Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

winiguard


  • This topic is locked This topic is locked
4 replies to this topic

#1 RJ1014

RJ1014

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 14 December 2008 - 09:06 PM

Mod. edit: The link below is for the topic in Am I Infected from which RJ1014 was referred ~ OB

http://www.bleepingcomputer.com/forums/t/185653/winiguard/

tried pretty much everything, also none of my antivirus/antispyware update such as Superantispyware, AVG, spysweeper etc....
i can't really do much i get a thing on the toolbar popping up everynow and then making an annoying noise asking me to buy winiguard and a pop up from windows telling me my memory is low.
info.

info.txt logfile of random's system information tool 1.04 2008-12-14 20:57:59

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Search-->C:\Program Files\AIM Search\uninstaller.exe AIM Search
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
AT&T Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Free Mp3/Wma/Ogg Converter 4.0.1-->"C:\Program Files\Free Mp3WmaOgg Converter\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lexmark 3500-4500 Series-->C:\Program Files\Lexmark 3500-4500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MP3 WAV WMA Converter-->C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG
MSN Toolbar-->MsiExec.exe /I{6710FE30-27F7-492B-A660-D31D4A898A43}
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton Internet Security 2005-->C:\Program Files\Common Files\Symantec Shared\SymSetup\Temp{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Solo Antivirus 8.0-->"C:\SRN Micro\unins000.exe"
Sound Control v2.15-->"C:\WINDOWS\Uninstall\Sound Control\unins000.exe"
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files\Webroot\WebrootSecurity\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SwiftKit-->C:\Program Files\SwiftKit\Uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
WinGuard Pro-->"C:\WINDOWS\system32\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

log
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-14 20:57:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (14%) free of 186 GB
Total RAM: 894 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:55, on 12/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\WINDOWS\system32\baloon.exe
C:\WINDOWS\system32\cfrog.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wgp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\SRNMIC~1\SOLOSENT.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\SRNMIC~1\SOLOCFG.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sound Control\SC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Shadow Winter Deffender - {1A00ABA0-DBD1-4C15-81A0-A053E5F883F9} - C:\WINDOWS\system32\LinkSave.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [C:\WINDOWS\system32\baloon.exe] "C:\WINDOWS\system32\baloon.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\cfrog.exe] "C:\WINDOWS\system32\cfrog.exe"
O4 - HKLM\..\Run: [WinGuard Pro] "C:\WINDOWS\system32\wgp.exe"
O4 - HKLM\..\Run: [SoloSentry] "C:\SRNMIC~1\SOLOSENT.EXE"
O4 - HKLM\..\Run: [SoloSchedule] "C:\SRNMIC~1\SOLOCFG.EXE"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] "C:\windows\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Sound Control.lnk = C:\Program Files\Sound Control\SC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

--
End of file - 8715 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\wrSpySweeper_L93016E6EE1AF4C13AA39213C87087AAF.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-11-06 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A00ABA0-DBD1-4C15-81A0-A053E5F883F9}]
Microsoft Shadow Winter Deffender - C:\WINDOWS\system32\LinkSave.dll [2008-12-04 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-07 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-07 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-07 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-11-13 61440]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2008-11-13 339968]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-13 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-06-21 577536]
"lxdimon.exe"=C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [2007-05-07 435120]
"lxdiamon"=C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [2007-03-05 20480]
"FaxCenterServer"=C:\Program Files\\Lexmark Fax Solutions\fm3032.exe [2007-05-07 312240]
"C:\WINDOWS\system32\baloon.exe"=C:\WINDOWS\system32\baloon.exe [2008-12-04 118784]
"C:\WINDOWS\system32\cfrog.exe"=C:\WINDOWS\system32\cfrog.exe [2008-12-04 26624]
"WinGuard Pro"=C:\WINDOWS\system32\wgp.exe [2007-02-08 290816]
"SoloSentry"=C:\SRNMIC~1\SOLOSENT.EXE [2008-10-20 77824]
"SoloSchedule"=C:\SRNMIC~1\SOLOCFG.EXE [2008-10-19 303104]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-07 1235736]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-10-12 6272888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2004-08-10 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-02-29 4670704]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Sound Control.lnk - C:\Program Files\Sound Control\SC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2005-03-14 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 3500-4500 Series\App4R.exe"="C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe"="C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software"
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor"
"C:\Documents and Settings\Administrator\Local Settings\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:*:Enabled: "
"C:\WINDOWS\system32\lxdicfg.exe"="C:\WINDOWS\system32\lxdicfg.exe:*:Enabled:Printer Communication System"
"C:\WINDOWS\system32\lxdicoms.exe"="C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\SRN Micro\SOLOCFG.EXE"="C:\SRN Micro\SOLOCFG.EXE:*:Enabled:Solo Scheduler"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe"="C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"

======File associations======

.scr - open - "%1" %*
.scr - config - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-14 20:57:25 ----D---- C:\Program Files\trend micro
2008-12-14 20:57:24 ----D---- C:\rsit
2008-12-14 19:39:48 ----A---- C:\windows\system32\tmp.txt
2008-12-14 19:39:32 ----A---- C:\rapport.txt
2008-12-14 19:39:16 ----A---- C:\windows\system32\WS2Fix.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\VCCLSID.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\VACFix.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\swxcacls.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\swsc.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\swreg.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\SrchSTS.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\Process.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\o4Patch.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\IEDFix.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\IEDFix.C.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\dumphive.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\Agent.OMZ.Fix.exe
2008-12-14 19:39:16 ----A---- C:\windows\system32\404Fix.exe
2008-12-13 10:33:16 ----A---- C:\windows\system32\NCTWMAFile2.dll
2008-12-13 10:33:16 ----A---- C:\windows\system32\NCTAudioInformation2.dll
2008-12-13 10:33:16 ----A---- C:\windows\system32\NCTAudioFile2.dll
2008-12-13 10:33:16 ----A---- C:\windows\system32\NCTAudioCDGrabber2.dll
2008-12-13 10:33:16 ----A---- C:\windows\system32\msvcr70.dll
2008-12-13 10:33:16 ----A---- C:\windows\system32\lame_enc.dll
2008-12-13 10:33:15 ----D---- C:\Program Files\Free Mp3WmaOgg Converter
2008-12-13 10:25:13 ----A---- C:\windows\system32\sysmwwod.dll
2008-12-13 10:22:17 ----D---- C:\Program Files\MP3 WAV WMA Converter
2008-12-13 07:25:51 ----D---- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-12-11 11:49:21 ----D---- C:\windows\ERUNT
2008-12-11 11:43:38 ----D---- C:\SDFix
2008-12-10 14:15:24 ----A---- C:\windows\ntbtlog.txt
2008-12-10 14:02:44 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-10 14:02:27 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-10 14:02:27 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-10 14:02:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-09 12:35:32 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-12-09 12:35:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-09 12:35:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 12:47:53 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-12-08 12:33:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-12-08 11:36:58 ----D---- C:\Documents and Settings\Administrator\Application Data\acccore
2008-12-08 03:44:03 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-12-08 03:37:59 ----D---- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-12-08 03:36:33 ----D---- C:\Documents and Settings\Administrator\Application Data\FaxCtr
2008-12-08 03:33:44 ----D---- C:\!KillBox
2008-12-08 03:25:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-12-08 03:24:48 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2008-12-08 03:16:34 ----D---- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-12-07 21:43:44 ----HD---- C:\$AVG8.VAULT$
2008-12-07 19:18:55 ----A---- C:\windows\system32\avgrsstx.dll
2008-12-07 19:18:05 ----D---- C:\Program Files\AVG
2008-12-07 19:18:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-07 18:05:08 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-07 18:05:05 ----D---- C:\Program Files\WinGuard Pro 2007
2008-12-07 18:05:05 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-07 15:39:02 ----A---- C:\windows\SOLOSCAN.BAT
2008-12-07 15:37:57 ----D---- C:\SRN Micro
2008-12-07 12:35:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-07 12:34:45 ----D---- C:\Program Files\Google
2008-12-04 13:50:30 ----A---- C:\windows\system32\wgp_menu.exe
2008-12-04 13:50:30 ----A---- C:\windows\system32\wgp.exe
2008-12-04 13:50:29 ----A---- C:\windows\system32\wodShellMenu.dll
2008-12-04 13:50:27 ----A---- C:\windows\system32\unins000.exe
2008-12-04 13:22:25 ----A---- C:\windows\system32\LinkSave.dll
2008-12-04 13:22:24 ----A---- C:\windows\system32\rasha.exe
2008-12-04 13:22:22 ----A---- C:\windows\system32\LinkSave.Droper.exe
2008-12-04 13:22:16 ----A---- C:\windows\system32\cfrog.exe
2008-12-04 13:22:12 ----A---- C:\windows\system32\baloon.exe
2008-12-01 19:57:59 ----A---- C:\YServer.txt
2008-11-22 13:59:46 ----D---- C:\Documents and Settings\Administrator\Application Data\teamspeak2
2008-11-19 18:42:39 ----D---- C:\logs
2008-11-19 18:42:20 ----A---- C:\windows\system32\lxdivs.dll
2008-11-19 18:42:17 ----A---- C:\windows\system32\lxdicoin.dll
2008-11-19 18:41:46 ----A---- C:\windows\system32\wiafbdrv.dll
2008-11-19 18:41:27 ----A---- C:\windows\system32\lxdicaps.dll
2008-11-19 18:41:26 ----A---- C:\windows\system32\lxdidrs.dll
2008-11-19 18:41:26 ----A---- C:\windows\system32\lxdicnv4.dll
2008-11-19 18:40:42 ----A---- C:\windows\system32\LXF3PMON.DLL
2008-11-19 18:40:42 ----A---- C:\windows\system32\LXF3FXPU.DLL
2008-11-19 18:40:22 ----A---- C:\windows\system32\LXF3PMRC.DLL
2008-11-19 18:40:22 ----A---- C:\windows\system32\lxf3oem.dll
2008-11-19 18:40:22 ----A---- C:\windows\system32\IMHOST32.DLL
2008-11-19 18:40:22 ----A---- C:\windows\system32\IMGMAN32.DLL
2008-11-19 18:40:13 ----D---- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-11-19 18:39:53 ----D---- C:\Program Files\Lexmark Fax Solutions
2008-11-19 18:39:24 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-11-19 18:33:34 ----AH---- C:\windows\system32\lxdirwrd.ini
2008-11-19 18:33:18 ----A---- C:\windows\system32\lxdiutil.dll
2008-11-19 18:33:18 ----A---- C:\windows\system32\lxdiinst.dll
2008-11-19 18:33:18 ----A---- C:\windows\system32\lxdiinpa.dll
2008-11-19 18:33:18 ----A---- C:\windows\system32\lxdiiesc.dll
2008-11-19 18:33:18 ----A---- C:\windows\system32\lxdihcp.dll
2008-11-19 18:33:17 ----A---- C:\windows\system32\lxdiusb1.dll
2008-11-19 18:33:17 ----A---- C:\windows\system32\lxdiserv.dll
2008-11-19 18:33:17 ----A---- C:\windows\system32\lxdiprox.dll
2008-11-19 18:33:17 ----A---- C:\windows\system32\lxdipplc.dll
2008-11-19 18:33:17 ----A---- C:\windows\system32\lxdipmui.dll
2008-11-19 18:33:17 ----A---- C:\windows\system32\lxdilmpm.dll
2008-11-19 18:33:16 ----A---- C:\windows\system32\lxdijswr.dll
2008-11-19 18:33:16 ----A---- C:\windows\system32\lxdiinsr.dll
2008-11-19 18:33:16 ----A---- C:\windows\system32\lxdiinsb.dll
2008-11-19 18:33:16 ----A---- C:\windows\system32\lxdiins.dll
2008-11-19 18:33:16 ----A---- C:\windows\system32\lxdiih.exe
2008-11-19 18:33:15 ----A---- C:\windows\system32\lxdihbn3.dll
2008-11-19 18:33:15 ----A---- C:\windows\system32\lxdigrd.dll
2008-11-19 18:33:15 ----A---- C:\windows\system32\lxdigf.dll
2008-11-19 18:33:15 ----A---- C:\windows\system32\lxdicur.dll
2008-11-19 18:33:15 ----A---- C:\windows\system32\lxdicub.dll
2008-11-19 18:33:15 ----A---- C:\windows\system32\lxdicu.dll
2008-11-19 18:33:15 ----A---- C:\windows\system32\lxdicoms.exe
2008-11-19 18:33:14 ----A---- C:\windows\system32\lxdicomm.dll
2008-11-19 18:33:14 ----A---- C:\windows\system32\lxdicomc.dll
2008-11-19 18:33:14 ----A---- C:\windows\system32\lxdicfg.exe
2008-11-19 18:33:14 ----A---- C:\windows\system32\lxdicfg.dll
2008-11-19 18:33:11 ----D---- C:\Program Files\Lexmark 3500-4500 Series
2008-11-17 18:00:48 ----D---- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-11-17 18:00:47 ----D---- C:\Program Files\mIRC
2008-11-17 12:03:50 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-17 12:03:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-11-17 12:03:39 ----D---- C:\Program Files\Yahoo!
2008-11-17 12:03:33 ----D---- C:\Program Files\DivX
2008-11-17 11:54:46 ----D---- C:\Program Files\Netflix
2008-11-16 22:21:51 ----A---- C:\windows\system32\ChCfg.exe
2008-11-16 22:21:04 ----A---- C:\windows\system32\ksuser.dll
2008-11-16 22:20:44 ----D---- C:\Program Files\Realtek AC97
2008-11-16 22:20:42 ----A---- C:\windows\system32\RTLCPL.exe
2008-11-16 22:20:40 ----A---- C:\windows\soundman.exe
2008-11-16 22:20:39 ----A---- C:\windows\system32\RtlCPAPI.dll
2008-11-16 22:20:38 ----A---- C:\windows\alcupd.exe
2008-11-16 22:20:37 ----A---- C:\windows\Alcrmv.exe
2008-11-16 22:14:00 ----D---- C:\windows\system32\Lang

======List of files/folders modified in the last 1 months======

2008-12-14 20:57:55 ----D---- C:\windows\Temp
2008-12-14 20:57:25 ----RD---- C:\Program Files
2008-12-14 20:56:39 ----D---- C:\windows\Prefetch
2008-12-14 20:02:35 ----A---- C:\windows\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2008-12-14 20:02:15 ----D---- C:\WINDOWS
2008-12-14 20:01:47 ----D---- C:\windows\Registration
2008-12-14 19:39:48 ----D---- C:\windows\system32
2008-12-14 19:34:28 ----A---- C:\windows\SchedLgU.Txt
2008-12-14 18:06:47 ----D---- C:\windows\system32\CatRoot2
2008-12-13 07:20:44 ----D---- C:\windows\system32\drivers
2008-12-13 07:15:47 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-12-11 18:20:51 ----D---- C:\Program Files\PartyGaming
2008-12-11 11:52:46 ----RSHDC---- C:\windows\system32\dllcache
2008-12-10 14:02:39 ----SHD---- C:\windows\Installer
2008-12-10 14:02:09 ----D---- C:\Program Files\Common Files
2008-12-07 21:26:52 ----D---- C:\My Backup -- 14-10-08 1444
2008-12-07 18:03:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-07 15:44:15 ----D---- C:\windows\WinSxS
2008-12-07 12:38:39 ----A---- C:\windows\system32\PerfStringBackup.INI
2008-12-05 17:27:30 ----D---- C:\Program Files\Java
2008-11-29 11:25:10 ----D---- C:\windows\system32\wbem
2008-11-28 20:18:28 ----D---- C:\windows\.jagex_cache_32
2008-11-28 16:49:44 ----HD---- C:\windows\inf
2008-11-21 20:24:59 ----D---- C:\Program Files\Vuze
2008-11-21 15:29:39 ----D---- C:\windows\system32\config
2008-11-21 15:28:53 ----D---- C:\windows\system32\Restore
2008-11-19 20:07:24 ----RSD---- C:\windows\assembly
2008-11-19 20:07:24 ----D---- C:\windows\Microsoft.NET
2008-11-19 18:41:57 ----D---- C:\windows\twain_32
2008-11-19 18:34:58 ----D---- C:\Program Files\Internet Explorer
2008-11-19 18:34:52 ----D---- C:\windows\system32\mui
2008-11-18 17:59:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-17 12:03:52 ----SD---- C:\windows\Downloaded Program Files
2008-11-16 22:20:37 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-16 22:16:58 ----D---- C:\windows\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\windows\System32\Drivers\avgldx86.sys [2008-12-07 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\windows\System32\Drivers\avgmfx86.sys [2008-12-07 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\windows\System32\Drivers\avgtdix.sys [2008-12-07 90632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 mdmxsdk;mdmxsdk; C:\windows\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2006-06-27 3972672]
R3 Arp1394;1394 ARP Client Protocol; C:\windows\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2005-03-14 1032192]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\windows\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\windows\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtnicxp.sys [2008-07-17 109952]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; C:\windows\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 P3;Intel PentiumIII Processor Driver; C:\windows\system32\DRIVERS\p3.sys [2004-08-10 42496]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\windows\system32\DRIVERS\wceusbsh.sys [2004-08-03 31744]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 MHNDRV;MHN driver; C:\windows\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\windows\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040213.016\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040213.016\navex15.sys []
S3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2005-03-14 352256]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-07 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-07 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 lxdi_device;lxdi_device; C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 517040]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 99248]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2008-10-02 3667304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe []
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2008-11-13 81920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-07 138168]
S3 MHN;MHN; C:\windows\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2008-11-13 89600]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2008-11-13 38912]

-----------------EOF-----------------

Edited by Orange Blossom, 14 December 2008 - 10:10 PM.
Also corrected link so entire topic could be viewed. ~ OB


BC AdBot (Login to Remove)

 


#2 RJ1014

RJ1014
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 16 December 2008 - 04:05 PM

its been 3 days :x any suggestions?

#3 RJ1014

RJ1014
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 20 December 2008 - 03:06 PM

hm im pretty sure i got rid of it, i downloaded and used "AVAST" antivirus and antispyware the pop ups are all gone and everything is running normal the thing that pops up in the toolbar stopped and when i go to websites nothing pops up about winiguard, but if theres any other suggestions i can do to check please tell me

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 22 December 2008 - 06:33 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use any other browsers, select them appropriately from the top and empty all items.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Change the Rootkit Scan setting from "No" to Yes.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


In your next reply include:
-the OTScanIt log (attached)
-the Kaspersky log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 PM

Posted 30 December 2008 - 07:40 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users