Hi, I've been battling with my computer for a few days and can't seem to figure this out on my own. Any help would be very appreciated!

McAffe alerted me that I had 8 trojans a few days ago during a scan, 7 of them were deleted and one wasn't. I went back later to try and get it and McAfee magically couldn't find it. However, now whenever I'm on the computer random Internet Explorer pop-ups and webpages come up, and I don't even use exporer as a browser. Also, I'll be using a program and it will randomly get the muted color look like when another program has been restored in front of it. I went into task manager to see what was going on and the CPU usage is going all over the place. What is going on? :sad:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:47 AM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meredith.edu/enews
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.meredith.edu
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182974567968
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795}: Domain = meredith.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{89036D96-C6B7-4B52-B522-375D560DF72C}: Domain = meredith.edu
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O24 - Desktop Component 0: (no name) - file:///C:/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Temp/msohtml1/03/clip_image002.jpg
O24 - Desktop Component 2: (no name) - file:///C:/Temp/msohtml1/04/clip_image002.jpg
O24 - Desktop Component 3: (no name) - file:///C:/Temp/msohtml1/05/clip_image002.jpg
O24 - Desktop Component 4: (no name) - file:///C:/Temp/msohtml1/06/clip_image002.jpg
O24 - Desktop Component 5: (no name) - file:///C:/Temp/msohtml1/07/clip_image002.jpg
O24 - Desktop Component 6: (no name) - file:///C:/Temp/msohtml1/08/clip_image002.jpg
O24 - Desktop Component 7: (no name) - file:///C:/Temp/msohtml1/09/clip_image002.jpg
O24 - Desktop Component 8: (no name) - file:///C:/Temp/msohtml1/10/clip_image002.jpg
O24 - Desktop Component 9: (no name) - file:///C:/Temp/msohtml1/02/clip_image002.jpg

--
End of file - 15012 bytes

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:



I will be working on your Malware issues this may or may not solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
I f you don't know or understand something please don't hesitate to ask.
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Absence of symptoms does not mean that everything is clear.



NOTE: Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe

Spybot S&D Teatimer

From your log i can see this that you are running a Spybot S&D Teatimer. This might interfere with fixes we are about to do so we need to disable it.

Disable Spybot's TeaTimer. This is a two step process.
First step:

Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident
Tea-Timer
(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.




Disable Windows Defender

From your log i can see this that you are running a Windows Defender. This might interfere with fixes we are about to do so we need to disable it. To disable your Windows Defender Real-time Protection.



Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
Close Windows Defender



Note: Once your log is clean you can re-enable Windows Defender Real Time Protection.


Remove HijackThis entries



Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O24 - Desktop Component 0: (no name) - file:///C:/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Temp/msohtml1/03/clip_image002.jpg
O24 - Desktop Component 2: (no name) - file:///C:/Temp/msohtml1/04/clip_image002.jpg
O24 - Desktop Component 3: (no name) - file:///C:/Temp/msohtml1/05/clip_image002.jpg
O24 - Desktop Component 4: (no name) - file:///C:/Temp/msohtml1/06/clip_image002.jpg
O24 - Desktop Component 5: (no name) - file:///C:/Temp/msohtml1/07/clip_image002.jpg
O24 - Desktop Component 6: (no name) - file:///C:/Temp/msohtml1/08/clip_image002.jpg
O24 - Desktop Component 7: (no name) - file:///C:/Temp/msohtml1/09/clip_image002.jpg
O24 - Desktop Component 8: (no name) - file:///C:/Temp/msohtml1/10/clip_image002.jpg
O24 - Desktop Component 9: (no name) - file:///C:/Temp/msohtml1/02/clip_image002.jpg
Close all open windows and browsers/email etc...
Click on the Fix Checked button
When completed close the application.




random's system information tool (RSIT)



Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)




Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:


RSIT Logs log.txt (<<will be maximized) and info.txt (<<will be minimized)

Logfile of random's system information tool 1.04 (written by random/random)
Run by Meredith at 2008-11-06 18:22:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (35%) free of 76 GB
Total RAM: 998 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:30 PM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Meredith\My Documents\My Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Meredith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meredith.edu/enews
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\4Sfk5D52.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.meredith.edu
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182974567968
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795}: Domain = meredith.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{89036D96-C6B7-4B52-B522-375D560DF72C}: Domain = meredith.edu
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14063 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}]
solution Class - C:\WINDOWS\system32\4Sfk5D52.dll [2008-11-06 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-01-12 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-12 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2006-11-29 243248]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2006-06-02 856064]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]
"TPKBDLED"=C:\WINDOWS\system32\TpScrLk.exe [2002-10-08 40960]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-10-19 69632]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2007-03-23 120368]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2007-08-08 831488]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007-05-17 413696]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-02-26 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-02-26 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-02-26 131072]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2006-12-19 36952]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-19 136768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"TVT Scheduler Proxy"=c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2006-12-10 536576]
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2007-03-29 181808]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-24 1036288]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2002-08-29 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-29 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-23 185896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"QNPlus"= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2007-05-17 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll [2006-03-09 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-02-26 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

======List of files/folders created in the last 1 months======

2008-11-06 18:22:29 ----D---- C:\rsit
2008-11-06 15:43:35 ----A---- C:\WINDOWS\system32\4Sfk5D52.dll
2008-11-06 10:22:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-06 10:22:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-06 09:49:30 ----D---- C:\Program Files\Trend Micro
2008-11-03 21:47:37 ----D---- C:\Documents and Settings\Meredith\Application Data\McAfee
2008-11-02 19:29:12 ----A---- C:\WINDOWS\system32\7Qdi8B85.exe.a_a
2008-11-02 10:40:16 ----A---- C:\WINDOWS\system32\7Qdi8B85.exe_
2008-11-02 10:40:16 ----A---- C:\WINDOWS\system32\7Qdi8B85.exe
2008-11-02 10:27:26 ----A---- C:\WINDOWS\system32\DQinwgNH.exe.a_a
2008-11-02 10:27:25 ----A---- C:\WINDOWS\system32\DQinwgNH.exe
2008-10-24 14:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 15:14:27 ----D---- C:\Program Files\PDF to DOC
2008-10-16 15:13:45 ----D---- C:\Documents and Settings\Meredith\Application Data\CTdeveloping
2008-10-16 09:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 09:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 09:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 09:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 09:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-11 23:56:35 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-10 11:27:02 ----A---- C:\WINDOWS\system32\STRDEVAPI.dll
2008-10-10 11:27:02 ----A---- C:\WINDOWS\system32\OdiOlDVR.dll
2008-10-10 11:27:02 ----A---- C:\WINDOWS\system32\OdiAPI.dll
2008-10-10 11:26:38 ----A---- C:\WINDOWS\system32\DW90USB.DLL
2008-10-10 11:26:22 ----D---- C:\Program Files\Olympus
2008-10-10 11:24:31 ----A---- C:\WINDOWS\system32\VNUSB.dll
2008-10-10 11:15:02 ----D---- C:\Program Files\Audacity

======List of files/folders modified in the last 1 months======

2008-11-06 18:22:30 ----D---- C:\Temp
2008-11-06 18:21:41 ----D---- C:\Program Files\Mozilla Firefox
2008-11-06 18:17:51 ----D---- C:\WINDOWS\system32
2008-11-06 18:17:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 18:13:44 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-06 18:13:40 ----SD---- C:\WINDOWS\Tasks
2008-11-06 18:13:17 ----A---- C:\WINDOWS\system32\PROCDB.INI
2008-11-06 18:13:12 ----D---- C:\WINDOWS
2008-11-06 18:10:34 ----A---- C:\TPHKLOCK.TXT
2008-11-06 18:09:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-06 10:42:10 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-06 10:41:48 ----HD---- C:\WINDOWS\inf
2008-11-06 10:41:21 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-06 10:35:04 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-06 10:29:25 ----D---- C:\WINDOWS\Temp
2008-11-06 10:22:42 ----D---- C:\WINDOWS\Prefetch
2008-11-06 10:22:17 ----D---- C:\Program Files
2008-11-06 10:17:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-06 10:17:15 ----D---- C:\WINDOWS\system32\en-US
2008-11-06 10:17:13 ----D---- C:\WINDOWS\Help
2008-11-06 10:17:13 ----D---- C:\Program Files\Internet Explorer
2008-11-05 22:06:49 ----D---- C:\WINDOWS\ie7updates
2008-11-03 21:48:05 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-11-03 21:47:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-03 21:08:17 ----D---- C:\QUARANTINE
2008-11-02 18:09:13 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-11-02 10:01:03 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-10-24 14:44:02 ----A---- C:\WINDOWS\imsins.BAK
2008-10-20 15:00:56 ----D---- C:\Documents and Settings\Meredith\Application Data\Move Networks
2008-10-16 15:14:35 ----SHD---- C:\WINDOWS\Installer
2008-10-16 15:14:35 ----HD---- C:\Config.Msi
2008-10-16 09:05:26 ----D---- C:\WINDOWS\system32\drivers
2008-10-16 09:04:06 ----A---- C:\WINDOWS\win.ini
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 12:22:30 ----D---- C:\Documents and Settings\Meredith\Application Data\ESRI
2008-10-13 09:26:17 ----D---- C:\Program Files\Yahoo!
2008-10-12 14:50:20 ----A---- C:\WINDOWS\cdplayer.ini
2008-10-11 23:56:30 ----D---- C:\WINDOWS\WinSxS
2008-10-11 23:56:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-10 11:26:37 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 mferkdk;VSCore mferkdk; \??\c:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-23 17778]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-04-13 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-01-10 7168]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-04-24 21425]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-10-19 5120]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-26 12544]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-24 308736]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2008-04-24 103424]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-04-05 546112]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-01-24 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-09 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-05-11 252312]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-02-26 5700096]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-02-27 21040]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-09-08 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-04-09 59392]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2006-10-16 194362]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-11-15 55840]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-03-09 152064]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-06 192512]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2003-09-29 83008]
S3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2007-02-27 1783936]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-03 28672]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
S3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-04-25 28800]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
S3 tpflhlp;tpflhlp; \??\C:\DRIVERS\7FUJ14US\tpflhlp.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-05-17 65536]
R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-03-21 364629]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-05-17 184320]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-26 434176]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-02-27 36400]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2006-06-19 73728]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-22 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-22 54872]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-26 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-26 950272]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2007-06-14 13312]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-03-02 37680]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2006-12-10 1118208]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-07 658432]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-12 138168]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-06 18:22:33

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.exe" -l0x9 UNINSTALL
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcGIS Desktop-->MsiExec.exe /I{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}
Atmel TPM Driver Installer 3.0.3.15-->MsiExec.exe /X{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CEP - Color Enable Package-->"C:\PROGRA~1\EAGAME~1\zCEP_Uninstaller\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FoodWise-->C:\PROGRA~1\FoodWise\UNWISE.EXE C:\PROGRA~1\FoodWise\INSTALL.LOG
Getting to Know ArcGIS Desktop Exercise Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C985915-C155-47FF-A8D3-765452371B58}\setup.exe" -l0x9
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\setup.exe" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->c:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935192)-->"C:\WINDOWS\$NtUninstallKB935192$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IBM 32-bit Runtime Environment for Java 2, v1.4.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logger Pro 3.5.0-->C:\Program Files\InstallShield Installation Information\{E2DFF531-D40B-491C-B835-2ADA154A36C0}\setup.exe -runfromtemp -l0x0009 -removeonly
McAfee SiteAdvisor-->C:\Program Files\SiteAdvisor\6261\uninstall.exe
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Suite 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE VERSION=11
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Producer for Microsoft Office PowerPoint 2003-->MsiExec.exe /I{155FBB0D-0EE9-42D1-9E41-E5E08F691033}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
On Screen Display-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
PDF to DOC-->MsiExec.exe /I{1CA550AA-054C-4AF4-9A5D-36CEAC5215E9}
PDFCreator-->MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
Python 2.4.1-->C:\Python24\\Python24\UNWISE.EXE C:\Python24\\Python24\INSTALL.LOG
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Scroll Lock Indicator Utility-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\TpScrLk.inf
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sierra Wireless MC5720 Package for Access Connections-->MsiExec.exe /X{7DA0C101-5C7C-40C9-A485-68E12780232C}
SimPE 0.66 (alpha)-->"C:\Program Files\SimPE\unins001.exe"
Sketchpad-->C:\PROGRA~1\SKETCH~1\UNWISE.EXE C:\PROGRA~1\SKETCH~1\INSTALL.LOG
Software Installer-->swiif.exe /U
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SPSS 15.0 for Windows-->MsiExec.exe /X{15B25E12-3E5F-4C13-A637-9EC72A55491E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Migration Assistant-->MsiExec.exe /X{9EA84FDD-CCC0-47FD-A993-923165BEA47A}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{48CF6549-B45D-4313-9927-EFCCC8A3493F} /l1033
Text Twist-->MsiExec.exe /X{ADC4B5E2-AE11-A2BE-7EE5-4AED8B12145B}
The Roleplaying assistant V7.13b-->MsiExec.exe /X{DA5BE26C-8295-4F7F-BBA8-475EF9231289}
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Celebration! Stuff-->C:\Program Files\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff-->C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Kitchen & Bath Interior Design Stuff-->C:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x9 -AddRemove
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\setup.exe" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\IBMTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -l0x9 UNINSTALL
ThinkPad UltraNav Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\setup.exe" -l0x9 UNINSTALL
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\setup.dll" -l0x9 UNINSTALLFROMSYS
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Away Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VitalSource Bookshelf-->MsiExec.exe /I{5A677810-AFA0-4C68-A85D-66689FBCB2C6}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->C:\09c1b8fa83b94e532c88\spuninst.exe
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->C:\09c1b8fa83b94e532c88\spuninst.exe
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O24 - Desktop Component 0: (no name) - file:///C:/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 4: (no name) - file:///C:/Temp/msohtml1/06/clip_image002.jpg
O24 - Desktop Component 2: (no name) - file:///C:/Temp/msohtml1/04/clip_image002.jpg
O24 - Desktop Component 5: (no name) - file:///C:/Temp/msohtml1/07/clip_image002.jpg
O24 - Desktop Component 7: (no name) - file:///C:/Temp/msohtml1/09/clip_image002.jpg
O24 - Desktop Component 8: (no name) - file:///C:/Temp/msohtml1/10/clip_image002.jpg
O24 - Desktop Component 3: (no name) - file:///C:/Temp/msohtml1/05/clip_image002.jpg
O24 - Desktop Component 6: (no name) - file:///C:/Temp/msohtml1/08/clip_image002.jpg
O24 - Desktop Component 9: (no name) - file:///C:/Temp/msohtml1/02/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Temp/msohtml1/03/clip_image002.jpg

======Security center information======

AV: McAfee VirusScan Enterprise (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ThinkPad\Utilities;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0a
"SMA"=c:\Program Files\ThinkVantage\SMA\
"TEMP"=c:\Temp
"TMP"=c:\Temp
"TPCCommon"=C:\PROGRA~1\THINKV~2\PrdCtr
"windir"=%SystemRoot%
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"PYTHONPATH"=C:\Program Files\ArcGIS\bin
"ARCGISHOME"=C:\Program Files\ArcGIS\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

You have a passwords stealer on your computer. Which steals usernames and passwords from online games. If you use any online games you need to change the passwords from a clean computer.

Use of P2P (Person to Person) file sharing programs

I see that you have signs of P2P program in your computer. Do you still have that installed? Please remove it before we can continue any further.

Please read HERE (http://forums.spybot.info/showpost.php?p=218503&postcount=4) the Safer Networks policy on the use of P2P file sharing programs.

Go to this folder and delete it C:\Program Files\DNA

It's gone.

OTMoveIt3

Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.


Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below.




:files
C:\Program Files\DNA
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\system32\4Sfk5D52.dll
C:\WINDOWS\system32\7Qdi8B85.exe.a_a
C:\WINDOWS\system32\7Qdi8B85.exe_
C:\WINDOWS\system32\7Qdi8B85.exe
C:\WINDOWS\system32\DQinwgNH.exe.a_a
C:\WINDOWS\system32\DQinwgNH.exe
C:\WINDOWS\imsins.BAK
:commands
[EmptyTemp]


Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.




Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3




Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.



Alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
Alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)



Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware


Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the Perform Full Scan option is selected.
Then click on the Scan button.


If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say The scan completed successfully. Click 'Show Results' to display all objects found.
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.[/color]

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:


OTMoveIt3 Log
Malwarebytes' Anti-Malware Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving

OTMoveit finnished, but it froze right after, so I wasn't able to copy those results. I did it again and copied the results in case it would be useful to you.

========== FILES ==========
File/Folder C:\Program Files\DNA not found.
File/Folder C:\WINDOWS\tasks\At1.job not found.
File/Folder C:\WINDOWS\tasks\At10.job not found.
File/Folder C:\WINDOWS\tasks\At11.job not found.
File/Folder C:\WINDOWS\tasks\At12.job not found.
File/Folder C:\WINDOWS\tasks\At13.job not found.
File/Folder C:\WINDOWS\tasks\At14.job not found.
File/Folder C:\WINDOWS\tasks\At15.job not found.
File/Folder C:\WINDOWS\tasks\At16.job not found.
File/Folder C:\WINDOWS\tasks\At17.job not found.
File/Folder C:\WINDOWS\tasks\At18.job not found.
File/Folder C:\WINDOWS\tasks\At19.job not found.
File/Folder C:\WINDOWS\tasks\At2.job not found.
File/Folder C:\WINDOWS\tasks\At20.job not found.
File/Folder C:\WINDOWS\tasks\At21.job not found.
File/Folder C:\WINDOWS\tasks\At22.job not found.
File/Folder C:\WINDOWS\tasks\At23.job not found.
File/Folder C:\WINDOWS\tasks\At24.job not found.
File/Folder C:\WINDOWS\tasks\At25.job not found.
File/Folder C:\WINDOWS\tasks\At26.job not found.
File/Folder C:\WINDOWS\tasks\At27.job not found.
File/Folder C:\WINDOWS\tasks\At28.job not found.
File/Folder C:\WINDOWS\tasks\At29.job not found.
File/Folder C:\WINDOWS\tasks\At3.job not found.
File/Folder C:\WINDOWS\tasks\At30.job not found.
File/Folder C:\WINDOWS\tasks\At31.job not found.
File/Folder C:\WINDOWS\tasks\At32.job not found.
File/Folder C:\WINDOWS\tasks\At33.job not found.
File/Folder C:\WINDOWS\tasks\At34.job not found.
File/Folder C:\WINDOWS\tasks\At35.job not found.
File/Folder C:\WINDOWS\tasks\At36.job not found.
File/Folder C:\WINDOWS\tasks\At37.job not found.
File/Folder C:\WINDOWS\tasks\At38.job not found.
File/Folder C:\WINDOWS\tasks\At39.job not found.
File/Folder C:\WINDOWS\tasks\At4.job not found.
File/Folder C:\WINDOWS\tasks\At40.job not found.
File/Folder C:\WINDOWS\tasks\At41.job not found.
File/Folder C:\WINDOWS\tasks\At42.job not found.
File/Folder C:\WINDOWS\tasks\At43.job not found.
File/Folder C:\WINDOWS\tasks\At44.job not found.
File/Folder C:\WINDOWS\tasks\At45.job not found.
File/Folder C:\WINDOWS\tasks\At46.job not found.
File/Folder C:\WINDOWS\tasks\At47.job not found.
File/Folder C:\WINDOWS\tasks\At48.job not found.
File/Folder C:\WINDOWS\tasks\At5.job not found.
File/Folder C:\WINDOWS\tasks\At6.job not found.
File/Folder C:\WINDOWS\tasks\At7.job not found.
File/Folder C:\WINDOWS\tasks\At8.job not found.
File/Folder C:\WINDOWS\tasks\At9.job not found.
File/Folder C:\WINDOWS\system32\4Sfk5D52.dll not found.
File/Folder C:\WINDOWS\system32\7Qdi8B85.exe.a_a not found.
File/Folder C:\WINDOWS\system32\7Qdi8B85.exe_ not found.
File/Folder C:\WINDOWS\system32\7Qdi8B85.exe not found.
File/Folder C:\WINDOWS\system32\DQinwgNH.exe.a_a not found.
File/Folder C:\WINDOWS\system32\DQinwgNH.exe not found.
File/Folder C:\WINDOWS\imsins.BAK not found.
========== COMMANDS ==========
File delete failed. c:\Temp\NAILogs\UpdaterUI_S09892-09.log scheduled to be deleted on reboot.
File delete failed. c:\Temp\etilqs_3LNAgsrqsQishRERMS1e scheduled to be deleted on reboot.
File delete failed. c:\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. c:\Temp\~DF766B.tmp scheduled to be deleted on reboot.
File delete failed. c:\Temp\~DF8051.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11072008_163817

Malwarebytes' Anti-Malware 1.30
Database version: 1373
Windows 5.1.2600 Service Pack 2

11/7/2008 8:43:16 PM
mbam-log-2008-11-07 (20-43-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 273109
Time elapsed: 1 hour(s), 36 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SSODL (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kipilebufu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tojayeku.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:33 PM, on 11/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meredith.edu/enews
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {fd20386e-6c63-4892-98d8-c052e5207380} - C:\WINDOWS\system32\dubolaho.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPM87e57a13] Rundll32.exe "c:\windows\system32\feduyizo.dll",a
O4 - HKLM\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.meredith.edu
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182974567968
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795}: Domain = meredith.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{89036D96-C6B7-4B52-B522-375D560DF72C}: Domain = meredith.edu
O20 - AppInit_DLLs: C:\WINDOWS\system32\giziraze.dll c:\windows\system32\feduyizo.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\feduyizo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\feduyizo.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14617 bytes

My computer seems pretty much the same - random popups. Now Mozilla is opening popups as tabs too.

Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

IMPORTANT: combofix.exe MUST be on your Desktop for us to proceed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on ComboFix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



NOTE: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.



Combofix should never take more that 20 minutes including the reboot if malware is detected.


Next Reply

Please reply with:


ComboFix log (found at C:\Combofix.txt)
New HijackThis log

How do I disable the anti malware programs?

Hello!

Spybot Teatimer is not running which is good andyou only need to disable Windows Defender. After you have disabled Windows defender run Combofix according to my instructions in my last post.

Disable Windows Defender

From your log i can see this that you are running a Windows Defender. This might interfere with fixes we are about to do so we need to disable it. To disable your Windows Defender Real-time Protection.



Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
Close Windows Defender



Note: Once your log is clean you can re-enable Windows Defender Real Time Protection.

Whenever I double-click combofix a little window comes up with a loading progress type bar and then disappears. Nothing happens after that. It's on my desktop.

Hello!

Can you see if this folder exist C:\Combofix.txt. If it does can you please post that log for me to see. If it doesnt exist could you try to run it again.

The log doesn't exist and combofix still does nothing after double clicking the icon. Should I download it again?

The log doesn't exist and combofix still does nothing after double clicking the icon. Should I download it again?

I am going to ask advice from other Malware experts, so for now dont do anything.

EDIT: After receiving help from Malware experts, could you please rename ComboFix.exe to Combofxx.exe and try running it again.

It still didn't work after I renamed it. When I renamed it it called itself a read-only file. Is it supposed to be?

Hello!

Delete the existing Combofix from your desktop and follow these instructions.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.


When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Still having problems... :banghead:

My download process is different... I click the link and tell it to save and then a box comes up with a download list showing the file being scanned for viruses and the progress. It doesn't give me the option to change the file name or choose 'desktop' as the download's destination. It automatically goes to 'My downloads' in 'my documents'. Everything came pre-installed on my computer, so I don't know how to change the setting. Sorry about being so problematic - I'm usually not this dense about computers :red:

Hello!

I have uploaded a renamed ComboFix for you to download and run. So download it and run it. Please post the log for me to see.

Here is the download link: http://www.mediafire.com/file/tixqj3wkdqm/biohazard.exe

It still did the same thing as before. I also looked for the text file under C but there isn't anything...

ATF-Cleaner

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.



Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords
please click No at the prompt.
Click Exit on the Main menu to close the program.




F-Secure Online Scan



Note: You will need to use Internet explorer for this scan
Go here (http://support.f-secure.com/enu/home/ols.shtml) to run an online scan from F-Secure
Click on Start scanning
This will open a new internet explorer window
It will require an activex control please install it
Click Accept
Click Full System Scan
It will now download the scanner this may take a while please be patient
It will then start scanning wait for the scan to finish
Click Automatic cleaning (recommended)
Wait for it finish the cleaning process
Click show report
This will open up a window with the results of the scan copy and paste those results as a reply to this topic


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:


Kaspersky Log
A fresh HijackThis Log ( after all the above has been done)

Scanning Report
Tuesday, November 11, 2008 10:09:48 - 12:36:22
Computer name: S09892-09
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 12 malware found
TrackingCookie.Questionmarket (spyware)
System
Trojan-Downloader.Win32.Agent (virus)
System
Trojan-Downloader.Win32.Agent.aogx (virus)
C:\_OTMOVEIT\MOVEDFILES\11072008_163422\WINDOWS\SYSTEM32\7QDI8B85.EXE (Renamed)
C:\WINDOWS\SYSTEM32\7QDI8B85.EXE
Trojan.Win32.Agent (virus)
System
Trojan.Win32.Agent.aljf (virus)
C:\_OTMOVEIT\MOVEDFILES\11072008_163422\WINDOWS\SYSTEM32\4SFK5D52.DLL (Renamed)
Vundo.FBW (virus)
C:\WINDOWS\SYSTEM32\AROWURUD.INI
C:\WINDOWS\SYSTEM32\IGEVANIR.INI
C:\WINDOWS\SYSTEM32\INEDARIV.INI
C:\WINDOWS\SYSTEM32\IWIPEYAR.INI
C:\WINDOWS\SYSTEM32\OJOPAYUM.INI
C:\WINDOWS\SYSTEM32\UYUWUYEL.INI

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 128309
System: 4745
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 2
Deleted: 0
None: 10
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\TEMP\ETILQS_UOBN98EAGWXU2BB22REO

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Blacklight: 2.4.1093
F-Secure Hydra: 2.8.8110, 2008-11-11
F-Secure Pegasus: 1.20.0, 2008-10-09
F-Secure AVP: 7.0.171, 2008-11-11
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:03 PM, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.execf
C:\WINDOWS\system32\findstr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meredith.edu/enews
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {fd20386e-6c63-4892-98d8-c052e5207380} - C:\WINDOWS\system32\dubolaho.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s
O4 - HKLM\..\Run: [84d6498f] rundll32.exe "C:\WINDOWS\system32\jinanujo.dll",b
O4 - HKLM\..\Run: [CPM87e57a13] Rundll32.exe "c:\windows\system32\geduvuha.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.meredith.edu
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182974567968
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795}: Domain = meredith.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{89036D96-C6B7-4B52-B522-375D560DF72C}: Domain = meredith.edu
O20 - AppInit_DLLs: C:\WINDOWS\system32\giziraze.dll c:\windows\system32\geduvuha.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\geduvuha.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\geduvuha.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14963 bytes

OTScanIt

Download OTScanIt (http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe) to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.


Open the OTScanIt folder and double-click on OTScanIt to start the program.

In the Files Created Within group click 30 days
In the Files Modified Within group select 30 days
In the File String Search group select Non-Microsoft


Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


Please post the resulting log here.


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:


OTScanIt Log

[code]
OTScanIt logfile created on: 11/11/2008 2:09:44 PM
OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Meredith\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

998.22 Mb Total Physical Memory | 364.96 Mb Available Physical Memory | 36.56% Memory free
4.00 Gb Paging File | 3.93 Gb Available in Paging File | 98.33% Paging File free
Paging file location(s): C:\pagefile.sys 4000 6000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 40.22 Gb Free Space | 53.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S09892-09
Current User Name: Meredith
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %SystemRoot%\system32\ibmpmsvc.exe -> Lenovo [Ver = 1.42 | Size = 36400 bytes | Modified Date = 2/27/2007 6:09:06 PM | Attr = ]
ipssvc.exe -> %SystemRoot%\system32\IPSSVC.EXE -> Lenovo Group Limited [Ver = 2, 0, 5, 2 | Size = 73728 bytes | Modified Date = 6/19/2006 1:06:00 AM | Attr = ]
acprfmgrsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.40 | Size = 65536 bytes | Modified Date = 5/17/2007 10:49:24 AM | Attr = ]
acs.exe -> %SystemRoot%\system32\acs.exe -> Atheros [Ver = 5.2.0.117 | Size = 364629 bytes | Modified Date = 3/21/2007 12:42:38 PM | Attr = ]
ezejmnap.exe -> %ProgramFiles%\ThinkPad\Utilities\EZEJMNAP.EXE -> Lenovo Group Limited [Ver = 1, 0, 0, 0 | Size = 243248 bytes | Modified Date = 11/29/2006 2:30:00 AM | Attr = ]
tposdsvc.exe -> %ProgramFiles%\Lenovo\HOTKEY\TPOSDSVC.exe -> Lenovo Group Limited [Ver = 1.00 | Size = 66176 bytes | Modified Date = 3/9/2007 1:49:42 PM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 110592 bytes | Modified Date = 2/14/2006 4:17:28 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 512000 bytes | Modified Date = 2/14/2006 4:16:28 PM | Attr = ]
tpscrlk.exe -> %SystemRoot%\system32\TpScrLk.exe -> [Ver = | Size = 40960 bytes | Modified Date = 10/8/2002 9:28:42 PM | Attr = ]
awaysch.exe -> %ProgramFiles%\Lenovo\AwayTask\AwaySch.EXE -> Lenovo Group Limited [Ver = 2, 0, 8, 0 | Size = 69632 bytes | Modified Date = 10/19/2006 2:08:00 AM | Attr = ]
lpmgr.exe -> %ProgramFiles%\ThinkVantage\PrdCtr\LPMGR.EXE -> Lenovo Group Limited [Ver = 1, 0, 0, 2 | Size = 120368 bytes | Modified Date = 3/23/2007 1:02:00 AM | Attr = ]
tponscr.exe -> %ProgramFiles%\Lenovo\HOTKEY\TPONSCR.exe -> Lenovo Group Limited [Ver = 1.00 | Size = 73776 bytes | Modified Date = 3/8/2007 12:16:48 PM | Attr = ]
actray.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.40 | Size = 413696 bytes | Modified Date = 5/17/2007 10:46:44 AM | Attr = ]
scheduler_proxy.exe -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,111,0 | Size = 536576 bytes | Modified Date = 12/10/2006 6:36:32 PM | Attr = ]
tpscrex.exe -> %ProgramFiles%\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe -> Lenovo Group Limited [Ver = 1.17 | Size = 86016 bytes | Modified Date = 5/30/2006 2:05:42 PM | Attr = ]
tpshocks.exe -> %SystemRoot%\system32\TpShocks.exe -> Lenovo. [Ver = 1.52.0.2 | Size = 181808 bytes | Modified Date = 3/29/2007 5:40:48 PM | Attr = ]
unavtray.exe -> %ProgramFiles%\ThinkPad\UltraNav Wizard\UNavTray.exe -> Lenovo Group Limited [Ver = 3.01 | Size = 225280 bytes | Modified Date = 7/4/2006 2:05:00 AM | Attr = ]
devdtct2.exe -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> OLYMPUS IMAGING CORP. [Ver = 3, 2, 5, 0 | Size = 118784 bytes | Modified Date = 2/22/2007 5:32:12 PM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/3/2006 5:02:14 PM | Attr = ]
suservice.exe -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 6/14/2007 5:40:44 AM | Attr = ]
tphdexlg.exe -> %SystemRoot%\system32\TPHDEXLG.exe -> Lenovo. [Ver = 1.52.0.7 | Size = 37680 bytes | Modified Date = 3/2/2007 4:49:00 PM | Attr = ]
tpkmpsvc.exe -> %SystemRoot%\system32\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 6/6/2005 8:26:22 PM | Attr = ]
tvtsched.exe -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,111,0 | Size = 1118208 bytes | Modified Date = 12/10/2006 6:36:22 PM | Attr = ]
acsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.40 | Size = 184320 bytes | Modified Date = 5/17/2007 10:49:28 AM | Attr = ]
svcguihlpr.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> Lenovo [Ver = 4.40 | Size = 114688 bytes | Modified Date = 5/17/2007 10:50:16 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.3 | Size = 307712 bytes | Modified Date = 9/30/2008 12:06:32 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AcPrfMgrSvc) Ac Profile Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.40 | Size = 65536 bytes | Modified Date = 5/17/2007 10:49:24 AM | Attr = ]
(acs) Atheros Configuration Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\acs.exe -> Atheros [Ver = 5.2.0.117 | Size = 364629 bytes | Modified Date = 3/21/2007 12:42:38 PM | Attr = ]
(AcSvc) Access Connections Main Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.40 | Size = 184320 bytes | Modified Date = 5/17/2007 10:49:28 AM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.04.010 | Size = 658432 bytes | Modified Date = 8/7/2008 10:25:26 AM | Attr = ]
(IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ibmpmsvc.exe -> Lenovo [Ver = 1.42 | Size = 36400 bytes | Modified Date = 2/27/2007 6:09:06 PM | Attr = ]
(IPSSVC) IPS Core Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\IPSSVC.EXE -> Lenovo Group Limited [Ver = 2, 0, 5, 2 | Size = 73728 bytes | Modified Date = 6/19/2006 1:06:00 AM | Attr = ]
(SUService) System Update [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 6/14/2007 5:40:44 AM | Attr = ]
(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TPHDEXLG.exe -> Lenovo. [Ver = 1.52.0.7 | Size = 37680 bytes | Modified Date = 3/2/2007 4:49:00 PM | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 6/6/2005 8:26:22 PM | Attr = ]
(TVT Scheduler) TVT Scheduler [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,111,0 | Size = 1118208 bytes | Modified Date = 12/10/2006 6:36:22 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> [] -> File not found
84d6498f -> %SystemRoot%\system32\jinanujo.dll [rundll32.exe "C:\WINDOWS\system32\jinanujo.dll",b] -> [Ver = | Size = 86068 bytes | Modified Date = 11/11/2008 11:21:19 AM | Attr = HS]
ACTray -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe [C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe] -> Lenovo [Ver = 4.40 | Size = 413696 bytes | Modified Date = 5/17/2007 10:46:44 AM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:55 PM | Attr = ]
AwaySch -> %ProgramFiles%\Lenovo\AwayTask\AwaySch.EXE [C:\Program Files\Lenovo\AwayTask\AwaySch.EXE] -> Lenovo Group Limited [Ver = 2, 0, 8, 0 | Size = 69632 bytes | Modified Date = 10/19/2006 2:08:00 AM | Attr = ]
BLOG -> %ProgramFiles%\ThinkPad\Utilities\BATLOGEX.DLL [rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog] -> [Ver = | Size = 208896 bytes | Modified Date = 4/13/2007 12:15:00 AM | Attr = ]
CPM87e57a13 -> %SystemRoot%\system32\geduvuha.dll [Rundll32.exe "c:\windows\system32\geduvuha.dll",a] -> [Ver = | Size = 92212 bytes | Modified Date = 11/11/2008 11:21:20 AM | Attr = HS]
DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> Sonic Solutions [Ver = 5.10.15a | Size = 122940 bytes | Modified Date = 8/1/2005 4:10:00 AM | Attr = ]
EZEJMNAP -> %ProgramFiles%\ThinkPad\Utilities\EZEJMNAP.EXE [C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe] -> Lenovo Group Limited [Ver = 1, 0, 0, 0 | Size = 243248 bytes | Modified Date = 11/29/2006 2:30:00 AM | Attr = ]
HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 6.14.10.4785 | Size = 155648 bytes | Modified Date = 2/26/2007 10:34:28 AM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 1:41:10 AM | Attr = ]
IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 2/26/2007 10:34:28 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.0.35 | Size = 289576 bytes | Modified Date = 9/10/2008 4:40:06 PM | Attr = ]
kipilebufu -> %SystemRoot%\system32\tojayeku.DLL [Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s] -> File not found
LPManager -> %ProgramFiles%\ThinkVantage\PrdCtr\LPMGR.EXE [C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe] -> Lenovo Group Limited [Ver = 1, 0, 0, 2 | Size = 120368 bytes | Modified Date = 3/23/2007 1:02:00 AM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe ["C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey] -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 10:27:00 AM | Attr = ]
MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\IMSCINST.EXE [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [Ver = | Size = 59392 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
Persistence -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 2/26/2007 10:33:56 AM | Attr = ]
PWRMGRTR -> %ProgramFiles%\ThinkPad\Utilities\PWRMGRTR.DLL [rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor] -> Lenovo Group Limited [Ver = 1, 0, 0, 0 | Size = 196608 bytes | Modified Date = 4/13/2007 12:15:00 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 9/6/2008 2:09:14 PM | Attr = ]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE] -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 7:50:00 PM | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe [C:\Program Files\SiteAdvisor\6253\SiteAdv.exe] -> McAfee, Inc. [Ver = 2.2.1.3 | Size = 36952 bytes | Modified Date = 12/19/2006 9:37:46 PM | Attr = ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe [C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray] -> Analog Devices, Inc. [Ver = 5, 2, 0, 52 | Size = 831488 bytes | Modified Date = 8/8/2007 8:13:24 AM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> Analog Devices, Inc. [Ver = 6,0,32,138 | Size = 1036288 bytes | Modified Date = 4/24/2008 4:53:24 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 3:27:04 AM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 512000 bytes | Modified Date = 2/14/2006 4:16:28 PM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 110592 bytes | Modified Date = 2/14/2006 4:17:28 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 9/23/2008 2:40:26 PM | Attr = ]
TP4EX -> %SystemRoot%\system32\TP4EX.exe [tp4ex.exe] -> Lenovo Group Limited [Ver = 1.11.00 | Size = 65536 bytes | Modified Date = 10/17/2005 12:11:00 AM | Attr = ]
TPHOTKEY -> %ProgramFiles%\Lenovo\HOTKEY\TPOSDSVC.exe [C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe] -> Lenovo Group Limited [Ver = 1.00 | Size = 66176 bytes | Modified Date = 3/9/2007 1:49:42 PM | Attr = ]
TPKBDLED -> %SystemRoot%\system32\TpScrLk.exe [C:\WINDOWS\system32\TpScrLk.exe] -> [Ver = | Size = 40960 bytes | Modified Date = 10/8/2002 9:28:42 PM | Attr = ]
TPKMAPHELPER -> %ProgramFiles%\ThinkPad\Utilities\TpKmapAp.exe [C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper] -> Lenovo [Ver = 1, 3, 0, 0 | Size = 856064 bytes | Modified Date = 6/2/2006 9:00:18 PM | Attr = ]
TpShocks -> %SystemRoot%\system32\TpShocks.exe [TpShocks.exe] -> Lenovo. [Ver = 1.52.0.2 | Size = 181808 bytes | Modified Date = 3/29/2007 5:40:48 PM | Attr = ]
TVT Scheduler Proxy -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe [c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe] -> Lenovo Group Limited [Ver = 4,0,111,0 | Size = 536576 bytes | Modified Date = 12/10/2006 6:36:32 PM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
QNPlus -> [] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\ThinkPad\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.1.0.3100 | Size = 561213 bytes | Modified Date = 2/27/2007 4:43:30 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 3.lnk -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> OLYMPUS IMAGING CORP. [Ver = 3, 2, 5, 0 | Size = 118784 bytes | Modified Date = 2/22/2007 5:32:12 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/3/2006 5:02:14 PM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 3:21:22 AM | Attr = ]
< Meredith Startup Folder > -> C:\Documents and Settings\Meredith\Start Menu\Programs\Startup ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\WINDOWS\system32\giziraze.dll -> %SystemRoot%\system32\giziraze.dll -> [Ver = | Size = 60928 bytes | Modified Date = 8/7/2008 5:55:22 PM | Attr = HS]
c:\windows\system32\geduvuha.dll -> %SystemRoot%\system32\geduvuha.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/11/2008 11:21:20 AM | Attr = HS]
*MultiFile Done* -> ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geduvuha.dll [SSODL] -> [Ver = | Size = 92212 bytes | Modified Date = 11/11/2008 11:21:20 AM | Attr = HS]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geduvuha.dll [STS] -> [Ver = | Size = 92212 bytes | Modified Date = 11/11/2008 11:21:20 AM | Attr = HS]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ACNotify -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACNotify.dll -> Lenovo [Ver = 4.40 | Size = 32768 bytes | Modified Date = 5/17/2007 10:41:54 AM | Attr = ]
AwayNotify -> %ProgramFiles%\Lenovo\AwayTask\AwayNotify.dll -> Lenovo Group Limited [Ver = 2, 0, 0, 0 | Size = 49152 bytes | Modified Date = 3/9/2006 4:02:00 AM | Attr = ]
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4785 | Size = 204800 bytes | Modified Date = 2/26/2007 10:33:26 AM | Attr = ]
tpfnf2 -> %ProgramFiles%\Lenovo\HOTKEY\notifyf2.dll -> [Ver = | Size = 34344 bytes | Modified Date = 9/6/2006 3:37:30 PM | Attr = ]
tphotkey -> %ProgramFiles%\Lenovo\HOTKEY\tphklock.dll -> [Ver = | Size = 28672 bytes | Modified Date = 12/14/2006 10:06:42 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
< Drives with AutoRun files > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 6/7/2006 7:54:23 AM | Attr = ]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.meredith.edu/enews ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. ->
internet .[about] -> Trusted sites ->
mcafee.com .[http] -> Trusted sites ->
mcafee.com .[https] -> Trusted sites ->
www_meredith.edu [http] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.10.15a | Size = 110652 bytes | Modified Date = 8/1/2005 4:10:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan Enterprise\ScriptCl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 67136 bytes | Modified Date = 11/30/2006 7:50:00 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/12/2008 11:11:32 AM | Attr = R ]
{fd20386e-6c63-4892-98d8-c052e5207380} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dubolaho.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 60928 bytes | Modified Date = 8/7/2008 5:55:22 PM | Attr = HS]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/12/2008 11:11:32 AM | Attr = R ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/12/2008 11:11:32 AM | Attr = R ]
WebBrowser\\{C17590D2-ECB4-4B15-8820-F58798DCC118} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found
{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}:Exec -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> Lenovo Group Limited [Ver = 4.01 | Size = 1668720 bytes | Modified Date = 11/13/2006 3:18:56 PM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> Lenovo Group Limited [Ver = 4.01 | Size = 1668720 bytes | Modified Date = 11/13/2006 3:18:56 PM | Attr = ]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Send to &Bluetooth Device... -> %ProgramFiles%\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 2773 bytes | Modified Date = 8/16/2006 6:16:32 AM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{26A20D3C-5DE1-4B31-8AF5-6270D888E907} -> () ->
{328BC6EE-7C97-48F9-B4C5-53148C0884A8} -> () ->
{3752B42D-5DFF-4CBC-B6B1-C05FCA43534C} -> (1394 Net Adapter) ->
{4187EBCA-B077-4A52-A36D-10F74741A136} -> () ->
{5067D66F-4C4F-4C58-ABF6-7A70D787E6CF} -> (1394 Net Adapter) ->
{51E7502F-4AA1-4632-B19F-6CF6B0295E2F} -> (Intel(R) 82566MM Gigabit Network Connection) ->
{520329B2-1CB1-4618-80AB-8CCBC4171B3A} -> (1394 Net Adapter) ->
{532D89DA-972E-4615-AAC9-8FC1E70B6AAF} -> (1394 Net Adapter) ->
{54EA79B1-4B2D-46BB-899B-58A0038C1070} -> (11a/b/g Wireless LAN Mini PCI Express Adapter) ->
{558FFD35-9F52-4A51-A8E7-B0D197E0FB78} -> () ->
{6CB49B5B-44C8-4906-A4A2-09A3D40AE7C7} -> () ->
{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795} -> () ->
{7C767F6E-9DB6-4347-A7F4-27E42E8493BE} -> () ->
{89036D96-C6B7-4B52-B522-375D560DF72C} -> () ->
{9C09072A-7E49-4606-9396-78AEB848EE00} -> () ->
{A2BC3311-4526-4D46-B5BE-165DFBC08CDB} -> () ->
{A947EA0E-181D-4B8E-8B15-22B4E9EE4390} -> () ->
{C0C5D60B-AF11-452A-91FB-02A3D4B59366} -> () ->
{E3EDFA1F-2BC8-4206-97A0-EE2A3BF6AD8C} -> () ->
{E79DDD2F-4F10-4F4F-8A28-AF629492FDB1} -> () ->
{EAC0FB5C-C963-4B04-B2BB-69238F212F18} -> () ->
{F0AE2AE6-0888-4A35-883F-C8D14A5B6ACC} -> () ->
{F8E44462-ADB6-4A17-A878-1E86261DEAF9} -> () ->
{FCD55111-C07B-4C77-802E-B8F716632167} -> () ->
{FDA2564D-CC4B-43D3-8A20-BA3E62C6E967} -> () ->
{FF02E727-7F1F-4093-8D1D-B2B534E2E73B} -> () ->

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 8/29/2008 8:53:50 AM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab[IASRunner Class] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734[WUWebControl Class] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182974567968[MUWebControl Class] ->
{74FFE28D-2378-11D5-990C-006094235084}[HKEY_LOCAL_MACHINE] -> http://www-307.ibm.com/pc/support/IbmEgath.cab[IBM Access Support] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab[Java Plug-in 1.4.2] ->
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab[Java Plug-in 1.5.0_12] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/acpir2.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/acpir2.dll\\.Owner -> {2DAD3559-2923-4935-AD49-B673D2539944} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/acpir2.dll\\{2DAD3559-2923-4935-AD49-B673D2539944} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathdrv.sys\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathdrv.sys\\.Owner -> {74FFE28D-2378-11D5-990C-006094235084} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathdrv.sys\\{74FFE28D-2378-11D5-990C-006094235084} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathvxd.vxd\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathvxd.vxd\\.Owner -> {74FFE28D-2378-11D5-990C-006094235084} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathvxd.vxd\\{74FFE28D-2378-11D5-990C-006094235084} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IbmEgath.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IbmEgath.dll\\.Owner -> {74FFE28D-2378-11D5-990C-006094235084} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IbmEgath.dll\\{74FFE28D-2378-11D5-990C-006094235084} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/capicom.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/capicom.dll\\.Owner -> {2DAD3559-2923-4935-AD49-B673D2539944} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/capicom.dll\\{2DAD3559-2923-4935-AD49-B673D2539944} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> ->



[Files/Folders - Created Within 30 days]
32788R22FWJFW -> %SystemDrive%\32788R22FWJFW -> [Folder | Created Date = 11/8/2008 5:57:37 PM | Attr = ]
fsaua.data -> %SystemDrive%\fsaua.data -> [Folder | Created Date = 11/11/2008 10:03:38 AM | Attr = ]
McAfee -> %SystemDrive%\McAfee -> [Folder | Created Date = 11/8/2008 1:53:23 PM | Attr = ]
rsit -> %SystemDrive%\rsit -> [Folder | Created Date = 11/6/2008 6:22:29 PM | Attr = ]
SiteAdvisor -> %SystemDrive%\SiteAdvisor -> [Folder | Created Date = 11/8/2008 1:53:23 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 11/7/2008 4:34:22 PM | Attr = ]
7Qdi8B85.exe.a_a -> %SystemRoot%\System32\7Qdi8B85.exe.a_a -> [Ver = | Size = 0 bytes | Created Date = 11/7/2008 7:55:40 PM | Attr = ]
arowurud.ini -> %SystemRoot%\System32\arowurud.ini -> [Ver = | Size = 1931386 bytes | Created Date = 11/9/2008 11:55:34 AM | Attr = HS]
igevanir.ini -> %SystemRoot%\System32\igevanir.ini -> [Ver = | Size = 1931386 bytes | Created Date = 11/8/2008 11:55:24 PM | Attr = HS]
inedariv.ini -> %SystemRoot%\System32\inedariv.ini -> [Ver = | Size = 1931386 bytes | Created Date = 11/8/2008 11:55:10 AM | Attr = HS]
iwipeyar.ini -> %SystemRoot%\System32\iwipeyar.ini -> [Ver = | Size = 1937327 bytes | Created Date = 11/10/2008 11:20:58 PM | Attr = HS]
ojopayum.ini -> %SystemRoot%\System32\ojopayum.ini -> [Ver = | Size = 1937319 bytes | Created Date = 11/10/2008 11:20:32 AM | Attr = HS]
ojunanij.ini -> %SystemRoot%\System32\ojunanij.ini -> [Ver = | Size = 1941145 bytes | Created Date = 11/11/2008 11:21:27 AM | Attr = HS]
spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [Ver = | Size = 230 bytes | Created Date = 11/5/2008 9:24:13 PM | Attr = ]
uyuwuyel.ini -> %SystemRoot%\System32\uyuwuyel.ini -> [Ver = | Size = 1931386 bytes | Created Date = 11/7/2008 6:00:52 PM | Attr = HS]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At10.job -> %SystemRoot%\tasks\At10.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At11.job -> %SystemRoot%\tasks\At11.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At12.job -> %SystemRoot%\tasks\At12.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At13.job -> %SystemRoot%\tasks\At13.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At14.job -> %SystemRoot%\tasks\At14.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At15.job -> %SystemRoot%\tasks\At15.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At16.job -> %SystemRoot%\tasks\At16.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At17.job -> %SystemRoot%\tasks\At17.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At18.job -> %SystemRoot%\tasks\At18.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At19.job -> %SystemRoot%\tasks\At19.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At20.job -> %SystemRoot%\tasks\At20.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At21.job -> %SystemRoot%\tasks\At21.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At22.job -> %SystemRoot%\tasks\At22.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At23.job -> %SystemRoot%\tasks\At23.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At24.job -> %SystemRoot%\tasks\At24.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At3.job -> %SystemRoot%\tasks\At3.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At4.job -> %SystemRoot%\tasks\At4.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At5.job -> %SystemRoot%\tasks\At5.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At6.job -> %SystemRoot%\tasks\At6.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At7.job -> %SystemRoot%\tasks\At7.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At8.job -> %SystemRoot%\tasks\At8.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At9.job -> %SystemRoot%\tasks\At9.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 282 bytes | Modified Date = 11/8/2008 2:10:08 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1046786048 bytes | Modified Date = 11/8/2008 2:13:23 PM | Attr = HS]
7Qdi8B85.exe.a_a -> %SystemRoot%\System32\7Qdi8B85.exe.a_a -> [Ver = | Size = 0 bytes | Modified Date = 11/7/2008 7:55:40 PM | Attr = ]
arowurud.ini -> %SystemRoot%\System32\arowurud.ini -> [Ver = | Size = 1931386 bytes | Modified Date = 11/9/2008 11:55:44 AM | Attr = HS]
bumepusu.dll -> %SystemRoot%\System32\bumepusu.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/8/2008 11:55:05 AM | Attr = HS]
11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
dafiludu.dll -> %SystemRoot%\System32\dafiludu.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/10/2008 11:20:56 PM | Attr = HS]
feduyizo.dll -> %SystemRoot%\System32\feduyizo.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/7/2008 6:00:49 PM | Attr = HS]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 434168 bytes | Modified Date = 10/16/2008 2:36:33 PM | Attr = ]
gahehani.dll -> %SystemRoot%\System32\gahehani.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/8/2008 11:55:21 PM | Attr = HS]
geduvuha.dll -> %SystemRoot%\System32\geduvuha.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/11/2008 11:21:20 AM | Attr = HS]
igevanir.ini -> %SystemRoot%\System32\igevanir.ini -> [Ver = | Size = 1931386 bytes | Modified Date = 11/8/2008 11:55:35 PM | Attr = HS]
inedariv.ini -> %SystemRoot%\System32\inedariv.ini -> [Ver = | Size = 1931386 bytes | Modified Date = 11/8/2008 11:55:24 AM | Attr = HS]
iwipeyar.ini -> %SystemRoot%\System32\iwipeyar.ini -> [Ver = | Size = 1937327 bytes | Modified Date = 11/11/2008 10:00:07 AM | Attr = HS]
jewobegu.dll -> %SystemRoot%\System32\jewobegu.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/10/2008 11:20:28 AM | Attr = HS]
jinanujo.dll -> %SystemRoot%\System32\jinanujo.dll -> [Ver = | Size = 86068 bytes | Modified Date = 11/11/2008 11:21:19 AM | Attr = HS]
muyapojo.dll -> %SystemRoot%\System32\muyapojo.dll -> [Ver = | Size = 86068 bytes | Modified Date = 11/10/2008 11:20:28 AM | Attr = ]
ojopayum.ini -> %SystemRoot%\System32\ojopayum.ini -> [Ver = | Size = 1937319 bytes | Modified Date = 11/10/2008 11:21:06 AM | Attr = HS]
ojunanij.ini -> %SystemRoot%\System32\ojunanij.ini -> [Ver = | Size = 1941145 bytes | Modified Date = 11/11/2008 11:22:05 AM | Attr = HS]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 71710 bytes | Modified Date = 11/8/2008 2:30:32 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 442192 bytes | Modified Date = 11/8/2008 2:30:32 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 522706 bytes | Modified Date = 11/8/2008 2:30:32 PM | Attr = ]
PROCDB.INI -> %SystemRoot%\System32\PROCDB.INI -> [Ver = | Size = 9882 bytes | Modified Date = 11/8/2008 2:26:11 PM | Attr = ]
rayepiwi.dll -> %SystemRoot%\System32\rayepiwi.dll -> [Ver = | Size = 86068 bytes | Modified Date = 11/10/2008 11:20:56 PM | Attr = ]
spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [Ver = | Size = 230 bytes | Modified Date = 11/5/2008 9:24:13 PM | Attr = ]
uyuwuyel.ini -> %SystemRoot%\System32\uyuwuyel.ini -> [Ver = | Size = 1931386 bytes | Modified Date = 11/7/2008 6:01:04 PM | Attr = HS]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/8/2008 2:26:16 PM | Attr = ]
yayazora -> %SystemRoot%\System32\yayazora -> [Ver = | Size = 6456 bytes | Modified Date = 11/11/2008 2:04:37 PM | Attr = H ]
zovudala.dll -> %SystemRoot%\System32\zovudala.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/9/2008 11:55:32 AM | Attr = HS]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/8/2008 2:13:25 PM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 138 bytes | Modified Date = 10/12/2008 2:50:20 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 823 bytes | Modified Date = 10/16/2008 9:04:06 AM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 10/14/2008 8:31:00 PM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 350 bytes | Modified Date = 11/11/2008 12:16:10 AM | Attr = ]
At10.job -> %SystemRoot%\tasks\At10.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At11.job -> %SystemRoot%\tasks\At11.job -> [Ver = | Size = 350 bytes | Modified Date = 11/11/2008 10:00:10 AM | Attr = ]
At12.job -> %SystemRoot%\tasks\At12.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 11:00:10 AM | Attr = ]
At13.job -> %SystemRoot%\tasks\At13.job -> [Ver = | Size = 350 bytes | Modified Date = 11/11/2008 12:00:01 PM | Attr = ]
At14.job -> %SystemRoot%\tasks\At14.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 1:00:10 PM | Attr = ]
At15.job -> %SystemRoot%\tasks\At15.job -> [Ver = | Size = 350 bytes | Modified Date = 11/11/2008 2:00:00 PM | Attr = ]
At16.job -> %SystemRoot%\tasks\At16.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 3:00:10 PM | Attr = ]
At17.job -> %SystemRoot%\tasks\At17.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 4:00:10 PM | Attr = ]
At18.job -> %SystemRoot%\tasks\At18.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At19.job -> %SystemRoot%\tasks\At19.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 6:00:10 PM | Attr = ]
At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 350 bytes | Modified Date = 11/8/2008 1:00:10 AM | Attr = ]
At20.job -> %SystemRoot%\tasks\At20.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 7:00:10 PM | Attr = ]
At21.job -> %SystemRoot%\tasks\At21.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 8:00:10 PM | Attr = ]
At22.job -> %SystemRoot%\tasks\At22.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 9:00:10 PM | Attr = ]
At23.job -> %SystemRoot%\tasks\At23.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 10:00:10 PM | Attr = ]
At24.job -> %SystemRoot%\tasks\At24.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 11:00:10 PM | Attr = ]
At3.job -> %SystemRoot%\tasks\At3.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At4.job -> %SystemRoot%\tasks\At4.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At5.job -> %SystemRoot%\tasks\At5.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At6.job -> %SystemRoot%\tasks\At6.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At7.job -> %SystemRoot%\tasks\At7.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At8.job -> %SystemRoot%\tasks\At8.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At9.job -> %SystemRoot%\tasks\At9.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 11/10/2008 6:59:52 PM | Attr = H ]
PMTask.job -> %SystemRoot%\tasks\PMTask.job -> [Ver = | Size = 306 bytes | Modified Date = 11/11/2008 12:14:51 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/8/2008 2:13:31 PM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 6/7/2006 8:56:48 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 11/7/2008 1:45:48 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5464 bytes | Modified Date = 11/7/2008 1:45:47 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 6/8/2006 7:24:09 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 6/8/2006 7:24:09 AM | Attr = ]
c:\Temp\ -> c:\Temp -> [Folder | Modified Date = 11/11/2008 2:06:52 PM | Attr = ]
eauninstall.exe -> c:\Temp\eauninstall.exe -> Electronic Arts Inc. [Ver = 1.04.00.356 | Size = 352256 bytes | Modified Date = 2/10/2005 4:41:40 PM | Attr = ]
GTV785kQ.exe -> c:\Temp\GTV785kQ.exe -> [Ver = | Size = 60928 bytes | Modified Date = 11/7/2008 5:55:20 PM | Attr = ]
The Sims 2_uninst.exe -> c:\Temp\The Sims 2_uninst.exe -> EA [Ver = 4, 0, 0, 23 | Size = 86016 bytes | Modified Date = 8/17/2004 9:13:58 PM | Attr = ]
77 c:\Temp\*.tmp files -> c:\Temp\*.tmp ->
c:\Temp\OnlineScanner\Anti-Virus\ -> c:\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 11/11/2008 10:29:24 AM | Attr = ]
fsgk32.exe -> c:\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fssm32.exe -> c:\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
c:\Temp\OnlineScanner\updates\fsav_beta\ -> c:\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsgk32.exe -> c:\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fssm32.exe -> c:\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
c:\Temp\OnlineScanner\Anti-Virus\ -> c:\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 11/11/2008 10:29:24 AM | Attr = ]
AVPFPI0.dll -> c:\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
avpproxy.dll -> c:\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
daas_s.dll -> c:\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr = ]
fm4av.dll -> c:\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [Ver = | Size = 514048 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fpinor.dll -> c:\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsbl.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsbld.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = BlackLight 2.4.1093 | Size = 731784 bytes | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]
fsecr32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsgkiapi.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsmart.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
fspe32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fssubmit.dll -> c:\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
fsup32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupcx32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupfg32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupmw32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupnp32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupux32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupwu32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsusscr.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.40.14421 | Size = 883336 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
Nse_w32.dll -> c:\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,93,01 | Size = 588856 bytes | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
c:\Temp\OnlineScanner\updates\fsav_beta\ -> c:\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
AVPFPI0.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
avpproxy.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fm4av.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [Ver = | Size = 514048 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fpinor.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsbl.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsgkiapi.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
c:\Temp\OnlineScanner\updates\hydrawin\ -> c:\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsecr32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fspe32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsup32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupcx32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupfg32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupmw32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupnp32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupux32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupwu32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
c:\Temp\OnlineScanner\updates\mlcwin\ -> c:\Temp\OnlineScanner\updates\mlcwin -> [Folder | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
fsmart.dll -> c:\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
fsusscr.dll -> c:\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.40.14421 | Size = 883336 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_30_pegdb\ -> c:\Temp\OnlineScanner\updates\ols_30_pegdb -> [Folder | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
Nse_w32.dll -> c:\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,93,01 | Size = 588856 bytes | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_33_bin\ -> c:\Temp\OnlineScanner\updates\ols_33_bin -> [Folder | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
fssubmit.dll -> c:\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_bl\ -> c:\Temp\OnlineScanner\updates\ols_bl -> [Folder | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]
fsblu.dll -> c:\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = BlackLight 2.4.1093 | Size = 731784 bytes | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]
c:\Temp\ -> c:\Temp -> [Folder | Modified Date = 11/11/2008 2:06:52 PM | Attr = ]
4Amr5K52.dat -> c:\Temp\4Amr5K52.dat -> [Ver = | Size = 820 bytes | Modified Date = 11/11/2008 10:25:52 AM | Attr = ]
7Bns8L85.dat -> c:\Temp\7Bns8L85.dat -> [Ver = | Size = 12071 bytes | Modified Date = 11/11/2008 7:30:31 AM | Attr = ]
77 c:\Temp\*.tmp files -> c:\Temp\*.tmp ->
c:\Temp\OnlineScanner\Anti-Virus\ -> c:\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 11/11/2008 10:29:24 AM | Attr = ]
ext.dat -> c:\Temp\OnlineScanner\Anti-Virus\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 11/11/2008 10:08:53 AM | Attr = ]
fsedb.dat -> c:\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> [Ver = | Size = 1743290 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupdllb.dat -> c:\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [Ver = | Size = 422594 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupplgn.dat -> c:\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat -> [Ver = | Size = 226 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsuptmpl.dat -> c:\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat -> [Ver = | Size = 5828 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
perf.dat -> c:\Temp\OnlineScanner\Anti-Virus\perf.dat -> [Ver = | Size = 128 bytes | Modified Date = 11/11/2008 10:09:49 AM | Attr = ]
sae.dat -> c:\Temp\OnlineScanner\Anti-Virus\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 11/11/2008 10:08:52 AM | Attr = ]
sai.dat -> c:\Temp\OnlineScanner\Anti-Virus\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 11/11/2008 10:08:52 AM | Attr = ]
c:\Temp\OnlineScanner\updates\avmisc\ -> c:\Temp\OnlineScanner\updates\avmisc -> [Folder | Modified Date = 11/11/2008 10:08:54 AM | Attr = ]
ext.dat -> c:\Temp\OnlineScanner\updates\avmisc\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 11/11/2008 10:08:53 AM | Attr = ]
sae.dat -> c:\Temp\OnlineScanner\updates\avmisc\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 11/11/2008 10:08:52 AM | Attr = ]
sai.dat -> c:\Temp\OnlineScanner\updates\avmisc\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 11/11/2008 10:08:52 AM | Attr = ]
c:\Temp\OnlineScanner\updates\hydrawin\ -> c:\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsedb.dat -> c:\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [Ver = | Size = 1743290 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupdllb.dat -> c:\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [Ver = | Size = 422594 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupplgn.dat -> c:\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat -> [Ver = | Size = 226 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsuptmpl.dat -> c:\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat -> [Ver = | Size = 5828 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
c:\Temp\OnlineScanner\Anti-Virus\ -> c:\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 11/11/2008 10:29:24 AM | Attr = ]
FS@av.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@av.ini -> [Ver = | Size = 203 bytes | Modified Date = 11/11/2008 10:08:53 AM | Attr = ]
FS@avpe.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini -> [Ver = | Size = 205 bytes | Modified Date = 11/11/2008 10:08:40 AM | Attr = ]
FS@bleng.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini -> [Ver = | Size = 252 bytes | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]
FS@corp.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@corp.ini -> [Ver = | Size = 176 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
FS@hydra.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini -> [Ver = | Size = 250 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
FS@mlc.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini -> [Ver = | Size = 204 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
FS@ols.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@ols.ini -> [Ver = | Size = 168 bytes | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
FS@peg.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@peg.ini -> [Ver = | Size = 204 bytes | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
verdicts.ini -> c:\Temp\OnlineScanner\Anti-Virus\verdicts.ini -> [Ver = | Size = 4184 bytes | Modified Date = 11/11/2008 10:08:41 AM | Attr = ]
c:\Temp\OnlineScanner\updates\avmisc\ -> c:\Temp\OnlineScanner\updates\avmisc -> [Folder | Modified Date = 11/11/2008 10:08:54 AM | Attr = ]
FS@av.ini -> c:\Temp\OnlineScanner\updates\avmisc\FS@av.ini -> [Ver = | Size = 203 bytes | Modified Date = 11/11/2008 10:08:53 AM | Attr = ]
c:\Temp\OnlineScanner\updates\avpe\ -> c:\Temp\OnlineScanner\updates\avpe -> [Folder | Modified Date = 11/11/2008 10:08:47 AM | Attr = ]
FS@avpe.ini -> c:\Temp\OnlineScanner\updates\avpe\FS@avpe.ini -> [Ver = | Size = 205 bytes | Modified Date = 11/11/2008 10:08:40 AM | Attr = ]
verdicts.ini -> c:\Temp\OnlineScanner\updates\avpe\verdicts.ini -> [Ver = | Size = 4184 bytes | Modified Date = 11/11/2008 10:08:41 AM | Attr = ]
c:\Temp\OnlineScanner\updates\fsav_beta\ -> c:\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
FS@corp.ini -> c:\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini -> [Ver = | Size = 176 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
c:\Temp\OnlineScanner\updates\hydrawin\ -> c:\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
FS@hydra.ini -> c:\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini -> [Ver = | Size = 250 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
c:\Temp\OnlineScanner\updates\mlcwin\ -> c:\Temp\OnlineScanner\updates\mlcwin -> [Folder | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
FS@mlc.ini -> c:\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini -> [Ver = | Size = 204 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_30_pegdb\ -> c:\Temp\OnlineScanner\updates\ols_30_pegdb -> [Folder | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
FS@peg.ini -> c:\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini -> [Ver = | Size = 204 bytes | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_33_bin\ -> c:\Temp\OnlineScanner\updates\ols_33_bin -> [Folder | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
FS@ols.ini -> c:\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini -> [Ver = | Size = 168 bytes | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_bl\ -> c:\Temp\OnlineScanner\updates\ols_bl -> [Folder | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]
FS@bleng.ini -> c:\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini -> [Ver = | Size = 252 bytes | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]

< End of report >
[/code]

Malwarebytes' Anti-Malware



Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
Close MBAM.
Do not run a scan with MBAM yet.





Now disconnect from the internet. Unplug your line connection. <------ Important

Once disconnected.



OTScanIt

Now start OTScanIt. Copy/Paste the information in the quotebox below into the pane where it says
Paste fix here and then click the Run Fix button.


[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 84d6498f -> %SystemRoot%\system32\jinanujo.dll [rundll32.exe "C:\WINDOWS\system32\jinanujo.dll",b]
YN -> CPM87e57a13 -> %SystemRoot%\system32\geduvuha.dll [Rundll32.exe "c:\windows\system32\geduvuha.dll",a]
YN -> kipilebufu -> %SystemRoot%\system32\tojayeku.DLL [Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> QNPlus -> []
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> C:\WINDOWS\system32\giziraze.dll -> %SystemRoot%\system32\giziraze.dll
YN -> c:\windows\system32\geduvuha.dll -> %SystemRoot%\system32\geduvuha.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geduvuha.dll [SSODL]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geduvuha.dll [STS]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {fd20386e-6c63-4892-98d8-c052e5207380} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dubolaho.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{C17590D2-ECB4-4B15-8820-F58798DCC118} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll[Reg Error: Value does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
NY -> 32788R22FWJFW -> %SystemDrive%\32788R22FWJFW
NY -> 7Qdi8B85.exe.a_a -> %SystemRoot%\System32\7Qdi8B85.exe.a_a
NY -> arowurud.ini -> %SystemRoot%\System32\arowurud.ini
NY -> igevanir.ini -> %SystemRoot%\System32\igevanir.ini
NY -> inedariv.ini -> %SystemRoot%\System32\inedariv.ini
NY -> iwipeyar.ini -> %SystemRoot%\System32\iwipeyar.ini
NY -> ojopayum.ini -> %SystemRoot%\System32\ojopayum.ini
NY -> ojunanij.ini -> %SystemRoot%\System32\ojunanij.ini
NY -> uyuwuyel.ini -> %SystemRoot%\System32\uyuwuyel.ini
NY -> At1.job -> %SystemRoot%\tasks\At1.job
NY -> At10.job -> %SystemRoot%\tasks\At10.job
NY -> At11.job -> %SystemRoot%\tasks\At11.job
NY -> At12.job -> %SystemRoot%\tasks\At12.job
NY -> At13.job -> %SystemRoot%\tasks\At13.job
NY -> At14.job -> %SystemRoot%\tasks\At14.job
NY -> At15.job -> %SystemRoot%\tasks\At15.job
NY -> At16.job -> %SystemRoot%\tasks\At16.job
NY -> At17.job -> %SystemRoot%\tasks\At17.job
NY -> At18.job -> %SystemRoot%\tasks\At18.job
NY -> At19.job -> %SystemRoot%\tasks\At19.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At20.job -> %SystemRoot%\tasks\At20.job
NY -> At21.job -> %SystemRoot%\tasks\At21.job
NY -> At22.job -> %SystemRoot%\tasks\At22.job
NY -> At23.job -> %SystemRoot%\tasks\At23.job
NY -> At24.job -> %SystemRoot%\tasks\At24.job
NY -> At3.job -> %SystemRoot%\tasks\At3.job
NY -> At4.job -> %SystemRoot%\tasks\At4.job
NY -> At5.job -> %SystemRoot%\tasks\At5.job
NY -> At6.job -> %SystemRoot%\tasks\At6.job
NY -> At7.job -> %SystemRoot%\tasks\At7.job
NY -> At8.job -> %SystemRoot%\tasks\At8.job
NY -> At9.job -> %SystemRoot%\tasks\At9.job
[Files/Folders - Modified Within 30 days]
NY -> 7Qdi8B85.exe.a_a -> %SystemRoot%\System32\7Qdi8B85.exe.a_a
NY -> arowurud.ini -> %SystemRoot%\System32\arowurud.ini
NY -> dafiludu.dll -> %SystemRoot%\System32\dafiludu.dll
NY -> feduyizo.dll -> %SystemRoot%\System32\feduyizo.dll
NY -> gahehani.dll -> %SystemRoot%\System32\gahehani.dll
NY -> geduvuha.dll -> %SystemRoot%\System32\geduvuha.dll
NY -> igevanir.ini -> %SystemRoot%\System32\igevanir.ini
NY -> inedariv.ini -> %SystemRoot%\System32\inedariv.ini
NY -> iwipeyar.ini -> %SystemRoot%\System32\iwipeyar.ini
NY -> jewobegu.dll -> %SystemRoot%\System32\jewobegu.dll
NY -> jinanujo.dll -> %SystemRoot%\System32\jinanujo.dll
NY -> muyapojo.dll -> %SystemRoot%\System32\muyapojo.dll
NY -> ojopayum.ini -> %SystemRoot%\System32\ojopayum.ini
NY -> ojunanij.ini -> %SystemRoot%\System32\ojunanij.ini
NY -> rayepiwi.dll -> %SystemRoot%\System32\rayepiwi.dll
NY -> uyuwuyel.ini -> %SystemRoot%\System32\uyuwuyel.ini
NY -> yayazora -> %SystemRoot%\System32\yayazora
NY -> zovudala.dll -> %SystemRoot%\System32\zovudala.dll
NY -> At1.job -> %SystemRoot%\tasks\At1.job
NY -> At10.job -> %SystemRoot%\tasks\At10.job
NY -> At11.job -> %SystemRoot%\tasks\At11.job
NY -> At12.job -> %SystemRoot%\tasks\At12.job
NY -> At13.job -> %SystemRoot%\tasks\At13.job
NY -> At14.job -> %SystemRoot%\tasks\At14.job
NY -> At15.job -> %SystemRoot%\tasks\At15.job
NY -> At16.job -> %SystemRoot%\tasks\At16.job
NY -> At17.job -> %SystemRoot%\tasks\At17.job
NY -> At18.job -> %SystemRoot%\tasks\At18.job
NY -> At19.job -> %SystemRoot%\tasks\At19.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At20.job -> %SystemRoot%\tasks\At20.job
NY -> At21.job -> %SystemRoot%\tasks\At21.job
NY -> At22.job -> %SystemRoot%\tasks\At22.job
NY -> At23.job -> %SystemRoot%\tasks\At23.job
NY -> At24.job -> %SystemRoot%\tasks\At24.job
NY -> At3.job -> %SystemRoot%\tasks\At3.job
NY -> At4.job -> %SystemRoot%\tasks\At4.job
NY -> At5.job -> %SystemRoot%\tasks\At5.job
NY -> At6.job -> %SystemRoot%\tasks\At6.job
NY -> At7.job -> %SystemRoot%\tasks\At7.job
NY -> At8.job -> %SystemRoot%\tasks\At8.job
NY -> At9.job -> %SystemRoot%\tasks\At9.job
NY -> GTV785kQ.exe -> c:\Temp\GTV785kQ.exe
NY -> 4Amr5K52.dat -> c:\Temp\4Amr5K52.dat
NY -> 7Bns8L85.dat -> c:\Temp\7Bns8L85.dat
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system


Malwarebytes' Anti-Malware



Open Malwarebytes' Anti-Malware
Select the Scanner tab.
Select Perform full scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest



Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:


OTScanIt Log
Malwarebytes AntiMalware Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\84d6498f deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CPM87e57a13 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kipilebufu deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QNPlus deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\giziraze.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\geduvuha.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found.\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd20386e-6c63-4892-98d8-c052e5207380}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd20386e-6c63-4892-98d8-c052e5207380}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C17590D2-ECB4-4B15-8820-F58798DCC118} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C17590D2-ECB4-4B15-8820-F58798DCC118}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\siteadvisor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A5DC592-7723-4EAA-9EE6-AF4222BCF879}\ deleted successfully.
[Files/Folders - Created Within 30 days]
C:\32788R22FWJFW\N_ folder moved successfully.
Folder move failed. C:\32788R22FWJFW scheduled to be moved on reboot.
C:\WINDOWS\System32\7Qdi8B85.exe.a_a moved successfully.
C:\WINDOWS\System32\arowurud.ini moved successfully.
C:\WINDOWS\System32\igevanir.ini moved successfully.
C:\WINDOWS\System32\inedariv.ini moved successfully.
C:\WINDOWS\System32\iwipeyar.ini moved successfully.
C:\WINDOWS\System32\ojopayum.ini moved successfully.
C:\WINDOWS\System32\ojunanij.ini moved successfully.
C:\WINDOWS\System32\uyuwuyel.ini moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\7Qdi8B85.exe.a_a not found!
File C:\WINDOWS\System32\arowurud.ini not found!
C:\WINDOWS\System32\dafiludu.dll moved successfully.
C:\WINDOWS\System32\feduyizo.dll moved successfully.
C:\WINDOWS\System32\gahehani.dll moved successfully.
C:\WINDOWS\System32\geduvuha.dll moved successfully.
File C:\WINDOWS\System32\igevanir.ini not found!
File C:\WINDOWS\System32\inedariv.ini not found!
File C:\WINDOWS\System32\iwipeyar.ini not found!
C:\WINDOWS\System32\jewobegu.dll moved successfully.
C:\WINDOWS\System32\jinanujo.dll moved successfully.
C:\WINDOWS\System32\muyapojo.dll moved successfully.
File C:\WINDOWS\System32\ojopayum.ini not found!
File C:\WINDOWS\System32\ojunanij.ini not found!
C:\WINDOWS\System32\rayepiwi.dll moved successfully.
File C:\WINDOWS\System32\uyuwuyel.ini not found!
C:\WINDOWS\System32\yayazora moved successfully.
C:\WINDOWS\System32\zovudala.dll moved successfully.
File C:\WINDOWS\tasks\At1.job not found!
File C:\WINDOWS\tasks\At10.job not found!
File C:\WINDOWS\tasks\At11.job not found!
File C:\WINDOWS\tasks\At12.job not found!
File C:\WINDOWS\tasks\At13.job not found!
File C:\WINDOWS\tasks\At14.job not found!
File C:\WINDOWS\tasks\At15.job not found!
File C:\WINDOWS\tasks\At16.job not found!
File C:\WINDOWS\tasks\At17.job not found!
File C:\WINDOWS\tasks\At18.job not found!
File C:\WINDOWS\tasks\At19.job not found!
File C:\WINDOWS\tasks\At2.job not found!
File C:\WINDOWS\tasks\At20.job not found!
File C:\WINDOWS\tasks\At21.job not found!
File C:\WINDOWS\tasks\At22.job not found!
File C:\WINDOWS\tasks\At23.job not found!
File C:\WINDOWS\tasks\At24.job not found!
File C:\WINDOWS\tasks\At3.job not found!
File C:\WINDOWS\tasks\At4.job not found!
File C:\WINDOWS\tasks\At5.job not found!
File C:\WINDOWS\tasks\At6.job not found!
File C:\WINDOWS\tasks\At7.job not found!
File C:\WINDOWS\tasks\At8.job not found!
File C:\WINDOWS\tasks\At9.job not found!
c:\Temp\GTV785kQ.exe moved successfully.
c:\Temp\4Amr5K52.dat moved successfully.
c:\Temp\7Bns8L85.dat moved successfully.
[Empty Temp Folders]
File delete failed. c:\Temp\NAILogs\UpdaterUI_S09892-09.log scheduled to be deleted on reboot.
File delete failed. c:\Temp\etilqs_FZguJSJPKdwvw7MSRfZN scheduled to be deleted on reboot.
File delete failed. c:\Temp\etilqs_qFyd9gFSKIFQxCvpsZf5 scheduled to be deleted on reboot.
File delete failed. c:\Temp\etilqs_qFyd9gFSKIFQxCvpsZf5-journal scheduled to be deleted on reboot.
File delete failed. c:\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11112008_193417

Files moved on Reboot...
C:\32788R22FWJFW folder moved successfully.
c:\Temp\NAILogs\UpdaterUI_S09892-09.log moved successfully.
c:\Temp\etilqs_FZguJSJPKdwvw7MSRfZN moved successfully.
File c:\Temp\etilqs_qFyd9gFSKIFQxCvpsZf5 not found!
File c:\Temp\etilqs_qFyd9gFSKIFQxCvpsZf5-journal not found!
c:\Temp\hpodvd09.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\urlclassifier3.sqlite moved successfully.

Malwarebytes' Anti-Malware 1.30
Database version: 1385
Windows 5.1.2600 Service Pack 2

11/11/2008 9:13:35 PM
mbam-log-2008-11-11 (21-13-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 232930
Time elapsed: 1 hour(s), 15 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dubolaho.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\giziraze.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd20386e-6c63-4892-98d8-c052e5207380} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd20386e-6c63-4892-98d8-c052e5207380} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fd20386e-6c63-4892-98d8-c052e5207380} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm87e57a13 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kipilebufu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\giziraze.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\giziraze.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\giziraze.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dubolaho.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\giziraze.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP340\A0053332.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP342\A0053439.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP343\A0053449.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP343\A0053462.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP344\A0053471.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP344\A0053879.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP345\A0053887.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP345\A0053910.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP347\A0053979.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP347\A0053980.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP347\A0053999.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP350\A0055290.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP350\A0055291.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP350\A0055292.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rinavegi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\duruwora.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\leyuwuyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bumepusu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\viradeni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\11072008_163422\WINDOWS\system32\4SFK5D52.0LL (Adware.Agent) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\11072008_163422\WINDOWS\system32\7QDI8B85.0XE (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\11072008_163422\WINDOWS\system32\7Qdi8B85.exe_ (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\c_Temp\GTV785kQ.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\dafiludu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\feduyizo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\gahehani.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\geduvuha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\jewobegu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\zovudala.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:05 PM, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meredith.edu/enews
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.meredith.edu
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182974567968
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795}: Domain = meredith.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{89036D96-C6B7-4B52-B522-375D560DF72C}: Domain = meredith.edu
O20 - AppInit_DLLs: Y_\??wHC:\Program Files\QuickTime\QTSystem\ TC:\, c:\windows\system32\geduvuha.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14148 bytes

It doesn't seem to be lagging as much as it used too. I haven't had any random popups yet.

Hello NinaG!

Thank you for your patience and for your hard work. We are almost there.

Remove HijackThis entries



Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):

O4 - HKUS\S-1-5-19\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: Y_\??wHC:\Program Files\QuickTime\QTSystem\ TC:\, c:\windows\system32\geduvuha.dll
Close all open windows and browsers/email etc...
Click on the Fix Checked button
When completed close the application.



REBOOT YOUR MACHINE


Malwarebytes' Anti-Malware

Please do a scan using these settins:



Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:


Malwarebytes Antimalware Log
A fresh HijackThis Log ( after all the above has been done)

Malwarebytes' Anti-Malware 1.30
Database version: 1388
Windows 5.1.2600 Service Pack 2

11/12/2008 9:24:00 AM
mbam-log-2008-11-12 (09-24-00).txt

Scan type: Quick Scan
Objects scanned: 93732
Time elapsed: 35 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)
Yay!

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:00 AM, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meredith.edu/enews
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.meredith.edu
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182974567968
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795}: Domain = meredith.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{89036D96-C6B7-4B52-B522-375D560DF72C}: Domain = meredith.edu
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 13700 bytes

Firewall

Looking over your log it seems you don't have any evidence of a third party FIREWALL. As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

I would recommend to install install a free firewall for personal use from one of these excellent vendors. Choice is yours:



Online-Armor Free (http://www.tallemu.com/downloads.html)
Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
Sunbelt/Kerio (Free version after 30 days) (http://www.sunbelt-software.com/Kerio-Download.cfm)
Comodo (http://www.personalfirewall.comodo.com/) (Uncheck during installation Install Comodo SafeSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!)




Your log now appears to be clean. Congratulations!



Double-click OTScanIt.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? Prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it by yourself


You can get rid of the tools we used:


You can delete this folder C:/RSIT
RSIT (You can just delete the exe file from your desktop)
ATF-Cleaner (You can just delete the exe file from your desktop)



Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints (http://www.malwarecomplaints.info/index.php). You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

You can reactivate Sybot Teatimer now.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.



Clear Infected System Restore Points

Turn System Restore off
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer
Turn System Restore on
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Uncheck *Turn off System Restore*.
Click Apply, and then click OK.

Note: only do this once,and not on a regular basis
Set correct settings for files

Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under Hidden files and folders if necessary select Do not show hidden files and folders.
If unchecked please check Hide protected operating system files (Recommended)
If necessary check Display content of system folders
If necessary Uncheck Hide file extensions for known file types.
Click OK


Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Install and use a firewall with outbound protection
The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
NOTE: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site (http://update.microsoft.com/microsoftupdate) on a regular basis.
NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) - I suggest that you run it at least once a month.
Make Internet Explorer More Secure
You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE (http://surfthenetsafely.com/ieseczone8.htm)




Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.



WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE (http://www.winpatrol.com/).
SpywareBlaster
SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE (http://www.webopedia.com/TERM/A/ActiveX_control.html). You can download SpywareBlaster from HERE (http://www.javacoolsoftware.com/sbdownload.html).
Hosts File
For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE (http://forum.malwareremoval.com/viewtopic.php?t=22187) and for more information regarding host files read HERE (http://www.mvps.org/winhelp2002/hosts.htm).
Use an alternative Internet Browser
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:Firefox (http://www.mozilla.com/en-US/firefox/) or Opera (http://www.opera.com/download/)




Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Bio-Hazard

A few more questions -

Online Armor: When I restarted the orange boxes came up. What do I do with them?

IPSSVC.EXE wants to set global hook (HOOK_MOUSE)
BTTray.exe wants to set a global hook (HOOK_SHELL)
Mctray.exe wants to set a global hook (HOOK_CALLWNDPROCRET)

Enabling System Restore: when I went to turn it on it gave me the message -
"System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again."

A few more questions -

Online Armor: When I restarted the orange boxes came up. What do I do with them?

IPSSVC.EXE wants to set global hook (HOOK_MOUSE)
BTTray.exe wants to set a global hook (HOOK_SHELL)
Mctray.exe wants to set a global hook (HOOK_CALLWNDPROCRET)

Enabling System Restore: when I went to turn it on it gave me the message -
"System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again."

Thats Ok.

System restore crashed because Online Armor was most likely blocking it.

Those popus are okay to say yes to. It is going to produce lot of popus in the beginning. If you are having problems with it then you can uninstall it. How do you connect to internet? If you have router then you dont neccessaraly need a software firewall.

Thanks for your help :)