18 56607]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2001-07-18 534125]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2001-07-18 77426]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9102; CNet PRO200WL PCI Fast Ethernet NT Driver ; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2002-10-29 33280]
R3 emu10k;Creative SB Live! Value (WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-09-13 777088]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-05-02 1312555]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2001-07-18 67654]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-07-25 584336]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 mqdmbus;Motorola DM Composite Driver (WDM); C:\WINDOWS\system32\DRIVERS\mqdmbus.sys [2006-07-13 66656]
S3 mqdmmdfl;Motorola USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys [2006-07-13 9232]
S3 mqdmmdm;Motorola USB Modem; C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys [2006-07-13 92064]
S3 mqdmserd;Motorola USB Diag; C:\WINDOWS\system32\DRIVERS\mqdmserd.sys [2006-07-13 79328]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winusb;WinUSB Service; C:\WINDOWS\system32\DRIVERS\WinUSB.SYS [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-12 1376360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-19 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-19 298264]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-01-02 52736]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.EXE [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-23 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-05-02 69632]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-08-08 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
deinonychus73
Active Member
 
Posts: 12
Joined: March 27th, 2009, 7:53 pm

Re: Spyware Guard 2009

Unread postby MikeSwim07 » March 31st, 2009, 7:53 am

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} -
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21154ac4476320bddc ... xIE601.cab
    O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Registe ... lashax.cab
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
    O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} -


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Download and Run OTMoveIt3
Download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double-click on OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :files
    C:\WINDOWS\tasks\bwhgzfqp.job
    C:\Program Files\Common Files\Symantec Shared
    C:\WINDOWS\system32\fqutxigb.ini
    C:\WINDOWS\system32\FNnoonmp.ini
    C:\WINDOWS\system32\FNnoonmp.ini2
    C:\WINDOWS\system32\a7fc9390-.txt
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acdf57ee]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uizjnvsvars]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6D,73,76,31,5F,30,00,00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5BACC17E-BDF7-405B-BC68-ECB506395118}"=-
    
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTMoveIt3.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Please now double click RSIT.exe, this time it will only produce one log (log.txt)

Please post the OTMoveIt3 log and the new log.txt from RSIT
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Spyware Guard 2009

Unread postby deinonychus73 » March 31st, 2009, 8:35 pm

========== FILES ==========
C:\WINDOWS\tasks\bwhgzfqp.job moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp1746.tmp moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs moved successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC moved successfully.
C:\Program Files\Common Files\Symantec Shared moved successfully.
C:\WINDOWS\system32\fqutxigb.ini moved successfully.
C:\WINDOWS\system32\FNnoonmp.ini moved successfully.
C:\WINDOWS\system32\FNnoonmp.ini2 moved successfully.
C:\WINDOWS\system32\a7fc9390-.txt moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ccApp deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acdf57ee\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uizjnvsvars\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6D,73,76,31,5F,30,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5BACC17E-BDF7-405B-BC68-ECB506395118} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BACC17E-BDF7-405B-BC68-ECB506395118}\ not found.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 03312009_173008

