Continual Explorer Pop-ups...Trojan?

Bio-Hazard · Nov 10, 2008

Hello!

I have uploaded a renamed ComboFix for you to download and run. So download it and run it. Please post the log for me to see.

Here is the download link: http://www.mediafire.com/file/tixqj3wkdqm/biohazard.exe

NinaG · Nov 11, 2008

It still did the same thing as before. I also looked for the text file under C but there isn't anything...

Bio-Hazard · Nov 11, 2008

ATF-Cleaner

Please download ATF Cleaner by Atribune.

Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords
please click No at the prompt.
Click Exit on the Main menu to close the program.

F-Secure Online Scan

Note: You will need to use Internet explorer for this scan
Go here to run an online scan from F-Secure
Click on Start scanning
This will open a new internet explorer window
It will require an activex control please install it
Click Accept
Click Full System Scan
It will now download the scanner this may take a while please be patient
It will then start scanning wait for the scan to finish
Click Automatic cleaning (recommended)
Wait for it finish the cleaning process
Click show report
This will open up a window with the results of the scan copy and paste those results as a reply to this topic

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

Kaspersky Log
A fresh HijackThis Log ( after all the above has been done)

NinaG · Nov 11, 2008

Scanning Report
Tuesday, November 11, 2008 10:09:48 - 12:36:22
Computer name: S09892-09
Scanning type: Scan system for malware, rootkits
Target: C:\

--------------------------------------------------------------------------------

Result: 12 malware found
TrackingCookie.Questionmarket (spyware)
System
Trojan-Downloader.Win32.Agent (virus)
System
Trojan-Downloader.Win32.Agent.aogx (virus)
C:\_OTMOVEIT\MOVEDFILES\11072008_163422\WINDOWS\SYSTEM32\7QDI8B85.EXE (Renamed)
C:\WINDOWS\SYSTEM32\7QDI8B85.EXE
Trojan.Win32.Agent (virus)
System
Trojan.Win32.Agent.aljf (virus)
C:\_OTMOVEIT\MOVEDFILES\11072008_163422\WINDOWS\SYSTEM32\4SFK5D52.DLL (Renamed)
Vundo.FBW (virus)
C:\WINDOWS\SYSTEM32\AROWURUD.INI
C:\WINDOWS\SYSTEM32\IGEVANIR.INI
C:\WINDOWS\SYSTEM32\INEDARIV.INI
C:\WINDOWS\SYSTEM32\IWIPEYAR.INI
C:\WINDOWS\SYSTEM32\OJOPAYUM.INI
C:\WINDOWS\SYSTEM32\UYUWUYEL.INI

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 128309
System: 4745
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 2
Deleted: 0
None: 10
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\TEMP\ETILQS_UOBN98EAGWXU2BB22REO

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Blacklight: 2.4.1093
F-Secure Hydra: 2.8.8110, 2008-11-11
F-Secure Pegasus: 1.20.0, 2008-10-09
F-Secure AVP: 7.0.171, 2008-11-11
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:03 PM, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.execf
C:\WINDOWS\system32\findstr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meredith.edu/enews
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {fd20386e-6c63-4892-98d8-c052e5207380} - C:\WINDOWS\system32\dubolaho.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s
O4 - HKLM\..\Run: [84d6498f] rundll32.exe "C:\WINDOWS\system32\jinanujo.dll",b
O4 - HKLM\..\Run: [CPM87e57a13] Rundll32.exe "c:\windows\system32\geduvuha.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.meredith.edu
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182974567968
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795}: Domain = meredith.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{89036D96-C6B7-4B52-B522-375D560DF72C}: Domain = meredith.edu
O20 - AppInit_DLLs: C:\WINDOWS\system32\giziraze.dll c:\windows\system32\geduvuha.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\geduvuha.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\geduvuha.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14963 bytes

Bio-Hazard · Nov 11, 2008

OTScanIt

Download OTScanIt to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Open the OTScanIt folder and double-click on OTScanIt to start the program.
- In the Files Created Within group click 30 days
- In the Files Modified Within group select 30 days
- In the File String Search group select Non-Microsoft
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the resulting log here.

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

OTScanIt Log

NinaG · Nov 11, 2008

Code:

OTScanIt logfile created on: 11/11/2008 2:09:44 PM
OTScanIt by OldTimer - Version 1.0.19.0     Folder = C:\Documents and Settings\Meredith\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
998.22 Mb Total Physical Memory | 364.96 Mb Available Physical Memory | 36.56% Memory free
4.00 Gb Paging File | 3.93 Gb Available in Paging File | 98.33% Paging File free
Paging file location(s): C:\pagefile.sys 4000 6000;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 40.22 Gb Free Space | 53.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S09892-09
Current User Name: Meredith
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %SystemRoot%\system32\ibmpmsvc.exe -> Lenovo [Ver = 1.42 | Size = 36400 bytes | Modified Date = 2/27/2007 6:09:06 PM | Attr =    ]
ipssvc.exe -> %SystemRoot%\system32\IPSSVC.EXE -> Lenovo Group Limited [Ver = 2, 0, 5, 2 | Size = 73728 bytes | Modified Date = 6/19/2006 1:06:00 AM | Attr =    ]
acprfmgrsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo  [Ver = 4.40 | Size = 65536 bytes | Modified Date = 5/17/2007 10:49:24 AM | Attr =    ]
acs.exe -> %SystemRoot%\system32\acs.exe -> Atheros [Ver = 5.2.0.117 | Size = 364629 bytes | Modified Date = 3/21/2007 12:42:38 PM | Attr =    ]
ezejmnap.exe -> %ProgramFiles%\ThinkPad\Utilities\EZEJMNAP.EXE -> Lenovo Group Limited [Ver = 1, 0, 0, 0 | Size = 243248 bytes | Modified Date = 11/29/2006 2:30:00 AM | Attr =    ]
tposdsvc.exe -> %ProgramFiles%\Lenovo\HOTKEY\TPOSDSVC.exe -> Lenovo Group Limited [Ver = 1.00 | Size = 66176 bytes | Modified Date = 3/9/2007 1:49:42 PM | Attr =    ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 110592 bytes | Modified Date = 2/14/2006 4:17:28 PM | Attr =    ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 512000 bytes | Modified Date = 2/14/2006 4:16:28 PM | Attr =    ]
tpscrlk.exe -> %SystemRoot%\system32\TpScrLk.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 10/8/2002 9:28:42 PM | Attr =    ]
awaysch.exe -> %ProgramFiles%\Lenovo\AwayTask\AwaySch.EXE -> Lenovo Group Limited [Ver = 2, 0, 8, 0 | Size = 69632 bytes | Modified Date = 10/19/2006 2:08:00 AM | Attr =    ]
lpmgr.exe -> %ProgramFiles%\ThinkVantage\PrdCtr\LPMGR.EXE -> Lenovo Group Limited [Ver = 1, 0, 0, 2 | Size = 120368 bytes | Modified Date = 3/23/2007 1:02:00 AM | Attr =    ]
tponscr.exe -> %ProgramFiles%\Lenovo\HOTKEY\TPONSCR.exe -> Lenovo Group Limited [Ver = 1.00 | Size = 73776 bytes | Modified Date = 3/8/2007 12:16:48 PM | Attr =    ]
actray.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo  [Ver = 4.40 | Size = 413696 bytes | Modified Date = 5/17/2007 10:46:44 AM | Attr =    ]
scheduler_proxy.exe -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,111,0 | Size = 536576 bytes | Modified Date = 12/10/2006 6:36:32 PM | Attr =    ]
tpscrex.exe -> %ProgramFiles%\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe -> Lenovo Group Limited [Ver = 1.17 | Size = 86016 bytes | Modified Date = 5/30/2006 2:05:42 PM | Attr =    ]
tpshocks.exe -> %SystemRoot%\system32\TpShocks.exe -> Lenovo. [Ver = 1.52.0.2 | Size = 181808 bytes | Modified Date = 3/29/2007 5:40:48 PM | Attr =    ]
unavtray.exe -> %ProgramFiles%\ThinkPad\UltraNav Wizard\UNavTray.exe -> Lenovo Group Limited [Ver = 3.01 | Size = 225280 bytes | Modified Date = 7/4/2006 2:05:00 AM | Attr =    ]
devdtct2.exe -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> OLYMPUS IMAGING CORP. [Ver = 3, 2, 5, 0 | Size = 118784 bytes | Modified Date = 2/22/2007 5:32:12 PM | Attr =    ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software  [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/3/2006 5:02:14 PM | Attr =    ]
suservice.exe -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 6/14/2007 5:40:44 AM | Attr =    ]
tphdexlg.exe -> %SystemRoot%\system32\TPHDEXLG.exe -> Lenovo. [Ver = 1.52.0.7 | Size = 37680 bytes | Modified Date = 3/2/2007 4:49:00 PM | Attr =    ]
tpkmpsvc.exe -> %SystemRoot%\system32\TpKmpSvc.exe ->  [Ver =  | Size = 32768 bytes | Modified Date = 6/6/2005 8:26:22 PM | Attr =    ]
tvtsched.exe -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,111,0 | Size = 1118208 bytes | Modified Date = 12/10/2006 6:36:22 PM | Attr =    ]
acsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo  [Ver = 4.40 | Size = 184320 bytes | Modified Date = 5/17/2007 10:49:28 AM | Attr =    ]
svcguihlpr.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> Lenovo  [Ver = 4.40 | Size = 114688 bytes | Modified Date = 5/17/2007 10:50:16 AM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.3 | Size = 307712 bytes | Modified Date = 9/30/2008 12:06:32 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AcPrfMgrSvc) Ac Profile Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo  [Ver = 4.40 | Size = 65536 bytes | Modified Date = 5/17/2007 10:49:24 AM | Attr =    ]
(acs) Atheros Configuration Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\acs.exe -> Atheros [Ver = 5.2.0.117 | Size = 364629 bytes | Modified Date = 3/21/2007 12:42:38 PM | Attr =    ]
(AcSvc) Access Connections Main Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo  [Ver = 4.40 | Size = 184320 bytes | Modified Date = 5/17/2007 10:49:28 AM | Attr =    ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.04.010 | Size = 658432 bytes | Modified Date = 8/7/2008 10:25:26 AM | Attr =    ]
(IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ibmpmsvc.exe -> Lenovo [Ver = 1.42 | Size = 36400 bytes | Modified Date = 2/27/2007 6:09:06 PM | Attr =    ]
(IPSSVC) IPS Core Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\IPSSVC.EXE -> Lenovo Group Limited [Ver = 2, 0, 5, 2 | Size = 73728 bytes | Modified Date = 6/19/2006 1:06:00 AM | Attr =    ]
(SUService) System Update [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 6/14/2007 5:40:44 AM | Attr =    ]
(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TPHDEXLG.exe -> Lenovo. [Ver = 1.52.0.7 | Size = 37680 bytes | Modified Date = 3/2/2007 4:49:00 PM | Attr =    ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TpKmpSvc.exe ->  [Ver =  | Size = 32768 bytes | Modified Date = 6/6/2005 8:26:22 PM | Attr =    ]
(TVT Scheduler) TVT Scheduler [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,111,0 | Size = 1118208 bytes | Modified Date = 12/10/2006 6:36:22 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
84d6498f -> %SystemRoot%\system32\jinanujo.dll [rundll32.exe "C:\WINDOWS\system32\jinanujo.dll",b] ->  [Ver =  | Size = 86068 bytes | Modified Date = 11/11/2008 11:21:19 AM | Attr =  HS]
ACTray -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe [C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe] -> Lenovo  [Ver = 4.40 | Size = 413696 bytes | Modified Date = 5/17/2007 10:46:44 AM | Attr =    ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:55 PM | Attr =    ]
AwaySch -> %ProgramFiles%\Lenovo\AwayTask\AwaySch.EXE [C:\Program Files\Lenovo\AwayTask\AwaySch.EXE] -> Lenovo Group Limited [Ver = 2, 0, 8, 0 | Size = 69632 bytes | Modified Date = 10/19/2006 2:08:00 AM | Attr =    ]
BLOG -> %ProgramFiles%\ThinkPad\Utilities\BATLOGEX.DLL [rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog] ->  [Ver =  | Size = 208896 bytes | Modified Date = 4/13/2007 12:15:00 AM | Attr =    ]
CPM87e57a13 -> %SystemRoot%\system32\geduvuha.dll [Rundll32.exe "c:\windows\system32\geduvuha.dll",a] ->  [Ver =  | Size = 92212 bytes | Modified Date = 11/11/2008 11:21:20 AM | Attr =  HS]
DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> Sonic Solutions [Ver = 5.10.15a | Size = 122940 bytes | Modified Date = 8/1/2005 4:10:00 AM | Attr =    ]
EZEJMNAP -> %ProgramFiles%\ThinkPad\Utilities\EZEJMNAP.EXE [C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe] -> Lenovo Group Limited [Ver = 1, 0, 0, 0 | Size = 243248 bytes | Modified Date = 11/29/2006 2:30:00 AM | Attr =    ]
HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 6.14.10.4785 | Size = 155648 bytes | Modified Date = 2/26/2007 10:34:28 AM | Attr =    ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 1:41:10 AM | Attr =    ]
IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 2/26/2007 10:34:28 AM | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.0.35 | Size = 289576 bytes | Modified Date = 9/10/2008 4:40:06 PM | Attr =    ]
kipilebufu -> %SystemRoot%\system32\tojayeku.DLL [Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s] -> File not found
LPManager -> %ProgramFiles%\ThinkVantage\PrdCtr\LPMGR.EXE [C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe] -> Lenovo Group Limited [Ver = 1, 0, 0, 2 | Size = 120368 bytes | Modified Date = 3/23/2007 1:02:00 AM | Attr =    ]
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe ["C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey] -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 10:27:00 AM | Attr =    ]
MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\IMSCINST.EXE [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] ->  [Ver =  | Size = 59392 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr =    ]
Persistence -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 2/26/2007 10:33:56 AM | Attr =    ]
PWRMGRTR -> %ProgramFiles%\ThinkPad\Utilities\PWRMGRTR.DLL [rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor] -> Lenovo Group Limited [Ver = 1, 0, 0, 0 | Size = 196608 bytes | Modified Date = 4/13/2007 12:15:00 AM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 9/6/2008 2:09:14 PM | Attr =    ]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE] -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 7:50:00 PM | Attr =    ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe [C:\Program Files\SiteAdvisor\6253\SiteAdv.exe] -> McAfee, Inc. [Ver = 2.2.1.3 | Size = 36952 bytes | Modified Date = 12/19/2006 9:37:46 PM | Attr =    ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe [C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray] -> Analog Devices, Inc. [Ver = 5, 2, 0, 52 | Size = 831488 bytes | Modified Date = 8/8/2007 8:13:24 AM | Attr =    ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> Analog Devices, Inc. [Ver = 6,0,32,138 | Size = 1036288 bytes | Modified Date = 4/24/2008 4:53:24 PM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 3:27:04 AM | Attr =    ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 512000 bytes | Modified Date = 2/14/2006 4:16:28 PM | Attr =    ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 110592 bytes | Modified Date = 2/14/2006 4:17:28 PM | Attr =    ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 9/23/2008 2:40:26 PM | Attr =    ]
TP4EX -> %SystemRoot%\system32\TP4EX.exe [tp4ex.exe] -> Lenovo Group Limited [Ver = 1.11.00 | Size = 65536 bytes | Modified Date = 10/17/2005 12:11:00 AM | Attr =    ]
TPHOTKEY -> %ProgramFiles%\Lenovo\HOTKEY\TPOSDSVC.exe [C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe] -> Lenovo Group Limited [Ver = 1.00 | Size = 66176 bytes | Modified Date = 3/9/2007 1:49:42 PM | Attr =    ]
TPKBDLED -> %SystemRoot%\system32\TpScrLk.exe [C:\WINDOWS\system32\TpScrLk.exe] ->  [Ver =  | Size = 40960 bytes | Modified Date = 10/8/2002 9:28:42 PM | Attr =    ]
TPKMAPHELPER -> %ProgramFiles%\ThinkPad\Utilities\TpKmapAp.exe [C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper] -> Lenovo [Ver = 1, 3, 0, 0 | Size = 856064 bytes | Modified Date = 6/2/2006 9:00:18 PM | Attr =    ]
TpShocks -> %SystemRoot%\system32\TpShocks.exe [TpShocks.exe] -> Lenovo. [Ver = 1.52.0.2 | Size = 181808 bytes | Modified Date = 3/29/2007 5:40:48 PM | Attr =    ]
TVT Scheduler Proxy -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe [c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe] -> Lenovo Group Limited [Ver = 4,0,111,0 | Size = 536576 bytes | Modified Date = 12/10/2006 6:36:32 PM | Attr =    ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
QNPlus ->  [] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\ThinkPad\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.1.0.3100 | Size = 561213 bytes | Modified Date = 2/27/2007 4:43:30 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 3.lnk -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> OLYMPUS IMAGING CORP. [Ver = 3, 2, 5, 0 | Size = 118784 bytes | Modified Date = 2/22/2007 5:32:12 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software  [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/3/2006 5:02:14 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 3:21:22 AM | Attr =    ]
< Meredith Startup Folder > -> C:\Documents and Settings\Meredith\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\WINDOWS\system32\giziraze.dll -> %SystemRoot%\system32\giziraze.dll ->  [Ver =  | Size = 60928 bytes | Modified Date = 8/7/2008 5:55:22 PM | Attr =  HS]
c:\windows\system32\geduvuha.dll -> %SystemRoot%\system32\geduvuha.dll ->  [Ver =  | Size = 92212 bytes | Modified Date = 11/11/2008 11:21:20 AM | Attr =  HS]
*MultiFile Done* -> -> 
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geduvuha.dll [SSODL] ->  [Ver =  | Size = 92212 bytes | Modified Date = 11/11/2008 11:21:20 AM | Attr =  HS]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geduvuha.dll [STS] ->  [Ver =  | Size = 92212 bytes | Modified Date = 11/11/2008 11:21:20 AM | Attr =  HS]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
ACNotify -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACNotify.dll -> Lenovo  [Ver = 4.40 | Size = 32768 bytes | Modified Date = 5/17/2007 10:41:54 AM | Attr =    ]
AwayNotify -> %ProgramFiles%\Lenovo\AwayTask\AwayNotify.dll -> Lenovo Group Limited [Ver = 2, 0, 0, 0 | Size = 49152 bytes | Modified Date = 3/9/2006 4:02:00 AM | Attr =    ]
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4785 | Size = 204800 bytes | Modified Date = 2/26/2007 10:33:26 AM | Attr =    ]
tpfnf2 -> %ProgramFiles%\Lenovo\HOTKEY\notifyf2.dll ->  [Ver =  | Size = 34344 bytes | Modified Date = 9/6/2006 3:37:30 PM | Attr =    ]
tphotkey -> %ProgramFiles%\Lenovo\HOTKEY\tphklock.dll ->  [Ver =  | Size = 28672 bytes | Modified Date = 12/14/2006 10:06:42 AM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 6/7/2006 7:54:23 AM | Attr =    ]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1       localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.meredith.edu/enews -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> 
internet .[about] -> Trusted sites -> 
mcafee.com .[http] -> Trusted sites -> 
mcafee.com .[https] -> Trusted sites -> 
www_meredith.edu [http] -> Trusted sites -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =    ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.10.15a | Size = 110652 bytes | Modified Date = 8/1/2005 4:10:00 AM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan Enterprise\ScriptCl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 67136 bytes | Modified Date = 11/30/2006 7:50:00 AM | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/12/2008 11:11:32 AM | Attr = R  ]
{fd20386e-6c63-4892-98d8-c052e5207380} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dubolaho.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 60928 bytes | Modified Date = 8/7/2008 5:55:22 PM | Attr =  HS]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [McAfee SiteAdvisor] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr =    ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/12/2008 11:11:32 AM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/12/2008 11:11:32 AM | Attr = R  ]
WebBrowser\\{C17590D2-ECB4-4B15-8820-F58798DCC118} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found
{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}:Exec -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> Lenovo Group Limited [Ver = 4.01 | Size = 1668720 bytes | Modified Date = 11/13/2006 3:18:56 PM | Attr =    ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =    ]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] ->  [@btrez.dll,-4015] -> File not found
CmdMapping\\{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> Lenovo Group Limited [Ver = 4.01 | Size = 1668720 bytes | Modified Date = 11/13/2006 3:18:56 PM | Attr =    ]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Send to &Bluetooth Device... -> %ProgramFiles%\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ->  [Ver =  | Size = 2773 bytes | Modified Date = 8/16/2006 6:16:32 AM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{26A20D3C-5DE1-4B31-8AF5-6270D888E907} ->    () -> 
{328BC6EE-7C97-48F9-B4C5-53148C0884A8} ->    () -> 
{3752B42D-5DFF-4CBC-B6B1-C05FCA43534C} ->    (1394 Net Adapter) -> 
{4187EBCA-B077-4A52-A36D-10F74741A136} ->    () -> 
{5067D66F-4C4F-4C58-ABF6-7A70D787E6CF} ->    (1394 Net Adapter) -> 
{51E7502F-4AA1-4632-B19F-6CF6B0295E2F} ->    (Intel(R) 82566MM Gigabit Network Connection) -> 
{520329B2-1CB1-4618-80AB-8CCBC4171B3A} ->    (1394 Net Adapter) -> 
{532D89DA-972E-4615-AAC9-8FC1E70B6AAF} ->    (1394 Net Adapter) -> 
{54EA79B1-4B2D-46BB-899B-58A0038C1070} ->    (11a/b/g Wireless LAN Mini PCI Express Adapter) -> 
{558FFD35-9F52-4A51-A8E7-B0D197E0FB78} ->    () -> 
{6CB49B5B-44C8-4906-A4A2-09A3D40AE7C7} ->    () -> 
{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795} ->    () -> 
{7C767F6E-9DB6-4347-A7F4-27E42E8493BE} ->    () -> 
{89036D96-C6B7-4B52-B522-375D560DF72C} ->    () -> 
{9C09072A-7E49-4606-9396-78AEB848EE00} ->    () -> 
{A2BC3311-4526-4D46-B5BE-165DFBC08CDB} ->    () -> 
{A947EA0E-181D-4B8E-8B15-22B4E9EE4390} ->    () -> 
{C0C5D60B-AF11-452A-91FB-02A3D4B59366} ->    () -> 
{E3EDFA1F-2BC8-4206-97A0-EE2A3BF6AD8C} ->    () -> 
{E79DDD2F-4F10-4F4F-8A28-AF629492FDB1} ->    () -> 
{EAC0FB5C-C963-4B04-B2BB-69238F212F18} ->    () -> 
{F0AE2AE6-0888-4A35-883F-C8D14A5B6ACC} ->    () -> 
{F8E44462-ADB6-4A17-A878-1E86261DEAF9} ->    () -> 
{FCD55111-C07B-4C77-802E-B8F716632167} ->    () -> 
{FDA2564D-CC4B-43D3-8A20-BA3E62C6E967} ->    () -> 
{FF02E727-7F1F-4093-8D1D-B2B534E2E73B} ->    () ->

NinaG · Nov 11, 2008

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 8/29/2008 8:53:50 AM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab[IASRunner Class] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734[WUWebControl Class] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182974567968[MUWebControl Class] ->
{74FFE28D-2378-11D5-990C-006094235084}[HKEY_LOCAL_MACHINE] -> http://www-307.ibm.com/pc/support/IbmEgath.cab[IBM Access Support] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab[Java Plug-in 1.4.2] ->
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab[Java Plug-in 1.5.0_12] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/acpir2.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/acpir2.dll\\.Owner -> {2DAD3559-2923-4935-AD49-B673D2539944} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/acpir2.dll\\{2DAD3559-2923-4935-AD49-B673D2539944} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathdrv.sys\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathdrv.sys\\.Owner -> {74FFE28D-2378-11D5-990C-006094235084} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathdrv.sys\\{74FFE28D-2378-11D5-990C-006094235084} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathvxd.vxd\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathvxd.vxd\\.Owner -> {74FFE28D-2378-11D5-990C-006094235084} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/egathvxd.vxd\\{74FFE28D-2378-11D5-990C-006094235084} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IbmEgath.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IbmEgath.dll\\.Owner -> {74FFE28D-2378-11D5-990C-006094235084} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IbmEgath.dll\\{74FFE28D-2378-11D5-990C-006094235084} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/capicom.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/capicom.dll\\.Owner -> {2DAD3559-2923-4935-AD49-B673D2539944} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/capicom.dll\\{2DAD3559-2923-4935-AD49-B673D2539944} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> ->

[Files/Folders - Created Within 30 days]
32788R22FWJFW -> %SystemDrive%\32788R22FWJFW -> [Folder | Created Date = 11/8/2008 5:57:37 PM | Attr = ]
fsaua.data -> %SystemDrive%\fsaua.data -> [Folder | Created Date = 11/11/2008 10:03:38 AM | Attr = ]
McAfee -> %SystemDrive%\McAfee -> [Folder | Created Date = 11/8/2008 1:53:23 PM | Attr = ]
rsit -> %SystemDrive%\rsit -> [Folder | Created Date = 11/6/2008 6:22:29 PM | Attr = ]
SiteAdvisor -> %SystemDrive%\SiteAdvisor -> [Folder | Created Date = 11/8/2008 1:53:23 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 11/7/2008 4:34:22 PM | Attr = ]
7Qdi8B85.exe.a_a -> %SystemRoot%\System32\7Qdi8B85.exe.a_a -> [Ver = | Size = 0 bytes | Created Date = 11/7/2008 7:55:40 PM | Attr = ]
arowurud.ini -> %SystemRoot%\System32\arowurud.ini -> [Ver = | Size = 1931386 bytes | Created Date = 11/9/2008 11:55:34 AM | Attr = HS]
igevanir.ini -> %SystemRoot%\System32\igevanir.ini -> [Ver = | Size = 1931386 bytes | Created Date = 11/8/2008 11:55:24 PM | Attr = HS]
inedariv.ini -> %SystemRoot%\System32\inedariv.ini -> [Ver = | Size = 1931386 bytes | Created Date = 11/8/2008 11:55:10 AM | Attr = HS]
iwipeyar.ini -> %SystemRoot%\System32\iwipeyar.ini -> [Ver = | Size = 1937327 bytes | Created Date = 11/10/2008 11:20:58 PM | Attr = HS]
ojopayum.ini -> %SystemRoot%\System32\ojopayum.ini -> [Ver = | Size = 1937319 bytes | Created Date = 11/10/2008 11:20:32 AM | Attr = HS]
ojunanij.ini -> %SystemRoot%\System32\ojunanij.ini -> [Ver = | Size = 1941145 bytes | Created Date = 11/11/2008 11:21:27 AM | Attr = HS]
spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [Ver = | Size = 230 bytes | Created Date = 11/5/2008 9:24:13 PM | Attr = ]
uyuwuyel.ini -> %SystemRoot%\System32\uyuwuyel.ini -> [Ver = | Size = 1931386 bytes | Created Date = 11/7/2008 6:00:52 PM | Attr = HS]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At10.job -> %SystemRoot%\tasks\At10.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At11.job -> %SystemRoot%\tasks\At11.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At12.job -> %SystemRoot%\tasks\At12.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At13.job -> %SystemRoot%\tasks\At13.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At14.job -> %SystemRoot%\tasks\At14.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At15.job -> %SystemRoot%\tasks\At15.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At16.job -> %SystemRoot%\tasks\At16.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At17.job -> %SystemRoot%\tasks\At17.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At18.job -> %SystemRoot%\tasks\At18.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At19.job -> %SystemRoot%\tasks\At19.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At20.job -> %SystemRoot%\tasks\At20.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At21.job -> %SystemRoot%\tasks\At21.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At22.job -> %SystemRoot%\tasks\At22.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At23.job -> %SystemRoot%\tasks\At23.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At24.job -> %SystemRoot%\tasks\At24.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:32 PM | Attr = ]
At3.job -> %SystemRoot%\tasks\At3.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At4.job -> %SystemRoot%\tasks\At4.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At5.job -> %SystemRoot%\tasks\At5.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At6.job -> %SystemRoot%\tasks\At6.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At7.job -> %SystemRoot%\tasks\At7.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At8.job -> %SystemRoot%\tasks\At8.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]
At9.job -> %SystemRoot%\tasks\At9.job -> [Ver = | Size = 350 bytes | Created Date = 11/7/2008 5:55:31 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 282 bytes | Modified Date = 11/8/2008 2:10:08 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1046786048 bytes | Modified Date = 11/8/2008 2:13:23 PM | Attr = HS]
7Qdi8B85.exe.a_a -> %SystemRoot%\System32\7Qdi8B85.exe.a_a -> [Ver = | Size = 0 bytes | Modified Date = 11/7/2008 7:55:40 PM | Attr = ]
arowurud.ini -> %SystemRoot%\System32\arowurud.ini -> [Ver = | Size = 1931386 bytes | Modified Date = 11/9/2008 11:55:44 AM | Attr = HS]
bumepusu.dll -> %SystemRoot%\System32\bumepusu.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/8/2008 11:55:05 AM | Attr = HS]
11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
dafiludu.dll -> %SystemRoot%\System32\dafiludu.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/10/2008 11:20:56 PM | Attr = HS]
feduyizo.dll -> %SystemRoot%\System32\feduyizo.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/7/2008 6:00:49 PM | Attr = HS]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 434168 bytes | Modified Date = 10/16/2008 2:36:33 PM | Attr = ]
gahehani.dll -> %SystemRoot%\System32\gahehani.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/8/2008 11:55:21 PM | Attr = HS]
geduvuha.dll -> %SystemRoot%\System32\geduvuha.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/11/2008 11:21:20 AM | Attr = HS]
igevanir.ini -> %SystemRoot%\System32\igevanir.ini -> [Ver = | Size = 1931386 bytes | Modified Date = 11/8/2008 11:55:35 PM | Attr = HS]
inedariv.ini -> %SystemRoot%\System32\inedariv.ini -> [Ver = | Size = 1931386 bytes | Modified Date = 11/8/2008 11:55:24 AM | Attr = HS]
iwipeyar.ini -> %SystemRoot%\System32\iwipeyar.ini -> [Ver = | Size = 1937327 bytes | Modified Date = 11/11/2008 10:00:07 AM | Attr = HS]
jewobegu.dll -> %SystemRoot%\System32\jewobegu.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/10/2008 11:20:28 AM | Attr = HS]
jinanujo.dll -> %SystemRoot%\System32\jinanujo.dll -> [Ver = | Size = 86068 bytes | Modified Date = 11/11/2008 11:21:19 AM | Attr = HS]
muyapojo.dll -> %SystemRoot%\System32\muyapojo.dll -> [Ver = | Size = 86068 bytes | Modified Date = 11/10/2008 11:20:28 AM | Attr = ]
ojopayum.ini -> %SystemRoot%\System32\ojopayum.ini -> [Ver = | Size = 1937319 bytes | Modified Date = 11/10/2008 11:21:06 AM | Attr = HS]
ojunanij.ini -> %SystemRoot%\System32\ojunanij.ini -> [Ver = | Size = 1941145 bytes | Modified Date = 11/11/2008 11:22:05 AM | Attr = HS]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 71710 bytes | Modified Date = 11/8/2008 2:30:32 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 442192 bytes | Modified Date = 11/8/2008 2:30:32 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 522706 bytes | Modified Date = 11/8/2008 2:30:32 PM | Attr = ]
PROCDB.INI -> %SystemRoot%\System32\PROCDB.INI -> [Ver = | Size = 9882 bytes | Modified Date = 11/8/2008 2:26:11 PM | Attr = ]
rayepiwi.dll -> %SystemRoot%\System32\rayepiwi.dll -> [Ver = | Size = 86068 bytes | Modified Date = 11/10/2008 11:20:56 PM | Attr = ]
spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [Ver = | Size = 230 bytes | Modified Date = 11/5/2008 9:24:13 PM | Attr = ]
uyuwuyel.ini -> %SystemRoot%\System32\uyuwuyel.ini -> [Ver = | Size = 1931386 bytes | Modified Date = 11/7/2008 6:01:04 PM | Attr = HS]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/8/2008 2:26:16 PM | Attr = ]
yayazora -> %SystemRoot%\System32\yayazora -> [Ver = | Size = 6456 bytes | Modified Date = 11/11/2008 2:04:37 PM | Attr = H ]
zovudala.dll -> %SystemRoot%\System32\zovudala.dll -> [Ver = | Size = 92212 bytes | Modified Date = 11/9/2008 11:55:32 AM | Attr = HS]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/8/2008 2:13:25 PM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 138 bytes | Modified Date = 10/12/2008 2:50:20 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 823 bytes | Modified Date = 10/16/2008 9:04:06 AM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 10/14/2008 8:31:00 PM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 350 bytes | Modified Date = 11/11/2008 12:16:10 AM | Attr = ]
At10.job -> %SystemRoot%\tasks\At10.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At11.job -> %SystemRoot%\tasks\At11.job -> [Ver = | Size = 350 bytes | Modified Date = 11/11/2008 10:00:10 AM | Attr = ]
At12.job -> %SystemRoot%\tasks\At12.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 11:00:10 AM | Attr = ]
At13.job -> %SystemRoot%\tasks\At13.job -> [Ver = | Size = 350 bytes | Modified Date = 11/11/2008 12:00:01 PM | Attr = ]
At14.job -> %SystemRoot%\tasks\At14.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 1:00:10 PM | Attr = ]
At15.job -> %SystemRoot%\tasks\At15.job -> [Ver = | Size = 350 bytes | Modified Date = 11/11/2008 2:00:00 PM | Attr = ]
At16.job -> %SystemRoot%\tasks\At16.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 3:00:10 PM | Attr = ]
At17.job -> %SystemRoot%\tasks\At17.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 4:00:10 PM | Attr = ]
At18.job -> %SystemRoot%\tasks\At18.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At19.job -> %SystemRoot%\tasks\At19.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 6:00:10 PM | Attr = ]
At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 350 bytes | Modified Date = 11/8/2008 1:00:10 AM | Attr = ]
At20.job -> %SystemRoot%\tasks\At20.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 7:00:10 PM | Attr = ]
At21.job -> %SystemRoot%\tasks\At21.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 8:00:10 PM | Attr = ]
At22.job -> %SystemRoot%\tasks\At22.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 9:00:10 PM | Attr = ]
At23.job -> %SystemRoot%\tasks\At23.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 10:00:10 PM | Attr = ]
At24.job -> %SystemRoot%\tasks\At24.job -> [Ver = | Size = 350 bytes | Modified Date = 11/10/2008 11:00:10 PM | Attr = ]
At3.job -> %SystemRoot%\tasks\At3.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At4.job -> %SystemRoot%\tasks\At4.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At5.job -> %SystemRoot%\tasks\At5.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At6.job -> %SystemRoot%\tasks\At6.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At7.job -> %SystemRoot%\tasks\At7.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At8.job -> %SystemRoot%\tasks\At8.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
At9.job -> %SystemRoot%\tasks\At9.job -> [Ver = | Size = 350 bytes | Modified Date = 11/7/2008 5:55:32 PM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 11/10/2008 6:59:52 PM | Attr = H ]
PMTask.job -> %SystemRoot%\tasks\PMTask.job -> [Ver = | Size = 306 bytes | Modified Date = 11/11/2008 12:14:51 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/8/2008 2:13:31 PM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 6/7/2006 8:56:48 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 11/7/2008 1:45:48 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5464 bytes | Modified Date = 11/7/2008 1:45:47 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 6/8/2006 7:24:09 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 6/8/2006 7:24:09 AM | Attr = ]
c:\Temp\ -> c:\Temp -> [Folder | Modified Date = 11/11/2008 2:06:52 PM | Attr = ]
eauninstall.exe -> c:\Temp\eauninstall.exe -> Electronic Arts Inc. [Ver = 1.04.00.356 | Size = 352256 bytes | Modified Date = 2/10/2005 4:41:40 PM | Attr = ]
GTV785kQ.exe -> c:\Temp\GTV785kQ.exe -> [Ver = | Size = 60928 bytes | Modified Date = 11/7/2008 5:55:20 PM | Attr = ]
The Sims 2_uninst.exe -> c:\Temp\The Sims 2_uninst.exe -> EA [Ver = 4, 0, 0, 23 | Size = 86016 bytes | Modified Date = 8/17/2004 9:13:58 PM | Attr = ]
77 c:\Temp\*.tmp files -> c:\Temp\*.tmp ->
c:\Temp\OnlineScanner\Anti-Virus\ -> c:\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 11/11/2008 10:29:24 AM | Attr = ]
fsgk32.exe -> c:\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fssm32.exe -> c:\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
c:\Temp\OnlineScanner\updates\fsav_beta\ -> c:\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsgk32.exe -> c:\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fssm32.exe -> c:\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
c:\Temp\OnlineScanner\Anti-Virus\ -> c:\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 11/11/2008 10:29:24 AM | Attr = ]
AVPFPI0.dll -> c:\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
avpproxy.dll -> c:\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
daas_s.dll -> c:\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr = ]
fm4av.dll -> c:\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [Ver = | Size = 514048 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fpinor.dll -> c:\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsbl.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsbld.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = BlackLight 2.4.1093 | Size = 731784 bytes | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]
fsecr32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsgkiapi.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsmart.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
fspe32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fssubmit.dll -> c:\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
fsup32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupcx32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupfg32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupmw32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupnp32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupux32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupwu32.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsusscr.dll -> c:\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.40.14421 | Size = 883336 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
Nse_w32.dll -> c:\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,93,01 | Size = 588856 bytes | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
c:\Temp\OnlineScanner\updates\fsav_beta\ -> c:\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
AVPFPI0.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
avpproxy.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fm4av.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [Ver = | Size = 514048 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fpinor.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsbl.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
fsgkiapi.dll -> c:\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
c:\Temp\OnlineScanner\updates\hydrawin\ -> c:\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsecr32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fspe32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsup32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupcx32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupfg32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupmw32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupnp32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupux32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupwu32.dll -> c:\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
c:\Temp\OnlineScanner\updates\mlcwin\ -> c:\Temp\OnlineScanner\updates\mlcwin -> [Folder | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
fsmart.dll -> c:\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
fsusscr.dll -> c:\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.40.14421 | Size = 883336 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_30_pegdb\ -> c:\Temp\OnlineScanner\updates\ols_30_pegdb -> [Folder | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
Nse_w32.dll -> c:\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,93,01 | Size = 588856 bytes | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_33_bin\ -> c:\Temp\OnlineScanner\updates\ols_33_bin -> [Folder | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
fssubmit.dll -> c:\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_bl\ -> c:\Temp\OnlineScanner\updates\ols_bl -> [Folder | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]
fsblu.dll -> c:\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = BlackLight 2.4.1093 | Size = 731784 bytes | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]
c:\Temp\ -> c:\Temp -> [Folder | Modified Date = 11/11/2008 2:06:52 PM | Attr = ]
4Amr5K52.dat -> c:\Temp\4Amr5K52.dat -> [Ver = | Size = 820 bytes | Modified Date = 11/11/2008 10:25:52 AM | Attr = ]
7Bns8L85.dat -> c:\Temp\7Bns8L85.dat -> [Ver = | Size = 12071 bytes | Modified Date = 11/11/2008 7:30:31 AM | Attr = ]
77 c:\Temp\*.tmp files -> c:\Temp\*.tmp ->
c:\Temp\OnlineScanner\Anti-Virus\ -> c:\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 11/11/2008 10:29:24 AM | Attr = ]
ext.dat -> c:\Temp\OnlineScanner\Anti-Virus\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 11/11/2008 10:08:53 AM | Attr = ]
fsedb.dat -> c:\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> [Ver = | Size = 1743290 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupdllb.dat -> c:\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [Ver = | Size = 422594 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupplgn.dat -> c:\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat -> [Ver = | Size = 226 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsuptmpl.dat -> c:\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat -> [Ver = | Size = 5828 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
perf.dat -> c:\Temp\OnlineScanner\Anti-Virus\perf.dat -> [Ver = | Size = 128 bytes | Modified Date = 11/11/2008 10:09:49 AM | Attr = ]
sae.dat -> c:\Temp\OnlineScanner\Anti-Virus\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 11/11/2008 10:08:52 AM | Attr = ]
sai.dat -> c:\Temp\OnlineScanner\Anti-Virus\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 11/11/2008 10:08:52 AM | Attr = ]
c:\Temp\OnlineScanner\updates\avmisc\ -> c:\Temp\OnlineScanner\updates\avmisc -> [Folder | Modified Date = 11/11/2008 10:08:54 AM | Attr = ]
ext.dat -> c:\Temp\OnlineScanner\updates\avmisc\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 11/11/2008 10:08:53 AM | Attr = ]
sae.dat -> c:\Temp\OnlineScanner\updates\avmisc\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 11/11/2008 10:08:52 AM | Attr = ]
sai.dat -> c:\Temp\OnlineScanner\updates\avmisc\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 11/11/2008 10:08:52 AM | Attr = ]
c:\Temp\OnlineScanner\updates\hydrawin\ -> c:\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsedb.dat -> c:\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [Ver = | Size = 1743290 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupdllb.dat -> c:\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [Ver = | Size = 422594 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsupplgn.dat -> c:\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat -> [Ver = | Size = 226 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
fsuptmpl.dat -> c:\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat -> [Ver = | Size = 5828 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
c:\Temp\OnlineScanner\Anti-Virus\ -> c:\Temp\OnlineScanner\Anti-Virus -> [Folder | Modified Date = 11/11/2008 10:29:24 AM | Attr = ]
FS@av.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@av.ini -> [Ver = | Size = 203 bytes | Modified Date = 11/11/2008 10:08:53 AM | Attr = ]
FS@avpe.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini -> [Ver = | Size = 205 bytes | Modified Date = 11/11/2008 10:08:40 AM | Attr = ]
FS@bleng.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini -> [Ver = | Size = 252 bytes | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]
FS@corp.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@corp.ini -> [Ver = | Size = 176 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
FS@hydra.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini -> [Ver = | Size = 250 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
FS@mlc.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini -> [Ver = | Size = 204 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
FS@ols.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@ols.ini -> [Ver = | Size = 168 bytes | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
FS@peg.ini -> c:\Temp\OnlineScanner\Anti-Virus\FS@peg.ini -> [Ver = | Size = 204 bytes | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
verdicts.ini -> c:\Temp\OnlineScanner\Anti-Virus\verdicts.ini -> [Ver = | Size = 4184 bytes | Modified Date = 11/11/2008 10:08:41 AM | Attr = ]
c:\Temp\OnlineScanner\updates\avmisc\ -> c:\Temp\OnlineScanner\updates\avmisc -> [Folder | Modified Date = 11/11/2008 10:08:54 AM | Attr = ]
FS@av.ini -> c:\Temp\OnlineScanner\updates\avmisc\FS@av.ini -> [Ver = | Size = 203 bytes | Modified Date = 11/11/2008 10:08:53 AM | Attr = ]
c:\Temp\OnlineScanner\updates\avpe\ -> c:\Temp\OnlineScanner\updates\avpe -> [Folder | Modified Date = 11/11/2008 10:08:47 AM | Attr = ]
FS@avpe.ini -> c:\Temp\OnlineScanner\updates\avpe\FS@avpe.ini -> [Ver = | Size = 205 bytes | Modified Date = 11/11/2008 10:08:40 AM | Attr = ]
verdicts.ini -> c:\Temp\OnlineScanner\updates\avpe\verdicts.ini -> [Ver = | Size = 4184 bytes | Modified Date = 11/11/2008 10:08:41 AM | Attr = ]
c:\Temp\OnlineScanner\updates\fsav_beta\ -> c:\Temp\OnlineScanner\updates\fsav_beta -> [Folder | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
FS@corp.ini -> c:\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini -> [Ver = | Size = 176 bytes | Modified Date = 11/11/2008 10:09:34 AM | Attr = ]
c:\Temp\OnlineScanner\updates\hydrawin\ -> c:\Temp\OnlineScanner\updates\hydrawin -> [Folder | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
FS@hydra.ini -> c:\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini -> [Ver = | Size = 250 bytes | Modified Date = 11/11/2008 10:09:22 AM | Attr = ]
c:\Temp\OnlineScanner\updates\mlcwin\ -> c:\Temp\OnlineScanner\updates\mlcwin -> [Folder | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
FS@mlc.ini -> c:\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini -> [Ver = | Size = 204 bytes | Modified Date = 11/11/2008 10:09:28 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_30_pegdb\ -> c:\Temp\OnlineScanner\updates\ols_30_pegdb -> [Folder | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
FS@peg.ini -> c:\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini -> [Ver = | Size = 204 bytes | Modified Date = 11/11/2008 10:09:03 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_33_bin\ -> c:\Temp\OnlineScanner\updates\ols_33_bin -> [Folder | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
FS@ols.ini -> c:\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini -> [Ver = | Size = 168 bytes | Modified Date = 11/11/2008 10:09:08 AM | Attr = ]
c:\Temp\OnlineScanner\updates\ols_bl\ -> c:\Temp\OnlineScanner\updates\ols_bl -> [Folder | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]
FS@bleng.ini -> c:\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini -> [Ver = | Size = 252 bytes | Modified Date = 11/11/2008 10:09:06 AM | Attr = ]

< End of report >
[/code]

Bio-Hazard · Nov 11, 2008

Malwarebytes' Anti-Malware

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
Close MBAM.
Do not run a scan with MBAM yet.

Now disconnect from the internet. Unplug your line connection. <------ Important

Once disconnected.

OTScanIt

Now start OTScanIt. Copy/Paste the information in the quotebox below into the pane where it says
Paste fix here and then click the Run Fix button.

[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 84d6498f -> %SystemRoot%\system32\jinanujo.dll [rundll32.exe "C:\WINDOWS\system32\jinanujo.dll",b]
YN -> CPM87e57a13 -> %SystemRoot%\system32\geduvuha.dll [Rundll32.exe "c:\windows\system32\geduvuha.dll",a]
YN -> kipilebufu -> %SystemRoot%\system32\tojayeku.DLL [Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> QNPlus -> []
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> C:\WINDOWS\system32\giziraze.dll -> %SystemRoot%\system32\giziraze.dll
YN -> c:\windows\system32\geduvuha.dll -> %SystemRoot%\system32\geduvuha.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geduvuha.dll [SSODL]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geduvuha.dll [STS]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {fd20386e-6c63-4892-98d8-c052e5207380} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dubolaho.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{C17590D2-ECB4-4B15-8820-F58798DCC118} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll[Reg Error: Value does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
NY -> 32788R22FWJFW -> %SystemDrive%\32788R22FWJFW
NY -> 7Qdi8B85.exe.a_a -> %SystemRoot%\System32\7Qdi8B85.exe.a_a
NY -> arowurud.ini -> %SystemRoot%\System32\arowurud.ini
NY -> igevanir.ini -> %SystemRoot%\System32\igevanir.ini
NY -> inedariv.ini -> %SystemRoot%\System32\inedariv.ini
NY -> iwipeyar.ini -> %SystemRoot%\System32\iwipeyar.ini
NY -> ojopayum.ini -> %SystemRoot%\System32\ojopayum.ini
NY -> ojunanij.ini -> %SystemRoot%\System32\ojunanij.ini
NY -> uyuwuyel.ini -> %SystemRoot%\System32\uyuwuyel.ini
NY -> At1.job -> %SystemRoot%\tasks\At1.job
NY -> At10.job -> %SystemRoot%\tasks\At10.job
NY -> At11.job -> %SystemRoot%\tasks\At11.job
NY -> At12.job -> %SystemRoot%\tasks\At12.job
NY -> At13.job -> %SystemRoot%\tasks\At13.job
NY -> At14.job -> %SystemRoot%\tasks\At14.job
NY -> At15.job -> %SystemRoot%\tasks\At15.job
NY -> At16.job -> %SystemRoot%\tasks\At16.job
NY -> At17.job -> %SystemRoot%\tasks\At17.job
NY -> At18.job -> %SystemRoot%\tasks\At18.job
NY -> At19.job -> %SystemRoot%\tasks\At19.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At20.job -> %SystemRoot%\tasks\At20.job
NY -> At21.job -> %SystemRoot%\tasks\At21.job
NY -> At22.job -> %SystemRoot%\tasks\At22.job
NY -> At23.job -> %SystemRoot%\tasks\At23.job
NY -> At24.job -> %SystemRoot%\tasks\At24.job
NY -> At3.job -> %SystemRoot%\tasks\At3.job
NY -> At4.job -> %SystemRoot%\tasks\At4.job
NY -> At5.job -> %SystemRoot%\tasks\At5.job
NY -> At6.job -> %SystemRoot%\tasks\At6.job
NY -> At7.job -> %SystemRoot%\tasks\At7.job
NY -> At8.job -> %SystemRoot%\tasks\At8.job
NY -> At9.job -> %SystemRoot%\tasks\At9.job
[Files/Folders - Modified Within 30 days]
NY -> 7Qdi8B85.exe.a_a -> %SystemRoot%\System32\7Qdi8B85.exe.a_a
NY -> arowurud.ini -> %SystemRoot%\System32\arowurud.ini
NY -> dafiludu.dll -> %SystemRoot%\System32\dafiludu.dll
NY -> feduyizo.dll -> %SystemRoot%\System32\feduyizo.dll
NY -> gahehani.dll -> %SystemRoot%\System32\gahehani.dll
NY -> geduvuha.dll -> %SystemRoot%\System32\geduvuha.dll
NY -> igevanir.ini -> %SystemRoot%\System32\igevanir.ini
NY -> inedariv.ini -> %SystemRoot%\System32\inedariv.ini
NY -> iwipeyar.ini -> %SystemRoot%\System32\iwipeyar.ini
NY -> jewobegu.dll -> %SystemRoot%\System32\jewobegu.dll
NY -> jinanujo.dll -> %SystemRoot%\System32\jinanujo.dll
NY -> muyapojo.dll -> %SystemRoot%\System32\muyapojo.dll
NY -> ojopayum.ini -> %SystemRoot%\System32\ojopayum.ini
NY -> ojunanij.ini -> %SystemRoot%\System32\ojunanij.ini
NY -> rayepiwi.dll -> %SystemRoot%\System32\rayepiwi.dll
NY -> uyuwuyel.ini -> %SystemRoot%\System32\uyuwuyel.ini
NY -> yayazora -> %SystemRoot%\System32\yayazora
NY -> zovudala.dll -> %SystemRoot%\System32\zovudala.dll
NY -> At1.job -> %SystemRoot%\tasks\At1.job
NY -> At10.job -> %SystemRoot%\tasks\At10.job
NY -> At11.job -> %SystemRoot%\tasks\At11.job
NY -> At12.job -> %SystemRoot%\tasks\At12.job
NY -> At13.job -> %SystemRoot%\tasks\At13.job
NY -> At14.job -> %SystemRoot%\tasks\At14.job
NY -> At15.job -> %SystemRoot%\tasks\At15.job
NY -> At16.job -> %SystemRoot%\tasks\At16.job
NY -> At17.job -> %SystemRoot%\tasks\At17.job
NY -> At18.job -> %SystemRoot%\tasks\At18.job
NY -> At19.job -> %SystemRoot%\tasks\At19.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At20.job -> %SystemRoot%\tasks\At20.job
NY -> At21.job -> %SystemRoot%\tasks\At21.job
NY -> At22.job -> %SystemRoot%\tasks\At22.job
NY -> At23.job -> %SystemRoot%\tasks\At23.job
NY -> At24.job -> %SystemRoot%\tasks\At24.job
NY -> At3.job -> %SystemRoot%\tasks\At3.job
NY -> At4.job -> %SystemRoot%\tasks\At4.job
NY -> At5.job -> %SystemRoot%\tasks\At5.job
NY -> At6.job -> %SystemRoot%\tasks\At6.job
NY -> At7.job -> %SystemRoot%\tasks\At7.job
NY -> At8.job -> %SystemRoot%\tasks\At8.job
NY -> At9.job -> %SystemRoot%\tasks\At9.job
NY -> GTV785kQ.exe -> c:\Temp\GTV785kQ.exe
NY -> 4Amr5K52.dat -> c:\Temp\4Amr5K52.dat
NY -> 7Bns8L85.dat -> c:\Temp\7Bns8L85.dat
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system

Malwarebytes' Anti-Malware

Open Malwarebytes' Anti-Malware
Select the Scanner tab.
Select Perform full scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

OTScanIt Log
Malwarebytes AntiMalware Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving

NinaG · Nov 12, 2008

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\84d6498f deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CPM87e57a13 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kipilebufu deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QNPlus deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\giziraze.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\geduvuha.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found.\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd20386e-6c63-4892-98d8-c052e5207380}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd20386e-6c63-4892-98d8-c052e5207380}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C17590D2-ECB4-4B15-8820-F58798DCC118} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C17590D2-ECB4-4B15-8820-F58798DCC118}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\siteadvisor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A5DC592-7723-4EAA-9EE6-AF4222BCF879}\ deleted successfully.
[Files/Folders - Created Within 30 days]
C:\32788R22FWJFW\N_ folder moved successfully.
Folder move failed. C:\32788R22FWJFW scheduled to be moved on reboot.
C:\WINDOWS\System32\7Qdi8B85.exe.a_a moved successfully.
C:\WINDOWS\System32\arowurud.ini moved successfully.
C:\WINDOWS\System32\igevanir.ini moved successfully.
C:\WINDOWS\System32\inedariv.ini moved successfully.
C:\WINDOWS\System32\iwipeyar.ini moved successfully.
C:\WINDOWS\System32\ojopayum.ini moved successfully.
C:\WINDOWS\System32\ojunanij.ini moved successfully.
C:\WINDOWS\System32\uyuwuyel.ini moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\7Qdi8B85.exe.a_a not found!
File C:\WINDOWS\System32\arowurud.ini not found!
C:\WINDOWS\System32\dafiludu.dll moved successfully.
C:\WINDOWS\System32\feduyizo.dll moved successfully.
C:\WINDOWS\System32\gahehani.dll moved successfully.
C:\WINDOWS\System32\geduvuha.dll moved successfully.
File C:\WINDOWS\System32\igevanir.ini not found!
File C:\WINDOWS\System32\inedariv.ini not found!
File C:\WINDOWS\System32\iwipeyar.ini not found!
C:\WINDOWS\System32\jewobegu.dll moved successfully.
C:\WINDOWS\System32\jinanujo.dll moved successfully.
C:\WINDOWS\System32\muyapojo.dll moved successfully.
File C:\WINDOWS\System32\ojopayum.ini not found!
File C:\WINDOWS\System32\ojunanij.ini not found!
C:\WINDOWS\System32\rayepiwi.dll moved successfully.
File C:\WINDOWS\System32\uyuwuyel.ini not found!
C:\WINDOWS\System32\yayazora moved successfully.
C:\WINDOWS\System32\zovudala.dll moved successfully.
File C:\WINDOWS\tasks\At1.job not found!
File C:\WINDOWS\tasks\At10.job not found!
File C:\WINDOWS\tasks\At11.job not found!
File C:\WINDOWS\tasks\At12.job not found!
File C:\WINDOWS\tasks\At13.job not found!
File C:\WINDOWS\tasks\At14.job not found!
File C:\WINDOWS\tasks\At15.job not found!
File C:\WINDOWS\tasks\At16.job not found!
File C:\WINDOWS\tasks\At17.job not found!
File C:\WINDOWS\tasks\At18.job not found!
File C:\WINDOWS\tasks\At19.job not found!
File C:\WINDOWS\tasks\At2.job not found!
File C:\WINDOWS\tasks\At20.job not found!
File C:\WINDOWS\tasks\At21.job not found!
File C:\WINDOWS\tasks\At22.job not found!
File C:\WINDOWS\tasks\At23.job not found!
File C:\WINDOWS\tasks\At24.job not found!
File C:\WINDOWS\tasks\At3.job not found!
File C:\WINDOWS\tasks\At4.job not found!
File C:\WINDOWS\tasks\At5.job not found!
File C:\WINDOWS\tasks\At6.job not found!
File C:\WINDOWS\tasks\At7.job not found!
File C:\WINDOWS\tasks\At8.job not found!
File C:\WINDOWS\tasks\At9.job not found!
c:\Temp\GTV785kQ.exe moved successfully.
c:\Temp\4Amr5K52.dat moved successfully.
c:\Temp\7Bns8L85.dat moved successfully.
[Empty Temp Folders]
File delete failed. c:\Temp\NAILogs\UpdaterUI_S09892-09.log scheduled to be deleted on reboot.
File delete failed. c:\Temp\etilqs_FZguJSJPKdwvw7MSRfZN scheduled to be deleted on reboot.
File delete failed. c:\Temp\etilqs_qFyd9gFSKIFQxCvpsZf5 scheduled to be deleted on reboot.
File delete failed. c:\Temp\etilqs_qFyd9gFSKIFQxCvpsZf5-journal scheduled to be deleted on reboot.
File delete failed. c:\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11112008_193417

Files moved on Reboot...
C:\32788R22FWJFW folder moved successfully.
c:\Temp\NAILogs\UpdaterUI_S09892-09.log moved successfully.
c:\Temp\etilqs_FZguJSJPKdwvw7MSRfZN moved successfully.
File c:\Temp\etilqs_qFyd9gFSKIFQxCvpsZf5 not found!
File c:\Temp\etilqs_qFyd9gFSKIFQxCvpsZf5-journal not found!
c:\Temp\hpodvd09.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Meredith\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9wvop4o.default\urlclassifier3.sqlite moved successfully.

Malwarebytes' Anti-Malware 1.30
Database version: 1385
Windows 5.1.2600 Service Pack 2

11/11/2008 9:13:35 PM
mbam-log-2008-11-11 (21-13-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 232930
Time elapsed: 1 hour(s), 15 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dubolaho.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\giziraze.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd20386e-6c63-4892-98d8-c052e5207380} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd20386e-6c63-4892-98d8-c052e5207380} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fd20386e-6c63-4892-98d8-c052e5207380} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm87e57a13 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kipilebufu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\giziraze.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\giziraze.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\giziraze.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dubolaho.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\giziraze.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP340\A0053332.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP342\A0053439.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP343\A0053449.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP343\A0053462.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP344\A0053471.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP344\A0053879.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP345\A0053887.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP345\A0053910.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP347\A0053979.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP347\A0053980.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP347\A0053999.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP350\A0055290.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP350\A0055291.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8C54D3D-D58F-44F2-B467-EC01DF656352}\RP350\A0055292.exe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rinavegi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\duruwora.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\leyuwuyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bumepusu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\viradeni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\11072008_163422\WINDOWS\system32\4SFK5D52.0LL (Adware.Agent) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\11072008_163422\WINDOWS\system32\7QDI8B85.0XE (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\11072008_163422\WINDOWS\system32\7Qdi8B85.exe_ (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\c_Temp\GTV785kQ.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\dafiludu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\feduyizo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\gahehani.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\geduvuha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\jewobegu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTScanIt\MovedFiles\11112008_193417\C_WINDOWS\System32\zovudala.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

NinaG · Nov 12, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:05 PM, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meredith.edu/enews
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.meredith.edu
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182974567968
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795}: Domain = meredith.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{89036D96-C6B7-4B52-B522-375D560DF72C}: Domain = meredith.edu
O20 - AppInit_DLLs: Y_\??wHC:\Program Files\QuickTime\QTSystem\ TC:\, c:\windows\system32\geduvuha.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14148 bytes

It doesn't seem to be lagging as much as it used too. I haven't had any random popups yet.

Bio-Hazard · Nov 12, 2008

Hello NinaG!

Thank you for your patience and for your hard work. We are almost there.

Remove HijackThis entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):

O4 - HKUS\S-1-5-19\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kipilebufu] Rundll32.exe "C:\WINDOWS\system32\tojayeku.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: Y_\??wHC:\Program Files\QuickTime\QTSystem\ TC:\, c:\windows\system32\geduvuha.dll
Close all open windows and browsers/email etc...
Click on the Fix Checked button
When completed close the application.

REBOOT YOUR MACHINE

Malwarebytes' Anti-Malware

Please do a scan using these settins:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

Malwarebytes Antimalware Log
A fresh HijackThis Log ( after all the above has been done)

NinaG · Nov 12, 2008

Malwarebytes' Anti-Malware 1.30
Database version: 1388
Windows 5.1.2600 Service Pack 2

11/12/2008 9:24:00 AM
mbam-log-2008-11-12 (09-24-00).txt

Scan type: Quick Scan
Objects scanned: 93732
Time elapsed: 35 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)
Yay!

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:00 AM, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meredith.edu/enews
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.meredith.edu
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149688495734
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182974567968
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E8C1DC6-081D-4289-B03F-BF9FF7EC4795}: Domain = meredith.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{89036D96-C6B7-4B52-B522-375D560DF72C}: Domain = meredith.edu
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 13700 bytes

Bio-Hazard · Nov 12, 2008

Firewall

Looking over your log it seems you don't have any evidence of a third party FIREWALL. As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

I would recommend to install install a free firewall for personal use from one of these excellent vendors. Choice is yours:

Online-Armor Free
Agnitum
Sunbelt/Kerio (Free version after 30 days)
Comodo (Uncheck during installation Install Comodo SafeSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!)

Your log now appears to be clean. Congratulations!

Double-click OTScanIt.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? Prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it by yourself

You can get rid of the tools we used:

You can delete this folder C:/RSIT
RSIT (You can just delete the exe file from your desktop)
ATF-Cleaner (You can just delete the exe file from your desktop)

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

You can reactivate Sybot Teatimer now.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

Clear Infected System Restore Points
- Turn System Restore off
- On the Desktop, right click on the My Computer icon.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.
  Restart your computer
- Turn System Restore on
- On the Desktop, right click on the My Computer icon.
- Click Properties.
- Click the System Restore tab.
- Uncheck *Turn off System Restore*.
- Click Apply, and then click OK.
Note: only do this once,and not on a regular basis
Set correct settings for files
- Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
- Under Hidden files and folders if necessary select Do not show hidden files and folders.
- If unchecked please check Hide protected operating system files (Recommended)
- If necessary check Display content of system folders
- If necessary Uncheck Hide file extensions for known file types.
- Click OK
Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Install and use a firewall with outbound protection
The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
NOTE: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
Make Internet Explorer More Secure
You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
SpywareBlaster
SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
Hosts File
For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
Use an alternative Internet Browser
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:Firefox or Opera

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Bio-Hazard

NinaG · Nov 12, 2008

A few more questions -

Online Armor: When I restarted the orange boxes came up. What do I do with them?

IPSSVC.EXE wants to set global hook (HOOK_MOUSE)
BTTray.exe wants to set a global hook (HOOK_SHELL)
Mctray.exe wants to set a global hook (HOOK_CALLWNDPROCRET)

Enabling System Restore: when I went to turn it on it gave me the message -
"System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again."

Bio-Hazard · Nov 12, 2008

NinaG said:
A few more questions -

Online Armor: When I restarted the orange boxes came up. What do I do with them?

IPSSVC.EXE wants to set global hook (HOOK_MOUSE)
BTTray.exe wants to set a global hook (HOOK_SHELL)
Mctray.exe wants to set a global hook (HOOK_CALLWNDPROCRET)

Enabling System Restore: when I went to turn it on it gave me the message -
"System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again."

Thats Ok.

System restore crashed because Online Armor was most likely blocking it.

Those popus are okay to say yes to. It is going to produce lot of popus in the beginning. If you are having problems with it then you can uninstall it. How do you connect to internet? If you have router then you dont neccessaraly need a software firewall.

NinaG · Nov 12, 2008

Thanks for your help

Continual Explorer Pop-ups...Trojan?

Bio-Hazard

Emeritus- Malware Team

NinaG

New member

Bio-Hazard

Emeritus- Malware Team

NinaG

New member

Bio-Hazard

Emeritus- Malware Team

NinaG

New member

NinaG

New member

Bio-Hazard

Emeritus- Malware Team

NinaG

New member

NinaG

New member

Bio-Hazard

Emeritus- Malware Team

NinaG

New member

Bio-Hazard

Emeritus- Malware Team

NinaG

New member

Bio-Hazard

Emeritus- Malware Team

NinaG

New member