Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So my 11 year old says "Dad I think we have a problem..."


  • This topic is locked This topic is locked
39 replies to this topic

#1 BigMac90501

BigMac90501

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 21 December 2009 - 05:14 PM

....I investigate, of course, and find that our laptop is beseiged with popups, redirects from Yahoo / Google and general slowness. I also noticed that my system restore points are gone & can't run MBA.

I posted a topic here not to long ago as this same pc was repeatedly getting infected, Norton / MBA would report several infections, which they would fix, only to have the pc get reinfected again a couple of days later.


I could really use your help, again


BigMacc90501


DDS & RootRepeal logs attached

Attached Files



BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:58 PM

Posted 03 January 2010 - 03:16 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 03 January 2010 - 06:32 PM

Thank you Suebaby41 for helping me out. attached is the log file as requested.


BigMac90501

Attached Files

  • Attached File  log.txt   34.44KB   0 downloads


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:58 PM

Posted 10 January 2010 - 01:06 PM

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 11 January 2010 - 12:51 PM

Sorry about that. Here is the latest log file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by MikeM at 2010-01-11 09:48:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 57 GB (74%) free of 76 GB
Total RAM: 511 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:09 AM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\vpdn_lu.exe
C:\Documents and Settings\mikem\Desktop\RSIT.exe
C:\Program Files\trend micro\MikeM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: C:\WINDOWS\system32\ahdcxj.dll - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\ahdcxj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [nwpzky] RUNDLL32.EXE C:\WINDOWS\system32\mslxqtzi.dll,w
O4 - HKLM\..\Run: [Kqesenafidaco] rundll32.exe "C:\WINDOWS\utaguwiv.dll",Startup
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [davazikev] Rundll32.exe "c:\windows\system32\wiyumimo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\mikem\ntload.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\mikem\LOCALS~1\Temp\jwarlpaik.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\mikem\LOCALS~1\Temp\mdm.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; IEMB3; IEMB3)" -"http://www.nick.com/games/jn_ultralord.html"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: scandisk.dll
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nBdjjEgUa (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234909743065
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.smartandfinal.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB0F7D62-5F2D-4116-977D-C955D4F217D1}: NameServer = 10.1.7.120,10.1.0.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O18 - Filter hijack: text/html - {eed3f9c8-6d2c-4b3f-b8d1-ff057584b9fd} - C:\WINDOWS\default32.dll
O20 - AppInit_DLLs: vamegeye.dll c:\windows\system32\wiyumimo.dll
O21 - SSODL: farolodat - {a54f6184-f7cb-4fb3-a34e-f87106a10b2f} - c:\windows\system32\siwomoje.dll (file missing)
O21 - SSODL: libozadus - {9de8d6b3-b083-4388-912b-95ed001851dc} - c:\windows\system32\lopuzeva.dll (file missing)
O21 - SSODL: jeyohiros - {9afd70d5-f216-4c91-b305-31d694f8f9b1} - c:\windows\system32\wiyumimo.dll
O22 - SharedTaskScheduler: tokatiluy - {a54f6184-f7cb-4fb3-a34e-f87106a10b2f} - c:\windows\system32\siwomoje.dll (file missing)
O22 - SharedTaskScheduler: gar873hruefrh87w3hjinhef87w3h7dfd - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\ahdcxj.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {9de8d6b3-b083-4388-912b-95ed001851dc} - c:\windows\system32\lopuzeva.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {9afd70d5-f216-4c91-b305-31d694f8f9b1} - c:\windows\system32\wiyumimo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13879 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\brfailgi.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}]
C:\WINDOWS\system32\ahdcxj.dll - C:\WINDOWS\system32\ahdcxj.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 335872]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-01-13 245760]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"DpAgnt"=C:\Program Files\DigitalPersona\Bin\DPAgnt.exe [2005-05-02 655360]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-11-01 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-11-01 1101824]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"Linksys Wireless Manager"=C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [2009-02-16 1358384]
"AS00_WPN511"=C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe [2006-01-20 1421419]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []
"nwpzky"=C:\WINDOWS\system32\mslxqtzi.dll,w []
"Kqesenafidaco"=C:\WINDOWS\utaguwiv.dll [2008-04-13 164352]
"notepad"=C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0 []
"davazikev"=c:\windows\system32\wiyumimo.dll [65535-65535-31889 91648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-04 39408]
"notepad"=C:\DOCUME~1\mikem\ntload.dll,_IWMPEvents@0 []
"ygua8e7yhuiesfha876yfauy8fe"=C:\DOCUME~1\mikem\LOCALS~1\Temp\jwarlpaik.exe []
"asg984jgkfmgasi8ug98jgkfgfb"=C:\DOCUME~1\mikem\LOCALS~1\Temp\mdm.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\mikem\Start Menu\Programs\Startup
scandisk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="vamegeye.dll c:\windows\system32\wiyumimo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
farolodat - {a54f6184-f7cb-4fb3-a34e-f87106a10b2f} - c:\windows\system32\siwomoje.dll []
libozadus - {9de8d6b3-b083-4388-912b-95ed001851dc} - c:\windows\system32\lopuzeva.dll []
jeyohiros - {9afd70d5-f216-4c91-b305-31d694f8f9b1} - c:\windows\system32\wiyumimo.dll [65535-65535-31889 91648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
tokatiluy - {a54f6184-f7cb-4fb3-a34e-f87106a10b2f} - c:\windows\system32\siwomoje.dll []
gar873hruefrh87w3hjinhef87w3h7dfd - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\ahdcxj.dll []
gahurihor - {9de8d6b3-b083-4388-912b-95ed001851dc} - c:\windows\system32\lopuzeva.dll []
mujuzedij - {9afd70d5-f216-4c91-b305-31d694f8f9b1} - c:\windows\system32\wiyumimo.dll [65535-65535-31889 91648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
bjlgeb.dll
bizikono.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"EnableProfileQuota"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"disablecad"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"Intellimenus"=1
"NoSimpleStartMenu"=1
"NoDesktopCleanupWizard"=1
"ForceStartMenuLogOff"=1
"NoAutoUpdate"=1
"NoSMBalloonTip"=1
"DisallowRun"=1
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nortel\Nortel VPN Client\Extranet.exe"="C:\Program Files\Nortel\Nortel VPN Client\Extranet.exe:*:Enabled:Nortel VPN Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\svcho.exe"="C:\WINDOWS\svcho.exe:*:Enabled:enable"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:ccApp"
"C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe"="C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe:*:Enabled:WPN511"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:10.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\svcho.exe"="C:\WINDOWS\svcho.exe:*:Enabled:enable"

======List of files/folders created in the last 1 months======

65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\ziyiyebu.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\wiyumimo.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\ruletoru.dll
2010-01-11 09:40:43 ----SH---- C:\WINDOWS\system32\hasujipo.dll
2010-01-11 09:34:19 ----SH---- C:\WINDOWS\system32\tajuzufo.dll
2010-01-03 15:30:31 ----D---- C:\Program Files\trend micro
2010-01-03 15:30:23 ----D---- C:\rsit
2009-12-21 13:42:33 ----A---- C:\RootRepeal report 12-21-09 (13-42-33).txt

======List of files/folders modified in the last 1 months======

2010-01-11 09:46:49 ----D---- C:\WINDOWS\Temp
2010-01-11 09:45:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-11 09:40:43 ----D---- C:\WINDOWS\system32
2010-01-11 09:28:59 ----D---- C:\Program Files\Symantec AntiVirus
2010-01-03 19:01:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-03 16:29:06 ----D---- C:\WINDOWS\Prefetch
2010-01-03 15:30:31 ----RD---- C:\Program Files
2010-01-03 15:20:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-03 15:20:06 ----A---- C:\WINDOWS\system32\svchost.exe
2010-01-03 15:20:03 ----SHD---- C:\WINDOWS\CSC
2010-01-03 15:19:36 ----D---- C:\WINDOWS
2010-01-03 14:52:29 ----SD---- C:\WINDOWS\Tasks
2009-12-21 13:41:37 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-06-26 66992]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-06-26 24698]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\System32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-05-27 17801]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2007-08-27 12288]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 AWINDIS5;AWINDIS5 Protocol Driver; \??\C:\WINDOWS\system32\AWINDIS5.SYS []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-17 170880]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2003-11-10 30235]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-11-10 146684]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-11-10 52856]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 182101]
R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2007-09-13 26137]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 IFXTPM;IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [2004-10-11 32640]
R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys [2007-09-13 157648]
R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 5689]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091221.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091221.003\navex15.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-12-17 591936]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-07-25 2210048]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 EraserUtilDrvI9;EraserUtilDrvI9; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2007-09-13 157648]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\wpn511.sys [2005-07-25 449888]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDWBus.sys [2007-04-05 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDWMdm.sys [2007-04-05 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDWVsp.sys [2007-04-05 39808]
S3 PWCTLDRV;The NECHostController Filter Driver; C:\WINDOWS\system32\drivers\PWCTLDRV.sys [2007-04-08 5888]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-15 1657344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 397312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2003-11-10 135168]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 DpHost;DpHost; C:\Program Files\DigitalPersona\Bin\DpHost.exe [2005-05-02 278528]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-01 794624]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2010-01-03 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-01 483328]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
R2 SLClient;ScriptLogic Service; C:\WINDOWS\system32\SLClient.exe [2009-02-19 532480]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 FCI;FCI; C:\WINDOWS\system32\svchost.exe [2010-01-03 14336]
S2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
S2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-01 1183744]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-04 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2004-01-23 65536]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-01-03 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:58 PM

Posted 14 January 2010 - 07:46 AM

Is this a business computer?
If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?

I ask because I do not help in cleaning business or corporate computers or Windows Server editions, like Windows 2003, for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 14 January 2010 - 08:08 AM

Hi Sue,


At on time, several years ago, it was my primary work laptop. But it has been retired and has not been attached to my companies network in a long long time and is currently just used for personal use. I do have admin rights to this machine.



Thanks,

BigMac90501

Edited by BigMac90501, 14 January 2010 - 08:11 AM.


#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:58 PM

Posted 14 January 2010 - 10:33 AM

Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 14 January 2010 - 06:46 PM

Here you go:


Logfile of random's system information tool 1.06 (written by random/random)
Run by MikeM at 2010-01-14 15:48:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (73%) free of 76 GB
Total RAM: 511 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:29 PM, on 1/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\mikem\Desktop\RSIT.exe
C:\Program Files\trend micro\MikeM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: C:\WINDOWS\system32\ahdcxj.dll - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\ahdcxj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [nwpzky] RUNDLL32.EXE C:\WINDOWS\system32\mslxqtzi.dll,w
O4 - HKLM\..\Run: [Kqesenafidaco] rundll32.exe "C:\WINDOWS\utaguwiv.dll",Startup
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\mikem\ntload.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\mikem\LOCALS~1\Temp\jwarlpaik.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\mikem\LOCALS~1\Temp\mdm.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; IEMB3; IEMB3)" -"http://www.nick.com/games/jn_ultralord.html"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: scandisk.dll
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nBdjjEgUa (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263234848230
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.smartandfinal.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB0F7D62-5F2D-4116-977D-C955D4F217D1}: NameServer = 10.1.7.120,10.1.0.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O18 - Filter hijack: text/html - {eed3f9c8-6d2c-4b3f-b8d1-ff057584b9fd} - C:\WINDOWS\default32.dll
O20 - AppInit_DLLs: vamegeye.dll nokihino.dll
O21 - SSODL: farolodat - {a54f6184-f7cb-4fb3-a34e-f87106a10b2f} - c:\windows\system32\siwomoje.dll (file missing)
O21 - SSODL: libozadus - {9de8d6b3-b083-4388-912b-95ed001851dc} - c:\windows\system32\lopuzeva.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {a54f6184-f7cb-4fb3-a34e-f87106a10b2f} - c:\windows\system32\siwomoje.dll (file missing)
O22 - SharedTaskScheduler: gar873hruefrh87w3hjinhef87w3h7dfd - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\ahdcxj.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {9de8d6b3-b083-4388-912b-95ed001851dc} - c:\windows\system32\lopuzeva.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13367 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\logrdneg.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5B24B16-23F2-41AD-F4E4-00ABC39C0004}]
C:\WINDOWS\system32\ahdcxj.dll - C:\WINDOWS\system32\ahdcxj.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 335872]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-01-13 245760]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"DpAgnt"=C:\Program Files\DigitalPersona\Bin\DPAgnt.exe [2005-05-02 655360]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-11-01 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-11-01 1101824]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"Linksys Wireless Manager"=C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [2009-02-16 1358384]
"AS00_WPN511"=C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe [2006-01-20 1421419]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []
"nwpzky"=C:\WINDOWS\system32\mslxqtzi.dll,w []
"Kqesenafidaco"=C:\WINDOWS\utaguwiv.dll [2008-04-13 164352]
"notepad"=C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-04 39408]
"notepad"=C:\DOCUME~1\mikem\ntload.dll,_IWMPEvents@0 []
"ygua8e7yhuiesfha876yfauy8fe"=C:\DOCUME~1\mikem\LOCALS~1\Temp\jwarlpaik.exe []
"asg984jgkfmgasi8ug98jgkfgfb"=C:\DOCUME~1\mikem\LOCALS~1\Temp\mdm.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\mikem\Start Menu\Programs\Startup
scandisk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="vamegeye.dll nokihino.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
farolodat - {a54f6184-f7cb-4fb3-a34e-f87106a10b2f} - c:\windows\system32\siwomoje.dll []
libozadus - {9de8d6b3-b083-4388-912b-95ed001851dc} - c:\windows\system32\lopuzeva.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
tokatiluy - {a54f6184-f7cb-4fb3-a34e-f87106a10b2f} - c:\windows\system32\siwomoje.dll []
gar873hruefrh87w3hjinhef87w3h7dfd - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\ahdcxj.dll []
gahurihor - {9de8d6b3-b083-4388-912b-95ed001851dc} - c:\windows\system32\lopuzeva.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
bjlgeb.dll
bizikono.dll
dajidomu.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"EnableProfileQuota"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"disablecad"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"Intellimenus"=1
"NoSimpleStartMenu"=1
"NoDesktopCleanupWizard"=1
"ForceStartMenuLogOff"=1
"NoAutoUpdate"=1
"NoSMBalloonTip"=1
"DisallowRun"=1
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nortel\Nortel VPN Client\Extranet.exe"="C:\Program Files\Nortel\Nortel VPN Client\Extranet.exe:*:Enabled:Nortel VPN Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\svcho.exe"="C:\WINDOWS\svcho.exe:*:Enabled:enable"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:ccApp"
"C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe"="C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe:*:Enabled:WPN511"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit"
"C:\WINDOWS\Temp\tmp39.dll"="C:\WINDOWS\Temp\tmp39.dll:*:Enabled:tmp39"
"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt"
"C:\WINDOWS\system32\logon.scr"="C:\WINDOWS\system32\logon.scr:*:Enabled:logon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:10.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\svcho.exe"="C:\WINDOWS\svcho.exe:*:Enabled:enable"

======List of files/folders created in the last 1 months======

65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\ziyiyebu.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\widinole.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\nokihino.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\jokigaju.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\jodunufe.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\gagekije.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\dajidomu.dll
2010-01-11 10:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-11 10:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 10:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-11 10:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-11 10:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-11 10:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-11 10:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-11 10:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-11 10:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-11 10:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-11 10:56:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-11 10:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-11 10:56:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-11 10:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-11 10:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-11 10:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-11 10:51:27 ----SHD---- C:\Config.Msi
2010-01-11 10:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-11 10:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-11 10:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-01-11 10:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-11 10:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-11 10:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-11 10:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-11 10:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-11 10:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-11 10:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-11 10:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-11 10:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-11 10:35:00 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-01-11 09:40:43 ----SH---- C:\WINDOWS\system32\hasujipo.dll
2010-01-11 09:34:19 ----SH---- C:\WINDOWS\system32\tajuzufo.dll
2010-01-03 15:30:31 ----D---- C:\Program Files\trend micro
2010-01-03 15:30:23 ----D---- C:\rsit
2009-12-21 13:42:33 ----A---- C:\RootRepeal report 12-21-09 (13-42-33).txt

======List of files/folders modified in the last 1 months======

2010-01-14 08:16:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-14 08:07:03 ----D---- C:\WINDOWS\Temp
2010-01-14 08:06:17 ----D---- C:\Program Files\Symantec AntiVirus
2010-01-14 08:05:02 ----SD---- C:\WINDOWS\Tasks
2010-01-14 08:05:02 ----D---- C:\WINDOWS\system32
2010-01-14 08:03:12 ----SHD---- C:\WINDOWS\CSC
2010-01-13 23:17:23 ----D---- C:\WINDOWS\Prefetch
2010-01-13 07:53:49 ----HD---- C:\WINDOWS\inf
2010-01-12 09:53:00 ----D---- C:\WINDOWS
2010-01-11 15:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-11 11:22:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-11 11:21:34 ----D---- C:\Program Files\Internet Explorer
2010-01-11 11:21:30 ----D---- C:\WINDOWS\AppPatch
2010-01-11 11:09:04 ----RSD---- C:\WINDOWS\assembly
2010-01-11 11:04:12 ----D---- C:\WINDOWS\system32\en-us
2010-01-11 11:04:02 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-11 10:59:04 ----A---- C:\WINDOWS\imsins.BAK
2010-01-11 10:58:56 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-11 10:57:01 ----D---- C:\WINDOWS\system32\drivers
2010-01-11 10:56:32 ----D---- C:\WINDOWS\WinSxS
2010-01-11 10:54:21 ----SHD---- C:\WINDOWS\Installer
2010-01-11 10:53:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-11 10:46:09 ----D---- C:\Program Files\Outlook Express
2010-01-11 10:35:29 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-11 10:35:16 ----D---- C:\WINDOWS\Help
2010-01-11 10:34:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-03 15:30:31 ----RD---- C:\Program Files
2010-01-03 15:20:06 ----A---- C:\WINDOWS\system32\svchost.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-06-26 66992]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-06-26 24698]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\System32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-05-27 17801]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2007-08-27 12288]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 AWINDIS5;AWINDIS5 Protocol Driver; \??\C:\WINDOWS\system32\AWINDIS5.SYS []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-17 170880]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2003-11-10 30235]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-11-10 146684]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-11-10 52856]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 182101]
R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2007-09-13 26137]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 IFXTPM;IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [2004-10-11 32640]
R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys [2007-09-13 157648]
R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 5689]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100110.017\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100110.017\navex15.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-12-17 591936]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-07-25 2210048]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 EraserUtilDrvI9;EraserUtilDrvI9; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2007-09-13 157648]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\wpn511.sys [2005-07-25 449888]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDWBus.sys [2007-04-05 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDWMdm.sys [2007-04-05 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDWVsp.sys [2007-04-05 39808]
S3 PWCTLDRV;The NECHostController Filter Driver; C:\WINDOWS\system32\drivers\PWCTLDRV.sys [2007-04-08 5888]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-15 1657344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 397312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2003-11-10 135168]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 DpHost;DpHost; C:\Program Files\DigitalPersona\Bin\DpHost.exe [2005-05-02 278528]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-01 794624]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2010-01-03 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-01 483328]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
R2 SLClient;ScriptLogic Service; C:\WINDOWS\system32\SLClient.exe [2009-02-19 532480]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 FCI;FCI; C:\WINDOWS\system32\svchost.exe [2010-01-03 14336]
S2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
S2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-01 1183744]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-04 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2004-01-23 65536]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-01-03 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:58 PM

Posted 17 January 2010 - 01:28 PM

Please download ComboFix.
Alternate Link 1
Alternate Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop.
  • Double click on ComboFix and follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware.
    Click 'No' to exit.

  • Click Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please post a new HijackThis log.

Edited by suebaby41, 17 January 2010 - 01:29 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 17 January 2010 - 04:58 PM

ComboFix 10-01-16.04 - mikem 01/17/2010 13:05:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.162 [GMT -8:00]
Running from: c:\documents and settings\mikem\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
ADS - svchost.exe: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mikem\Start Menu\Programs\Startup\scandisk.dll
c:\program files\Common
c:\program files\Common\_helper.sig
c:\program files\driver
c:\program files\PlaySushi\PSTExt.dll
c:\program files\Shared\lib.dll
c:\program files\Shared\lib.sig
c:\recycler\S-1-5-21-1241443622-3604470327-847386435-500
c:\recycler\S-1-5-21-1279371858-426764551-501881172-500
c:\recycler\S-1-5-21-1449542653-1815002781-3652652152-500
c:\recycler\S-1-5-21-163748893-3646181656-3495054330-500
c:\recycler\S-1-5-21-1906211764-3000887322-1647371527-500
c:\recycler\S-1-5-21-1957994488-1060284298-854245398-1003
c:\recycler\S-1-5-21-1957994488-1060284298-854245398-500
c:\recycler\S-1-5-21-2079644369-951796526-1614765859-500
c:\recycler\S-1-5-21-3376078148-2136417557-3852222622-500
c:\windows\AegisP.inf
c:\windows\agopojuy.dll
c:\windows\apoqonof.dll
c:\windows\iqogopepubit.dll
c:\windows\izusokupugebudax.dll
c:\windows\ohihavaqeg.dll
c:\windows\osezewuj.dll
c:\windows\ozocedof.dll
c:\windows\system32\ahdcxj.dll
c:\windows\system32\cookie1.dat
c:\windows\system32\dajidomu.dll
c:\windows\system32\diyonuye.dll
c:\windows\system32\gagekije.dll
c:\windows\system32\hasujipo.dll
c:\windows\system32\joronumi.dll
c:\windows\system32\kovovovu.dll
c:\windows\system32\nokihino.dll
c:\windows\system32\tadazite.dll
c:\windows\system32\tajuzufo.dll
c:\windows\system32\tb.dr
c:\windows\system32\vofapelu.dll
c:\windows\system32\yanebuni.dll
c:\windows\system32\ziyiyebu.dll
c:\windows\Tasks\viojvppn.job
c:\windows\usenaroh.dll
c:\windows\usotamuxudi.dll
c:\windows\utaguwiv.dll
c:\windows\uvoluvun.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Legacy_FCI
-------\Legacy_PODMENA
-------\Legacy_PODMENADRV
-------\Service_FCI


((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-17 21:18 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2010-01-17 21:18 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-01-17 19:05 . 2010-01-17 19:05 -------- d-----w- c:\program files\iPod
2010-01-17 19:05 . 2010-01-17 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-17 18:51 . 2010-01-17 18:53 -------- d-----w- c:\program files\QuickTime
2010-01-16 08:38 . 2010-01-16 08:38 -------- d-----w- c:\documents and settings\mikem\Application Data\Sony Corporation
2010-01-16 08:28 . 2010-01-16 08:28 -------- d-----w- c:\program files\Sony
2010-01-11 18:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 18:40 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-11 18:40 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-11 17:33 . 2010-01-11 17:33 -------- d-----w- c:\documents and settings\mikem\Local Settings\Application Data\{E6643D00-20A8-45AC-B9BD-704F38D2AB24}
2010-01-03 23:30 . 2010-01-14 23:48 -------- d-----w- c:\program files\trend micro
2010-01-03 23:30 . 2010-01-03 23:33 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 21:27 . 2007-12-07 04:44 -------- d-----w- c:\program files\Symantec AntiVirus
2010-01-17 21:17 . 2009-08-19 19:40 -------- d-----w- c:\program files\Shared
2010-01-17 21:17 . 2009-07-19 21:41 -------- d-----w- c:\program files\PlaySushi
2010-01-17 20:48 . 2009-12-09 03:33 120 ----a-w- c:\windows\Lmivurega.dat
2010-01-17 19:07 . 2009-04-10 00:19 -------- d-----w- c:\program files\iTunes
2010-01-17 19:05 . 2009-04-10 00:17 -------- d-----w- c:\program files\Common Files\Apple
2010-01-17 18:41 . 2010-01-17 18:41 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-17 17:52 . 2009-12-09 03:33 0 ----a-w- c:\windows\Sfozifemeyu.bin
2010-01-16 08:35 . 2004-07-16 16:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 08:28 . 2010-01-16 08:28 10134 ----a-r- c:\documents and settings\mikem\Application Data\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
2010-01-03 23:20 . 2002-08-29 12:00 14336 ----a-w- c:\windows\system32\svchost.exe
2009-12-09 03:28 . 2009-12-09 03:28 112520 ----a-w- C:\ryiasu.exe
2009-11-26 00:50 . 2009-11-26 00:42 -------- d-----w- c:\program files\Nick Jr. Arcade
2009-11-26 00:44 . 2009-11-26 00:44 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-11-21 15:51 . 2002-08-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-31 02:32 . 2009-07-01 22:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-29 07:46 . 2004-08-24 04:32 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2005-10-19 18:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2002-08-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
1601-01-01 00:03 . 1601-01-01 00:03 61440 --sha-w- c:\windows\system32\dugejapo.dll
1601-01-01 00:03 . 1601-01-01 00:03 52736 --sha-w- c:\windows\system32\jodunufe.dll
1601-01-01 00:03 . 1601-01-01 00:03 92672 --sha-w- c:\windows\system32\widinole.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{372df2b3-69a8-4b07-83bf-ce7b6b27c5b4}]
1601-01-01 00:03 52736 --sha-w- c:\windows\system32\jodunufe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-03 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-03 692316]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 245760]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"DpAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2005-05-02 655360]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"AS00_WPN511"="c:\program files\NETGEAR\WPN511\Utility\WPN511.exe" [2006-01-20 1421419]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\mikem\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-16 333088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-11-10 507965]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nortel\\Nortel VPN Client\\Extranet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\NETGEAR\\WPN511\\Utility\\WPN511.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
R2 SLClient;ScriptLogic Service;c:\windows\system32\SLClient.exe [2/19/2009 7:05 AM 532480]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [5/27/2009 7:29 AM 16194]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [12/17/2004 12:35 PM 182101]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [9/13/2007 9:52 AM 26137]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/11/2004 3:34 PM 32640]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [12/17/2004 12:35 PM 5689]
S0 cvglo;cvglo;c:\windows\system32\drivers\srvmhc.sys --> c:\windows\system32\drivers\srvmhc.sys [?]
S0 ebsuyd;ebsuyd;c:\windows\system32\drivers\eptik.sys --> c:\windows\system32\drivers\eptik.sys [?]
S0 floan;floan;c:\windows\system32\drivers\auylt.sys --> c:\windows\system32\drivers\auylt.sys [?]
S0 orarpg;orarpg;c:\windows\system32\drivers\wwfrxg.sys --> c:\windows\system32\drivers\wwfrxg.sys [?]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [9/13/2007 9:51 AM 157648]
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\drivers\wpn511.sys [5/27/2009 7:29 AM 449888]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [2/20/2009 2:12 PM 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [2/20/2009 2:12 PM 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [2/20/2009 2:12 PM 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [2/20/2009 2:12 PM 5888]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [4/27/2009 1:28 PM 627072]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrvI9
*Deregistered* - EraserUtilRebootDrv
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://intranet/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nBdjjEgUa
TCP: {DB0F7D62-5F2D-4116-977D-C955D4F217D1} = 10.1.7.120,10.1.0.120
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-nwpzky - c:\windows\system32\mslxqtzi.dll
HKLM-Run-Kqesenafidaco - c:\windows\utaguwiv.dll
HKLM-Run-notepad - c:\windows\system32\notepad.dll
HKLM-Run-hubeyarode - dajidomu.dll
SharedTaskScheduler-{a54f6184-f7cb-4fb3-a34e-f87106a10b2f} - c:\windows\system32\siwomoje.dll
SharedTaskScheduler-{9de8d6b3-b083-4388-912b-95ed001851dc} - c:\windows\system32\lopuzeva.dll
SSODL-farolodat-{a54f6184-f7cb-4fb3-a34e-f87106a10b2f} - c:\windows\system32\siwomoje.dll
SSODL-libozadus-{9de8d6b3-b083-4388-912b-95ed001851dc} - c:\windows\system32\lopuzeva.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 13:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1876)
c:\windows\system32\dpmsgina.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\DigitalPersona\Bin\DPPS.dll
c:\program files\DigitalPersona\Bin\DpCPPWr.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\System32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\locator.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\docume~1\mikem\LOCALS~1\Temp\EAD3A.exe
.
**************************************************************************
.
Completion time: 2010-01-17 13:44:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-17 21:44

Pre-Run: 56,997,998,592 bytes free
Post-Run: 58,970,177,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 3CFD6F4368809643218AFC9195D61137





___________________________________________________________________________________________________



Logfile of random's system information tool 1.06 (written by random/random)
Run by MikeM at 2010-01-17 14:02:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (74%) free of 76 GB
Total RAM: 511 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:32 PM, on 1/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\mikem\Desktop\RSIT.exe
C:\Program Files\trend micro\MikeM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {372df2b3-69a8-4b07-83bf-ce7b6b27c5b4} - jodunufe.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; IEMB3; IEMB3)" -"http://www.nick.com/games/jn_ultralord.html"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nBdjjEgUa (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263234848230
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.smartandfinal.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB0F7D62-5F2D-4116-977D-C955D4F217D1}: NameServer = 10.1.7.120,10.1.0.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O20 - AppInit_DLLs: nokihino.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11800 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{372df2b3-69a8-4b07-83bf-ce7b6b27c5b4}]
C:\WINDOWS\system32\jodunufe.dll [65535-65535-31889 52736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 335872]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-01-13 245760]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"DpAgnt"=C:\Program Files\DigitalPersona\Bin\DPAgnt.exe [2005-05-02 655360]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-11-01 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-11-01 1101824]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"Linksys Wireless Manager"=C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [2009-02-16 1358384]
"AS00_WPN511"=C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe [2006-01-20 1421419]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-04 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\mikem\Start Menu\Programs\Startup
PMB Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="nokihino.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
dajidomu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"Intellimenus"=1
"NoSimpleStartMenu"=1
"NoDesktopCleanupWizard"=1
"ForceStartMenuLogOff"=1
"NoAutoUpdate"=1
"NoSMBalloonTip"=1
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nortel\Nortel VPN Client\Extranet.exe"="C:\Program Files\Nortel\Nortel VPN Client\Extranet.exe:*:Enabled:Nortel VPN Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:ccApp"
"C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe"="C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe:*:Enabled:WPN511"
"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt"
"C:\WINDOWS\system32\logon.scr"="C:\WINDOWS\system32\logon.scr:*:Enabled:logon"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:10.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\svcho.exe"="C:\WINDOWS\svcho.exe:*:Enabled:enable"

======List of files/folders created in the last 1 months======

65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\widinole.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\jodunufe.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\dugejapo.dll
2010-01-17 13:44:42 ----D---- C:\WINDOWS\temp
2010-01-17 13:44:35 ----A---- C:\ComboFix.txt
2010-01-17 13:18:47 ----A---- C:\WINDOWS\system32\proquota.exe
2010-01-17 13:00:10 ----A---- C:\Boot.bak
2010-01-17 12:59:53 ----RASHD---- C:\cmdcons
2010-01-17 12:58:18 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-17 12:58:18 ----A---- C:\WINDOWS\MBR.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\zip.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\SWSC.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\SWREG.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\sed.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\PEV.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\grep.exe
2010-01-17 12:58:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-17 12:57:54 ----D---- C:\WINDOWS\ERDNT
2010-01-17 12:55:48 ----D---- C:\Qoobox
2010-01-17 11:05:37 ----D---- C:\Program Files\iPod
2010-01-17 11:05:18 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-17 10:51:07 ----D---- C:\Program Files\QuickTime
2010-01-17 10:45:50 ----D---- C:\Config.Msi
2010-01-16 00:38:45 ----D---- C:\Documents and Settings\mikem\Application Data\Sony Corporation
2010-01-16 00:35:03 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-01-16 00:28:27 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2010-01-16 00:28:16 ----D---- C:\Program Files\Sony
2010-01-11 10:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-11 10:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 10:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-11 10:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-11 10:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-11 10:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-11 10:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-11 10:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-11 10:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-11 10:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-11 10:56:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-11 10:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-11 10:56:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-11 10:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-11 10:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-11 10:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-11 10:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-11 10:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-11 10:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-01-11 10:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-11 10:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-11 10:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-11 10:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-11 10:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-11 10:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-11 10:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-11 10:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-11 10:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-11 10:35:00 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-01-03 15:30:31 ----D---- C:\Program Files\trend micro
2010-01-03 15:30:23 ----D---- C:\rsit
2009-12-21 13:42:33 ----A---- C:\RootRepeal report 12-21-09 (13-42-33).txt

======List of files/folders modified in the last 1 months======

2010-01-17 13:44:47 ----D---- C:\WINDOWS\system32\drivers
2010-01-17 13:44:42 ----D---- C:\WINDOWS
2010-01-17 13:37:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-17 13:29:06 ----A---- C:\WINDOWS\system.ini
2010-01-17 13:28:02 ----D---- C:\WINDOWS\Prefetch
2010-01-17 13:27:43 ----D---- C:\Program Files\Symantec AntiVirus
2010-01-17 13:25:29 ----D---- C:\WINDOWS\system32
2010-01-17 13:22:10 ----D---- C:\WINDOWS\system32\config
2010-01-17 13:18:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-17 13:17:47 ----RD---- C:\Program Files
2010-01-17 13:17:46 ----SD---- C:\WINDOWS\Tasks
2010-01-17 13:17:39 ----D---- C:\Program Files\Shared
2010-01-17 13:17:36 ----D---- C:\Program Files\PlaySushi
2010-01-17 13:11:32 ----D---- C:\WINDOWS\AppPatch
2010-01-17 13:11:32 ----D---- C:\Program Files\Common Files
2010-01-17 13:00:10 ----RASH---- C:\boot.ini
2010-01-17 12:58:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-17 12:58:16 ----SHD---- C:\System Volume Information
2010-01-17 12:58:16 ----D---- C:\WINDOWS\system32\Restore
2010-01-17 11:09:01 ----SHD---- C:\WINDOWS\Installer
2010-01-17 11:07:53 ----HD---- C:\WINDOWS\inf
2010-01-17 11:07:32 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-17 11:07:12 ----D---- C:\Program Files\iTunes
2010-01-17 11:05:32 ----D---- C:\Program Files\Common Files\Apple
2010-01-17 10:48:20 ----D---- C:\WINDOWS\WinSxS
2010-01-16 01:35:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-16 00:35:10 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-16 00:35:09 ----D---- C:\WINDOWS\system32\DirectX
2010-01-15 16:21:32 ----SHD---- C:\WINDOWS\CSC
2010-01-11 11:21:34 ----D---- C:\Program Files\Internet Explorer
2010-01-11 11:09:04 ----RSD---- C:\WINDOWS\assembly
2010-01-11 11:04:12 ----D---- C:\WINDOWS\system32\en-us
2010-01-11 11:04:02 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-11 11:03:40 ----D---- C:\WINDOWS\ie7updates
2010-01-11 10:59:04 ----A---- C:\WINDOWS\imsins.BAK
2010-01-11 10:58:56 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-11 10:53:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-11 10:46:09 ----D---- C:\Program Files\Outlook Express
2010-01-11 10:35:29 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-11 10:35:16 ----D---- C:\WINDOWS\Help
2010-01-03 15:20:06 ----N---- C:\WINDOWS\system32\svchost.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-07-04 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-07-04 9200]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\System32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-05-27 17801]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2007-08-27 12288]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 AWINDIS5;AWINDIS5 Protocol Driver; \??\C:\WINDOWS\system32\AWINDIS5.SYS []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-17 170880]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2003-11-10 30235]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-11-10 146684]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-11-10 52856]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 182101]
R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2007-09-13 26137]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [2004-10-11 32640]
R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys [2007-09-13 157648]
R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 5689]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100110.017\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100110.017\navex15.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-12-17 591936]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-07-25 2210048]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 EraserUtilDrvI9;EraserUtilDrvI9; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2007-09-13 157648]
S3 mbr;mbr; \??\C:\DOCUME~1\mikem\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\wpn511.sys [2005-07-25 449888]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDWBus.sys [2007-04-05 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDWMdm.sys [2007-04-05 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDWVsp.sys [2007-04-05 39808]
S3 PWCTLDRV;The NECHostController Filter Driver; C:\WINDOWS\system32\drivers\PWCTLDRV.sys [2007-04-08 5888]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-15 1657344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2003-11-10 135168]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 DpHost;DpHost; C:\Program Files\DigitalPersona\Bin\DpHost.exe [2005-05-02 278528]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-01 794624]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2010-01-03 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-01 483328]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
R2 SLClient;ScriptLogic Service; C:\WINDOWS\system32\SLClient.exe [2009-02-19 532480]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 397312]
S2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
S2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-01 1183744]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-04 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2004-01-23 65536]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-01-03 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#12 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:58 PM

Posted 18 January 2010 - 02:37 PM

  • Please download
    VundoFix by Atribune to your desktop.
  • Double-click VundoFix.exe to run it. If using Windows Vista, be sure to Run As Administrator.
    You want to run the fix until you see all Vundo files say: "Has been deleted".
  • Click the Scan for Vundo button.
  • When VundoFix opens, click the Scan for Vundo button.
  • After scanning is completed, click the Fix Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES.
  • After you click Yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot. Follow the above instructions starting from Click the "Scan for Vundo button. when VundoFix appears at reboot.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#13 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 19 January 2010 - 06:46 PM

Hi Sue,


The VundoFix didn't show any errors. Here is the latest HijackThis log:




Logfile of random's system information tool 1.06 (written by random/random)
Run by MikeM at 2010-01-19 15:47:06
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (73%) free of 76 GB
Total RAM: 511 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:22 PM, on 1/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\mikem\Desktop\RSIT.exe
C:\Program Files\trend micro\MikeM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {372df2b3-69a8-4b07-83bf-ce7b6b27c5b4} - jodunufe.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; IEMB3; IEMB3)" -"http://www.nick.com/games/jn_ultralord.html"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nBdjjEgUa (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263234848230
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.smartandfinal.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB0F7D62-5F2D-4116-977D-C955D4F217D1}: NameServer = 10.1.7.120,10.1.0.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.smartandfinal.com
O20 - AppInit_DLLs: nokihino.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11751 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{372df2b3-69a8-4b07-83bf-ce7b6b27c5b4}]
C:\WINDOWS\system32\jodunufe.dll [65535-65535-31889 52736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 335872]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-01-13 245760]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"DpAgnt"=C:\Program Files\DigitalPersona\Bin\DPAgnt.exe [2005-05-02 655360]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-11-01 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-11-01 1101824]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"Linksys Wireless Manager"=C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [2009-02-16 1358384]
"AS00_WPN511"=C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe [2006-01-20 1421419]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-04 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\mikem\Start Menu\Programs\Startup
PMB Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="nokihino.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
dajidomu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"Intellimenus"=1
"NoSimpleStartMenu"=1
"NoDesktopCleanupWizard"=1
"ForceStartMenuLogOff"=1
"NoAutoUpdate"=1
"NoSMBalloonTip"=1
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nortel\Nortel VPN Client\Extranet.exe"="C:\Program Files\Nortel\Nortel VPN Client\Extranet.exe:*:Enabled:Nortel VPN Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:ccApp"
"C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe"="C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe:*:Enabled:WPN511"
"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt"
"C:\WINDOWS\system32\logon.scr"="C:\WINDOWS\system32\logon.scr:*:Enabled:logon"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:10.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\svcho.exe"="C:\WINDOWS\svcho.exe:*:Enabled:enable"

======List of files/folders created in the last 1 months======

65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\widinole.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\jodunufe.dll
65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\dugejapo.dll
2010-01-18 13:50:39 ----D---- C:\VundoFix Backups
2010-01-18 13:50:39 ----A---- C:\VundoFix.txt
2010-01-17 16:45:21 ----SHD---- C:\RECYCLER
2010-01-17 13:44:42 ----D---- C:\WINDOWS\temp
2010-01-17 13:44:35 ----A---- C:\ComboFix.txt
2010-01-17 13:18:47 ----A---- C:\WINDOWS\system32\proquota.exe
2010-01-17 13:00:10 ----A---- C:\Boot.bak
2010-01-17 12:59:53 ----RASHD---- C:\cmdcons
2010-01-17 12:58:18 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-17 12:58:18 ----A---- C:\WINDOWS\MBR.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\zip.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\SWSC.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\SWREG.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\sed.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\PEV.exe
2010-01-17 12:58:17 ----A---- C:\WINDOWS\grep.exe
2010-01-17 12:58:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-17 12:57:54 ----D---- C:\WINDOWS\ERDNT
2010-01-17 12:55:48 ----D---- C:\Qoobox
2010-01-17 11:05:37 ----D---- C:\Program Files\iPod
2010-01-17 11:05:18 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-17 10:51:07 ----D---- C:\Program Files\QuickTime
2010-01-17 10:45:50 ----D---- C:\Config.Msi
2010-01-16 00:38:45 ----D---- C:\Documents and Settings\mikem\Application Data\Sony Corporation
2010-01-16 00:35:03 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-01-16 00:28:27 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2010-01-16 00:28:16 ----D---- C:\Program Files\Sony
2010-01-11 10:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-11 10:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 10:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-11 10:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-11 10:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-11 10:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-11 10:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-11 10:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-11 10:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-11 10:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-11 10:56:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-11 10:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-11 10:56:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-11 10:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-11 10:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-11 10:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-11 10:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-11 10:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-11 10:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-01-11 10:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-11 10:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-11 10:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-11 10:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-11 10:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-11 10:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-11 10:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-11 10:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-11 10:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-11 10:35:00 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-01-03 15:30:31 ----D---- C:\Program Files\trend micro
2010-01-03 15:30:23 ----D---- C:\rsit
2009-12-21 13:42:33 ----A---- C:\RootRepeal report 12-21-09 (13-42-33).txt

======List of files/folders modified in the last 1 months======

2010-01-18 20:24:37 ----D---- C:\WINDOWS\Prefetch
2010-01-17 13:44:47 ----D---- C:\WINDOWS\system32\drivers
2010-01-17 13:44:42 ----D---- C:\WINDOWS
2010-01-17 13:37:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-17 13:29:06 ----A---- C:\WINDOWS\system.ini
2010-01-17 13:27:43 ----D---- C:\Program Files\Symantec AntiVirus
2010-01-17 13:25:29 ----D---- C:\WINDOWS\system32
2010-01-17 13:22:10 ----D---- C:\WINDOWS\system32\config
2010-01-17 13:18:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-17 13:17:47 ----RD---- C:\Program Files
2010-01-17 13:17:46 ----SD---- C:\WINDOWS\Tasks
2010-01-17 13:17:39 ----D---- C:\Program Files\Shared
2010-01-17 13:17:36 ----D---- C:\Program Files\PlaySushi
2010-01-17 13:11:32 ----D---- C:\WINDOWS\AppPatch
2010-01-17 13:11:32 ----D---- C:\Program Files\Common Files
2010-01-17 13:00:10 ----RASH---- C:\boot.ini
2010-01-17 12:58:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-17 12:58:16 ----SHD---- C:\System Volume Information
2010-01-17 12:58:16 ----D---- C:\WINDOWS\system32\Restore
2010-01-17 11:09:01 ----SHD---- C:\WINDOWS\Installer
2010-01-17 11:07:53 ----HD---- C:\WINDOWS\inf
2010-01-17 11:07:32 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-17 11:07:12 ----D---- C:\Program Files\iTunes
2010-01-17 11:05:32 ----D---- C:\Program Files\Common Files\Apple
2010-01-17 10:48:20 ----D---- C:\WINDOWS\WinSxS
2010-01-16 01:35:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-16 00:35:10 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-16 00:35:09 ----D---- C:\WINDOWS\system32\DirectX
2010-01-15 16:21:32 ----SHD---- C:\WINDOWS\CSC
2010-01-11 11:21:34 ----D---- C:\Program Files\Internet Explorer
2010-01-11 11:09:04 ----RSD---- C:\WINDOWS\assembly
2010-01-11 11:04:12 ----D---- C:\WINDOWS\system32\en-us
2010-01-11 11:04:02 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-11 11:03:40 ----D---- C:\WINDOWS\ie7updates
2010-01-11 10:59:04 ----A---- C:\WINDOWS\imsins.BAK
2010-01-11 10:58:56 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-11 10:53:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-11 10:46:09 ----D---- C:\Program Files\Outlook Express
2010-01-11 10:35:29 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-11 10:35:16 ----D---- C:\WINDOWS\Help
2010-01-03 15:20:06 ----N---- C:\WINDOWS\system32\svchost.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-07-04 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-07-04 9200]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\System32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-05-27 17801]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2007-08-27 12288]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2005-03-04 1066278]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 AWINDIS5;AWINDIS5 Protocol Driver; \??\C:\WINDOWS\system32\AWINDIS5.SYS []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-17 170880]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2003-11-10 30235]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-11-10 146684]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-11-10 52856]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 182101]
R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2007-09-13 26137]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [2004-10-11 32640]
R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys [2007-09-13 157648]
R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 5689]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100110.017\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100110.017\navex15.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-12-17 591936]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-07-25 2210048]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 EraserUtilDrvI9;EraserUtilDrvI9; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2007-09-13 157648]
S3 mbr;mbr; \??\C:\DOCUME~1\mikem\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\wpn511.sys [2005-07-25 449888]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDWBus.sys [2007-04-05 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDWMdm.sys [2007-04-05 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDWVsp.sys [2007-04-05 39808]
S3 PWCTLDRV;The NECHostController Filter Driver; C:\WINDOWS\system32\drivers\PWCTLDRV.sys [2007-04-08 5888]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-15 1657344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2003-11-10 135168]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 DpHost;DpHost; C:\Program Files\DigitalPersona\Bin\DpHost.exe [2005-05-02 278528]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-01 794624]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2010-01-03 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-01 483328]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
R2 SLClient;ScriptLogic Service; C:\WINDOWS\system32\SLClient.exe [2009-02-19 532480]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 397312]
S2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
S2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-01 1183744]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-04 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2004-01-23 65536]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-01-03 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#14 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 29 January 2010 - 05:11 PM

I think my thread may have fallen off the wheel. Are we done?

#15 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:58 PM

Posted 30 January 2010 - 09:49 AM

I apologize for the delay in responding. I am taking chemo and recently found out that I have blood clots in my left leg. I am feeling better now and will work on your log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users