Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help! Winiguard Virus!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please Help! Winiguard Virus!

Unread postby francis89 » February 25th, 2009, 9:31 pm

Can anyone help me? I've recently somehow gotten the dreadful Winiguard virus, and now every now and then I get very annoying Fake Security Alerts from the virus urging me to buy Winiguard, and it makes my computer stall about every 2 minutes. I've already tried Malwarebytes' AntiMalware, and it still isn't gone. I just ran HiJackThis, and here is my log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:38 PM, on 2/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\promo.exe
C:\Drivers\wgp\wgpro0.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [promo.exe] C:\WINDOWS\system32\promo.exe
O4 - HKLM\..\Run: [WinGuard Pro] c:\Drivers\wgp\wgpro0.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6805 bytes











Fast help would be greatly appreciated as I wish to not have to reboot Windows. Thank you so much, helpers!
francis89
Active Member
 
Posts: 12
Joined: February 25th, 2009, 9:19 pm
Advertisement
Register to Remove

Re: Please Help! Winiguard Virus!

Unread postby MikeSwim07 » March 1st, 2009, 10:13 am

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 5 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Please Help! Winiguard Virus!

Unread postby francis89 » March 1st, 2009, 4:17 pm

Hey Michael, thanks for your help, I'm still not exactly sure how this is all gonna work but I appreciate you putting in your time to help me.

Here is my Uninstall List from hijackthis:

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AIM 6
AIM Search
AIM Toolbar 5.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 440x 10/100 Integrated Controller
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Data Lifeguard Tools
Dell ResourceCD
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
FLV Player 2.0 (build 25)
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 10
Last.fm 1.5.2.38918
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (3.0.6)
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Windows Essentials Media Codec Pack 1.0
Windows Internet Explorer 7
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 2002 OEM
francis89
Active Member
 
Posts: 12
Joined: February 25th, 2009, 9:19 pm

Re: Please Help! Winiguard Virus!

Unread postby MikeSwim07 » March 2nd, 2009, 5:48 pm

I notice that you have WinGuard installed. This is not legitimate software, please do not pay for it. I will help you remove it later.

Upload a File to Virustotal

Please visit Virustotal
  • Click the Browse... button
  • Navigate to the file C:\WINDOWS\system32\promo.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results back here please.

Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post back the VirusTotal results and the 2 RSIT logs.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Please Help! Winiguard Virus!

Unread postby francis89 » March 2nd, 2009, 7:56 pm

VirusTotal Results:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.02 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.03.02 TR/Crypt.FKM.Gen
Authentium 5.1.0.4 2009.03.03 -
Avast 4.8.1335.0 2009.03.02 -
AVG 8.0.0.237 2009.03.01 Win32/Heur
BitDefender 7.2 2009.03.03 -
CAT-QuickHeal 10.00 2009.03.02 -
ClamAV 0.94.1 2009.03.02 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.03.03 -
eSafe 7.0.17.0 2009.03.02 -
eTrust-Vet 31.6.6380 2009.03.02 -
F-Prot 4.4.4.56 2009.03.02 -
F-Secure 8.0.14470.0 2009.03.02 -
Fortinet 3.117.0.0 2009.03.02 -
GData 19 2009.03.02 -
Ikarus T3.1.1.45.0 2009.03.02 -
K7AntiVirus 7.10.654 2009.03.02 -
Kaspersky 7.0.0.125 2009.03.03 -
McAfee 5541 2009.03.02 -
McAfee+Artemis 5541 2009.03.02 -
Microsoft 1.4306 2009.03.02 -
NOD32 3902 2009.03.02 -
Norman 6.00.06 2009.03.02 -
nProtect 2009.1.8.0 2009.03.02 -
Panda 10.0.0.10 2009.03.02 -
PCTools 4.4.2.0 2009.03.02 -
Prevx1 V2 2009.03.03 -
Rising 21.19.02.00 2009.03.02 -
SecureWeb-Gateway 6.7.6 2009.03.02 Trojan.Crypt.FKM.Gen
Sophos 4.39.0 2009.03.03 -
Sunbelt 3.2.1858.2 2009.03.02 -
Symantec 10 2009.03.03 -
TheHacker 6.3.2.6.269 2009.03.02 -
TrendMicro 8.700.0.1004 2009.03.02 -
VBA32 3.12.10.1 2009.03.03 -
ViRobot 2009.3.2.1630 2009.03.02 -
VirusBuster 4.5.11.0 2009.03.02 Trojan.SpyVamp.Gen!Pac
Additional information
File size: 610304 bytes
MD5...: 9853578b635977791484803d2c48eba9
SHA1..: 7b1aff9315189124edbc0a6249a830185304bc72
SHA256: a17f935432565e0e2892b579fc033ab7dc15218681972a28b491046c67112e42
SHA512: 297513a4c92442fbaef7e70401eca1759298ecac110b0bb23a413243ffdfdd72
19833decbc4051a52a27603fed30877acdec1a0f280d3b59ad04252908a5d1f1
ssdeep: 6144:US3GdYLP0qokyRwT/sKmLBiYJTk2iubRQiMJ2Ag7jMGD3L5LauaCTuzJfUj
Wmzq2:UgDXvjm9XuNdSf9aCiRm4mC3YGK
PEiD..: -
TrID..: File type identification
Win16/32 Executable Delphi generic (25.5%)
Clipper DOS Executable (24.9%)
Generic Win/DOS Executable (24.7%)
DOS Executable Generic (24.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xbe000 0x86600 4.94 c3ead3325c6d08102b9d89d31d5d309c
.rdata 0xbf000 0xf000 0xe600 5.70 842b56ff9a0bb641be7a80be1b641f09

( 2 imports )
> kernel32.dll: Sleep, GetTickCount, ExitProcess, GetModuleHandleA, GetStartupInfoA, GetCommandLineA
> user32.dll: MessageBoxA, GetDC

( 0 exports )
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=9853578b635977791484803d2c48eba9' target='_blank'>http://www.threatexpert.com/report.aspx?md5=9853578b635977791484803d2c48eba9</a>






RSIT Logs:

