Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • This topic is locked This topic is locked
7 replies to this topic

#1 Aninha

Aninha

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington Dc
  • Local time:07:04 AM

Posted 10 February 2009 - 08:51 PM

I had a post somewhere else, but I was told to move here.

Here's a link to the old post>> http://www.bleepingcomputer.com/forums/t/201830/i-am-infected/

Plus, I've installed the new IE 8 and so far I haven't had any pop up, but I still can't remove the HP software's and my computer is kind slow.

Here's the log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Aninha at 20:44:20.08 on Tue 02/10/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.826 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\sttray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aninha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XQGGL2D\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [1194862116] c:\progra~1\egames\puzzle~1\register\egames~1.exe /r "c:\progra~1\egames\puzzle~1\register\EGAMES~1.rpd"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\users\aninha\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {DBD05ECB-069F-4813-A20F-84CC87F2A0D2} = 68.28.122.93 68.28.114.91
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: avgrsstx.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\program files\gbplugin\gbiehcef.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\aninha\appdata\roaming\mozilla\firefox\profiles\e8qff1e9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.surfthechannel.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\users\aninha\appdata\roaming\mozilla\firefox\profiles\e8qff1e9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-5 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-5 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-5 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-5 298264]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2008-11-7 25824]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]
RUnknown GbpSv;GbpSv; [x]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-10-15 124160]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-02-10 11:43 --d----- c:\program files\Microsoft
2009-02-08 20:47 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-08 20:47 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-08 20:47 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-08 20:47 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-08 20:47 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-08 20:47 11,264 a------- c:\windows\system32\icardres.dll
2009-02-08 20:47 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-08 20:47 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-08 20:32 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-08 20:32 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-08 20:32 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-08 20:32 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-08 20:32 83,968 a------- c:\windows\system32\mscories.dll
2009-02-05 23:23 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-05 23:23 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-05 23:22 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-05 23:22 --d----- c:\windows\system32\drivers\Avg
2009-02-05 23:22 --d----- c:\program files\AVG
2009-02-05 23:22 --d----- c:\programdata\avg8
2009-02-05 23:22 --d----- c:\progra~2\avg8
2009-02-05 21:21 --d----- c:\program files\Sierra Wireless
2009-02-05 21:20 --d----- c:\program files\Novatel Wireless
2009-02-05 21:20 --d----- c:\program files\common files\PctelEapPeer Authentication
2009-02-05 21:20 --d----- c:\programdata\Sprint
2009-02-05 21:20 --d----- c:\progra~2\Sprint
2009-02-05 21:15 --d----- c:\users\aninha\appdata\roaming\Sierra Wireless
2009-02-05 21:15 --d----- c:\program files\Sierra Wireless Inc
2009-01-15 10:51 --d----- c:\programdata\Kaspersky Lab
2009-01-15 10:51 --d----- c:\progra~2\Kaspersky Lab
2009-01-15 09:21 --d----- c:\programdata\Kaspersky Lab Setup Files
2009-01-15 09:21 --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-01-14 23:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 19:51 288,768 a------- c:\windows\system32\drivers\srv.sys

==================== Find3M ====================

2009-02-05 19:12 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-05 19:12 86,016 a------- c:\windows\inf\infstor.dat
2009-02-05 19:12 86,016 a------- c:\windows\inf\infpub.dat
2009-01-15 02:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 02:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 02:04 109,056 a------- c:\windows\system32\iesysprep.dll
2009-01-15 02:04 132,096 a------- c:\windows\system32\ieUnatt.exe
2009-01-15 02:04 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-01-15 02:04 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-01-15 02:04 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-01-15 02:04 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-01-15 02:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 02:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 02:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 02:03 66,560 a------- c:\windows\system32\wextract.exe
2009-01-15 02:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-01-15 02:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 02:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 01:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-11-20 23:33 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-11-20 23:33 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-09-21 00:46 174 a--sh--- c:\program files\desktop.ini
2008-09-21 00:31 665,600 a------- c:\windows\inf\drvindex.dat
2008-08-17 11:48 56 a---h--- c:\programdata\ezsidmv.dat
2008-08-17 11:48 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-06 17:25 20 a---h--- c:\programdata\PKP_DLdw.DAT
2008-06-06 17:25 20 a---h--- c:\progra~2\PKP_DLdw.DAT
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:45:39.31 ===============

BC AdBot (Login to Remove)

 


#2 Aninha

Aninha
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington Dc
  • Local time:07:04 AM

Posted 17 February 2009 - 03:57 PM

This community used to be better....

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:04 AM

Posted 22 February 2009 - 09:44 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 Aninha

Aninha
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington Dc
  • Local time:07:04 AM

Posted 23 February 2009 - 09:54 PM

Hi Sue!

Thanks for the help! I have updated the IE and so far I haven't gotten any pop up, also I got to remove what I wanted, but still, you can check the system, I still get a lot of "This page stopped working and need to close the program", also a little slow, hopefully, there's no viruses!

I ran the RSIT and here's the log.txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Aninha at 2009-02-23 21:43:14
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 32 GB (31%) free of 102 GB
Total RAM: 2046 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:52, on 2/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\sttray.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Aninha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PN34V40L\RSIT[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Aninha.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [1194862116] C:\PROGRA~1\eGames\PUZZLE~1\Register\EGAMES~1.EXE /r "C:\PROGRA~1\eGames\PUZZLE~1\Register\EGAMES~1.rpd"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBD05ECB-069F-4813-A20F-84CC87F2A0D2}: NameServer = 68.28.122.93 68.28.114.91
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sprint Con App Svc (CASprint) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Google Update Service (gupdate1c9939a6ec942a0) (gupdate1c9939a6ec942a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 8807 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{7FA1528F-F56F-4B4E-BA27-9CFC872D2E22}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-10 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-20 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-17 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
"1194862116"=C:\PROGRA~1\eGames\PUZZLE~1\Register\EGAMES~1.EXE /r C:\PROGRA~1\eGames\PUZZLE~1\Register\EGAMES~1.rpd []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-10 185896]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-22 303104]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"WD Anywhere Backup"=C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe [2008-11-07 197856]
"Sprint SmartView"=C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe [2008-10-15 17664]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-17 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]

C:\Users\Aninha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-14 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Program Files\GbPlugin\gbiehcef.dll []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24fe3272-6232-11dd-b8f4-0019b95bd538}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b79874-34c1-11dd-b5e9-0019b95bd538}]
shell\AutoRun\command - F:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a14c40-7ee2-11dd-9b84-0019b95bd538}]
shell\AutoRun\command - F:\WIN\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5548042-e748-11dd-8b1e-0019b95bd538}]
shell\AutoRun\command - G:\LaunchU3.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 3 months======

2009-02-23 21:43:14 ----DC---- C:\rsit
2009-02-20 12:52:15 ----D---- C:\ProgramData\Google Updater
2009-02-19 20:51:18 ----D---- C:\Program Files\Adobe Media Player
2009-02-19 20:51:13 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-17 16:35:02 ----D---- C:\Windows\system32\Dell
2009-02-17 16:16:51 ----A---- C:\Windows\system32\javaws.exe
2009-02-17 16:16:51 ----A---- C:\Windows\system32\javaw.exe
2009-02-17 16:16:51 ----A---- C:\Windows\system32\java.exe
2009-02-17 16:16:51 ----A---- C:\Windows\system32\deploytk.dll
2009-02-15 22:53:09 ----A---- C:\Windows\system32\aswBoot.exe
2009-02-15 22:53:07 ----D---- C:\Program Files\Alwil Software
2009-02-14 21:44:46 ----A---- C:\Windows\system32\EncDec.dll
2009-02-14 21:44:42 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-13 23:29:17 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-10 11:43:08 ----D---- C:\Program Files\Microsoft
2009-02-08 20:58:46 ----A---- C:\Windows\system32\mshtmled.dll
2009-02-08 20:58:46 ----A---- C:\Windows\system32\icardie.dll
2009-02-08 20:58:45 ----A---- C:\Windows\system32\msls31.dll
2009-02-08 20:58:45 ----A---- C:\Windows\system32\mshtmler.dll
2009-02-08 20:58:45 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-08 20:58:45 ----A---- C:\Windows\system32\ieui.dll
2009-02-08 20:58:45 ----A---- C:\Windows\system32\admparse.dll
2009-02-08 20:58:44 ----A---- C:\Windows\system32\iernonce.dll
2009-02-08 20:58:44 ----A---- C:\Windows\system32\ieakeng.dll
2009-02-08 20:58:44 ----A---- C:\Windows\system32\corpol.dll
2009-02-08 20:58:44 ----A---- C:\Windows\system32\advpack.dll
2009-02-08 20:58:43 ----A---- C:\Windows\system32\imgutil.dll
2009-02-08 20:58:43 ----A---- C:\Windows\system32\iepeers.dll
2009-02-08 20:58:43 ----A---- C:\Windows\system32\dxtrans.dll
2009-02-08 20:58:43 ----A---- C:\Windows\system32\dxtmsft.dll
2009-02-08 20:58:42 ----A---- C:\Windows\system32\occache.dll
2009-02-08 20:58:42 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-02-08 20:58:42 ----A---- C:\Windows\system32\licmgr10.dll
2009-02-08 20:58:42 ----A---- C:\Windows\system32\inseng.dll
2009-02-08 20:58:42 ----A---- C:\Windows\system32\ieaksie.dll
2009-02-08 20:58:41 ----A---- C:\Windows\system32\webcheck.dll
2009-02-08 20:58:41 ----A---- C:\Windows\system32\msrating.dll
2009-02-08 20:58:41 ----A---- C:\Windows\system32\iesetup.dll
2009-02-08 20:58:40 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-02-08 20:58:40 ----A---- C:\Windows\system32\wextract.exe
2009-02-08 20:58:40 ----A---- C:\Windows\system32\mstime.dll
2009-02-08 20:58:40 ----A---- C:\Windows\system32\msfeedssync.exe
2009-02-08 20:58:40 ----A---- C:\Windows\system32\ieakui.dll
2009-02-08 20:58:39 ----A---- C:\Windows\system32\pngfilt.dll
2009-02-08 20:58:39 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-08 20:58:38 ----A---- C:\Windows\system32\vbscript.dll
2009-02-08 20:58:38 ----A---- C:\Windows\system32\jscript.dll
2009-02-08 20:58:38 ----A---- C:\Windows\system32\ieapfltr.dll
2009-02-08 20:58:37 ----A---- C:\Windows\system32\url.dll
2009-02-08 20:58:37 ----A---- C:\Windows\system32\iedkcs32.dll
2009-02-08 20:58:36 ----A---- C:\Windows\system32\mshta.exe
2009-02-08 20:58:36 ----A---- C:\Windows\system32\iexpress.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\SetDepNx.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\PDMSetup.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\ieUnatt.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\iesysprep.dll
2009-02-08 20:58:34 ----A---- C:\Windows\system32\iertutil.dll
2009-02-08 20:58:34 ----A---- C:\Windows\system32\ie4uinit.exe
2009-02-08 20:58:33 ----A---- C:\Windows\system32\wininet.dll
2009-02-08 20:58:33 ----A---- C:\Windows\system32\urlmon.dll
2009-02-08 20:58:30 ----A---- C:\Windows\system32\ieframe.dll
2009-02-08 20:58:29 ----A---- C:\Windows\system32\mshtml.dll
2009-02-08 20:47:31 ----A---- C:\Windows\system32\infocardapi.dll
2009-02-08 20:47:30 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-08 20:47:29 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-02-08 20:47:29 ----A---- C:\Windows\system32\icardres.dll
2009-02-08 20:47:29 ----A---- C:\Windows\system32\icardagt.exe
2009-02-08 20:47:25 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-02-08 20:47:21 ----A---- C:\Windows\system32\PresentationHost.exe
2009-02-08 20:32:44 ----A---- C:\Windows\system32\dfshim.dll
2009-02-08 20:32:38 ----A---- C:\Windows\system32\mscoree.dll
2009-02-08 20:32:36 ----A---- C:\Windows\system32\netfxperf.dll
2009-02-08 20:32:07 ----A---- C:\Windows\system32\mscorier.dll
2009-02-08 20:32:00 ----A---- C:\Windows\system32\mscories.dll
2009-02-05 23:23:12 ----A---- C:\Windows\system32\avgrsstx.dll.install_backup
2009-02-05 23:22:40 ----D---- C:\Program Files\AVG
2009-02-05 23:22:39 ----D---- C:\ProgramData\avg8
2009-02-05 21:21:12 ----D---- C:\Program Files\Sierra Wireless
2009-02-05 21:20:52 ----D---- C:\Program Files\Novatel Wireless
2009-02-05 21:20:52 ----D---- C:\Program Files\Common Files\PctelEapPeer Authentication
2009-02-05 21:20:51 ----D---- C:\ProgramData\Sprint
2009-02-05 21:15:09 ----D---- C:\Users\Aninha\AppData\Roaming\Sierra Wireless
2009-02-05 21:15:09 ----D---- C:\Program Files\Sierra Wireless Inc
2009-01-15 10:51:07 ----D---- C:\ProgramData\Kaspersky Lab
2009-01-15 09:21:41 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-01-10 12:42:25 ----D---- C:\Program Files\Common Files\eSellerate
2009-01-10 12:42:19 ----D---- C:\Program Files\WD
2009-01-07 21:38:17 ----D---- C:\Program Files\Adobe
2008-12-23 15:22:23 ----A---- C:\Windows\system32\tzres.dll
2008-12-23 15:08:46 ----A---- C:\Windows\system32\gdi32.dll
2008-12-23 15:07:20 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-23 15:07:19 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-23 15:07:08 ----A---- C:\Windows\system32\shell32.dll
2008-12-23 15:06:31 ----A---- C:\Windows\explorer.exe
2008-12-23 15:06:27 ----A---- C:\Windows\system32\mf.dll
2008-12-23 15:06:26 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-23 15:06:26 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-23 15:06:25 ----A---- C:\Windows\system32\logagent.exe
2008-12-12 11:18:16 ----A---- C:\Windows\system32\dns-sd.exe
2008-12-12 11:11:46 ----A---- C:\Windows\system32\dnssd.dll
2008-11-27 12:59:24 ----A---- C:\Windows\system32\wups2.dll
2008-11-27 12:59:23 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-27 12:59:21 ----A---- C:\Windows\system32\wucltux.dll
2008-11-27 12:59:21 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-27 12:58:56 ----A---- C:\Windows\system32\wups.dll
2008-11-27 12:58:56 ----A---- C:\Windows\system32\wudriver.dll
2008-11-27 12:58:56 ----A---- C:\Windows\system32\wuapi.dll
2008-11-27 12:58:46 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-27 12:58:46 ----A---- C:\Windows\system32\wuapp.exe
2008-11-26 15:44:06 ----A---- C:\Windows\system32\connect.dll
2008-11-26 15:44:03 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 15:44:02 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 15:44:02 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 15:44:00 ----A---- C:\Windows\system32\PortableDeviceApi.dll

======List of files/folders modified in the last 3 months======

2009-02-23 21:43:27 ----D---- C:\Windows\Prefetch
2009-02-23 21:43:01 ----D---- C:\Windows\Temp
2009-02-23 20:17:52 ----D---- C:\Users\Aninha\AppData\Roaming\Skype
2009-02-23 19:23:14 ----D---- C:\Users\Aninha\AppData\Roaming\skypePM
2009-02-23 19:21:55 ----D---- C:\Windows\Tasks
2009-02-20 12:58:22 ----SHD---- C:\Windows\Installer
2009-02-20 12:57:56 ----D---- C:\Program Files\Google
2009-02-20 12:52:15 ----HD---- C:\ProgramData
2009-02-20 12:52:14 ----D---- C:\Windows\system32\Tasks
2009-02-19 20:51:25 ----D---- C:\Users\Aninha\AppData\Roaming\Adobe
2009-02-19 20:51:24 ----D---- C:\ProgramData\Adobe
2009-02-19 20:51:18 ----RD---- C:\Program Files
2009-02-19 20:51:13 ----D---- C:\Program Files\Common Files
2009-02-19 20:43:18 ----SD---- C:\Windows\Downloaded Program Files
2009-02-19 20:43:17 ----D---- C:\Windows\inf
2009-02-19 20:43:16 ----D---- C:\Windows\system32\Macromed
2009-02-19 14:02:22 ----SHD---- C:\System Volume Information
2009-02-18 20:25:06 ----D---- C:\Windows\System32
2009-02-18 20:25:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-17 16:35:02 ----D---- C:\Program Files\Dell
2009-02-17 16:21:37 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-17 16:16:15 ----D---- C:\Program Files\Java
2009-02-15 22:53:46 ----D---- C:\Windows\system32\drivers
2009-02-15 22:30:13 ----SD---- C:\Users\Aninha\AppData\Roaming\Microsoft
2009-02-15 22:30:13 ----D---- C:\Windows
2009-02-15 13:22:31 ----HDC---- C:\$AVG8.VAULT$
2009-02-15 10:31:58 ----D---- C:\Windows\Microsoft.NET
2009-02-15 10:31:10 ----RSD---- C:\Windows\assembly
2009-02-14 21:49:03 ----D---- C:\Windows\winsxs
2009-02-14 21:49:02 ----D---- C:\Windows\ehome
2009-02-14 21:43:06 ----D---- C:\Windows\system32\catroot
2009-02-14 21:43:02 ----D---- C:\Windows\system32\catroot2
2009-02-13 23:29:32 ----D---- C:\Program Files\iTunes
2009-02-13 23:29:19 ----D---- C:\Program Files\iPod
2009-02-13 23:29:18 ----D---- C:\Program Files\Common Files\Apple
2009-02-13 23:27:03 ----D---- C:\Program Files\QuickTime
2009-02-12 13:53:35 ----D---- C:\MDT
2009-02-10 21:26:58 ----D---- C:\Program Files\Windows Mail
2009-02-10 21:20:05 ----D---- C:\Program Files\HP
2009-02-10 21:18:20 ----D---- C:\Windows\twain_32
2009-02-10 20:20:36 ----D---- C:\Windows\ModemLogs
2009-02-08 21:25:03 ----D---- C:\Windows\rescache
2009-02-08 21:05:28 ----D---- C:\Program Files\Internet Explorer
2009-02-08 21:05:25 ----D---- C:\Windows\system32\migration
2009-02-08 21:05:25 ----D---- C:\Windows\PolicyDefinitions
2009-02-08 21:05:24 ----D---- C:\Windows\system32\en-US
2009-02-08 21:05:04 ----D---- C:\Windows\system32\XPSViewer
2009-02-08 21:05:03 ----D---- C:\Windows\system32\wbem
2009-02-08 20:13:00 ----D---- C:\Program Files\Bonjour
2009-02-05 21:20:53 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-02-05 19:00:11 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-03 15:21:12 ----A---- C:\Windows\system32\mrt.exe
2009-01-15 11:00:47 ----D---- C:\Windows\system32\WDI
2009-01-15 10:41:06 ----SD---- C:\Windows\system32\Microsoft
2009-01-15 09:32:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-15 09:03:10 ----D---- C:\Program Files\GbPlugin
2009-01-07 21:38:42 ----D---- C:\Program Files\Common Files\Adobe
2008-12-23 15:42:09 ----D---- C:\Windows\AppPatch
2008-12-23 15:27:48 ----D---- C:\ProgramData\Microsoft Help
2008-12-03 20:07:30 ----D---- C:\Program Files\CyberLink

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-02-05 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-02-05 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-02-05 107272]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-01 45056]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-01 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 Nmea;Sprint Connection Manager - emulates the NMEA ports; C:\Windows\system32\DRIVERS\pctnullport.sys [2008-10-15 38680]
R3 NWADI;NWADI Bus Enumerator; C:\Windows\system32\DRIVERS\NWADIenum.sys [2008-10-15 222720]
R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2008-10-15 32408]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-22 647680]
R3 swmx00;Sierra Wireless USB MUX Driver (#00); C:\Windows\system32\DRIVERS\swmx00.sys [2008-10-15 149512]
R3 SWNC5E00;Sierra Wireless MUX NDIS Driver (#00); C:\Windows\system32\DRIVERS\SWNC5E00.sys [2008-10-15 171144]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-01 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2007-10-12 27072]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-03-05 24840]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-03-14 569344]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-06-07 69632]
R2 MemeoBackgroundService;MemeoBackgroundService; C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 SprintRcAppSvc;Sprint RcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [2008-10-15 111872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S2 gupdate1c9939a6ec942a0;Google Update Service (gupdate1c9939a6ec942a0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-20 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-20 182768]
S3 CASprint;Sprint Con App Svc; C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-10-15 124160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:04 AM

Posted 01 March 2009 - 10:28 AM

The entries below indicate that you may have more than one antivirus programs on your computer.

AVG8

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe


Avast4

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


Multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts.

Most of the popular antivirus products, when running together, will "fight for control" over the user's machine. It is this conflict that will slow down the system speed and cause various serious compatibility problems. This can also create registry conflicts as well as causing false virus alerts - or worse, missing alerts entirely! Having more than one antivirus program running and "active in memory" will use more resources which will adversely affect your access to files and cause overall system slowdowns.

Symantec strongly recommends that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

See Should you run more than one antivirus program at the same time?

Kaspersky Lab experts do not recommend using more that one antivirus package on the computer as the co-work of two different Antivirus programs may lead to computer productivity and operating system fall. And to solve the problem of Antivirus applications you will need to reinstall the operating system.

See Co-use of Kaspersky AntiVirus 5.0 and Antivirus packages of other vendors

Ask Leo said:

Real time monitoring, on the other hand, is another story. When you install most anti-virus programs they often automatically install and enable their real-time monitors. Running two or more real-time anti-virus monitors at the same time is very likely to cause a conflict. That conflict could result in error messages, crashes of the anti-virus programs, or other types of failure.

See Can I run more than one anti-virus program? Anti-spyware program? Firewall? Should I?

Types Of Antivirus Programs:

There are basically two types of antivirus programs: On-Access and On-Demand

On-Access Scanners, as the name implies, run in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners, such as Online Scans and scanners that run on your machine but are not actively scanning your machine, as the name implies, are scanners that only run when you ask them to run.

Antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two antivirus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I notice that you are using more than one antivirus program. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts.
I strongly suggest you do one of the following:
  • Configure only one antivirus program to enable automatic realtime scanning and leave the rest disabled most of the time.
  • Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall all but one antivirus program.
Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 Aninha

Aninha
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington Dc
  • Local time:07:04 AM

Posted 02 March 2009 - 05:13 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Aninha at 2009-03-02 17:12:05
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 32 GB (31%) free of 102 GB
Total RAM: 2046 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:40, on 3/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\Aninha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PN34V40L\RSIT[2].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Aninha.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [1194862116] C:\PROGRA~1\eGames\PUZZLE~1\Register\EGAMES~1.EXE /r "C:\PROGRA~1\eGames\PUZZLE~1\Register\EGAMES~1.rpd"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sprint Con App Svc (CASprint) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Google Update Service (gupdate1c9939a6ec942a0) (gupdate1c9939a6ec942a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 8439 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{7FA1528F-F56F-4B4E-BA27-9CFC872D2E22}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-10 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-20 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-17 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
"1194862116"=C:\PROGRA~1\eGames\PUZZLE~1\Register\EGAMES~1.EXE /r C:\PROGRA~1\eGames\PUZZLE~1\Register\EGAMES~1.rpd []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-10 185896]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-22 303104]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"WD Anywhere Backup"=C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe [2008-11-07 197856]
"Sprint SmartView"=C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe [2008-10-15 17664]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-17 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]

C:\Users\Aninha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-14 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Program Files\GbPlugin\gbiehcef.dll []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24fe3272-6232-11dd-b8f4-0019b95bd538}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b79874-34c1-11dd-b5e9-0019b95bd538}]
shell\AutoRun\command - F:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a14c40-7ee2-11dd-9b84-0019b95bd538}]
shell\AutoRun\command - F:\WIN\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5548042-e748-11dd-8b1e-0019b95bd538}]
shell\AutoRun\command - G:\LaunchU3.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-02-26 22:40:34 ----D---- C:\ProgramData\Yahoo!
2009-02-26 22:40:29 ----D---- C:\Program Files\Yahoo!
2009-02-24 13:20:21 ----A---- C:\Windows\system32\wmp.dll
2009-02-24 13:20:19 ----A---- C:\Windows\system32\spwmp.dll
2009-02-24 13:20:18 ----A---- C:\Windows\system32\wmploc.DLL
2009-02-24 13:20:18 ----A---- C:\Windows\system32\dxmasf.dll
2009-02-23 21:43:14 ----DC---- C:\rsit
2009-02-20 12:52:15 ----D---- C:\ProgramData\Google Updater
2009-02-19 20:51:18 ----D---- C:\Program Files\Adobe Media Player
2009-02-19 20:51:13 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-17 16:35:02 ----D---- C:\Windows\system32\Dell
2009-02-17 16:16:51 ----A---- C:\Windows\system32\javaws.exe
2009-02-17 16:16:51 ----A---- C:\Windows\system32\javaw.exe
2009-02-17 16:16:51 ----A---- C:\Windows\system32\java.exe
2009-02-17 16:16:51 ----A---- C:\Windows\system32\deploytk.dll
2009-02-15 22:53:09 ----A---- C:\Windows\system32\aswBoot.exe
2009-02-15 22:53:07 ----D---- C:\Program Files\Alwil Software
2009-02-14 21:44:46 ----A---- C:\Windows\system32\EncDec.dll
2009-02-14 21:44:42 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-13 23:29:17 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-10 11:43:08 ----D---- C:\Program Files\Microsoft
2009-02-08 20:58:46 ----A---- C:\Windows\system32\mshtmled.dll
2009-02-08 20:58:46 ----A---- C:\Windows\system32\icardie.dll
2009-02-08 20:58:45 ----A---- C:\Windows\system32\msls31.dll
2009-02-08 20:58:45 ----A---- C:\Windows\system32\mshtmler.dll
2009-02-08 20:58:45 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-08 20:58:45 ----A---- C:\Windows\system32\ieui.dll
2009-02-08 20:58:45 ----A---- C:\Windows\system32\admparse.dll
2009-02-08 20:58:44 ----A---- C:\Windows\system32\iernonce.dll
2009-02-08 20:58:44 ----A---- C:\Windows\system32\ieakeng.dll
2009-02-08 20:58:44 ----A---- C:\Windows\system32\corpol.dll
2009-02-08 20:58:44 ----A---- C:\Windows\system32\advpack.dll
2009-02-08 20:58:43 ----A---- C:\Windows\system32\imgutil.dll
2009-02-08 20:58:43 ----A---- C:\Windows\system32\iepeers.dll
2009-02-08 20:58:43 ----A---- C:\Windows\system32\dxtrans.dll
2009-02-08 20:58:43 ----A---- C:\Windows\system32\dxtmsft.dll
2009-02-08 20:58:42 ----A---- C:\Windows\system32\occache.dll
2009-02-08 20:58:42 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-02-08 20:58:42 ----A---- C:\Windows\system32\licmgr10.dll
2009-02-08 20:58:42 ----A---- C:\Windows\system32\inseng.dll
2009-02-08 20:58:42 ----A---- C:\Windows\system32\ieaksie.dll
2009-02-08 20:58:41 ----A---- C:\Windows\system32\webcheck.dll
2009-02-08 20:58:41 ----A---- C:\Windows\system32\msrating.dll
2009-02-08 20:58:41 ----A---- C:\Windows\system32\iesetup.dll
2009-02-08 20:58:40 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-02-08 20:58:40 ----A---- C:\Windows\system32\wextract.exe
2009-02-08 20:58:40 ----A---- C:\Windows\system32\mstime.dll
2009-02-08 20:58:40 ----A---- C:\Windows\system32\msfeedssync.exe
2009-02-08 20:58:40 ----A---- C:\Windows\system32\ieakui.dll
2009-02-08 20:58:39 ----A---- C:\Windows\system32\pngfilt.dll
2009-02-08 20:58:39 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-08 20:58:38 ----A---- C:\Windows\system32\vbscript.dll
2009-02-08 20:58:38 ----A---- C:\Windows\system32\jscript.dll
2009-02-08 20:58:38 ----A---- C:\Windows\system32\ieapfltr.dll
2009-02-08 20:58:37 ----A---- C:\Windows\system32\url.dll
2009-02-08 20:58:37 ----A---- C:\Windows\system32\iedkcs32.dll
2009-02-08 20:58:36 ----A---- C:\Windows\system32\mshta.exe
2009-02-08 20:58:36 ----A---- C:\Windows\system32\iexpress.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\SetDepNx.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\PDMSetup.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\ieUnatt.exe
2009-02-08 20:58:35 ----A---- C:\Windows\system32\iesysprep.dll
2009-02-08 20:58:34 ----A---- C:\Windows\system32\iertutil.dll
2009-02-08 20:58:34 ----A---- C:\Windows\system32\ie4uinit.exe
2009-02-08 20:58:33 ----A---- C:\Windows\system32\wininet.dll
2009-02-08 20:58:33 ----A---- C:\Windows\system32\urlmon.dll
2009-02-08 20:58:30 ----A---- C:\Windows\system32\ieframe.dll
2009-02-08 20:58:29 ----A---- C:\Windows\system32\mshtml.dll
2009-02-08 20:47:31 ----A---- C:\Windows\system32\infocardapi.dll
2009-02-08 20:47:30 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-08 20:47:29 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-02-08 20:47:29 ----A---- C:\Windows\system32\icardres.dll
2009-02-08 20:47:29 ----A---- C:\Windows\system32\icardagt.exe
2009-02-08 20:47:25 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-02-08 20:47:21 ----A---- C:\Windows\system32\PresentationHost.exe
2009-02-08 20:32:44 ----A---- C:\Windows\system32\dfshim.dll
2009-02-08 20:32:38 ----A---- C:\Windows\system32\mscoree.dll
2009-02-08 20:32:36 ----A---- C:\Windows\system32\netfxperf.dll
2009-02-08 20:32:07 ----A---- C:\Windows\system32\mscorier.dll
2009-02-08 20:32:00 ----A---- C:\Windows\system32\mscories.dll
2009-02-05 23:23:12 ----A---- C:\Windows\system32\avgrsstx.dll.install_backup
2009-02-05 23:22:40 ----D---- C:\Program Files\AVG
2009-02-05 21:21:12 ----D---- C:\Program Files\Sierra Wireless
2009-02-05 21:20:52 ----D---- C:\Program Files\Novatel Wireless
2009-02-05 21:20:52 ----D---- C:\Program Files\Common Files\PctelEapPeer Authentication
2009-02-05 21:20:51 ----D---- C:\ProgramData\Sprint
2009-02-05 21:15:09 ----D---- C:\Users\Aninha\AppData\Roaming\Sierra Wireless
2009-02-05 21:15:09 ----D---- C:\Program Files\Sierra Wireless Inc

======List of files/folders modified in the last 1 months======

2009-03-02 17:12:17 ----D---- C:\Windows\Prefetch
2009-03-02 17:11:56 ----D---- C:\Windows\Temp
2009-03-02 16:18:17 ----SHD---- C:\System Volume Information
2009-03-02 00:24:07 ----D---- C:\MDT
2009-03-01 21:40:21 ----D---- C:\Windows\Tasks
2009-03-01 13:11:49 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-01 13:09:12 ----SD---- C:\Users\Aninha\AppData\Roaming\Microsoft
2009-03-01 13:09:11 ----D---- C:\Windows
2009-03-01 13:09:10 ----D---- C:\Windows\system32\drivers
2009-03-01 13:09:10 ----D---- C:\Windows\System32
2009-03-01 13:09:05 ----HD---- C:\ProgramData
2009-03-01 13:00:18 ----D---- C:\Windows\inf
2009-03-01 13:00:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-26 22:40:29 ----RD---- C:\Program Files
2009-02-25 19:56:32 ----SHD---- C:\Windows\Installer
2009-02-24 13:41:13 ----D---- C:\Program Files\Windows Media Player
2009-02-24 13:21:42 ----D---- C:\Windows\winsxs
2009-02-24 13:18:17 ----D---- C:\Windows\system32\catroot
2009-02-24 13:18:16 ----D---- C:\Windows\system32\catroot2
2009-02-23 20:17:52 ----D---- C:\Users\Aninha\AppData\Roaming\Skype
2009-02-23 19:23:14 ----D---- C:\Users\Aninha\AppData\Roaming\skypePM
2009-02-20 12:57:56 ----D---- C:\Program Files\Google
2009-02-20 12:52:14 ----D---- C:\Windows\system32\Tasks
2009-02-19 20:51:25 ----D---- C:\Users\Aninha\AppData\Roaming\Adobe
2009-02-19 20:51:24 ----D---- C:\ProgramData\Adobe
2009-02-19 20:51:13 ----D---- C:\Program Files\Common Files
2009-02-19 20:43:18 ----SD---- C:\Windows\Downloaded Program Files
2009-02-19 20:43:16 ----D---- C:\Windows\system32\Macromed
2009-02-17 16:35:02 ----D---- C:\Program Files\Dell
2009-02-17 16:21:37 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-17 16:16:15 ----D---- C:\Program Files\Java
2009-02-15 10:31:58 ----D---- C:\Windows\Microsoft.NET
2009-02-15 10:31:10 ----RSD---- C:\Windows\assembly
2009-02-14 21:49:02 ----D---- C:\Windows\ehome
2009-02-13 23:29:32 ----D---- C:\Program Files\iTunes
2009-02-13 23:29:19 ----D---- C:\Program Files\iPod
2009-02-13 23:29:18 ----D---- C:\Program Files\Common Files\Apple
2009-02-13 23:27:03 ----D---- C:\Program Files\QuickTime
2009-02-10 21:26:58 ----D---- C:\Program Files\Windows Mail
2009-02-10 21:20:05 ----D---- C:\Program Files\HP
2009-02-10 21:18:20 ----D---- C:\Windows\twain_32
2009-02-10 20:20:36 ----D---- C:\Windows\ModemLogs
2009-02-08 21:25:03 ----D---- C:\Windows\rescache
2009-02-08 21:05:28 ----D---- C:\Program Files\Internet Explorer
2009-02-08 21:05:25 ----D---- C:\Windows\system32\migration
2009-02-08 21:05:25 ----D---- C:\Windows\PolicyDefinitions
2009-02-08 21:05:24 ----D---- C:\Windows\system32\en-US
2009-02-08 21:05:04 ----D---- C:\Windows\system32\XPSViewer
2009-02-08 21:05:03 ----D---- C:\Windows\system32\wbem
2009-02-08 20:13:00 ----D---- C:\Program Files\Bonjour
2009-02-05 21:20:53 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-02-05 19:16:16 ----D---- C:\ProgramData\Kaspersky Lab
2009-02-05 19:00:11 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-03 15:21:12 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-01 45056]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-01 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 Nmea;Sprint Connection Manager - emulates the NMEA ports; C:\Windows\system32\DRIVERS\pctnullport.sys [2008-10-15 38680]
R3 NWADI;NWADI Bus Enumerator; C:\Windows\system32\DRIVERS\NWADIenum.sys [2008-10-15 222720]
R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2008-10-15 32408]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-22 647680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-01 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2007-10-12 27072]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-03-05 24840]
S3 swmx00;Sierra Wireless USB MUX Driver (#00); C:\Windows\system32\DRIVERS\swmx00.sys [2008-10-15 149512]
S3 SWNC5E00;Sierra Wireless MUX NDIS Driver (#00); C:\Windows\system32\DRIVERS\SWNC5E00.sys [2008-10-15 171144]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-03-14 569344]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-06-07 69632]
R2 MemeoBackgroundService;MemeoBackgroundService; C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 SprintRcAppSvc;Sprint RcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [2008-10-15 111872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 gupdate1c9939a6ec942a0;Google Update Service (gupdate1c9939a6ec942a0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-20 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-20 182768]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 CASprint;Sprint Con App Svc; C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-10-15 124160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:04 AM

Posted 06 March 2009 - 05:38 PM

Please download ComboFix.
Alternate Link 1
Alternate Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop.
  • Double click on ComboFix and follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware.
    Click 'No' to exit.

  • Click Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
  • ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
  • ComboFix disconnects your machine from the Internet. The connection is automatically restored before ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Please post:
  • C:\ComboFix.txt (the log from ComboFix)
  • a new HijackThis log

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:04 AM

Posted 16 March 2009 - 11:14 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users