========================================================================

Logfile of random's system information tool 1.06 (written by random/random)
Run by Gail Church at 2009-03-31 17:32:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 42 GB (55%) free of 76 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:54 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\GE\98059 Keyboard and Mouse\mouse32a.exe
C:\Program Files\GE\98059 Keyboard and Mouse\kbdap32a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gail Church\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Gail Church.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Terragon Media
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\GE\98059 Keyboard and Mouse\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\GE\98059 Keyboard and Mouse\kbdap32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.charter.com/sdccommon/do ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/do ... gctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/do ... gctlcm.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Dream%20Chronicles%202%20-%20The%20Eternal%20Maze/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8002858392
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://games.bigfishgames.com/en_luxor2 ... uncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/cus ... gned33.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/ha ... angman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bu ... eRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsup ... mAData.dll
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/fa ... lyfeud.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral ... 10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10058 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DIAGENT"=C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE [2001-08-30 172122]
"UpdReg"=C:\WINDOWS\Updreg.exe [2000-05-11 90112]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe [2000-12-12 192512]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-05-02 4640768]
"FLMOFFICE4DMOUSE"=C:\Program Files\GE\98059 Keyboard and Mouse\mouse32a.exe [2006-07-13 360448]
"OFFICEKB"=C:\Program Files\GE\98059 Keyboard and Mouse\kbdap32a.exe [2006-07-13 381440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-23 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-19 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotbar]
C:\Program Files\Hotbar\bin\4.4.2.0\HbInst.exe /Upgrade []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Startup Options]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2000-08-08 311350]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realteke]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywareguard]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TimeSink Ad Client]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2000-08-08 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2003-08-21 36953]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE [2003-08-21 229450]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [2000-08-08 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2000-08-08 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RealDownload.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gail Church^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Documents and Settings\Gail Church\Start Menu\Programs\Startup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-19 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Gail Church\Local Settings\Temporary Internet Files\Content.IE5\KTQBGLEJ\incredimail_install[1].exe"="C:\Documents and Settings\Gail Church\Local Settings\Temporary Internet Files\Content.IE5\KTQBGLEJ\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======List of files/folders created in the last 1 months======

2009-03-31 17:30:08 ----DC---- C:\_OTMoveIt
2009-03-30 17:26:21 ----DC---- C:\rsit
2009-03-30 12:27:51 ----D---- C:\Program Files\Trend Micro
2009-03-24 22:04:24 ----D---- C:\Program Files\CCleaner
2009-03-24 22:00:58 ----D---- C:\Program Files\DAVICOM
2009-03-24 20:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-03-23 22:18:36 ----D---- C:\WINDOWS\system32\XPSViewer
2009-03-23 22:18:23 ----D---- C:\Program Files\MSBuild
2009-03-23 22:18:05 ----D---- C:\Program Files\SpywareBlaster
2009-03-23 22:17:58 ----D---- C:\Program Files\Reference Assemblies
2009-03-23 22:16:58 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-03-23 22:16:57 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-03-23 22:16:56 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-03-23 22:16:55 ----DC---- C:\15e2293335053a30d9e115711e87
2009-03-23 22:15:33 ----D---- C:\WINDOWS\SxsCaPendDel
2009-03-23 22:05:38 ----DC---- C:\46f62b026903d2add76948de964235
2009-03-23 22:04:54 ----DC---- C:\92ddd2298cd0ece200b3f5
2009-03-23 21:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-23 21:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-23 21:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-23 21:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-23 21:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-23 20:12:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-23 20:12:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-23 20:12:01 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-23 20:12:00 ----A---- C:\WINDOWS\system32\java.exe
2009-03-19 22:33:12 ----HDC---- C:\$AVG8.VAULT$
2009-03-19 22:20:56 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-19 22:20:17 ----D---- C:\Program Files\AVG
2009-03-19 22:20:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-19 12:25:03 ----D---- C:\Documents and Settings\Gail Church\Application Data\Malwarebytes
2009-03-18 22:55:50 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-18 22:37:27 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-18 22:37:27 ----D---- C:\Documents and Settings\Gail Church\Application Data\SUPERAntiSpyware.com
2009-03-18 22:36:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-18 22:21:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-18 22:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-18 20:34:01 ----DC---- C:\HijackThis
2009-03-18 19:30:52 ----D---- C:\Documents and Settings\Gail Church\Application Data\GlarySoft
2009-03-18 19:24:31 ----D---- C:\Program Files\Glary Utilities

======List of files/folders modified in the last 1 months======

2009-03-31 17:30:09 ----D---- C:\WINDOWS\system32
2009-03-31 17:30:09 ----D---- C:\Program Files\Common Files
2009-03-31 17:30:08 ----SD---- C:\WINDOWS\Tasks
2009-03-31 17:27:26 ----D---- C:\Program Files\Mozilla Firefox
2009-03-31 17:27:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-31 17:15:56 ----D---- C:\WINDOWS\Temp
2009-03-31 02:18:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-30 21:20:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-30 17:26:40 ----D---- C:\WINDOWS\Prefetch
2009-03-30 12:27:51 ----RD---- C:\Program Files
2009-03-30 12:17:40 ----D---- C:\WINDOWS
2009-03-27 20:52:03 ----D---- C:\WINDOWS\system32\drivers
2009-03-26 21:58:15 ----A---- C:\WINDOWS\win.ini
2009-03-26 17:13:14 ----D---- C:\WINDOWS\system32\config
2009-03-25 17:09:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-25 17:08:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-24 22:07:44 ----D---- C:\WINDOWS\Debug
2009-03-24 22:02:03 ----HD---- C:\WINDOWS\inf
2009-03-24 22:01:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-24 22:00:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-24 20:19:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-24 20:18:42 ----D---- C:\Program Files\Windows Live
2009-03-24 20:18:40 ----SHD---- C:\WINDOWS\Installer
2009-03-24 20:07:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-24 14:06:24 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-24 14:06:15 ----RSD---- C:\WINDOWS\assembly
2009-03-23 22:28:35 ----D---- C:\WINDOWS\WinSxS
2009-03-23 22:18:25 ----D---- C:\WINDOWS\system32\en-US
2009-03-23 22:18:07 ----RSD---- C:\WINDOWS\Fonts
2009-03-23 21:17:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-23 21:04:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-23 21:01:19 ----D---- C:\Program Files\Internet Explorer
2009-03-23 21:01:00 ----D---- C:\WINDOWS\ie7updates
2009-03-23 20:22:41 ----D---- C:\Documents and Settings\Gail Church\Application Data\Mozilla
2009-03-23 20:11:16 ----D---- C:\Program Files\Java
2009-03-19 23:47:02 ----D---- C:\Program Files\Jackpot Capital
2009-03-19 22:18:43 ----SD---- C:\Documents and Settings\Gail Church\Application Data\Microsoft
2009-03-19 16:18:04 ----SHD---- C:\System Volume Information
2009-03-19 16:18:04 ----D---- C:\WINDOWS\system32\Restore
2009-03-19 16:16:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-19 16:14:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-19 12:21:36 ----D---- C:\Program Files\hbinst
2009-03-19 12:21:32 ----D---- C:\Documents and Settings\Gail Church\Application Data\Google
2009-03-19 12:20:59 ----D---- C:\Program Files\VVSN
2009-03-18 20:09:24 ----RASHC---- C:\boot.ini
2009-03-18 20:09:24 ----A---- C:\WINDOWS\system.ini
2009-03-18 20:02:57 ----SHD---- C:\RECYCLER
2009-03-18 20:00:02 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-19 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-19 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-27 108552]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-05-14 10368]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2001-07-18 310899]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2001-07-18 127405]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2001-07-18 426783]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2001-07-18 217019]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\spkpnt.sys [2001-07-18 80449]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2001-07-18 56607]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2001-07-18 534125]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2001-07-18 77426]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9102; CNet PRO200WL PCI Fast Ethernet NT Driver ; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2002-10-29 33280]
R3 emu10k;Creative SB Live! Value (WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-09-13 777088]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-05-02 1312555]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2001-07-18 67654]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-07-25 584336]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 mqdmbus;Motorola DM Composite Driver (WDM); C:\WINDOWS\system32\DRIVERS\mqdmbus.sys [2006-07-13 66656]
S3 mqdmmdfl;Motorola USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys [2006-07-13 9232]
S3 mqdmmdm;Motorola USB Modem; C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys [2006-07-13 92064]
S3 mqdmserd;Motorola USB Diag; C:\WINDOWS\system32\DRIVERS\mqdmserd.sys [2006-07-13 79328]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winusb;WinUSB Service; C:\WINDOWS\system32\DRIVERS\WinUSB.SYS [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-12 1376360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-19 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-19 298264]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-01-02 52736]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.EXE [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-23 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-05-02 69632]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-08-08 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
deinonychus73
Active Member
 
Posts: 12
Joined: March 27th, 2009, 7:53 pm

Re: Spyware Guard 2009

Unread postby MikeSwim07 » April 1st, 2009, 2:41 pm

Hello,

Please open up Malwarebyte's Anti-Malware and do a full scan. Please post the log after you have removed anything found.

Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Please post the Malwarebyte's Anti-Malware log and the Kaspersky log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Spyware Guard 2009

Unread postby deinonychus73 » April 2nd, 2009, 3:44 pm

Michael,

I tried to run a Malware Bytes scan over night last night as it takes about 4 hours for one scan to complete. When I got to the computer this morning there was an error message and the computer shut down.

Will the most recent MWB scan do? It's from 3-30.

If so - here it is:

Malwarebytes' Anti-Malware 1.35
Database version: 1922
Windows 5.1.2600 Service Pack 3

3/30/2009 10:25:23 PM
mbam-log-2009-03-30 (22-25-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 222074
Time elapsed: 4 hour(s), 17 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And the Kaspersky scan turned over a few more rocks...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, April 1, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, April 01, 2009 21:27:50
Records in database: 1994054
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 143183
Threat name: 2
Infected objects: 70
Suspicious objects: 0
Duration of the scan: 05:32:18


File name / Threat name / Threats count
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Andrewbayram-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\ATT5C6.eml Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Bbrownvhha_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Berry_4748_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Berry_69_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Bramj_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Burger_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Burns_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_DIET_SENSATION.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_LAST_LONGER.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_MALEGROWTH.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_PERMANENTENLARG.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Caryhedges_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Caryhedges_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Chamberlain_Buy_HERBALEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\click-HERBALVIAGRA.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\click-WeightLossSensation.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Contreras_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Dodig_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Dowdy_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Frtrus.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Frye_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Gcarreiro_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Gcarreiro_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Hrmiller-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Hrmiller_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Jatif_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Jewell_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kelleyfour_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kelleyfour_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kiser_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kiwi783_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Ldhaugen_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Mcneill_Buy_eXplodingORGAsms.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Mlhearn_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\OPEN_THIS_HTML_PERMANENTGROWTH.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Potts_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Rcsinclair1_click_LAST-LONGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Reovan_click-ONLINE_PHARM.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Tukook_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Tukook_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Vaughn46_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Whitlock_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{11F5B857-2A6E-4500-9813-3D41BA4353C0}\Posiepoodle1_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{16319952-FFE2-4E80-BE1A-61CE2FAA3403}\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{222F1EDA-66D9-4452-93EA-B0900C05F5D9}\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{387503E1-77DB-4A56-A775-D7CF928328F1}\Gailchurch_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{3C4D8737-E539-4075-989E-4AEF14D6104A}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{6EB48356-BCA4-4E31-A070-2D95EAE597D8}\BUY_ExplodingOrgasm-BiggerLoads.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{78866C5B-E536-4FD3-BD4F-54352CA2B2A2}\Tukook_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{A116207B-8573-4530-99AF-3CE97C54C205}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{A7D99C2A-07F3-427E-9D7B-123512895CFB}\BUY_LAST_LONGER.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C2ADE70B-3371-4BDA-BF6B-5574A8D01FF4}\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C38CDBB1-EE83-48B4-B90E-3D5CAC594C99}\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C8B50E5D-5923-4660-AD37-6EE754A030EB}\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{FCECB9A8-7DA5-4A07-B0B4-645156BADB01}\_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Program Files\Mystery in London\MysteryInLondon.exe Infected: not-a-virus:FraudTool.Win32.SpyLocked.as 1