log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-03-02 18:52:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 136 GB (89%) free of 153 GB
Total RAM: 1022 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:39 PM, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Drivers\wgp\wgpro0.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [promo.exe] C:\WINDOWS\system32\promo.exe
O4 - HKLM\..\Run: [WinGuard Pro] c:\Drivers\wgp\wgpro0.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7336 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2008-08-06 111912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-01 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"promo.exe"=C:\WINDOWS\system32\promo.exe [2009-02-24 610304]
"WinGuard Pro"=c:\Drivers\wgp\wgpro0.exe [2009-01-19 217912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-12-24 14:04:26 ----A---- C:\WINDOWS\system32\19598w9rz295.exe
2009-12-23 09:45:55 ----A---- C:\WINDOWS\system32\48d5d9wnzoader2354.exe
2009-12-22 09:47:14 ----A---- C:\WINDOWS\9dvir4z35.exe
2009-12-20 05:35:34 ----A---- C:\WINDOWS\533ba95waze1304.dll
2009-12-19 06:37:50 ----A---- C:\WINDOWS\452zv59880.dll
2009-12-12 11:05:58 ----A---- C:\WINDOWS\92z63hacktoo57c2.exe
2009-12-12 06:14:15 ----A---- C:\WINDOWS\system32\5095vzr955.dll
2009-12-09 10:49:30 ----A---- C:\WINDOWS\system32\15591zroj780.exe
2009-12-01 15:46:15 ----A---- C:\WINDOWS\system32\4202vi92854z.dll
2009-12-01 11:18:30 ----A---- C:\WINDOWS\system32\9zb9thief5836.dll
2009-11-27 13:59:02 ----A---- C:\WINDOWS\139955acktoolz1.dll
2009-11-26 18:43:48 ----A---- C:\WINDOWS\system32\3b6zv5r1997.exe
2009-11-24 07:01:34 ----A---- C:\WINDOWS\system32\4ebdo5nlo9der17z4.dll
2009-11-19 12:21:40 ----A---- C:\WINDOWS\system32\z91465orm49d.dll
2009-11-18 07:31:19 ----A---- C:\WINDOWS\system32\6fez5par9e3228.dll
2009-11-17 00:21:47 ----A---- C:\WINDOWS\9z396worm350.exe
2009-11-16 14:25:27 ----A---- C:\WINDOWS\system32\z51cst5al2939.dll
2009-11-14 08:26:48 ----A---- C:\WINDOWS\system32\5397wozm96f.dll
2009-11-13 00:55:17 ----A---- C:\WINDOWS\system32\37c9z95rse1952.exe
2009-11-10 23:03:05 ----A---- C:\WINDOWS\2z9tro539d.dll
2009-11-10 04:12:53 ----A---- C:\WINDOWS\312z9viru56bb.dll
2009-11-01 23:50:15 ----A---- C:\WINDOWS\10953hackt9o566z.exe
2009-10-21 23:00:58 ----A---- C:\WINDOWS\system32\26zet5ief3917.dll
2009-10-20 16:15:49 ----A---- C:\WINDOWS\system32\2899steal5134z.dll
2009-10-19 22:29:56 ----A---- C:\WINDOWS\2b95spz9are667.dll
2009-10-14 08:23:18 ----A---- C:\WINDOWS\1869stezl3512.dll
2009-10-11 04:10:29 ----A---- C:\WINDOWS\system32\2605th9ef3z94.dll
2009-10-06 12:26:26 ----A---- C:\WINDOWS\system32\21374zir95324.exe
2009-10-06 03:00:19 ----A---- C:\WINDOWS\system32\35b4zpyw9r52978.exe
2009-10-03 13:27:15 ----A---- C:\WINDOWS\az3spa59e38.exe
2009-09-27 21:00:17 ----A---- C:\WINDOWS\56515zo9m7e7.exe
2009-09-26 23:37:39 ----A---- C:\WINDOWS\system32\b40backdoorz659.exe
2009-09-17 14:24:02 ----A---- C:\WINDOWS\system32\177859roj795z.dll
2009-09-14 02:27:18 ----A---- C:\WINDOWS\z4913h5ckt9olb3.exe
2009-09-11 11:24:19 ----A---- C:\WINDOWS\system32\1478zs59105.exe
2009-08-27 20:38:16 ----A---- C:\WINDOWS\18557spy9z9.exe
2009-08-18 23:42:18 ----A---- C:\WINDOWS\system32\5za9thief1445.dll
2009-08-15 03:13:53 ----A---- C:\WINDOWS\system32\3aea5dw9ze75.dll
2009-08-14 19:36:02 ----A---- C:\WINDOWS\52e6v9z330.dll
2009-08-11 16:42:49 ----A---- C:\WINDOWS\8895troz5bc.dll
2009-08-09 18:55:26 ----A---- C:\WINDOWS\system32\9988zhreat5908.exe
2009-08-06 08:50:43 ----A---- C:\WINDOWS\system32\4945no5-a-viruz39.dll
2009-08-06 07:30:23 ----A---- C:\WINDOWS\system32\25z36tro5992.dll
2009-08-06 04:57:52 ----A---- C:\WINDOWS\1248d9wzlo5der2705.exe
2009-08-04 20:04:49 ----A---- C:\WINDOWS\75e0thre9z56168.dll
2009-08-03 04:19:51 ----A---- C:\WINDOWS\9b35parse293z.exe
2009-08-02 18:43:19 ----A---- C:\WINDOWS\system32\19707vzr9s2d5.exe
2009-08-02 16:54:21 ----A---- C:\WINDOWS\2733395y38dz.exe
2009-07-27 06:43:49 ----A---- C:\WINDOWS\8135s9azbot327.dll
2009-07-25 23:35:48 ----A---- C:\WINDOWS\123275ot-a-vi9us92z.dll
2009-07-12 09:47:15 ----A---- C:\WINDOWS\2411vzr5s1ed9.dll
2009-07-12 04:15:43 ----A---- C:\WINDOWS\system32\31859troj6za.exe
2009-07-03 02:15:15 ----A---- C:\WINDOWS\system32\1f419tzal545.dll
2009-07-01 08:06:50 ----A---- C:\WINDOWS\system32\46b5backdooz26939.exe
2009-06-28 18:18:40 ----A---- C:\WINDOWS\system32\17597ha9k5ool21z.dll
2009-06-27 00:12:09 ----A---- C:\WINDOWS\2951stzal1627.exe
2009-06-26 04:14:07 ----A---- C:\WINDOWS\35815spam9oz51e.exe
2009-06-16 23:51:25 ----A---- C:\WINDOWS\4e58baczd9or2371.dll
2009-06-12 05:35:18 ----A---- C:\WINDOWS\system32\96afs5ywarz248.exe
2009-06-05 16:44:07 ----A---- C:\WINDOWS\7428z9ea592.dll
2009-06-05 10:15:41 ----A---- C:\WINDOWS\system32\5295s5arsz991.exe
2009-06-02 17:21:32 ----A---- C:\WINDOWS\system32\z5e55hreat14399.dll
2009-06-01 11:24:21 ----A---- C:\WINDOWS\26512wzr97ec.exe
2009-05-26 09:34:29 ----A---- C:\WINDOWS\41z5down9o5der1145.exe
2009-05-26 06:04:38 ----A---- C:\WINDOWS\527e95wnloadez1778.exe
2009-05-25 18:41:46 ----A---- C:\WINDOWS\11169zpamb5t627.dll
2009-05-24 04:49:17 ----A---- C:\WINDOWS\7d125ownlzader1894.dll
2009-05-19 02:19:23 ----A---- C:\WINDOWS\system32\7f0e5teal1909z.exe
2009-05-15 19:58:49 ----A---- C:\WINDOWS\system32\94f85pywzre2978.exe
2009-05-15 12:57:21 ----A---- C:\WINDOWS\system32\529bvir2z99.dll
2009-05-05 18:32:15 ----A---- C:\WINDOWS\z98bsparse9955.dll
2009-05-04 07:53:47 ----A---- C:\WINDOWS\5eb6sparze6689.dll
2009-04-26 21:19:05 ----A---- C:\WINDOWS\system32\56cf9az5door798.exe
2009-04-26 02:25:58 ----A---- C:\WINDOWS\49z9threat505669.dll
2009-04-22 21:23:31 ----A---- C:\WINDOWS\system32\99955worm5e7z.dll
2009-04-20 04:46:40 ----A---- C:\WINDOWS\system32\2541noz-a-9irus594.exe
2009-04-17 23:40:12 ----A---- C:\WINDOWS\4d6athr5z93578.dll
2009-04-13 14:51:54 ----A---- C:\WINDOWS\4439zown5oader430.dll
2009-04-10 12:39:58 ----A---- C:\WINDOWS\1014s9amb5z4df.dll
2009-04-02 18:19:49 ----A---- C:\WINDOWS\system32\z893spywa9e5233.exe
2009-03-25 10:34:58 ----A---- C:\WINDOWS\7a92backdooz2351.dll
2009-03-25 06:25:33 ----A---- C:\WINDOWS\94z29ot-a-virus656.exe
2009-03-22 07:41:15 ----A---- C:\WINDOWS\system32\694ddoznloader1585.dll
2009-03-21 00:15:17 ----A---- C:\WINDOWS\3663worm2z95.exe
2009-03-18 14:43:28 ----A---- C:\WINDOWS\39c5thief190z5.dll
2009-03-18 00:09:46 ----A---- C:\WINDOWS\system32\99537spyza9.dll
2009-03-17 05:09:51 ----A---- C:\WINDOWS\system32\9z56thre5t8595.exe
2009-03-15 03:49:48 ----A---- C:\WINDOWS\22act5zef9201.exe
2009-03-14 18:16:55 ----A---- C:\WINDOWS\5ef59dzware812.dll
2009-03-12 01:47:30 ----A---- C:\WINDOWS\3d7zspars523019.exe
2009-03-02 18:52:34 ----D---- C:\rsit
2009-02-28 05:12:42 ----A---- C:\WINDOWS\system32\24201spa5boz5999.dll
2009-02-27 22:43:24 ----D---- C:\WINDOWS\ie7updates
2009-02-27 22:42:37 ----D---- C:\WINDOWS\WBEM
2009-02-27 22:41:24 ----HDC---- C:\WINDOWS\ie7
2009-02-27 22:41:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-02-27 22:40:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-02-27 12:22:35 ----A---- C:\WINDOWS\2214zvi5us798.dll
2009-02-26 18:11:11 ----D---- C:\Documents and Settings\Owner\Application Data\Move Networks
2009-02-25 20:12:03 ----D---- C:\Program Files\Trend Micro
2009-02-25 08:57:54 ----A---- C:\WINDOWS\z9984spam5ot7aa.dll
2009-02-25 03:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-25 03:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-24 21:06:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-24 20:04:31 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-02-24 20:04:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-24 19:51:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-24 15:52:47 ----A---- C:\WINDOWS\54z60w9rm3c7.exe
2009-02-24 01:11:43 ----D---- C:\Drivers
2009-02-24 01:11:43 ----A---- C:\WINDOWS\system32\wodShellMenu.dll
2009-02-24 01:11:43 ----A---- C:\WINDOWS\system32\ChilkatCrypt2.dll
2009-02-24 00:58:09 ----A---- C:\WINDOWS\system32\521ebazk9oor3244.exe
2009-02-24 00:58:07 ----A---- C:\WINDOWS\system32\579z7tro924e.dll
2009-02-24 00:58:07 ----A---- C:\WINDOWS\27e59hiez585.dll
2009-02-24 00:58:06 ----A---- C:\WINDOWS\z1879acktoo5707.dll
2009-02-24 00:58:06 ----A---- C:\WINDOWS\system32\zc65sparse2994.dll
2009-02-24 00:58:06 ----A---- C:\WINDOWS\system32\7f35s9zal3115.exe
2009-02-24 00:58:06 ----A---- C:\WINDOWS\system32\581stezl9592.dll
2009-02-24 00:58:04 ----A---- C:\WINDOWS\system32\19535w9rmz1.exe
2009-02-24 00:58:04 ----A---- C:\WINDOWS\5d49spywar91z23.dll
2009-02-24 00:58:03 ----A---- C:\WINDOWS\5z91spywar9579.dll
2009-02-24 00:58:01 ----A---- C:\WINDOWS\6c5ownload9z1051.dll
2009-02-24 00:58:00 ----A---- C:\WINDOWS\system32\9556steaz2650.dll
2009-02-24 00:58:00 ----A---- C:\WINDOWS\9edbackdooz1452.exe
2009-02-24 00:58:00 ----A---- C:\WINDOWS\55f6dowzloa9er2997.dll
2009-02-24 00:58:00 ----A---- C:\WINDOWS\3b5threatz7094.dll
2009-02-24 00:58:00 ----A---- C:\WINDOWS\111a5parsez977.dll
2009-02-24 00:57:59 ----A---- C:\WINDOWS\system32\70b6spy5arz9992.dll
2009-02-24 00:57:58 ----A---- C:\WINDOWS\system32\11808hack9ozl7035.exe
2009-02-24 00:57:58 ----A---- C:\WINDOWS\8z73sp5m9ot54f.dll
2009-02-24 00:57:57 ----A---- C:\WINDOWS\system32\12115worm2zc9.exe
2009-02-24 00:57:57 ----A---- C:\WINDOWS\9a3bzir2725.dll
2009-02-24 00:57:56 ----A---- C:\WINDOWS\937czteal865.dll
2009-02-24 00:57:56 ----A---- C:\WINDOWS\7447no95a-vizus81.dll
2009-02-24 00:57:56 ----A---- C:\WINDOWS\2z49thi9f3505.dll
2009-02-24 00:57:55 ----A---- C:\WINDOWS\system32\43dbsp9r5z1821.exe
2009-02-24 00:57:55 ----A---- C:\WINDOWS\system32\29z50worm251.dll
2009-02-24 00:57:55 ----A---- C:\WINDOWS\4693addware2z59.exe
2009-02-24 00:57:55 ----A---- C:\WINDOWS\3z499t5oj28b.exe
2009-02-24 00:57:54 ----A---- C:\WINDOWS\system32\69fs9z5se2330.exe
2009-02-24 00:57:54 ----A---- C:\WINDOWS\system32\5z530spambot39e.exe
2009-02-24 00:57:53 ----A---- C:\WINDOWS\system32\29986vir5s35z.dll
2009-02-24 00:57:53 ----A---- C:\WINDOWS\691aba9kdo5r264z.dll
2009-02-24 00:57:52 ----A---- C:\WINDOWS\system32\659zdownloa5er2049.exe
2009-02-24 00:57:52 ----A---- C:\WINDOWS\system32\4329spywzre1556.exe
2009-02-24 00:57:52 ----A---- C:\WINDOWS\system32\13915viru55z.exe
2009-02-24 00:57:52 ----A---- C:\WINDOWS\5777dowzloader9490.exe
2009-02-24 00:57:51 ----A---- C:\WINDOWS\system32\2d229ddwarez0495.dll
2009-02-24 00:57:51 ----A---- C:\WINDOWS\system32\25408spambo96z4.dll
2009-02-24 00:57:51 ----A---- C:\WINDOWS\system32\14191spa5botz48.dll
2009-02-24 00:57:51 ----A---- C:\WINDOWS\7974s9ambot85z.dll
2009-02-24 00:57:50 ----A---- C:\WINDOWS\system32\11656s95z6c.exe
2009-02-24 00:57:50 ----A---- C:\WINDOWS\6f455zeal28069.exe
2009-02-24 00:57:48 ----A---- C:\WINDOWS\system32\50359zy6c5.dll
2009-02-24 00:57:47 ----A---- C:\WINDOWS\system32\99e2downloa5zr1559.exe
2009-02-24 00:57:47 ----A---- C:\WINDOWS\system32\4898spywarez595.exe
2009-02-24 00:57:47 ----A---- C:\WINDOWS\system32\29529wo5z79d.exe
2009-02-24 00:57:46 ----A---- C:\WINDOWS\system32\488not-az9irus3375.dll
2009-02-24 00:57:46 ----A---- C:\WINDOWS\system32\21295worm37z.dll
2009-02-24 00:57:46 ----A---- C:\WINDOWS\system32\1c9ddownloa5erz200.exe
2009-02-24 00:57:46 ----A---- C:\WINDOWS\5b50spzrse24159.exe
2009-02-24 00:57:46 ----A---- C:\WINDOWS\3bfzdo5nload9r1562.exe
2009-02-24 00:57:46 ----A---- C:\WINDOWS\25005sp9mbot44z.dll
2009-02-24 00:57:45 ----A---- C:\WINDOWS\system32\7199za9ktool750.dll
2009-02-24 00:57:45 ----A---- C:\WINDOWS\79dzspyware2755.dll
2009-02-24 00:57:45 ----A---- C:\WINDOWS\22585z5t-a-virus974.exe
2009-02-24 00:57:42 ----A---- C:\WINDOWS\system32\9zfba9kdoor1556.dll
2009-02-24 00:57:42 ----A---- C:\WINDOWS\2z309not-a5vi9us78a.dll
2009-02-24 00:57:41 ----A---- C:\WINDOWS\z380st9al950.dll
2009-02-24 00:57:41 ----A---- C:\WINDOWS\system32\6918zpy5are1393.exe
2009-02-24 00:57:41 ----A---- C:\WINDOWS\system32\16269hacztool6a95.exe
2009-02-24 00:54:26 ----A---- C:\WINDOWS\system32\promo.exe
2009-02-23 19:36:30 ----A---- C:\WINDOWS\4225sp9rsz2022.dll
2009-02-17 21:55:50 ----A---- C:\WINDOWS\32739szy9c5.dll
2009-02-17 11:17:26 ----A---- C:\WINDOWS\system32\27961vir5sz80.exe
2009-02-15 15:58:08 ----A---- C:\WINDOWS\155z19iru5ac.exe
2009-02-07 18:46:33 ----A---- C:\WINDOWS\5026zhief3059.dll
2009-02-06 14:02:16 ----A---- C:\WINDOWS\system32\1737addwarez965.dll
2009-02-03 21:29:38 ----A---- C:\WINDOWS\28995hacktoolzeb.exe

======List of files/folders modified in the last 1 months======

2009-03-02 18:52:35 ----D---- C:\WINDOWS\Temp
2009-03-02 18:42:00 ----D---- C:\WINDOWS\system32
2009-03-02 18:33:30 ----D---- C:\Program Files\Mozilla Firefox
2009-03-01 23:37:58 ----D---- C:\WINDOWS\Prefetch
2009-03-01 17:12:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-01 17:05:20 ----D---- C:\WINDOWS
2009-03-01 16:56:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-01 16:25:27 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-03-01 03:00:48 ----HD---- C:\WINDOWS\inf
2009-03-01 03:00:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-01 03:00:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-28 04:02:18 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-27 22:46:48 ----D---- C:\WINDOWS\Help
2009-02-27 22:46:48 ----D---- C:\Program Files\Internet Explorer
2009-02-27 22:44:53 ----A---- C:\WINDOWS\imsins.BAK
2009-02-27 22:43:42 ----D---- C:\WINDOWS\system32\en-us
2009-02-27 22:42:46 ----D---- C:\WINDOWS\system32\config
2009-02-27 22:42:29 ----D---- C:\WINDOWS\Media
2009-02-25 20:12:03 ----RD---- C:\Program Files
2009-02-24 21:23:13 ----D---- C:\Program Files\Common Files
2009-02-24 21:23:10 ----D---- C:\WINDOWS\system32\drivers
2009-02-11 23:56:17 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-06 21:51:52 ----D---- C:\Program Files\DivX
2009-02-06 21:51:33 ----SHD---- C:\WINDOWS\Installer
2009-02-06 21:51:33 ----HD---- C:\Config.Msi
2009-02-06 21:49:38 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-08-26 1041152]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-08-26 207616]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-08-26 675840]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\System32\DRIVERS\RT61.sys [2005-10-27 356096]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-01 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]

-----------------EOF-----------------






info:


info.txt logfile of random's system information tool 1.05 2009-03-02 18:52:42

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Search-->C:\Program Files\AIM Search\uninstaller.exe AIM Search
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom 440x 10/100 Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Last.fm 1.5.2.38918-->"C:\Program Files\Last.fm\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Essentials Media Codec Pack 1.0-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 2002 OEM-->C:\WINDOWS\Corel\uninst32.exe

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

System event log

Computer Name: FRANK-HZ6TTITKD
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 930
Source Name: Service Control Manager
Time Written: 20081021205734.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FRANK-HZ6TTITKD
Event Code: 7036
Message: The iPod Service service entered the running state.

Record Number: 929
Source Name: Service Control Manager
Time Written: 20081021205023.000000-240
Event Type: information
User:

Computer Name: FRANK-HZ6TTITKD
Event Code: 7035
Message: The iPod Service service was successfully sent a start control.

Record Number: 928
Source Name: Service Control Manager
Time Written: 20081021205023.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FRANK-HZ6TTITKD
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 927
Source Name: Service Control Manager
Time Written: 20081021205023.000000-240
Event Type: information
User:

Computer Name: FRANK-HZ6TTITKD
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 926
Source Name: Service Control Manager
Time Written: 20081021205016.000000-240
Event Type: information
User:

Application event log

Computer Name: FRANK-HZ6TTITKD
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 2397
Source Name: crypt32
Time Written: 20090221234233.000000-300
Event Type: error
User:

Computer Name: FRANK-HZ6TTITKD
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 2396
Source Name: crypt32
Time Written: 20090221234233.000000-300
Event Type: error
User:

Computer Name: FRANK-HZ6TTITKD
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 2395
Source Name: crypt32
Time Written: 20090221234233.000000-300
Event Type: error
User:

Computer Name: FRANK-HZ6TTITKD
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 2394
Source Name: crypt32
Time Written: 20090221234233.000000-300
Event Type: error
User:

Computer Name: FRANK-HZ6TTITKD
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 2393
Source Name: crypt32
Time Written: 20090221234233.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
francis89
Active Member
 
Posts: 12
Joined: February 25th, 2009, 9:19 pm

Re: Please Help! Winiguard Virus!

Unread postby MikeSwim07 » March 2nd, 2009, 10:25 pm

Download and Run OTMoveIt3
Download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double-click on OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :files
    c:\Drivers\wgp
    C:\WINDOWS\system32\promo.exe
    C:\Program Files\uTorrent
    C:\WINDOWS\system32\19598w9rz295.exe
    C:\WINDOWS\system32\48d5d9wnzoader2354.exe
    C:\WINDOWS\9dvir4z35.exe
    C:\WINDOWS\533ba95waze1304.dll
    C:\WINDOWS\452zv59880.dll
    C:\WINDOWS\92z63hacktoo57c2.exe
    C:\WINDOWS\system32\5095vzr955.dll
    C:\WINDOWS\system32\15591zroj780.exe
    C:\WINDOWS\system32\4202vi92854z.dll
    C:\WINDOWS\system32\9zb9thief5836.dll
    C:\WINDOWS\139955acktoolz1.dll
    C:\WINDOWS\system32\3b6zv5r1997.exe
    C:\WINDOWS\system32\4ebdo5nlo9der17z4.dll
    C:\WINDOWS\system32\z91465orm49d.dll
    C:\WINDOWS\system32\6fez5par9e3228.dll
    C:\WINDOWS\9z396worm350.exe
    C:\WINDOWS\system32\z51cst5al2939.dll
    C:\WINDOWS\system32\5397wozm96f.dll
    C:\WINDOWS\system32\37c9z95rse1952.exe
    C:\WINDOWS\2z9tro539d.dll
    C:\WINDOWS\312z9viru56bb.dll
    C:\WINDOWS\10953hackt9o566z.exe
    C:\WINDOWS\system32\26zet5ief3917.dll
    C:\WINDOWS\system32\2899steal5134z.dll
    C:\WINDOWS\2b95spz9are667.dll
    C:\WINDOWS\1869stezl3512.dll
    C:\WINDOWS\system32\2605th9ef3z94.dll
    C:\WINDOWS\system32\21374zir95324.exe
    C:\WINDOWS\system32\35b4zpyw9r52978.exe
    C:\WINDOWS\az3spa59e38.exe
    C:\WINDOWS\56515zo9m7e7.exe
    C:\WINDOWS\system32\b40backdoorz659.exe
    C:\WINDOWS\system32\177859roj795z.dll
    C:\WINDOWS\z4913h5ckt9olb3.exe
    C:\WINDOWS\system32\1478zs59105.exe
    C:\WINDOWS\18557spy9z9.exe
    C:\WINDOWS\system32\5za9thief1445.dll
    C:\WINDOWS\system32\3aea5dw9ze75.dll
    C:\WINDOWS\52e6v9z330.dll
    C:\WINDOWS\8895troz5bc.dll
    C:\WINDOWS\system32\9988zhreat5908.exe
    C:\WINDOWS\system32\4945no5-a-viruz39.dll
    C:\WINDOWS\system32\25z36tro5992.dll
    C:\WINDOWS\1248d9wzlo5der2705.exe
    C:\WINDOWS\75e0thre9z56168.dll
    C:\WINDOWS\9b35parse293z.exe
    C:\WINDOWS\system32\19707vzr9s2d5.exe
    C:\WINDOWS\2733395y38dz.exe
    C:\WINDOWS\8135s9azbot327.dll
    C:\WINDOWS\123275ot-a-vi9us92z.dll
    C:\WINDOWS\2411vzr5s1ed9.dll
    C:\WINDOWS\system32\31859troj6za.exe
    C:\WINDOWS\system32\1f419tzal545.dll
    C:\WINDOWS\system32\46b5backdooz26939.exe
    C:\WINDOWS\system32\17597ha9k5ool21z.dll
    C:\WINDOWS\2951stzal1627.exe
    C:\WINDOWS\35815spam9oz51e.exe
    C:\WINDOWS\4e58baczd9or2371.dll
    C:\WINDOWS\system32\96afs5ywarz248.exe
    C:\WINDOWS\7428z9ea592.dll
    C:\WINDOWS\system32\5295s5arsz991.exe
    C:\WINDOWS\system32\z5e55hreat14399.dll
    C:\WINDOWS\26512wzr97ec.exe
    C:\WINDOWS\41z5down9o5der1145.exe
    C:\WINDOWS\527e95wnloadez1778.exe
    C:\WINDOWS\11169zpamb5t627.dll
    C:\WINDOWS\7d125ownlzader1894.dll
    C:\WINDOWS\system32\7f0e5teal1909z.exe
    C:\WINDOWS\system32\94f85pywzre2978.exe
    C:\WINDOWS\system32\529bvir2z99.dll
    C:\WINDOWS\z98bsparse9955.dll
    C:\WINDOWS\5eb6sparze6689.dll
    C:\WINDOWS\system32\56cf9az5door798.exe
    C:\WINDOWS\49z9threat505669.dll
    C:\WINDOWS\system32\99955worm5e7z.dll
    C:\WINDOWS\system32\2541noz-a-9irus594.exe
    C:\WINDOWS\4d6athr5z93578.dll
    C:\WINDOWS\4439zown5oader430.dll
    C:\WINDOWS\1014s9amb5z4df.dll
    C:\WINDOWS\system32\z893spywa9e5233.exe
    C:\WINDOWS\7a92backdooz2351.dll
    C:\WINDOWS\94z29ot-a-virus656.exe
    C:\WINDOWS\system32\694ddoznloader1585.dll
    C:\WINDOWS\3663worm2z95.exe
    C:\WINDOWS\39c5thief190z5.dll
    C:\WINDOWS\system32\99537spyza9.dll
    C:\WINDOWS\system32\9z56thre5t8595.exe
    C:\WINDOWS\22act5zef9201.exe
    C:\WINDOWS\5ef59dzware812.dll
    C:\WINDOWS\3d7zspars523019.exe
    C:\WINDOWS\system32\24201spa5boz5999.dll
    C:\WINDOWS\2214zvi5us798.dll
    C:\WINDOWS\z9984spam5ot7aa.dll
    C:\WINDOWS\54z60w9rm3c7.exe
    C:\WINDOWS\system32\521ebazk9oor3244.exe
    C:\WINDOWS\system32\579z7tro924e.dll
    C:\WINDOWS\27e59hiez585.dll
    C:\WINDOWS\z1879acktoo5707.dll
    C:\WINDOWS\system32\zc65sparse2994.dll
    C:\WINDOWS\system32\7f35s9zal3115.exe
    C:\WINDOWS\system32\581stezl9592.dll
    C:\WINDOWS\system32\19535w9rmz1.exe
    C:\WINDOWS\5d49spywar91z23.dll
    C:\WINDOWS\5z91spywar9579.dll
    C:\WINDOWS\6c5ownload9z1051.dll
    C:\WINDOWS\system32\9556steaz2650.dll
    C:\WINDOWS\9edbackdooz1452.exe
    C:\WINDOWS\55f6dowzloa9er2997.dll
    C:\WINDOWS\3b5threatz7094.dll
    C:\WINDOWS\111a5parsez977.dll
    C:\WINDOWS\system32\70b6spy5arz9992.dll
    C:\WINDOWS\system32\11808hack9ozl7035.exe
    C:\WINDOWS\8z73sp5m9ot54f.dll
    C:\WINDOWS\system32\12115worm2zc9.exe
    C:\WINDOWS\9a3bzir2725.dll
    C:\WINDOWS\937czteal865.dll
    C:\WINDOWS\7447no95a-vizus81.dll
    C:\WINDOWS\2z49thi9f3505.dll
    C:\WINDOWS\system32\43dbsp9r5z1821.exe
    C:\WINDOWS\system32\29z50worm251.dll
    C:\WINDOWS\4693addware2z59.exe
    C:\WINDOWS\3z499t5oj28b.exe
    C:\WINDOWS\system32\69fs9z5se2330.exe
    C:\WINDOWS\system32\5z530spambot39e.exe
    C:\WINDOWS\system32\29986vir5s35z.dll
    C:\WINDOWS\691aba9kdo5r264z.dll
    C:\WINDOWS\system32\659zdownloa5er2049.exe
    C:\WINDOWS\system32\4329spywzre1556.exe
    C:\WINDOWS\system32\13915viru55z.exe
    C:\WINDOWS\5777dowzloader9490.exe
    C:\WINDOWS\system32\2d229ddwarez0495.dll
    C:\WINDOWS\system32\25408spambo96z4.dll
    C:\WINDOWS\system32\14191spa5botz48.dll
    C:\WINDOWS\7974s9ambot85z.dll
    C:\WINDOWS\system32\11656s95z6c.exe
    C:\WINDOWS\6f455zeal28069.exe
    C:\WINDOWS\system32\50359zy6c5.dll
    C:\WINDOWS\system32\99e2downloa5zr1559.exe
    C:\WINDOWS\system32\4898spywarez595.exe
    C:\WINDOWS\system32\29529wo5z79d.exe
    C:\WINDOWS\system32\488not-az9irus3375.dll
    C:\WINDOWS\system32\21295worm37z.dll
    C:\WINDOWS\system32\1c9ddownloa5erz200.exe
    C:\WINDOWS\5b50spzrse24159.exe
    C:\WINDOWS\3bfzdo5nload9r1562.exe
    C:\WINDOWS\25005sp9mbot44z.dll
    C:\WINDOWS\system32\7199za9ktool750.dll
    C:\WINDOWS\79dzspyware2755.dll
    C:\WINDOWS\22585z5t-a-virus974.exe
    C:\WINDOWS\system32\9zfba9kdoor1556.dll
    C:\WINDOWS\2z309not-a5vi9us78a.dll
    C:\WINDOWS\z380st9al950.dll
    C:\WINDOWS\system32\6918zpy5are1393.exe
    C:\WINDOWS\system32\16269hacztool6a95.exe
    C:\WINDOWS\system32\promo.exe
    C:\WINDOWS\4225sp9rsz2022.dll
    C:\WINDOWS\32739szy9c5.dll
    C:\WINDOWS\system32\27961vir5sz80.exe
    C:\WINDOWS\155z19iru5ac.exe
    C:\WINDOWS\5026zhief3059.dll
    C:\WINDOWS\system32\1737addwarez965.dll
    C:\WINDOWS\28995hacktoolzeb.exe
    
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "promo.exe"=-
    "WinGuard Pro"=-
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    
    
    
  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTMoveIt3.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Please now re-run RSIT.exe, this time it will only make log.txt

Please post the OTMoveIt3 log and the new RSIT log.txt
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Please Help! Winiguard Virus!

Unread postby francis89 » March 3rd, 2009, 12:54 am

OTMoveIt3 Log:

========== FILES ==========
File/Folder c:\Drivers\wgp not found.
File/Folder C:\WINDOWS\system32\promo.exe not found.
File/Folder C:\Program Files\uTorrent not found.
File/Folder C:\WINDOWS\system32\19598w9rz295.exe not found.
File/Folder C:\WINDOWS\system32\48d5d9wnzoader2354.exe not found.
File/Folder C:\WINDOWS\9dvir4z35.exe not found.
File/Folder C:\WINDOWS\533ba95waze1304.dll not found.
File/Folder C:\WINDOWS\452zv59880.dll not found.
File/Folder C:\WINDOWS\92z63hacktoo57c2.exe not found.
File/Folder C:\WINDOWS\system32\5095vzr955.dll not found.
File/Folder C:\WINDOWS\system32\15591zroj780.exe not found.
File/Folder C:\WINDOWS\system32\4202vi92854z.dll not found.
File/Folder C:\WINDOWS\system32\9zb9thief5836.dll not found.
File/Folder C:\WINDOWS\139955acktoolz1.dll not found.
File/Folder C:\WINDOWS\system32\3b6zv5r1997.exe not found.
File/Folder C:\WINDOWS\system32\4ebdo5nlo9der17z4.dll not found.
File/Folder C:\WINDOWS\system32\z91465orm49d.dll not found.
File/Folder C:\WINDOWS\system32\6fez5par9e3228.dll not found.
File/Folder C:\WINDOWS\9z396worm350.exe not found.
File/Folder C:\WINDOWS\system32\z51cst5al2939.dll not found.
File/Folder C:\WINDOWS\system32\5397wozm96f.dll not found.
File/Folder C:\WINDOWS\system32\37c9z95rse1952.exe not found.
File/Folder C:\WINDOWS\2z9tro539d.dll not found.
File/Folder C:\WINDOWS\312z9viru56bb.dll not found.
File/Folder C:\WINDOWS\10953hackt9o566z.exe not found.
File/Folder C:\WINDOWS\system32\26zet5ief3917.dll not found.
File/Folder C:\WINDOWS\system32\2899steal5134z.dll not found.
File/Folder C:\WINDOWS\2b95spz9are667.dll not found.
File/Folder C:\WINDOWS\1869stezl3512.dll not found.
File/Folder C:\WINDOWS\system32\2605th9ef3z94.dll not found.
File/Folder C:\WINDOWS\system32\21374zir95324.exe not found.
File/Folder C:\WINDOWS\system32\35b4zpyw9r52978.exe not found.
File/Folder C:\WINDOWS\az3spa59e38.exe not found.
File/Folder C:\WINDOWS\56515zo9m7e7.exe not found.
File/Folder C:\WINDOWS\system32\b40backdoorz659.exe not found.
File/Folder C:\WINDOWS\system32\177859roj795z.dll not found.
File/Folder C:\WINDOWS\z4913h5ckt9olb3.exe not found.
File/Folder C:\WINDOWS\system32\1478zs59105.exe not found.
File/Folder C:\WINDOWS\18557spy9z9.exe not found.
File/Folder C:\WINDOWS\system32\5za9thief1445.dll not found.
File/Folder C:\WINDOWS\system32\3aea5dw9ze75.dll not found.
File/Folder C:\WINDOWS\52e6v9z330.dll not found.
File/Folder C:\WINDOWS\8895troz5bc.dll not found.
File/Folder C:\WINDOWS\system32\9988zhreat5908.exe not found.
File/Folder C:\WINDOWS\system32\4945no5-a-viruz39.dll not found.
File/Folder C:\WINDOWS\system32\25z36tro5992.dll not found.
File/Folder C:\WINDOWS\1248d9wzlo5der2705.exe not found.
File/Folder C:\WINDOWS\75e0thre9z56168.dll not found.
File/Folder C:\WINDOWS\9b35parse293z.exe not found.
File/Folder C:\WINDOWS\system32\19707vzr9s2d5.exe not found.
File/Folder C:\WINDOWS\2733395y38dz.exe not found.
LoadLibrary failed for C:\WINDOWS\8135s9azbot327.dll
C:\WINDOWS\8135s9azbot327.dll NOT unregistered.
C:\WINDOWS\8135s9azbot327.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\123275ot-a-vi9us92z.dll
C:\WINDOWS\123275ot-a-vi9us92z.dll NOT unregistered.
C:\WINDOWS\123275ot-a-vi9us92z.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\2411vzr5s1ed9.dll
C:\WINDOWS\2411vzr5s1ed9.dll NOT unregistered.
C:\WINDOWS\2411vzr5s1ed9.dll moved successfully.
C:\WINDOWS\system32\31859troj6za.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\1f419tzal545.dll
C:\WINDOWS\system32\1f419tzal545.dll NOT unregistered.
C:\WINDOWS\system32\1f419tzal545.dll moved successfully.
C:\WINDOWS\system32\46b5backdooz26939.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\17597ha9k5ool21z.dll
C:\WINDOWS\system32\17597ha9k5ool21z.dll NOT unregistered.
C:\WINDOWS\system32\17597ha9k5ool21z.dll moved successfully.
C:\WINDOWS\2951stzal1627.exe moved successfully.
C:\WINDOWS\35815spam9oz51e.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\4e58baczd9or2371.dll
C:\WINDOWS\4e58baczd9or2371.dll NOT unregistered.
C:\WINDOWS\4e58baczd9or2371.dll moved successfully.
C:\WINDOWS\system32\96afs5ywarz248.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\7428z9ea592.dll
C:\WINDOWS\7428z9ea592.dll NOT unregistered.
C:\WINDOWS\7428z9ea592.dll moved successfully.
C:\WINDOWS\system32\5295s5arsz991.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\z5e55hreat14399.dll
C:\WINDOWS\system32\z5e55hreat14399.dll NOT unregistered.
C:\WINDOWS\system32\z5e55hreat14399.dll moved successfully.
C:\WINDOWS\26512wzr97ec.exe moved successfully.
C:\WINDOWS\41z5down9o5der1145.exe moved successfully.
C:\WINDOWS\527e95wnloadez1778.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\11169zpamb5t627.dll
C:\WINDOWS\11169zpamb5t627.dll NOT unregistered.
C:\WINDOWS\11169zpamb5t627.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\7d125ownlzader1894.dll
C:\WINDOWS\7d125ownlzader1894.dll NOT unregistered.
C:\WINDOWS\7d125ownlzader1894.dll moved successfully.
C:\WINDOWS\system32\7f0e5teal1909z.exe moved successfully.
C:\WINDOWS\system32\94f85pywzre2978.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\529bvir2z99.dll
C:\WINDOWS\system32\529bvir2z99.dll NOT unregistered.
C:\WINDOWS\system32\529bvir2z99.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\z98bsparse9955.dll
C:\WINDOWS\z98bsparse9955.dll NOT unregistered.
C:\WINDOWS\z98bsparse9955.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\5eb6sparze6689.dll
C:\WINDOWS\5eb6sparze6689.dll NOT unregistered.
C:\WINDOWS\5eb6sparze6689.dll moved successfully.
C:\WINDOWS\system32\56cf9az5door798.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\49z9threat505669.dll
C:\WINDOWS\49z9threat505669.dll NOT unregistered.
C:\WINDOWS\49z9threat505669.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\99955worm5e7z.dll
C:\WINDOWS\system32\99955worm5e7z.dll NOT unregistered.
C:\WINDOWS\system32\99955worm5e7z.dll moved successfully.
C:\WINDOWS\system32\2541noz-a-9irus594.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\4d6athr5z93578.dll
C:\WINDOWS\4d6athr5z93578.dll NOT unregistered.
C:\WINDOWS\4d6athr5z93578.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\4439zown5oader430.dll
C:\WINDOWS\4439zown5oader430.dll NOT unregistered.
C:\WINDOWS\4439zown5oader430.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\1014s9amb5z4df.dll
C:\WINDOWS\1014s9amb5z4df.dll NOT unregistered.
C:\WINDOWS\1014s9amb5z4df.dll moved successfully.
C:\WINDOWS\system32\z893spywa9e5233.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\7a92backdooz2351.dll
C:\WINDOWS\7a92backdooz2351.dll NOT unregistered.
C:\WINDOWS\7a92backdooz2351.dll moved successfully.
C:\WINDOWS\94z29ot-a-virus656.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\694ddoznloader1585.dll
C:\WINDOWS\system32\694ddoznloader1585.dll NOT unregistered.
C:\WINDOWS\system32\694ddoznloader1585.dll moved successfully.
C:\WINDOWS\3663worm2z95.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\39c5thief190z5.dll
C:\WINDOWS\39c5thief190z5.dll NOT unregistered.
C:\WINDOWS\39c5thief190z5.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\99537spyza9.dll
C:\WINDOWS\system32\99537spyza9.dll NOT unregistered.
C:\WINDOWS\system32\99537spyza9.dll moved successfully.
C:\WINDOWS\system32\9z56thre5t8595.exe moved successfully.
C:\WINDOWS\22act5zef9201.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\5ef59dzware812.dll
C:\WINDOWS\5ef59dzware812.dll NOT unregistered.
C:\WINDOWS\5ef59dzware812.dll moved successfully.
C:\WINDOWS\3d7zspars523019.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\24201spa5boz5999.dll
C:\WINDOWS\system32\24201spa5boz5999.dll NOT unregistered.
C:\WINDOWS\system32\24201spa5boz5999.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\2214zvi5us798.dll
C:\WINDOWS\2214zvi5us798.dll NOT unregistered.
C:\WINDOWS\2214zvi5us798.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\z9984spam5ot7aa.dll
C:\WINDOWS\z9984spam5ot7aa.dll NOT unregistered.
C:\WINDOWS\z9984spam5ot7aa.dll moved successfully.
C:\WINDOWS\54z60w9rm3c7.exe moved successfully.
C:\WINDOWS\system32\521ebazk9oor3244.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\579z7tro924e.dll
C:\WINDOWS\system32\579z7tro924e.dll NOT unregistered.
C:\WINDOWS\system32\579z7tro924e.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\27e59hiez585.dll
C:\WINDOWS\27e59hiez585.dll NOT unregistered.
C:\WINDOWS\27e59hiez585.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\z1879acktoo5707.dll
C:\WINDOWS\z1879acktoo5707.dll NOT unregistered.
C:\WINDOWS\z1879acktoo5707.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\zc65sparse2994.dll
C:\WINDOWS\system32\zc65sparse2994.dll NOT unregistered.
C:\WINDOWS\system32\zc65sparse2994.dll moved successfully.
C:\WINDOWS\system32\7f35s9zal3115.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\581stezl9592.dll
C:\WINDOWS\system32\581stezl9592.dll NOT unregistered.
C:\WINDOWS\system32\581stezl9592.dll moved successfully.
C:\WINDOWS\system32\19535w9rmz1.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\5d49spywar91z23.dll
C:\WINDOWS\5d49spywar91z23.dll NOT unregistered.
C:\WINDOWS\5d49spywar91z23.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\5z91spywar9579.dll
C:\WINDOWS\5z91spywar9579.dll NOT unregistered.
C:\WINDOWS\5z91spywar9579.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\6c5ownload9z1051.dll
C:\WINDOWS\6c5ownload9z1051.dll NOT unregistered.
C:\WINDOWS\6c5ownload9z1051.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\9556steaz2650.dll
C:\WINDOWS\system32\9556steaz2650.dll NOT unregistered.
C:\WINDOWS\system32\9556steaz2650.dll moved successfully.
C:\WINDOWS\9edbackdooz1452.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\55f6dowzloa9er2997.dll
C:\WINDOWS\55f6dowzloa9er2997.dll NOT unregistered.
C:\WINDOWS\55f6dowzloa9er2997.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\3b5threatz7094.dll
C:\WINDOWS\3b5threatz7094.dll NOT unregistered.
C:\WINDOWS\3b5threatz7094.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\111a5parsez977.dll
C:\WINDOWS\111a5parsez977.dll NOT unregistered.
C:\WINDOWS\111a5parsez977.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\70b6spy5arz9992.dll
C:\WINDOWS\system32\70b6spy5arz9992.dll NOT unregistered.
C:\WINDOWS\system32\70b6spy5arz9992.dll moved successfully.
C:\WINDOWS\system32\11808hack9ozl7035.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\8z73sp5m9ot54f.dll
C:\WINDOWS\8z73sp5m9ot54f.dll NOT unregistered.
C:\WINDOWS\8z73sp5m9ot54f.dll moved successfully.
C:\WINDOWS\system32\12115worm2zc9.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\9a3bzir2725.dll
C:\WINDOWS\9a3bzir2725.dll NOT unregistered.
C:\WINDOWS\9a3bzir2725.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\937czteal865.dll
C:\WINDOWS\937czteal865.dll NOT unregistered.
C:\WINDOWS\937czteal865.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\7447no95a-vizus81.dll
C:\WINDOWS\7447no95a-vizus81.dll NOT unregistered.
C:\WINDOWS\7447no95a-vizus81.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\2z49thi9f3505.dll
C:\WINDOWS\2z49thi9f3505.dll NOT unregistered.
C:\WINDOWS\2z49thi9f3505.dll moved successfully.
C:\WINDOWS\system32\43dbsp9r5z1821.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\29z50worm251.dll
C:\WINDOWS\system32\29z50worm251.dll NOT unregistered.
C:\WINDOWS\system32\29z50worm251.dll moved successfully.
C:\WINDOWS\4693addware2z59.exe moved successfully.
C:\WINDOWS\3z499t5oj28b.exe moved successfully.
C:\WINDOWS\system32\69fs9z5se2330.exe moved successfully.
C:\WINDOWS\system32\5z530spambot39e.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\29986vir5s35z.dll
C:\WINDOWS\system32\29986vir5s35z.dll NOT unregistered.
C:\WINDOWS\system32\29986vir5s35z.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\691aba9kdo5r264z.dll
C:\WINDOWS\691aba9kdo5r264z.dll NOT unregistered.
C:\WINDOWS\691aba9kdo5r264z.dll moved successfully.
C:\WINDOWS\system32\659zdownloa5er2049.exe moved successfully.
C:\WINDOWS\system32\4329spywzre1556.exe moved successfully.
C:\WINDOWS\system32\13915viru55z.exe moved successfully.
C:\WINDOWS\5777dowzloader9490.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\2d229ddwarez0495.dll
C:\WINDOWS\system32\2d229ddwarez0495.dll NOT unregistered.
C:\WINDOWS\system32\2d229ddwarez0495.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\25408spambo96z4.dll
C:\WINDOWS\system32\25408spambo96z4.dll NOT unregistered.
C:\WINDOWS\system32\25408spambo96z4.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\14191spa5botz48.dll
C:\WINDOWS\system32\14191spa5botz48.dll NOT unregistered.
C:\WINDOWS\system32\14191spa5botz48.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\7974s9ambot85z.dll
C:\WINDOWS\7974s9ambot85z.dll NOT unregistered.
C:\WINDOWS\7974s9ambot85z.dll moved successfully.
C:\WINDOWS\system32\11656s95z6c.exe moved successfully.
C:\WINDOWS\6f455zeal28069.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\50359zy6c5.dll
C:\WINDOWS\system32\50359zy6c5.dll NOT unregistered.
C:\WINDOWS\system32\50359zy6c5.dll moved successfully.
C:\WINDOWS\system32\99e2downloa5zr1559.exe moved successfully.
C:\WINDOWS\system32\4898spywarez595.exe moved successfully.
C:\WINDOWS\system32\29529wo5z79d.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\488not-az9irus3375.dll
C:\WINDOWS\system32\488not-az9irus3375.dll NOT unregistered.
C:\WINDOWS\system32\488not-az9irus3375.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\21295worm37z.dll
C:\WINDOWS\system32\21295worm37z.dll NOT unregistered.
C:\WINDOWS\system32\21295worm37z.dll moved successfully.
C:\WINDOWS\system32\1c9ddownloa5erz200.exe moved successfully.
C:\WINDOWS\5b50spzrse24159.exe moved successfully.
C:\WINDOWS\3bfzdo5nload9r1562.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\25005sp9mbot44z.dll
C:\WINDOWS\25005sp9mbot44z.dll NOT unregistered.
C:\WINDOWS\25005sp9mbot44z.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\7199za9ktool750.dll
C:\WINDOWS\system32\7199za9ktool750.dll NOT unregistered.
C:\WINDOWS\system32\7199za9ktool750.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\79dzspyware2755.dll
C:\WINDOWS\79dzspyware2755.dll NOT unregistered.
C:\WINDOWS\79dzspyware2755.dll moved successfully.
C:\WINDOWS\22585z5t-a-virus974.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\9zfba9kdoor1556.dll
C:\WINDOWS\system32\9zfba9kdoor1556.dll NOT unregistered.
C:\WINDOWS\system32\9zfba9kdoor1556.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\2z309not-a5vi9us78a.dll
C:\WINDOWS\2z309not-a5vi9us78a.dll NOT unregistered.
C:\WINDOWS\2z309not-a5vi9us78a.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\z380st9al950.dll
C:\WINDOWS\z380st9al950.dll NOT unregistered.
C:\WINDOWS\z380st9al950.dll moved successfully.
C:\WINDOWS\system32\6918zpy5are1393.exe moved successfully.
C:\WINDOWS\system32\16269hacztool6a95.exe moved successfully.
File/Folder C:\WINDOWS\system32\promo.exe not found.
LoadLibrary failed for C:\WINDOWS\4225sp9rsz2022.dll
C:\WINDOWS\4225sp9rsz2022.dll NOT unregistered.
C:\WINDOWS\4225sp9rsz2022.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\32739szy9c5.dll
C:\WINDOWS\32739szy9c5.dll NOT unregistered.
C:\WINDOWS\32739szy9c5.dll moved successfully.
C:\WINDOWS\system32\27961vir5sz80.exe moved successfully.
C:\WINDOWS\155z19iru5ac.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\5026zhief3059.dll
C:\WINDOWS\5026zhief3059.dll NOT unregistered.
C:\WINDOWS\5026zhief3059.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\1737addwarez965.dll
C:\WINDOWS\system32\1737addwarez965.dll NOT unregistered.
C:\WINDOWS\system32\1737addwarez965.dll moved successfully.
C:\WINDOWS\28995hacktoolzeb.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\promo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinGuard Pro deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03022009_235053







RSIT Log:


Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-03-02 23:53:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 136 GB (89%) free of 153 GB
Total RAM: 1022 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:06 PM, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Stuff\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7195 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2008-08-06 111912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-01 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-03-02 23:48:36 ----D---- C:\_OTMoveIt
2009-03-02 18:52:34 ----D---- C:\rsit
2009-02-27 22:43:24 ----D---- C:\WINDOWS\ie7updates
2009-02-27 22:42:37 ----D---- C:\WINDOWS\WBEM
2009-02-27 22:41:24 ----HDC---- C:\WINDOWS\ie7
2009-02-27 22:41:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-02-27 22:40:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-02-26 18:11:11 ----D---- C:\Documents and Settings\Owner\Application Data\Move Networks
2009-02-25 20:12:03 ----D---- C:\Program Files\Trend Micro
2009-02-25 03:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-25 03:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-24 21:06:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-24 20:04:31 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-02-24 20:04:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-24 19:51:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-24 01:11:43 ----D---- C:\Drivers
2009-02-24 01:11:43 ----A---- C:\WINDOWS\system32\wodShellMenu.dll
2009-02-24 01:11:43 ----A---- C:\WINDOWS\system32\ChilkatCrypt2.dll

======List of files/folders modified in the last 1 months======

2009-03-02 23:53:06 ----D---- C:\WINDOWS\Temp
2009-03-02 23:50:57 ----D---- C:\WINDOWS\system32
2009-03-02 23:50:57 ----D---- C:\WINDOWS
2009-03-02 23:48:43 ----RD---- C:\Program Files
2009-03-02 23:47:41 ----D---- C:\WINDOWS\Prefetch
2009-03-02 23:36:47 ----D---- C:\Program Files\Mozilla Firefox
2009-03-01 17:12:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-01 16:56:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-01 16:25:27 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-03-01 03:00:48 ----HD---- C:\WINDOWS\inf
2009-03-01 03:00:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-01 03:00:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-28 04:02:18 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-27 22:46:48 ----D---- C:\WINDOWS\Help
2009-02-27 22:46:48 ----D---- C:\Program Files\Internet Explorer
2009-02-27 22:44:53 ----A---- C:\WINDOWS\imsins.BAK
2009-02-27 22:43:42 ----D---- C:\WINDOWS\system32\en-us
2009-02-27 22:42:46 ----D---- C:\WINDOWS\system32\config
2009-02-27 22:42:29 ----D---- C:\WINDOWS\Media
2009-02-24 21:23:13 ----D---- C:\Program Files\Common Files
2009-02-24 21:23:10 ----D---- C:\WINDOWS\system32\drivers
2009-02-11 23:56:17 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-06 21:51:52 ----D---- C:\Program Files\DivX
2009-02-06 21:51:33 ----SHD---- C:\WINDOWS\Installer
2009-02-06 21:51:33 ----HD---- C:\Config.Msi
2009-02-06 21:49:38 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-08-26 1041152]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-08-26 207616]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-08-26 675840]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\System32\DRIVERS\RT61.sys [2005-10-27 356096]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-01 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]

-----------------EOF-----------------
francis89
Active Member
 
Posts: 12
Joined: February 25th, 2009, 9:19 pm

Re: Please Help! Winiguard Virus!

Unread postby MikeSwim07 » March 3rd, 2009, 4:52 pm

Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Please Help! Winiguard Virus!

Unread postby francis89 » March 4th, 2009, 1:59 am

Hopefully this log means some type of good news...






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, March 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, March 04, 2009 02:40:34
Records in database: 1867196
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 39708
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:35:16

No malware has been detected. The scan area is clean.

The selected area was scanned.
francis89
Active Member
 
Posts: 12
Joined: February 25th, 2009, 9:19 pm

Re: Please Help! Winiguard Virus!

Unread postby MikeSwim07 » March 4th, 2009, 10:30 pm

This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Now that you are clean, I have some tips & tricks for you to keep your computer clean and secure. The first few (like removing dangerous tools and Windows Update) have to be done, the others are optional.

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:

    Delete Harmful tools with OTMoveIt3

    • Start OTMoveIt.exe
    • Click on CleanUp!
    • A list of tools will be downloaded from the internet
    • When a box pops up click Yes
  • You may delete any logs that any of the tools produced. Please also delete RSIT.exe and C:\RSIT (folder)

  • Clear Old System Restore Points
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once,and not on a regular basis
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti-Virus Software - It is imperative that you update your Anti-virus software everyday. If you do not allow your anti-virus software to update itself then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti-virus software. A tutorial on installing & using this product can be found here:
    Tutorial for Spybot S & D
  • Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
    WinPatrol
    The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.
  • Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial here:
    WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
  • Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Although every browser gets exploited by malware, certain programs are exploited not as much. It is important that you keep your browser up-to-date. Try using a different browser instead:
    Firefox
    Opera
  • Bookmark this general cleanup link - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly check (bookmark please) this link for tips & tricks:
    Help! My computer is slow
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

>> Here << you can see how you can help us.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Please Help! Winiguard Virus!

Unread postby francis89 » March 5th, 2009, 2:21 am

Thank you so much, my computer does appear to be clean.


Thanks for the help,
Frank
francis89
Active Member
 
Posts: 12
Joined: February 25th, 2009, 9:19 pm

Re: Please Help! Winiguard Virus!

Unread postby NonSuch » March 7th, 2009, 11:36 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware