win32-adan-094 problems (mulllet88)

Unknown

Hi i am new to the forums and found you guys by googling win32-adan-094. But anyway i let my girl friend use my computer and then avast kept coming up with win32-adan-094 is detected. So i ran to install spybot and Ad aware as it was a relativly new install of windows. But ad aware found nothing and spybot just crashed after 2 minutes while trying to scan a win32 file. So i found you guys as in desperation i googled win32-adan-094 which was what kept coming up as the mal ware program. I followed the help given to someone else as far as i could until it got to the posting of the logs and the user specfic removals. Anyway i would just like someone to make sure that i don't have any spyware left on my computer so i thought i would post the logs.


Hi-Jack this log

Logfile of HijackThis v1.99.1
Scan saved at 17:55:39, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\RunDll32.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Google\Google Talk\googletalk.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Xfire\Xfire.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\Daniel\LOCALS~1\Temp\Rar$EX00.579\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [yeois.exe] E:\WINDOWS\system32\yeois.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152807289234
O17 - HKLM\System\CCS\Services\Tcpip\..\{046562E2-11E5-4DF7-A6FB-0553BF8EEB25}: NameServer = 85.255.113.115,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{83CA5C40-FD5E-4980-9B5B-8BFE5D7F6342}: NameServer = 85.255.113.115,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{046562E2-11E5-4DF7-A6FB-0553BF8EEB25}: NameServer = 85.255.113.115,85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{046562E2-11E5-4DF7-A6FB-0553BF8EEB25}: NameServer = 85.255.113.115,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

and thefixwareout log

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8D5136202D6E-61B8-60D4-163F-32871905{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0E67B886BF66-11FA-7C84-F423-140587D8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}139E8D887AD2-0408-0CE4-523F-B17B617C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}17ECACB194CE-530B-9F24-9046-EAD0E7AD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CD77658FCDCA-3CBB-1EA4-F081-1D897638{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EC18ECE4C9F5-4C08-2AA4-3586-EDDC38F0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4994DB6259A2-C97B-EF84-4728-4E848B0B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}821C0E0EADBE-AF48-5174-6EFC-1EAB9C99{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5E709E1C8D54-B028-3814-1A70-17FC1DCC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E55D58B17D41-DC69-CCA4-3674-9E1E71E5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1A05AF82D3B9-066A-57B4-3B60-ECEB06E1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4263F4D53C48-BE1A-3DD4-B563-D21BCCD7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}38344B77A336-A3BB-7134-F142-300794B6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B3C2E2C3EF74-B48B-5234-9485-E284827D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D9C3796A743B-456B-CEC4-4340-2456682B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FB9F6C1E0B65-0308-0FA4-117F-1FDB6641{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}616B74A46C98-86E9-AC24-2963-A3A32F97{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5AA0CE7F2FCB-FF4A-30F4-334B-76E4992D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DD5DFCD993A5-5D18-FC84-8CBF-68C8D1C3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AABB58A472FA-C4CA-72F4-3C43-096AC22A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6887FBB35EE6-06A8-8E24-0806-DBFA20DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}709DDECFAB5E-C75B-5544-4028-67353F9B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5CBF4F9352D0-3E59-84F4-5E63-7971738F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0E127F1BDF72-ACD8-2494-19A9-759D26A6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3A16711A6742-F95B-BD04-5CF1-08034F01{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}19667260C349-DEFA-E944-E8EF-20C88660{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6CE9D990349E-5928-D164-0061-E88B0232{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AC976083424F-DBDB-3084-4D68-B6E5B373{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21F4330B6C32-F25A-0884-18CF-3966D41B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}76EC5135BE93-014A-5734-BC80-1C656E92{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BAF221A39E7C-5749-7F34-8FA5-0F8BFC8A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}242DD763CA2A-31CB-0514-48A6-C712DBCE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BABA8D9D210C-2428-92A4-7019-2F8622FA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}81769C7AFF64-346A-6DF4-8592-689A59B2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D9F7A38A8E87-1E0A-9394-FC4A-B7665E99{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2E3E8D37ABF6-4FAA-E3E4-8BA4-B1AB7EA9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E58912D94401-4339-57B4-88D7-E11CEA26{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}65B0A7AFA708-306A-B124-F91C-D967DA6C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E000FAA4215E-6479-1294-67C7-F987E44F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2BFA20C8DE5C-0049-B734-261C-DA9829A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}753CE59A8D98-E22B-34C4-A1B2-AED6B484{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BD5BFC06C896-1239-38C4-6BF1-0E1DDC9E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9FBD68ED0EA3-89FB-FCE4-1118-72D7EA08{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DDDD2992821C-64A9-0DF4-63F1-7AA14971{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9DBBA9478EDC-AF5B-0884-3B8A-9788397F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CAF0E3F652A1-4E58-1BB4-FDCC-6F6784F0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E75A8EF36C77-211A-B4D4-3D51-7638CA64{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B9FF28FEADBD-0759-B3C4-0E3C-971523B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C631204D2F78-97B8-D024-03C5-D7BDE56F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21C1DEC41F6A-833A-0544-2F5C-96C5E351{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C6FD6D44EDEA-09AA-43D4-05F2-5BC79156{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}547E99ACEE18-2138-44C4-1FF5-46DC9E33{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}34269F77C1AF-343A-F4E4-28CF-5672F8CB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CD9258113F3B-911A-3B14-B7BE-75F16F6B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0A96FA8CF416-71FA-5F24-2381-A9696EFE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67B041DDC1D8-E70A-0084-6B83-73358995{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B64375F4050B-E41B-4BE4-D1D2-6F90C0C7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}22E5CF3AD1C7-BA58-B584-53EF-B09B5F38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B65CFF777F0B-730A-7CD4-4EA7-929E4EB1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9583B7AF51E9-9988-C124-2BC2-70E3BF47{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D27AC7742D0C-9739-2844-1ED2-6717A206{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC935748A732-B6DA-F144-86DA-1CF5D30A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C3C3849F4A7E-4C1B-05D4-066D-B15A6026{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C7CC70997792-63D9-75E4-DF25-037CC3EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D812558F98D6-EFAA-2524-F347-126B1144{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}18ED275268ED-31EA-9E54-CE38-1230E994{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}679D1AA0F62D-EF0A-3F54-BC6B-B73C0899{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7E193913E461-048A-4F64-38C5-D4C6E81F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}557EF783C94A-7DCA-6F74-DE82-3C9718B4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}988CE08E3E57-0849-0CB4-1760-B772CCF8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C85AA8926D6A-F248-BBF4-F099-ECE6E235{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}410C4E0AF092-B73A-4554-3099-DEEACC7D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}85A43C4B73CB-7A98-F3E4-658D-1C7631B5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}54CE1AF0D5A4-9B79-6D04-E0AC-5077D06A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D4AE6DD1A44F-9FBA-EF54-989F-0E831273{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6C2BD2827B9F-15FB-4C04-B8AF-63FEBECC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}360D51CF0385-6429-4CE4-9424-154190FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E5610123AAF-D438-BB24-2B94-DE0C7045{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B5EDD2B189E7-260A-AEE4-138B-BC647BB5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}51613E8819A9-1F4B-EFF4-25C8-62F08910{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21A9567ABF08-AA58-A414-4B83-DE21FF67{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E5756F2B726F-3D98-B964-9381-B5475866{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CF1CEF4DD5A9-4AA9-5344-67A4-81EC108A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5FB32A92ABDA-0B4B-AA74-33FA-14375CE1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D570F4AB62CA-324B-1904-2148-D32E6AF4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7D5391E90C4B-0239-B924-B53A-AD1A0908{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C606DAFD5FE3-3DAB-50D4-B534-99464FD2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A7C91920B885-C829-CD94-E1F4-B46911DD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3AE06F790E0C-9A98-7A44-C9F7-71270F4F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB43A6608538-9DCA-C0B4-0281-5CB06085{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1C8E3EAE98ED-011A-E8E4-9F66-D2DF70CB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C637842FAC48-020A-7FF4-4D32-DB8EBE83{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9408E6AE5D1B-2D0A-0A04-6434-5CFFEB7A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D0E7D4B76E1-415A-3F34-5FD9-6936C991{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BF7A25E218EA-C739-BCC4-B715-522C40A3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C77DABB137FC-D759-6DD4-FD02-8A9D8340{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF28C359EF8A-34D9-AFD4-07A9-44E4DF5F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}312D3A650672-1328-9264-06E7-7A4F3351{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE424E0934C5-3128-B5B4-C363-57B2126F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2C06127D742A-F0F9-8D94-9FDF-ED519DD5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1BB41F97ED46-DFBB-5E34-91DF-33C5E898{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC4C9CBF39F1-48CB-7674-9C17-7027580D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB8FFA1152C7-B8AB-E044-C6C1-EA71091E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB23359EEAAB-FE89-1994-2244-76CA90C5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7821559DBD2F-2CDB-A284-B16D-4BC8DF04{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}784510939417-A2B9-5CB4-B336-F31D5199{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F77541382C67-2988-2E54-0E0C-F89CDAB8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3154CD46D8E8-2B38-D174-A752-E4B0F04F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}26A7F2637F19-E00A-7BE4-D622-47B08AB3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44217AF32E3F-92DA-4964-66E8-7FAEE38E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}75C99532D3FC-AFDB-8D44-FC98-BD1DA3FC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84020C5C0335-19DA-EA44-269C-B6FF3766{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7FFA423A5417-9D58-9094-6C6B-3A7D51D0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB015F2A946A-AD1B-BD44-EA60-1EE1E4A2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A7F98BAEFE14-2C3A-4774-8B0A-E32C508E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BA479BBEEC3A-A439-5DC4-B1ED-FEB1C0A4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B7E0261D59E-3529-B934-9749-5234C4AD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}949AA2322B18-FEB9-45E4-2003-4A733354{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B592C9D0CD3-3E78-3924-B63E-232EA5F7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C6BF326F7BB9-AF19-5034-3EB8-16273FB5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1A274F5A8940-9B9A-CD54-AAF6-97BF2F1F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}357867017B47-68CA-0C04-2801-2FBB2326{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5CF5876207D8-6F0B-11A4-67DE-D2BDD550{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}63CD33579119-2399-FFA4-4C30-FFEF3363{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B6A9AD481A07-00D9-3734-9B8E-766E0ADE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DEE5932D9497-7E88-0CF4-6E22-0F97AE49{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CD4CE24C7CBA-4578-B4E4-775F-F5EBCD31{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE3D8C5B7CAF-37DA-1D84-8B3A-555518B8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7E6784B00B09-5868-5F74-B847-A87B1DB1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DB6B72E6DE95-821B-1DD4-D124-42B7B982{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F39C3CFBD54E-BBF8-4D24-2251-508E2EFA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BA7DB0F34A59-5A39-4C84-99B9-8911E9CE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7886332675BB-7989-BCE4-742E-9BC1F71D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3F4F983D1831-F7AA-8994-FD6D-76C560B6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8DEDE978B999-8BD8-2B14-C230-DE8683D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B4443EA60D0-4779-E304-E486-7AAFE167{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3F4F6ADD4165-3D28-EA14-D1F4-D9A00D06{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1C108F36C6B5-C48B-FA34-5260-F1F1411F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\gdvmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3D2AA12501CD-6718-68C4-3E47-D4040FFC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}26560C316613-C36B-2844-BB81-15EC494A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2D6319B2F9B3-6079-4694-402D-5D3F882D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7B23CC67545A-EEA8-AA04-4768-6FB49019{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A40E59406F53-21F9-C3D4-4F31-8879718C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}99EAAAF760C0-73FA-1994-69B9-A3F63958{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\onisacputes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmvdg.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
E:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe E:\WINDOWS\System32\CSAEU.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
E:\WINDOWS\SYSTEM32\CSAEU.EXE 51,290 2006-07-28
E:\WINDOWS\SYSTEM32\DMVDG.EXE 61,983 2004-08-04
Other suspects
Directory of E:\WINDOWS\system32
{85936F3A-9B96-4991-AF37-0C067FAAAE99}.exe
{C8179788-13F4-4D3C-9F12-35F60495E04A}.exe
{91094BF6-8674-40AA-8AEE-A54576CC32B7}.exe
{D288F3D5-D204-4964-9706-3B9F2B9136D2}.exe
{A494CE51-18BB-4482-B63C-316613C06562}.exe
{CFF0404D-74E3-4C86-8176-DC10521AA2D3}.exe
{5196FA63-EBB7-4C9F-B9F8-3CC0A33795C1}.exe
{F1141F1F-0625-43AF-B84C-5B6C63F801C1}.exe
{60D00A9D-4F1D-41AE-82D3-5614DDA6F4F3}.exe
{761EFAA7-684E-403E-9774-0D06AE3444B8}.exe
{4D3868ED-032C-41B2-8DB8-999B879EDED8}.exe
{6B065C67-D6DF-4998-AA7F-1381D389F4F3}.exe
{D17F1CB9-E247-4ECB-9897-BB5762336887}.exe
{EC9E1198-9B99-48C4-93A5-95A43F0BD7AB}.exe
{AFE2E805-1522-42D4-8FBB-E45DBFC3C93F}.exe
{289B7B24-421D-4DD1-B128-59ED6E27B6BD}.exe
{1BD1B78A-748B-47F5-8685-90B00B4876E7}.exe
{8B815555-A3B8-48D1-AD73-FAC7B5C8D3EB}.exe
{13DCBE5F-F577-4E4B-8754-ABC7C42EC4DC}.exe
{94EA79F0-22E6-4FC0-88E7-7949D2395EED}.exe
{EDA0E667-E8B9-4373-9D00-70A184DA9A6B}.exe
{3633FEFF-03C4-4AFF-9932-91197533DC36}.exe
{055DDB2D-ED76-4A11-B0F6-8D7026785FC5}.exe
{6232BBF2-1082-40C0-AC86-74B710768753}.exe
{F1F2FB79-6FAA-45DC-A9B9-0498A5F472A1}.exe
{5BF37261-8BE3-4305-91FA-9BB7F623FB6C}.exe
{7F5AE232-E36B-4293-87E3-3DC0D9C295B4}.exe
{453337A4-3002-4E54-9BEF-81B2232AA949}.exe
{DA4C4325-9479-439B-9253-E95D1620E7B8}.exe
{4A0C1BEF-DE1B-4CD5-934A-A3CEEBB974AB}.exe
{E805C23E-A0B8-4774-A3C2-41EFEAB89F7A}.exe
{2A4E1EE1-06AE-44DB-B1DA-A649A2F510BC}.exe
{0D15D7A3-B6C6-4909-85D9-7145A324AFF7}.exe
{6673FF6B-C962-44AE-AD91-5330C5C02048}.exe
{CF3AD1DB-89CF-44D8-BDFA-CF3D23599C57}.exe
{E83EEAF7-8E66-4694-AD29-F3E23FA71244}.exe
{3BA80B74-226D-4EB7-A00E-91F7362F7A62}.exe
{F40F0B4E-257A-471D-83B2-8E8D64DC4513}.exe
{8BADC98F-C0E0-45E2-8892-76C28314577F}.exe
{9915D13F-633B-4BC5-9B2A-714939015487}.exe
{40FD8CB4-D61B-482A-BDC2-F2DBD9551287}.exe
{E19017AE-1C6C-440E-BA8B-7C2511AFF8BC}.exe
{D0857207-71C9-4767-BC84-1F93FBC9C4CF}.exe
{898E5C33-FD19-43E5-BBFD-64DE79F14BB1}.exe
{5DD915DE-FDF9-49D8-9F0F-A247D72160C2}.exe
{F6212B75-363C-4B5B-8213-5C4390E424EB}.exe
{1533F4A7-7E60-4629-8231-276056A3D213}.exe
{F5FD4E44-9A70-4DFA-9D43-A8FE953C82FF}.exe
{0438D9A8-20DF-4DD6-957D-CF731BBAD77C}.exe
{3A04C225-517B-4CCB-937C-AE812E52A7FB}.exe
{199C6396-9DF5-43F3-A514-1E67B4D7E0D5}.exe
{A7BEFFC5-4346-40A0-A0D2-B1D5EA6E8049}.exe
{BC07FD2D-66F9-4E8E-A110-DE89EAE3E8C1}.exe
{58060BC5-1820-4B0C-ACD9-8358066A34BC}.exe
{F4F07217-7F9C-44A7-89A9-C0E097F60EA3}.exe
{E91AA482-F309-4C06-8FB5-7D7B6D1C5BE5}.exe
{2DF46499-435B-4D05-BAD3-3EF5DFAD606C}.exe
{8090A1DA-A35B-429B-9320-B4C09E1935D7}.exe
{4FA6E23D-8412-4091-B423-AC26BA4F075D}.exe
{1EC57341-AF33-47AA-B4B0-ADBA29A23BF5}.exe
{A801CE18-4A76-4435-9AA4-9A5DD4FEC1FC}.exe
{6685745B-1839-469B-89D3-F627B2F6575E}.exe
{76FF12ED-38B4-414A-85AA-80FBA7659A12}.exe
{01980F26-8C52-4FFE-B4F1-9A9188E31615}.exe
{5BB746CB-B831-4EEA-A062-7E981B2DDE5B}.exe
{5407C0ED-49B2-42BB-834D-FAA3210165E4}.exe
{BF091451-4249-4EC4-9246-5830FC15D063}.exe
{CCEBEF36-FA8B-40C4-BF51-F9B7282DB2C6}.exe
{372138E0-F989-45FE-ABF9-F44A1DD6EA4D}.exe
{A60D7705-CA0E-40D6-97B9-4A5D0FA1EC45}.exe
{5B1367C1-D856-4E3F-89A7-BC37B4C34A58}.exe
{D7CCAEED-9903-4554-A37B-290FA0E4C014}.exe
{532E6ECE-990F-4FBB-842F-A6D6298AA58C}.exe
{8FCC277B-0671-4BC0-9480-75E3E80EC889}.exe
{4B8179C3-28ED-47F6-ACD7-A49C387FE755}.exe
{F18E6C4D-5C83-46F4-A840-164E319391E7}.exe
{9980C37B-B6CB-45F3-A0FE-D26F0AA1D976}.exe
{499E0321-83EC-45E9-AE13-DE862572DE81}.exe
{4411B621-743F-4252-AAFE-6D89F855218D}.exe
{AE3CC730-52FD-4E57-9D36-29779907CC7C}.exe
{6206A51B-D660-4D50-B1C4-E7A4F9483C3C}.exe
{A03D5FC1-AD68-441F-AD6B-237A847539CB}.exe
{602A7176-2DE1-4482-9379-C0D2477CA72D}.exe
{74FB3E07-2CB2-421C-8899-9E15FA7B3859}.exe
{1BE4E929-7AE4-4DC7-A037-B0F777FFC56B}.exe
{83F5B90B-FE35-485B-85AB-7C1DA3FC5E22}.exe
{7C0C09F6-2D1D-4EB4-B14E-B0504F57346B}.exe
{59985337-38B6-4800-A07E-8D1CDD140B76}.exe
{EFE6969A-1832-42F5-AF17-614FC8AF69A0}.exe
{B6F61F57-EB7B-41B3-A119-B3F3118529DC}.exe
{BC8F2765-FC82-4E4F-A343-FA1C77F96243}.exe
{33E9CD64-5FF1-4C44-8312-81EECA99E745}.exe
{65197CB5-2F50-4D34-AA90-AEDE44D6DF6C}.exe
{153E5C69-C5F2-4450-A338-A6F14CED1C12}.exe
{F65EDB7D-5C30-420D-8B79-87F2D402136C}.exe
{4B325179-C3E0-4C3B-9570-DBDAEF82FF9B}.exe
{46AC8367-15D3-4D4B-A112-77C63FE8A57E}.exe
{0F4876F6-CCDF-4BB1-85E4-1A256F3E0FAC}.exe
{F7938879-A8B3-4880-B5FA-CDE8749ABBD9}.exe
{17941AA7-1F36-4FD0-9A46-C1282992DDDD}.exe
{80AE7D27-8111-4ECF-BF98-3AE0DE86DBF9}.exe
{E9CDD1E0-1FB6-4C83-9321-698C60CFB5DB}.exe
{484B6DEA-2B1A-4C43-B22E-89D8A95EC357}.exe
{9A9289AD-C162-437B-9400-C5ED8C02AFB2}.exe
{F44E789F-7C76-4921-9746-E5124AAF000E}.exe
{C6AD769D-C19F-421B-A603-807AFA7A0B56}.exe
{62AEC11E-7D88-4B75-9334-10449D21985E}.exe
{9AE7BA1B-4AB8-4E3E-AAF4-6FBA73D8E3E2}.exe
{99E5667B-A4CF-4939-A0E1-78E8A83A7F9D}.exe
{2B95A986-2958-4FD6-A643-46FFA7C96718}.exe
{AF2268F2-9107-4A29-8242-C012D9D8ABAB}.exe
{ECBD217C-6A84-4150-BC13-A2AC367DD242}.exe
{A8CFB8F0-5AF8-43F7-9475-C7E93A122FAB}.exe
{29E656C1-08CB-4375-A410-39EB5315CE67}.exe
{B14D6693-FC81-4880-A52F-23C6B0334F12}.exe
{373B5E6B-86D4-4803-BDBD-F424380679CA}.exe
{2320B88E-1600-461D-8295-E943099D9EC6}.exe
{06688C02-FE8E-449E-AFED-943C06276691}.exe
{10F43080-1FC5-40DB-B59F-2476A11761A3}.exe
{6A62D957-9A91-4942-8DCA-27FDB1F721E0}.exe
{F8371797-36E5-4F48-95E3-0D2539F4FBC5}.exe
{B9F35376-8204-4455-B57C-E5BAFCEDD907}.exe
{EB72E6AD-5D03-4547-A64A-B2221CAB0D04}.exe
{AD02AFBD-6080-42E8-8A60-6EE53BBF7886}.exe
{A22CA690-34C3-4F27-AC4C-AF274A85BBAA}.exe
{3C1D8C86-FBC8-48CF-81D5-5A399DCFD5DD}.exe
{D2994E67-B433-4F03-A4FF-BCF2F7EC0AA5}.exe
{79F23A3A-3692-42CA-9E68-89C64A47B616}.exe
{1466BDF1-F711-4AF0-8030-56B0E1C6F9BF}.exe
{B2866542-0434-4CEC-B654-B347A6973C9D}.exe
{D728482E-5849-4325-B84B-47FE3C2E2C3B}.exe
{2C21997D-EDDE-4A20-B793-67182A6546EF}.exe
{91873E2C-BE1C-42A8-B82C-9235ECF858C7}.exe
{B1D76A94-E6F5-4F9A-889A-A8F951A775D3}.exe
{6B497003-241F-4317-BB3A-633A77B44383}.exe
{5E17E1E9-4763-4ACC-96CD-14D71B85D55E}.exe
{CCD1CF71-07A1-4183-820B-45D8C1E907E5}.exe
{99C9BAE1-CFE6-4715-84FA-EBDAE0E0C128}.exe
{B0B848E4-8274-48FE-B79C-2A9526BD4994}.exe
{0F83CDDE-6853-4AA2-80C4-5F9C4ECE81CE}.exe
{836798D1-180F-4AE1-BBC3-ACDCF85677DC}.exe
{DA7E0DAE-6409-42F9-B035-EC491BCACE71}.exe
{C716B71B-F325-4EC0-8040-2DA788D8E931}.exe
{8D785041-324F-48C7-AF11-66FB688B76E0}.exe

Thanks in advance.

This has been annoying me so much i uninstalled firefox as it kept crashing and i almost reformated windows.

mtunick

Go here to download ewido anti malware http://www.grisoft.cz/softw/70/filedir/inst/ewido-setup_4.0.0.172c.exe
Update it, run a complete system scan, save a log file, post the log file.