The selected area was scanned.
deinonychus73
Active Member
 
Posts: 12
Joined: March 27th, 2009, 7:53 pm

Re: Spyware Guard 2009

Unread postby MikeSwim07 » April 2nd, 2009, 4:13 pm

Run OTMoveIt3
  • Double-click on OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :files
    C:\Program Files\Mystery in London
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Andrewbayram-Lose-10poundsIn10days.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\ATT5C6.eml"
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Bbrownvhha_click-BIGGERLOADS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Berry_4748_click-onlineRX.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Berry_69_click-onlineRX.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Bramj_click-PERMANENTENLARGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Burger_Buy_PermanentEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Burns_Buy_HERBALVIAGRA.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_DIET_SENSATION.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_HERBALVIAGRA.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_LAST_LONGER.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_MALEGROWTH.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_PERMANENTENLARG.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_PERMANENTENLARG.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_SPERMCOUNT.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Caryhedges_10POUNDSIN10DAYSDIET.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Caryhedges_click-PERMANENTENLARGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Chamberlain_Buy_HERBALEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\click-HERBALVIAGRA.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\click-WeightLossSensation.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Contreras_Buy_PermanentEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Dodig_10POUNDSIN10DAYSDIET.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Dowdy_Buy_HERBALVIAGRA.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Frtrus.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Frye_Buy_HERBALVIAGRA.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Gailchurch_click-BIGGERLOADS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Gailchurch_click-PERMANENTENLARGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Gcarreiro_click-BIGGERLOADS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Gcarreiro_click-PERMANENTENLARGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Hrmiller-Lose-10poundsIn10days.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Hrmiller_click-PERMANENTENLARGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Jatif_click-BIGGERLOADS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Jewell_Buy_HERBALVIAGRA.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kelleyfour_click-BIGGERLOADS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kelleyfour_click-PERMANENTENLARGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kiser_Buy_PermanentEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kiwi783_click-BIGGERLOADS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Ldhaugen_10POUNDSIN10DAYSDIET.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Mcneill_Buy_eXplodingORGAsms.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Mlhearn_10POUNDSIN10DAYSDIET.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\OPEN_THIS_HTML_PERMANENTGROWTH.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-BIGGERLOADS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-EXPLODING-ORGASMS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-PERMANENTENLARGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Potts_Buy_PermanentEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Rcsinclair1_click_LAST-LONGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Reovan_click-ONLINE_PHARM.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Tukook_click-BIGGERLOADS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Tukook_click-PERMANENTENLARGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Vaughn46_click-PERMANENTENLARGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Whitlock_Buy_PermanentEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{11F5B857-2A6E-4500-9813-3D41BA4353C0}\Posiepoodle1_click-PERMANENTENLARGER.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{16319952-FFE2-4E80-BE1A-61CE2FAA3403}\Kim_Buy_PermanentEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{222F1EDA-66D9-4452-93EA-B0900C05F5D9}\Kim_Buy_PermanentEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{387503E1-77DB-4A56-A775-D7CF928328F1}\Gailchurch_click-BIGGERLOADS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{3C4D8737-E539-4075-989E-4AEF14D6104A}\BUY_PERMANENTENLARG.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{6EB48356-BCA4-4E31-A070-2D95EAE597D8}\BUY_ExplodingOrgasm-BiggerLoads.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{78866C5B-E536-4FD3-BD4F-54352CA2B2A2}\Tukook_click-BIGGERLOADS.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{A116207B-8573-4530-99AF-3CE97C54C205}\BUY_PERMANENTENLARG.htm
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{A7D99C2A-07F3-427E-9D7B-123512895CFB}\BUY_LAST_LONGER.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C2ADE70B-3371-4BDA-BF6B-5574A8D01FF4}\Kim_Buy_PermanentEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C38CDBB1-EE83-48B4-B90E-3D5CAC594C99}\BUY_YOURSPERMCOUNT.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C8B50E5D-5923-4660-AD37-6EE754A030EB}\Kim_Buy_PermanentEnlarger.HTML
    C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{FCECB9A8-7DA5-4A07-B0B4-645156BADB01}\_click-BIGGERLOADS.htm
    
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTMoveIt3.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Please now re-run Kaspersky Online Scan with the instructions in my previous post.

Please post the OTMoveIt3 log and the new Kaspersky log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Spyware Guard 2009

Unread postby deinonychus73 » April 3rd, 2009, 4:48 pm

Michael,

I tried to run another MWB scan and told it to stop just before six hours run time. Not sure why it's lagging so badly, but, it still turned up and removed 2 infections, so I thought I would include those results in addition to what you asked for.

Here is the most recent MWB scan result:

Malwarebytes' Anti-Malware 1.35
Database version: 1931
Windows 5.1.2600 Service Pack 3

4/2/2009 6:46:37 PM
mbam-log-2009-04-02 (18-46-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 80380
Time elapsed: 5 hour(s), 55 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b26caa68-6ebf-4a30-a0f0-0a0bfe3da5dd} (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Angle Interactive\RD Platinum v5.0\Updater.exe (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.


And here are the results from the most recent Kaspersky scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, April 3, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, April 03, 2009 03:51:13
Records in database: 2002904
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 143254
Threat name: 2
Infected objects: 70
Suspicious objects: 0
Duration of the scan: 05:27:55


File name / Threat name / Threats count
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Jatif_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{11F5B857-2A6E-4500-9813-3D41BA4353C0}\Posiepoodle1_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{6EB48356-BCA4-4E31-A070-2D95EAE597D8}\BUY_ExplodingOrgasm-BiggerLoads.HTM Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_184733\Program Files\Mystery in London\MysteryInLondon.exe Infected: not-a-virus:FraudTool.Win32.SpyLocked.as 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Andrewbayram-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\ATT5C6.eml Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Bbrownvhha_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Berry_4748_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Berry_69_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Bramj_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Burger_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Burns_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_DIET_SENSATION.HTM Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_LAST_LONGER.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_MALEGROWTH.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\Userh\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_PERMANENTENLARG.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Caryhedges_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Caryhedges_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Chamberlain_Buy_HERBALEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\click-HERBALVIAGRA.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\click-WeightLossSensation.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Contreras_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Dodig_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Dowdy_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Frtrus.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Frye_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Gcarreiro_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Gcarreiro_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Hrmiller-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Hrmiller_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Jewell_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kelleyfour_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kelleyfour_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kiser_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kiwi783_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Ldhaugen_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Mcneill_Buy_eXplodingORGAsms.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Mlhearn_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\OPEN_THIS_HTML_PERMANENTGROWTH.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Potts_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Rcsinclair1_click_LAST-LONGER.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Reovan_click-ONLINE_PHARM.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Tukook_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Tukook_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Vaughn46_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Whitlock_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{16319952-FFE2-4E80-BE1A-61CE2FAA3403}\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{222F1EDA-66D9-4452-93EA-B0900C05F5D9}\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{387503E1-77DB-4A56-A775-D7CF928328F1}\_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{3C4D8737-E539-4075-989E-4AEF14D6104A}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{78866C5B-E536-4FD3-BD4F-54352CA2B2A2}\Tukook_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{A116207B-8573-4530-99AF-3CE97C54C205}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{A7D99C2A-07F3-427E-9D7B-123512895CFB}\BUY_LAST_LONGER.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C2ADE70B-3371-4BDA-BF6B-5574A8D01FF4}\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C38CDBB1-EE83-48B4-B90E-3D5CAC594C99}\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C8B50E5D-5923-4660-AD37-6EE754A030EB}\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\_OTMoveIt\MovedFiles\04022009_185215\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{FCECB9A8-7DA5-4A07-B0B4-645156BADB01}\_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1

The selected area was scanned.
deinonychus73
Active Member
 
Posts: 12
Joined: March 27th, 2009, 7:53 pm

Re: Spyware Guard 2009

Unread postby MikeSwim07 » April 3rd, 2009, 5:10 pm

Did you run OTMoveIt3?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Spyware Guard 2009

Unread postby deinonychus73 » April 4th, 2009, 4:08 pm

Michael,

So sorry about that! :) Here it is...

========== FILES ==========
File/Folder C:\Program Files\Mystery in London not found.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Andrewbayram-Lose-10poundsIn10days.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\ATT5C6.eml moved successfully.
C:\Documents and Settings\Userh\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Bbrownvhha_click-BIGGERLOADS.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Berry_4748_click-onlineRX.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Berry_69_click-onlineRX.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Bramj_click-PERMANENTENLARGER.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Burger_Buy_PermanentEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Burns_Buy_HERBALVIAGRA.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_DIET_SENSATION.HTM moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_LAST_LONGER.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_MALEGROWTH.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_PERMANENTENLARG.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_SPERMCOUNT.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Caryhedges_10POUNDSIN10DAYSDIET.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Caryhedges_click-PERMANENTENLARGER.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Chamberlain_Buy_HERBALEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\click-HERBALVIAGRA.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\click-WeightLossSensation.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Contreras_Buy_PermanentEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Dodig_10POUNDSIN10DAYSDIET.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Dowdy_Buy_HERBALVIAGRA.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Frtrus.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Frye_Buy_HERBALVIAGRA.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\_click-BIGGERLOADS.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\_click-PERMANENTENLARGER.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Gcarreiro_click-BIGGERLOADS.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Gcarreiro_click-PERMANENTENLARGER.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Hrmiller-Lose-10poundsIn10days.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Hrmiller_click-PERMANENTENLARGER.htm moved successfully.
File/Folder C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Jatif_click-BIGGERLOADS.htm Infected: not found.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Jewell_Buy_HERBALVIAGRA.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kelleyfour_click-BIGGERLOADS.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kelleyfour_click-PERMANENTENLARGER.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kiser_Buy_PermanentEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Kiwi783_click-BIGGERLOADS.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Ldhaugen_10POUNDSIN10DAYSDIET.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Mcneill_Buy_eXplodingORGAsms.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Mlhearn_10POUNDSIN10DAYSDIET.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\OPEN_THIS_HTML_PERMANENTGROWTH.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-BIGGERLOADS.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-EXPLODING-ORGASMS.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Posiepoodle1_click-PERMANENTENLARGER.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Potts_Buy_PermanentEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Rcsinclair1_click_LAST-LONGER.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Reovan_click-ONLINE_PHARM.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Tukook_click-BIGGERLOADS.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Tukook_click-PERMANENTENLARGER.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Vaughn46_click-PERMANENTENLARGER.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\Whitlock_Buy_PermanentEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{11F5B857-2A6E-4500-9813-3D41BA4353C0}\Posiepoodle1_click-PERMANENTENLARGER.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{16319952-FFE2-4E80-BE1A-61CE2FAA3403}\Kim_Buy_PermanentEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{222F1EDA-66D9-4452-93EA-B0900C05F5D9}\Kim_Buy_PermanentEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{387503E1-77DB-4A56-A775-D7CF928328F1}\_click-BIGGERLOADS.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{3C4D8737-E539-4075-989E-4AEF14D6104A}\BUY_PERMANENTENLARG.HTM moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{6EB48356-BCA4-4E31-A070-2D95EAE597D8}\BUY_ExplodingOrgasm-BiggerLoads.HTM moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{78866C5B-E536-4FD3-BD4F-54352CA2B2A2}\Tukook_click-BIGGERLOADS.htm moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{A116207B-8573-4530-99AF-3CE97C54C205}\BUY_PERMANENTENLARG.HTM moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{A7D99C2A-07F3-427E-9D7B-123512895CFB}\BUY_LAST_LONGER.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C2ADE70B-3371-4BDA-BF6B-5574A8D01FF4}\Kim_Buy_PermanentEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C38CDBB1-EE83-48B4-B90E-3D5CAC594C99}\BUY_YOURSPERMCOUNT.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{C8B50E5D-5923-4660-AD37-6EE754A030EB}\Kim_Buy_PermanentEnlarger.HTML moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\IM\Identities\{D94EBDD0-F81C-499B-9C13-D0EEF2D4125B}\Message Store\Attachments\{FCECB9A8-7DA5-4A07-B0B4-645156BADB01}\_click-BIGGERLOADS.htm moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04022009_185215
deinonychus73
Active Member
 
Posts: 12
Joined: March 27th, 2009, 7:53 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware