Mundo, antivirus 2009, others? cannot remove!

Okay, I tried my best before making a topic, but I have failed so far.

I'm not sure what I have (vundo, antivirus 2009, etc...) since alot of things are coming up. Here is a list of what I have tried

spybot
adaware
malware bytes
spyhunter
spyware doctor
SUPERantispyware
vundofix
virtumundobegone

every time they each find something, and there is usually a trojan.vundo in there.


I am receiving pop-ups (new tabs open in firefox) or I receive the following(hopefully large enough to read):



which I cancel/close and leads to a new tab opening, usually antivirus 2009 website showing the fake "scan" thing.

RSIT log:








Logfile of random's system information tool 1.04 (written by random/random)
Run by Lenovo at 2008-12-01 19:30:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (13%) free of 95 GB
Total RAM: 2014 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:26 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lenovo\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Lenovo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {bb8f12da-2708-4408-8ff7-f0057ed05392} - C:\WINDOWS\system32\dizubure.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\puwareda.dll",s
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\fihasine.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\puwareda.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fihasine.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fihasine.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 7493 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
C:\WINDOWS\system32\dizubure.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-17 8433664]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-05-29 52840]
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-04-09 1015808]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-06-06 125632]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"fudulevuge"=C:\WINDOWS\system32\puwareda.dll []
"CPMf38e3fdf"=c:\windows\system32\fihasine.dll [2008-12-01 93236]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-12-22 67752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMMUNICATOR]
C:\Program Files\Microsoft Office Communicator\Communicator.exe [2007-04-10 3900776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMf38e3fdf]
c:\windows\system32\samorasa.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-04-27 243248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fudulevuge]
C:\WINDOWS\system32\puwareda.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-03-23 120368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe [2007-11-08 323216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-05-17 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-04-10 58416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
C:\WINDOWS\system32\TpShocks.exe [2007-03-29 181808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
C:\Program Files\Tunebite\tunebite.exe -hidden []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2006-12-10 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Custom Uninstall Tracking]
C:\DOCUME~1\MURPHY~1\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2007-05-11 2061816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lenovo^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MURPHY_RICH^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3
"WMPNetworkSvc"=3
"WinDefend"=2
"TVT Scheduler"=2
"ose"=3
"odserv"=3
"MDM"=2
"idsvc"=3
"IDriverT"=3
"FLEXnet Licensing Service"=3
"Diskeeper"=2
"ccEvtMgr"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"AdobeActiveFileMonitor5.0"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-06-06 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fihasine.dll [2008-12-01 93236]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fihasine.dll [2008-12-01 93236]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\movezisa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2005"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\PharosSystems\Core\CTskMstr.exe"="C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator"
"C:\Program Files\PharosSystems\Core\CTskMstr.exe"="C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\rFactor\rFactor.exe"="C:\Program Files\rFactor\rFactor.exe:*:Enabled:rFactor"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-01 19:30:20 ----D---- C:\rsit
2008-12-01 14:41:18 ----D---- C:\WINDOWS\Prefetch
2008-12-01 14:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-01 14:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-01 14:11:56 ----D---- C:\VundoFix Backups
2008-12-01 14:11:56 ----A---- C:\VundoFix.txt
2008-12-01 13:55:00 ----SH---- C:\WINDOWS\system32\evojuyew.ini
2008-12-01 11:31:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-01 11:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-01 11:30:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-01 11:30:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-01 11:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-01 11:30:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-01 11:30:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-01 11:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-01 11:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-01 11:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-01 11:30:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-01 11:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-01 11:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-01 11:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-01 11:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-01 11:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-01 11:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-01 11:26:02 ----D---- C:\WINDOWS\system32\scripting
2008-12-01 11:26:00 ----D---- C:\WINDOWS\system32\en
2008-12-01 11:26:00 ----D---- C:\WINDOWS\system32\bits
2008-12-01 11:26:00 ----D---- C:\WINDOWS\l2schemas
2008-12-01 11:22:17 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-01 11:19:25 ----D---- C:\WINDOWS\network diagnostic
2008-12-01 11:15:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-30 13:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-11-30 13:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-11-30 13:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-11-30 13:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-11-30 13:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-30 13:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-11-30 13:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-11-30 13:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-11-30 13:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-11-30 13:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-11-30 13:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-11-30 13:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-30 13:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-30 13:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-11-30 13:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-11-30 13:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-30 13:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-30 13:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-30 13:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-11-30 12:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-30 12:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-29 10:58:22 ----A---- C:\WINDOWS\system32\muweb.dll
2008-11-29 10:58:22 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-29 10:58:22 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-29 10:49:17 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-29 10:48:48 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-29 10:48:48 ----D---- C:\Documents and Settings\Lenovo\Application Data\SUPERAntiSpyware.com
2008-11-29 03:35:51 ----SH---- C:\WINDOWS\system32\abefeham.ini
2008-11-27 12:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-11-27 12:36:11 ----D---- C:\Program Files\Common Files\PC Tools
2008-11-27 12:29:34 ----D---- C:\Program Files\Spyware Doctor
2008-11-27 12:29:34 ----D---- C:\Documents and Settings\Lenovo\Application Data\PC Tools
2008-11-26 09:46:04 ----D---- C:\Documents and Settings\Lenovo\Application Data\Leadertech
2008-11-26 09:32:34 ----D---- C:\Program Files\EA Games
2008-11-26 09:32:31 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-26 09:32:31 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-26 09:32:30 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-26 09:32:30 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-26 09:32:30 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-26 09:32:29 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-26 09:32:29 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-26 09:32:28 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-26 09:32:28 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-26 09:32:27 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-26 09:32:27 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-26 09:32:26 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-26 09:32:26 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-11-26 09:32:26 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-11-26 09:31:59 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-26 09:31:59 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-26 09:31:58 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-26 09:31:57 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-26 09:31:57 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-26 09:31:57 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-26 09:31:56 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-26 09:31:56 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-26 09:31:56 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-26 09:31:44 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-26 09:31:44 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-26 09:31:43 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-26 09:31:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-26 09:31:43 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-26 09:31:38 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-26 09:12:38 ----D---- C:\Program Files\Enigma Software Group
2008-11-24 17:01:59 ----D---- C:\Program Files\Lavasoft
2008-11-24 17:01:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-24 17:00:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-24 11:54:51 ----A---- C:\WINDOWS\vpc32.INI
2008-11-24 11:54:38 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-11-24 11:50:55 ----A---- C:\WINDOWS\zip.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\VFIND.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\SWSC.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\SWREG.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\sed.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\grep.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\fdsv.exe
2008-11-24 11:50:49 ----D---- C:\WINDOWS\ERDNT
2008-11-24 11:50:48 ----D---- C:\Qoobox
2008-11-24 11:50:47 ----A---- C:\WINDOWS\system32\CF6418.exe
2008-11-24 11:06:54 ----SHD---- C:\Config.Msi
2008-11-24 10:57:16 ----D---- C:\Program Files\Trend Micro
2008-11-24 00:31:52 ----SH---- C:\WINDOWS\system32\ofafozan.ini
2008-11-23 00:31:02 ----SH---- C:\WINDOWS\system32\oneyonuf.ini
2008-11-22 12:44:43 ----D---- C:\Documents and Settings\Lenovo\Application Data\Malwarebytes
2008-11-22 12:44:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-22 12:44:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-21 01:28:42 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-21 01:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 22:25:00 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-11-15 22:24:59 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-11-11 19:30:48 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

======List of files/folders modified in the last 1 months======

2008-12-01 18:07:43 ----D---- C:\Program Files\Mozilla Firefox
2008-12-01 18:07:38 ----D---- C:\WINDOWS\Temp
2008-12-01 18:07:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-01 18:07:30 ----D---- C:\WINDOWS\system32
2008-12-01 17:47:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-01 17:44:26 ----A---- C:\WINDOWS\SMSCFG.ini
2008-12-01 17:42:57 ----D---- C:\WINDOWS
2008-12-01 17:41:51 ----A---- C:\TPHKLOCK.TXT
2008-12-01 17:33:32 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-01 17:32:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-01 14:46:35 ----SHD---- C:\WINDOWS\Installer
2008-12-01 14:45:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-01 14:45:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-01 14:43:49 ----SHD---- C:\WINDOWS\CSC
2008-12-01 14:41:13 ----A---- C:\WINDOWS\setuplog.txt
2008-12-01 14:40:04 ----D---- C:\WINDOWS\system32\Setup
2008-12-01 14:40:04 ----D---- C:\WINDOWS\AppPatch
2008-12-01 14:40:02 ----D---- C:\WINDOWS\system32\wbem
2008-12-01 14:40:01 ----RSD---- C:\WINDOWS\Fonts
2008-12-01 14:39:54 ----D---- C:\WINDOWS\system32\drivers
2008-12-01 14:37:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-01 14:37:45 ----HD---- C:\WINDOWS\inf
2008-12-01 14:37:42 ----A---- C:\WINDOWS\imsins.BAK
2008-12-01 13:54:56 ----ASH---- C:\WINDOWS\system32\fihasine.dll
2008-12-01 12:48:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-01 11:35:11 ----D---- C:\WINDOWS\security
2008-12-01 11:32:26 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-01 11:29:29 ----D---- C:\Program Files\Messenger
2008-12-01 11:26:25 ----D---- C:\WINDOWS\WinSxS
2008-12-01 11:26:12 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-01 11:26:12 ----D---- C:\WINDOWS\ime
2008-12-01 11:26:12 ----D---- C:\WINDOWS\Help
2008-12-01 11:26:02 ----D---- C:\WINDOWS\system32\usmt
2008-12-01 11:26:02 ----D---- C:\WINDOWS\system32\en-us
2008-12-01 11:26:01 ----D---- C:\Program Files\Internet Explorer
2008-12-01 11:26:00 ----D---- C:\WINDOWS\PeerNet
2008-12-01 11:26:00 ----D---- C:\Program Files\Movie Maker
2008-12-01 11:21:50 ----D---- C:\WINDOWS\system32\Restore
2008-12-01 11:21:50 ----D---- C:\WINDOWS\system32\npp
2008-12-01 11:21:49 ----D---- C:\WINDOWS\mui
2008-12-01 11:21:47 ----D---- C:\WINDOWS\msagent
2008-12-01 11:21:43 ----D---- C:\WINDOWS\srchasst
2008-12-01 11:21:41 ----D---- C:\Program Files\NetMeeting
2008-12-01 11:21:37 ----D---- C:\WINDOWS\system32\Com
2008-12-01 11:21:31 ----D---- C:\Program Files\Windows Media Player
2008-12-01 11:21:30 ----D---- C:\Program Files\Windows NT
2008-12-01 11:21:30 ----D---- C:\Program Files\Outlook Express
2008-12-01 11:21:21 ----D---- C:\Program Files\Common Files\System
2008-12-01 11:20:50 ----D---- C:\WINDOWS\system32\oobe
2008-12-01 11:20:49 ----D---- C:\WINDOWS\system
2008-12-01 11:18:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-01 11:15:13 ----D---- C:\WINDOWS\ehome
2008-12-01 10:33:18 ----A---- C:\WINDOWS\wininit.ini
2008-11-30 13:54:33 ----ASH---- C:\WINDOWS\system32\jijujopi.dll
2008-11-30 13:18:15 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-30 13:11:08 ----RSD---- C:\WINDOWS\assembly
2008-11-30 13:07:17 ----A---- C:\WINDOWS\win.ini
2008-11-30 13:04:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-29 11:14:27 ----D---- C:\WINDOWS\Debug
2008-11-29 10:48:48 ----D---- C:\Program Files
2008-11-29 03:35:47 ----ASH---- C:\WINDOWS\system32\fofajupa.dll
2008-11-27 12:45:01 ----A---- C:\WINDOWS\system32\rujazeke.dll
2008-11-27 12:36:11 ----D---- C:\Program Files\Common Files
2008-11-26 15:55:06 ----D---- C:\Documents and Settings\Lenovo\Application Data\Azureus
2008-11-26 09:48:38 ----D---- C:\WINDOWS\system32\config
2008-11-26 09:48:22 ----D---- C:\WINDOWS\Registration
2008-11-26 09:32:34 ----D---- C:\WINDOWS\system32\DirectX
2008-11-26 09:10:38 ----ASH---- C:\WINDOWS\system32\figorana.dll
2008-11-25 12:32:16 ----ASH---- C:\WINDOWS\system32\lisuhufu.dll
2008-11-25 00:32:07 ----ASH---- C:\WINDOWS\system32\vufurajo.dll
2008-11-24 11:58:11 ----A---- C:\WINDOWS\system.ini
2008-11-24 11:15:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 11:07:19 ----D---- C:\Program Files\Tunebite
2008-11-24 11:06:16 ----D---- C:\Program Files\NetSnippets
2008-11-24 11:05:35 ----D---- C:\Program Files\Bonjour
2008-11-24 11:04:21 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-23 13:20:19 ----ASH---- C:\boot.ini
2008-11-23 12:45:11 ----SD---- C:\WINDOWS\Tasks
2008-11-22 15:45:22 ----SD---- C:\Documents and Settings\Lenovo\Application Data\Microsoft
2008-11-21 01:40:26 ----D---- C:\Program Files\DAEMON Tools Pro

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 189584]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-23 17778]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-06-18 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-04-10 12848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-04-13 306176]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-03-23 94848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-05-11 252312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081130.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081130.004\navex15.sys []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-17 6346720]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 24208]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S3 a9e6y93y;a9e6y93y; C:\WINDOWS\system32\drivers\a9e6y93y.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys []
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-04-02 21632]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys []
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys []
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2006-04-19 14464]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-05-02 22768]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-05-29 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-06-06 31424]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-05-31 36400]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-17 163908]
R2 Pharos Systems ComTaskMaster;Pharos Systems ComTaskMaster; C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe [2007-02-22 294912]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-06-06 116928]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2007-06-14 13312]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-06-06 1821376]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-03-02 37680]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
S2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-03-28 214672]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-05-29 192104]
S4 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-23 622700]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-29 654848]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2006-12-10 1118208]
S4 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-12-01 19:30:28

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CEBB0B1-9732-4C92-94C4-9DE6E6F45EC8}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.exe" -l0x9 UNINSTALL
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Premiere Elements 3.0.2 Templates-->MsiExec.exe /I{6EACDDF4-4220-49A3-9204-984C86852C3D}
Adobe Premiere Elements 3.0.2-->msiexec /I {530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Premiere Elements 3.0.2-->MsiExec.exe /I{530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Azureus-->C:\Program Files\Azureus\Uninstall.exe
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Diskeeper Lite-->MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FileZilla-->MsiExec.exe /X{AF9A093E-4322-4D6D-809F-BB7DCA007067}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\setup.exe" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Network Connections 12.0.40.0-->MsiExec.exe /i{EEE90C2D-8ACE-4007-9CF6-B07D0516F6B9} ARPREMOVE=1
InterVideo WinDVD Creator 3-->"C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire PRO 4.12.6-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Communicator 2005-->MsiExec.exe /X{BE5AD430-9E0C-4243-AB3F-593835869855}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel 2007 Get Started Tab-->MsiExec.exe /I{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007 Get Started Tab-->MsiExec.exe /I{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007 Get Started Tab-->MsiExec.exe /I{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Outlook Web Access S/MIME-->MsiExec.exe /X{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
On Screen Display-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pharos-->C:\PROGRA~1\Pharos\bin\Local.EXE
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\SETUP.EXE" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
the Bentley Virtual Lab Launcher-->"C:\vlab\unins000.exe"
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anything
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
Update for Microsoft .NET Framework 3.0 (KB932394)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {6CDA893D-A8BB-44B5-896E-A474508B2EFF} /package {7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WS_FTP 5.08-->MsiExec.exe /I{CB867DC1-54D1-4ABF-A0DE-1BC9B94E6C57}

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {bb8f12da-2708-4408-8ff7-f0057ed05392} - C:\WINDOWS\system32\dizubure.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [f0bd0c43] rundll32.exe "C:\WINDOWS\system32\nazofafo.dll",b
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\puwareda.dll",s
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\waguroho.dll",a
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\waguroho.dll",a
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\puwareda.dll",s
O2 - BHO: (no name) - {bb8f12da-2708-4408-8ff7-f0057ed05392} - C:\WINDOWS\system32\dizubure.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\waguroho.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\waguroho.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182890146531
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182890188531
O20 - AppInit_DLLs: C:\WINDOWS\system32\movezisa.dll c:\windows\system32\samorasa.dll c:\windows\system32\waguroho.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\waguroho.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\waguroho.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\waguroho.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\movezisa.dll c:\windows\system32\waguroho.dll
O4 - HKUS\S-1-5-19\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\puwareda.dll",s (User 'LOCAL SERVICE')
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\waguroho.dll
O2 - BHO: (no name) - {bb8f12da-2708-4408-8ff7-f0057ed05392} - C:\WINDOWS\system32\dizubure.dll (file missing)
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\waguroho.dll",a
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\puwareda.dll",s
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\puwareda.dll",s
O4 - HKUS\S-1-5-19\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\puwareda.dll",s (User 'LOCAL SERVICE')
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\waguroho.dll",a
O2 - BHO: (no name) - {bb8f12da-2708-4408-8ff7-f0057ed05392} - C:\WINDOWS\system32\dizubure.dll (file missing)
O4 - HKLM\..\Run: [f0bd0c43] rundll32.exe "C:\WINDOWS\system32\tunayiri.dll",b
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sapayuse.dll
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\puwareda.dll",s
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\sapayuse.dll",a
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sapayuse.dll
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\sapayuse.dll",a
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\sapayuse.dll",a
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\puwareda.dll",s

======Security center information======

AV: Spyware Doctor with AntiVirus
AV: Symantec AntiVirus Corporate Edition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;%%SystemRoot%%\system32;%%SystemRoot%%;%%SystemRoot%%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Diskeeper Corporation\Diskeeper;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\PharosSystems\OutputManagement;C:\Program Files\PharosSystems\Core;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TPCCommon"=C:\PROGRA~1\THINKV~1\PrdCtr
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode

• In Safe Mode, right click the SDFix.zip folder and choose Extract All,
• A new folder will be extracted to your %systemdrive%, typically C:\SDFix
• Open the extracted folder and double click RunThis.bat to start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.

NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall



Please post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Not sure if something went wrong with the combo fix, but for a few extra minutes there was an error message saying something along the lines of "not enough main memory to complete" which continued for a little while after the restart, the task did not complete until a few programs had begun to self load (aim, norton, etc..)

anyway here are the 3 requested items.


SDFix: Version 1.240
Run by Lenovo on Wed 12/03/2008 at 12:39 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 00:49:27
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:00,11,de,c7,3e,14,2b,e0,9f,29,ec,8d,f6,14,ed,f3,3d,87,b1,3b,28,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,7b,e5,64,54,0a,46,32,11,b7,76,3f,77,9d,ff,93,c3,ad,..
"hdf12"=hex:1f,ae,67,cd,be,2b,32,4b,c3,ea,06,29,53,53,da,6b,ec,51,19,7a,cb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:d3,7a,d3,7b,37,de,24,8e,ab,ef,95,47,8f,dd,dd,6a,eb,1e,f2,d5,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:00,11,de,c7,3e,14,2b,e0,9f,29,ec,8d,f6,14,ed,f3,3d,87,b1,3b,28,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,7b,e5,64,54,0a,46,32,11,b7,76,3f,77,9d,ff,93,c3,ad,..
"hdf12"=hex:1f,ae,67,cd,be,2b,32,4b,c3,ea,06,29,53,53,da,6b,ec,51,19,7a,cb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:d3,7a,d3,7b,37,de,24,8e,ab,ef,95,47,8f,dd,dd,6a,eb,1e,f2,d5,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:00,11,de,c7,3e,14,2b,e0,9f,29,ec,8d,f6,14,ed,f3,3d,87,b1,3b,28,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,7b,e5,64,54,0a,46,32,11,b7,76,3f,77,9d,ff,93,c3,ad,..
"hdf12"=hex:1f,ae,67,cd,be,2b,32,4b,c3,ea,06,29,53,53,da,6b,ec,51,19,7a,cb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:d3,7a,d3,7b,37,de,24,8e,ab,ef,95,47,8f,dd,dd,6a,eb,1e,f2,d5,73,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"NextDetectionTime"="2008-12-03 05:45:23"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services]
"ReregisterAuthorizationCab"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d]
"AuthorizationCab"="muauth.cab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup]
"SkipNextSelfUpdateCheck"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Microsoft Office Communicator 2005"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"="C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:lsass"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Communicator"
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"="C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\rFactor\\rFactor.exe"="C:\\Program Files\\rFactor\\rFactor.exe:*:Enabled:rFactor"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 2 Sep 2008 64,052 A.SH. --- "C:\WINDOWS\system32\dedalesi.dll"
Tue 2 Sep 2008 11,264 A.SH. --- "C:\WINDOWS\system32\fareruta.dll"
Wed 26 Nov 2008 93,748 A.SH. --- "C:\WINDOWS\system32\figorana.dll"
Mon 1 Dec 2008 93,236 A.SH. --- "C:\WINDOWS\system32\fihasine.dll"
Sat 29 Nov 2008 95,284 A.SH. --- "C:\WINDOWS\system32\fofajupa.dll"
Tue 2 Dec 2008 64,052 A.SH. --- "C:\WINDOWS\system32\govikuti.dll"
Tue 2 Dec 2008 86,581 A.SH. --- "C:\WINDOWS\system32\hokeziko.dll"
Sun 30 Nov 2008 88,116 A.SH. --- "C:\WINDOWS\system32\jijujopi.dll"
Tue 2 Dec 2008 93,237 A.SH. --- "C:\WINDOWS\system32\kewuvihe.dll"
Tue 25 Nov 2008 93,236 A.SH. --- "C:\WINDOWS\system32\lisuhufu.dll"
Thu 21 Aug 2008 62,464 A.SH. --- "C:\WINDOWS\system32\movezisa.dll.tmp"
Tue 2 Dec 2008 93,237 A.SH. --- "C:\WINDOWS\system32\sifayemi.dll"
Tue 2 Sep 2008 64,052 A.SH. --- "C:\WINDOWS\system32\tumigike.dll"
Tue 25 Nov 2008 93,236 A.SH. --- "C:\WINDOWS\system32\vufurajo.dll"
Tue 2 Dec 2008 93,236 A.SH. --- "C:\WINDOWS\system32\witiwegu.dll"
Tue 2 Sep 2008 64,052 A.SH. --- "C:\WINDOWS\system32\yatevipi.dll"
Wed 20 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 3 Mar 2008 66,971,787 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9eefea577574ad0dc1147de90a737592\BITC.tmp"
Mon 29 Oct 2007 2,162 A.SH. --- "C:\Documents and Settings\MURPHY_RICH\Application Data\Roxio\Dragon\DiscInfoCache\ND0474C__EOI722D__________1.0__330_DICV018_DRGV2050108.TMP"

Finished!












ComboFix 08-12-01.03 - Lenovo 2008-12-03 1:09:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1424 [GMT -5:00]
Running from: c:\documents and settings\Lenovo\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 06:55 64,052 --sha-w c:\windows\system32\dedalesi.dll
2008-09-02 06:55 11,264 --sha-w c:\windows\system32\fareruta.dll
2008-09-02 06:55 64,052 --sha-w c:\windows\system32\tumigike.dll
2008-09-02 06:55 64,052 --sha-w c:\windows\system32\yatevipi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
2008-09-02 01:55 64052 --ahs---- c:\windows\system32\tumigike.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-17 8433664]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-18 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-18 200704]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"fudulevuge"="c:\windows\system32\yatevipi.dll" [2008-09-02 64052]
"f0bd0c43"="c:\windows\system32\hokeziko.dll" [2008-12-02 86581]
"CPMf38e3fdf"="c:\windows\system32\kewuvihe.dll" [2008-12-02 93237]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-04-10 3900776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\kewuvihe.dll" [2008-12-02 93237]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kewuvihe.dll [2008-12-02 93237]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 10:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\kewuvihe.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\dedalesi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-29795\Scripts\Logon\0\0]
"Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\loginscript.vbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lenovo^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Lenovo\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MURPHY_RICH^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\MURPHY_RICH\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-12-22 06:29 67752 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 16:17 50736 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMMUNICATOR]
--a------ 2007-04-10 16:35 3900776 c:\program files\Microsoft Office Communicator\communicator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 08:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2006-05-18 15:24 196696 c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2006-02-02 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2007-04-27 01:33 243248 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
--a------ 2007-03-23 01:02 120368 c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-11-08 17:58 323216 c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-05-17 23:53 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
--a------ 2007-04-10 02:03 58416 c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2007-03-09 13:49 66176 c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2006-12-10 18:36 536576 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2007-05-11 15:20 2061816 c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 17:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-05-17 23:53 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2007-03-29 17:40 181808 c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Diskeeper"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lsass.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2008-12-03 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-06-18 00:16]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CPMf38e3fdf - c:\windows\system32\samorasa.dll
MSConfigStartUp-fudulevuge - c:\windows\system32\puwareda.dll
MSConfigStartUp-tunebite - c:\program files\Tunebite\tunebite.exe
MSConfigStartUp-Verizon Custom Uninstall Tracking - c:\docume~1\MURPHY~1\LOCALS~1\Temp\InstallHelper.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 01:12:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc22.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1112)
c:\windows\system32\dedalesi.dll
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\program files\Symantec AntiVirus\SavRoam.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-12-03 1:18:35 - machine was rebooted [Lenovo]
ComboFix-quarantined-files.txt 2008-12-03 06:18:23

Pre-Run: 13,949,050,880 bytes free
Post-Run: 13,928,284,160 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

212 --- E O F --- 2008-12-03 05:47:08










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:28 AM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {bb8f12da-2708-4408-8ff7-f0057ed05392} - C:\WINDOWS\system32\tumigike.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\yatevipi.dll",s
O4 - HKLM\..\Run: [f0bd0c43] rundll32.exe "C:\WINDOWS\system32\hokeziko.dll",b
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\kewuvihe.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\windows\system32\kewuvihe.dll,C:\WINDOWS\system32\dedalesi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kewuvihe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kewuvihe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 7528 bytes

1. Please open Notepad

• Click Start, then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
mchInjDrv

Rootkit::
c:\windows\TEMP\mc22.tmp

File::
c:\windows\system32\tumigike.dll
c:\windows\system32\yatevipi.dll
c:\windows\system32\hokeziko.dll
c:\windows\system32\kewuvihe.dll
c:\windows\system32\dedalesi.dll
C:\WINDOWS\system32\fareruta.dll
C:\WINDOWS\system32\figorana.dll
C:\WINDOWS\system32\fihasine.dll
C:\WINDOWS\system32\fofajupa.dll
C:\WINDOWS\system32\govikuti.dll
C:\WINDOWS\system32\hokeziko.dll
C:\WINDOWS\system32\jijujopi.dll
C:\WINDOWS\system32\lisuhufu.dll
C:\WINDOWS\system32\movezisa.dll.tmp
C:\WINDOWS\system32\movezisa.dll
C:\WINDOWS\system32\sifayemi.dll
C:\WINDOWS\system32\vufurajo.dll
C:\WINDOWS\system32\witiwegu.dll
C:\WINDOWS\system32\yatevipi.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fudulevuge"=-
"f0bd0c43"=-
"CPMf38e3fdf"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Edited by fenzodahl512, 03 December 2008 - 02:14 AM.

ComboFix 08-12-02.02 - Lenovo 2008-12-03 17:07:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1465 [GMT -5:00]
Running from: c:\documents and settings\Lenovo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lenovo\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 06:55 11,264 --sha-w c:\windows\system32\fareruta.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-03_ 1.17.47.15 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
2008-09-03 16:34 64053 --ahs---- c:\windows\system32\nonabefa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-17 8433664]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-18 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-18 200704]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"fudulevuge"="c:\windows\system32\larirugi.dll" [2008-09-03 64053]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-04-10 3900776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 10:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\tifunalo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-29795\Scripts\Logon\0\0]
"Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\loginscript.vbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lenovo^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Lenovo\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MURPHY_RICH^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\MURPHY_RICH\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-12-22 06:29 67752 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 16:17 50736 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMMUNICATOR]
--a------ 2007-04-10 16:35 3900776 c:\program files\Microsoft Office Communicator\communicator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 08:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2006-05-18 15:24 196696 c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2006-02-02 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2007-04-27 01:33 243248 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
--a------ 2007-03-23 01:02 120368 c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-11-08 17:58 323216 c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-05-17 23:53 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
--a------ 2007-04-10 02:03 58416 c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2007-03-09 13:49 66176 c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2006-12-10 18:36 536576 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2007-05-11 15:20 2061816 c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 17:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-05-17 23:53 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2007-03-29 17:40 181808 c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Diskeeper"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lsass.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2008-12-03 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-06-18 00:16]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 17:11:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc22.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\tifunalo.dll
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\program files\Symantec AntiVirus\SavRoam.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2008-12-03 17:16:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 22:16:46
ComboFix2.txt 2008-12-03 06:18:36

Pre-Run: 16,784,273,408 bytes free
Post-Run: 16,768,667,648 bytes free

194 --- E O F --- 2008-12-03 05:47:08



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:54 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {bb8f12da-2708-4408-8ff7-f0057ed05392} - C:\WINDOWS\system32\nonabefa.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\larirugi.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\tifunalo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 7114 bytes

2.5 hours, symptoms seem to be gone with that last command.

I will reply back in this thread if anything starts up again.

thanks for your input and help.

You aren't clean yet. Lets do this...

1. Please open Notepad

• Click Start, then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
mchInjDrv

File::
c:\windows\system32\fareruta.dll
c:\windows\system32\nonabefa.dll
c:\windows\system32\larirugi.dll
c:\windows\system32\tifunalo.dll
c:\windows\TEMP\mc22.tmp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fudulevuge"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

ComboFix 08-12-02.02 - Lenovo 2008-12-03 22:48:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1455 [GMT -5:00]
Running from: c:\documents and settings\Lenovo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lenovo\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 06:55 11,264 --sha-w c:\windows\system32\fareruta.dll
2008-09-03 21:34 64,053 --sha-w c:\windows\system32\larirugi.dll
2008-09-03 21:34 64,053 --sha-w c:\windows\system32\nonabefa.dll
2008-09-03 21:34 64,053 --sha-w c:\windows\system32\tifunalo.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-03_ 1.17.47.15 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
2008-09-03 16:34 64053 --ahs---- c:\windows\system32\nonabefa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-17 8433664]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-18 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-18 200704]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"fudulevuge"="c:\windows\system32\larirugi.dll" [2008-09-03 64053]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-04-10 3900776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 10:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\tifunalo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\tifunalo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-29795\Scripts\Logon\0\0]
"Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\loginscript.vbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lenovo^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Lenovo\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MURPHY_RICH^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\MURPHY_RICH\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-12-22 06:29 67752 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 16:17 50736 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMMUNICATOR]
--a------ 2007-04-10 16:35 3900776 c:\program files\Microsoft Office Communicator\communicator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 08:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2006-05-18 15:24 196696 c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2006-02-02 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2007-04-27 01:33 243248 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
--a------ 2007-03-23 01:02 120368 c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-11-08 17:58 323216 c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-05-17 23:53 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
--a------ 2007-04-10 02:03 58416 c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2007-03-09 13:49 66176 c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2006-12-10 18:36 536576 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2007-05-11 15:20 2061816 c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 17:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-05-17 23:53 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2007-03-29 17:40 181808 c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Diskeeper"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lsass.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2008-12-04 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-06-18 00:16]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 22:53:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc22.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1132)
c:\windows\system32\tifunalo.dll
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Symantec AntiVirus\SavRoam.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-12-03 22:58:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 03:58:32
ComboFix2.txt 2008-12-03 22:16:51
ComboFix3.txt 2008-12-03 06:18:36

Pre-Run: 21,289,943,040 bytes free
Post-Run: 21,272,829,952 bytes free

199 --- E O F --- 2008-12-03 05:47:08




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:59 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {bb8f12da-2708-4408-8ff7-f0057ed05392} - C:\WINDOWS\system32\nonabefa.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\larirugi.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\tifunalo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 7182 bytes

For some unknown reason, you got re-infected.. If you are using any torrent or P2P programs, I advised you to stop using them until you're clean or all of our effort will be useless.. Seriously...

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..



Lets take another route...


Please download the OTMoveIt3 by OldTimer

• Save it to your Desktop.
• Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
• Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
  
  

  :processes
  explorer.exe
  
  :services
  mchInjDrv
  
  :files
  c:\windows\system32\fareruta.dll
  c:\windows\system32\nonabefa.dll
  c:\windows\system32\larirugi.dll
  c:\windows\system32\tifunalo.dll
  c:\windows\TEMP\mc22.tmp
  
  :reg
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "fudulevuge"=-
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
  "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
  [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "AppInit_DLLs"=""
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]

• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)



Post me these logs in your next reply.. Post each log in separate post...

1. OTMoveIt3
2. Lop S&D

For some unknown reason, you got re-infected.. If you are using any torrent or P2P programs, I advised you to stop using them until you're clean or all of our effort will be useless.. Seriously...

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..



Lets take another route...


Please download the OTMoveIt3 by OldTimer

• Save it to your Desktop.
• Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
• Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
  
  

  :processes
  explorer.exe
  
  :services
  mchInjDrv
  
  :files
  c:\windows\system32\fareruta.dll
  c:\windows\system32\nonabefa.dll
  c:\windows\system32\larirugi.dll
  c:\windows\system32\tifunalo.dll
  c:\windows\TEMP\mc22.tmp
  
  :reg
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "fudulevuge"=-
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
  "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
  [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "AppInit_DLLs"=""
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]

• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)



Post me these logs in your next reply.. Post each log in separate post...

1. OTMoveIt3
2. Lop S&D

c:\windows\system32\fareruta.dll <<<< when removing this file, moveit gave an error saying it was a bad image.

Here is the log for that


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service mchInjDrv .
========== FILES ==========
LoadLibrary failed for c:\windows\system32\fareruta.dll
c:\windows\system32\fareruta.dll NOT unregistered.
c:\windows\system32\fareruta.dll moved successfully.
File/Folder c:\windows\system32\nonabefa.dll not found.
File/Folder c:\windows\system32\larirugi.dll not found.
File/Folder c:\windows\system32\tifunalo.dll not found.
File/Folder c:\windows\TEMP\mc22.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\fudulevuge deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv\\ deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Lenovo\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Lenovo\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Lenovo\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Lenovo\LOCALS~1\Temp\etilqs_wpovjv7qpudt6sdigG2b scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Pharos\UpdaterLog.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12042008_172056

Files moved on Reboot...
C:\DOCUME~1\Lenovo\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\DOCUME~1\Lenovo\LOCALS~1\Temp\History\History.IE5\index.dat moved successfully.
C:\DOCUME~1\Lenovo\LOCALS~1\Temp\Cookies\index.dat moved successfully.
File C:\DOCUME~1\Lenovo\LOCALS~1\Temp\etilqs_wpovjv7qpudt6sdigG2b not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File move failed. C:\WINDOWS\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\History\History.IE5\index.dat moved successfully.
C:\WINDOWS\temp\Cookies\index.dat moved successfully.
C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Lenovo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a1j0qpju.default\XUL.mfl moved successfully.




LOP S&D WOULD NOT get passed "please wait..." stage....

Edited by Delox, 04 December 2008 - 07:12 PM.

Run RSIT once again and post the log here..

Logfile of random's system information tool 1.04 (written by random/random)
Run by Lenovo at 2008-12-04 22:02:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (21%) free of 95 GB
Total RAM: 2014 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:03 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lenovo\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Lenovo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {bb8f12da-2708-4408-8ff7-f0057ed05392} - C:\WINDOWS\system32\gizisuyo.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [f0bd0c43] rundll32.exe "C:\WINDOWS\system32\difodime.dll",b
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\sujibiwi.dll",a
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\mebozihi.dll",s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\mebozihi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\mebozihi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\windows\system32\sujibiwi.dll,C:\WINDOWS\system32\sedutodo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sujibiwi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sujibiwi.dll
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 5126 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
C:\WINDOWS\system32\gizisuyo.dll [2008-09-04 64053]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-17 8433664]
"f0bd0c43"=C:\WINDOWS\system32\difodime.dll [2008-12-04 88117]
"CPMf38e3fdf"=c:\windows\system32\sujibiwi.dll [2008-12-04 95285]
"fudulevuge"=C:\WINDOWS\system32\mebozihi.dll [2008-09-04 64053]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-12-22 67752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-05-29 52840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMMUNICATOR]
C:\Program Files\Microsoft Office Communicator\Communicator.exe [2007-04-10 3900776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-04-27 243248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fudulevuge]
C:\WINDOWS\system32\larirugi.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-03-23 120368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe [2007-11-08 323216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-05-17 8433664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-05-17 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-04-09 1015808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-04-10 58416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
C:\WINDOWS\system32\TpShocks.exe [2007-03-29 181808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2006-12-10 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2007-05-11 2061816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-06-06 125632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lenovo^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MURPHY_RICH^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3
"WMPNetworkSvc"=3
"WinDefend"=2
"TVT Scheduler"=2
"ose"=3
"odserv"=3
"MDM"=2
"idsvc"=3
"IDriverT"=3
"FLEXnet Licensing Service"=3
"Diskeeper"=2
"ccEvtMgr"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"AdobeActiveFileMonitor5.0"=2
"Symantec AntiVirus"=2
"SUService"=2
"SPBBCSvc"=2
"SNDSrvc"=3
"sdCoreService"=3
"sdAuxService"=3
"SavRoam"=2
"LiveUpdate"=3
"DefWatch"=2
"ccSetMgr"=2
"aawservice"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\sujibiwi.dll,C:\WINDOWS\system32\sedutodo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-06-06 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sujibiwi.dll [2008-12-04 95285]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sujibiwi.dll [2008-12-04 95285]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\sedutodo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2005"
"C:\Program Files\PharosSystems\Core\CTskMstr.exe"="C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator"
"C:\Program Files\PharosSystems\Core\CTskMstr.exe"="C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\rFactor\rFactor.exe"="C:\Program Files\rFactor\rFactor.exe:*:Enabled:rFactor"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-04 17:25:35 ----A---- C:\lopR.txt
2008-12-04 17:25:16 ----D---- C:\Lop SD
2008-12-04 17:21:10 ----SHD---- C:\RECYCLER
2008-12-04 17:20:56 ----D---- C:\_OTMoveIt
2008-12-04 17:11:32 ----SH---- C:\WINDOWS\system32\emidofid.ini
2008-12-04 16:56:54 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-03 22:58:37 ----A---- C:\ComboFix.txt
2008-12-03 22:51:52 ----D---- C:\WINDOWS\temp
2008-12-03 16:34:36 ----SH---- C:\WINDOWS\system32\uwigenop.ini
2008-12-03 01:09:24 ----A---- C:\Boot.bak
2008-12-03 01:09:19 ----RASHD---- C:\cmdcons
2008-12-03 01:08:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-03 00:36:29 ----D---- C:\WINDOWS\ERUNT
2008-12-03 00:33:19 ----D---- C:\SDFix
2008-12-02 23:06:35 ----SH---- C:\WINDOWS\system32\okizekoh.ini
2008-12-02 17:45:27 ----SH---- C:\WINDOWS\system32\ugohiraf.ini
2008-12-01 19:30:20 ----D---- C:\rsit
2008-12-01 14:41:18 ----D---- C:\WINDOWS\Prefetch
2008-12-01 14:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-01 14:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-01 14:11:56 ----D---- C:\VundoFix Backups
2008-12-01 14:11:56 ----A---- C:\VundoFix.txt
2008-12-01 13:55:00 ----SH---- C:\WINDOWS\system32\evojuyew.ini
2008-12-01 11:31:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-01 11:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-01 11:30:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-01 11:30:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-01 11:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-01 11:30:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-01 11:30:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-01 11:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-01 11:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-01 11:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-01 11:30:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-01 11:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-01 11:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-01 11:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-01 11:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-01 11:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-01 11:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-01 11:26:02 ----D---- C:\WINDOWS\system32\scripting
2008-12-01 11:26:00 ----D---- C:\WINDOWS\system32\en
2008-12-01 11:26:00 ----D---- C:\WINDOWS\system32\bits
2008-12-01 11:26:00 ----D---- C:\WINDOWS\l2schemas
2008-12-01 11:22:17 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-01 11:19:25 ----D---- C:\WINDOWS\network diagnostic
2008-12-01 11:15:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-30 13:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-11-30 13:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-11-30 13:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-11-30 13:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-11-30 13:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-30 13:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-11-30 13:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-11-30 13:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-11-30 13:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-11-30 13:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-11-30 13:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-11-30 13:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-30 13:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-30 13:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-11-30 13:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-11-30 13:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-30 13:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-30 13:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-30 13:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-11-30 12:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-30 12:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-29 10:58:22 ----A---- C:\WINDOWS\system32\muweb.dll
2008-11-29 10:58:22 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-29 10:58:22 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-29 10:49:17 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-29 10:48:48 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-29 10:48:48 ----D---- C:\Documents and Settings\Lenovo\Application Data\SUPERAntiSpyware.com
2008-11-29 03:35:51 ----SH---- C:\WINDOWS\system32\abefeham.ini
2008-11-27 12:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-11-27 12:36:11 ----D---- C:\Program Files\Common Files\PC Tools
2008-11-27 12:29:34 ----D---- C:\Program Files\Spyware Doctor
2008-11-27 12:29:34 ----D---- C:\Documents and Settings\Lenovo\Application Data\PC Tools
2008-11-26 09:46:04 ----D---- C:\Documents and Settings\Lenovo\Application Data\Leadertech
2008-11-26 09:32:34 ----D---- C:\Program Files\EA Games
2008-11-26 09:32:31 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-26 09:32:31 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-26 09:32:30 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-26 09:32:30 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-26 09:32:30 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-26 09:32:29 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-26 09:32:29 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-26 09:32:28 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-26 09:32:28 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-26 09:32:27 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-26 09:32:27 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-26 09:32:26 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-26 09:32:26 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-11-26 09:32:26 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-11-26 09:31:59 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-26 09:31:59 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-26 09:31:58 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-26 09:31:57 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-26 09:31:57 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-26 09:31:57 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-26 09:31:56 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-26 09:31:56 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-26 09:31:56 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-26 09:31:44 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-26 09:31:44 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-26 09:31:43 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-26 09:31:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-26 09:31:43 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-26 09:31:38 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-26 09:12:38 ----D---- C:\Program Files\Enigma Software Group
2008-11-24 17:01:59 ----D---- C:\Program Files\Lavasoft
2008-11-24 17:01:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-24 17:00:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-24 11:54:51 ----A---- C:\WINDOWS\vpc32.INI
2008-11-24 11:50:55 ----A---- C:\WINDOWS\zip.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\VFIND.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\SWSC.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\SWREG.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\sed.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\grep.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\fdsv.exe
2008-11-24 11:50:49 ----D---- C:\WINDOWS\ERDNT
2008-11-24 11:50:48 ----D---- C:\Qoobox
2008-11-24 11:06:54 ----SHD---- C:\Config.Msi
2008-11-24 10:57:16 ----D---- C:\Program Files\Trend Micro
2008-11-24 00:31:52 ----SH---- C:\WINDOWS\system32\ofafozan.ini
2008-11-23 00:31:02 ----SH---- C:\WINDOWS\system32\oneyonuf.ini
2008-11-22 12:44:43 ----D---- C:\Documents and Settings\Lenovo\Application Data\Malwarebytes
2008-11-22 12:44:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-22 12:44:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-21 01:28:42 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-21 01:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 22:25:00 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-11-15 22:24:59 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-11-11 19:30:48 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

======List of files/folders modified in the last 1 months======

2008-12-04 22:00:36 ----D---- C:\Program Files\Mozilla Firefox
2008-12-04 19:35:52 ----D---- C:\WINDOWS\system32
2008-12-04 19:35:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 19:32:02 ----A---- C:\WINDOWS\SMSCFG.ini
2008-12-04 19:31:28 ----A---- C:\TPHKLOCK.TXT
2008-12-04 19:30:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-04 17:11:24 ----ASH---- C:\WINDOWS\system32\sujibiwi.dll
2008-12-04 17:11:24 ----ASH---- C:\WINDOWS\system32\fatalofi.dll
2008-12-04 17:11:24 ----ASH---- C:\WINDOWS\system32\difodime.dll
2008-12-04 17:08:21 ----RASH---- C:\boot.ini
2008-12-04 17:08:21 ----A---- C:\WINDOWS\win.ini
2008-12-04 17:08:21 ----A---- C:\WINDOWS\system.ini
2008-12-04 17:05:01 ----D---- C:\WINDOWS
2008-12-03 22:58:42 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 22:57:53 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 22:52:15 ----D---- C:\WINDOWS\system32\config
2008-12-03 22:51:15 ----D---- C:\WINDOWS\AppPatch
2008-12-03 22:51:15 ----D---- C:\Program Files\Common Files
2008-12-03 16:34:34 ----ASH---- C:\WINDOWS\system32\ponegiwu.dll
2008-12-03 16:34:34 ----ASH---- C:\WINDOWS\system32\huyavamu.dll
2008-12-03 16:34:33 ----ASH---- C:\WINDOWS\system32\fataleti.dll
2008-12-03 00:52:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-03 00:48:52 ----HD---- C:\WINDOWS\inf
2008-12-03 00:39:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-03 00:38:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-02 23:06:34 ----ASH---- C:\WINDOWS\system32\kewuvihe.dll
2008-12-02 17:45:24 ----N---- C:\WINDOWS\system32\farihogu.dll
2008-12-02 17:45:24 ----ASH---- C:\WINDOWS\system32\sifayemi.dll
2008-12-02 01:55:19 ----ASH---- C:\WINDOWS\system32\witiwegu.dll
2008-12-02 01:55:19 ----ASH---- C:\WINDOWS\system32\govikuti.dll
2008-12-01 14:46:35 ----SHD---- C:\WINDOWS\Installer
2008-12-01 14:45:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-01 14:43:49 ----SHD---- C:\WINDOWS\CSC
2008-12-01 14:41:13 ----A---- C:\WINDOWS\setuplog.txt
2008-12-01 14:40:04 ----D---- C:\WINDOWS\system32\Setup
2008-12-01 14:40:02 ----D---- C:\WINDOWS\system32\wbem
2008-12-01 14:40:01 ----RSD---- C:\WINDOWS\Fonts
2008-12-01 14:37:42 ----A---- C:\WINDOWS\imsins.BAK
2008-12-01 13:54:56 ----ASH---- C:\WINDOWS\system32\fihasine.dll
2008-12-01 12:48:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-01 11:35:11 ----D---- C:\WINDOWS\security
2008-12-01 11:32:26 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-01 11:29:29 ----D---- C:\Program Files\Messenger
2008-12-01 11:26:25 ----D---- C:\WINDOWS\WinSxS
2008-12-01 11:26:12 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-01 11:26:12 ----D---- C:\WINDOWS\ime
2008-12-01 11:26:12 ----D---- C:\WINDOWS\Help
2008-12-01 11:26:02 ----D---- C:\WINDOWS\system32\usmt
2008-12-01 11:26:02 ----D---- C:\WINDOWS\system32\en-us
2008-12-01 11:26:01 ----D---- C:\Program Files\Internet Explorer
2008-12-01 11:26:00 ----D---- C:\WINDOWS\PeerNet
2008-12-01 11:26:00 ----D---- C:\Program Files\Movie Maker
2008-12-01 11:21:50 ----D---- C:\WINDOWS\system32\Restore
2008-12-01 11:21:50 ----D---- C:\WINDOWS\system32\npp
2008-12-01 11:21:49 ----D---- C:\WINDOWS\mui
2008-12-01 11:21:47 ----D---- C:\WINDOWS\msagent
2008-12-01 11:21:43 ----D---- C:\WINDOWS\srchasst
2008-12-01 11:21:41 ----D---- C:\Program Files\NetMeeting
2008-12-01 11:21:37 ----D---- C:\WINDOWS\system32\Com
2008-12-01 11:21:31 ----D---- C:\Program Files\Windows Media Player
2008-12-01 11:21:30 ----D---- C:\Program Files\Windows NT
2008-12-01 11:21:30 ----D---- C:\Program Files\Outlook Express
2008-12-01 11:21:21 ----D---- C:\Program Files\Common Files\System
2008-12-01 11:20:50 ----D---- C:\WINDOWS\system32\oobe
2008-12-01 11:20:49 ----D---- C:\WINDOWS\system
2008-12-01 11:18:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-01 11:15:13 ----D---- C:\WINDOWS\ehome
2008-12-01 10:33:18 ----A---- C:\WINDOWS\wininit.ini
2008-11-30 13:54:33 ----ASH---- C:\WINDOWS\system32\jijujopi.dll
2008-11-30 13:18:15 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-30 13:11:08 ----RSD---- C:\WINDOWS\assembly
2008-11-30 13:04:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-29 11:14:27 ----D---- C:\WINDOWS\Debug
2008-11-29 10:48:48 ----D---- C:\Program Files
2008-11-29 03:35:47 ----ASH---- C:\WINDOWS\system32\fofajupa.dll
2008-11-27 12:45:01 ----A---- C:\WINDOWS\system32\rujazeke.dll
2008-11-26 15:55:06 ----D---- C:\Documents and Settings\Lenovo\Application Data\Azureus
2008-11-26 09:48:22 ----D---- C:\WINDOWS\Registration
2008-11-26 09:32:34 ----D---- C:\WINDOWS\system32\DirectX
2008-11-26 09:10:38 ----ASH---- C:\WINDOWS\system32\figorana.dll
2008-11-25 12:32:16 ----ASH---- C:\WINDOWS\system32\lisuhufu.dll
2008-11-25 00:32:07 ----ASH---- C:\WINDOWS\system32\vufurajo.dll
2008-11-24 11:15:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 11:07:19 ----D---- C:\Program Files\Tunebite
2008-11-24 11:06:16 ----D---- C:\Program Files\NetSnippets
2008-11-24 11:05:35 ----D---- C:\Program Files\Bonjour
2008-11-24 11:04:21 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-23 12:45:11 ----SD---- C:\WINDOWS\Tasks
2008-11-22 15:45:22 ----SD---- C:\Documents and Settings\Lenovo\Application Data\Microsoft
2008-11-21 01:40:26 ----D---- C:\Program Files\DAEMON Tools Pro

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 189584]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-23 17778]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-06-18 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-04-10 12848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-04-13 306176]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-03-23 94848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-05-11 252312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081201.006\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081201.006\navex15.sys []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-17 6346720]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S3 a5wvg4oj;a5wvg4oj; C:\WINDOWS\system32\drivers\a5wvg4oj.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys []
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-04-02 21632]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys []
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys []
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 24208]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2006-04-19 14464]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-05-02 22768]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-05-31 36400]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-17 163908]
R2 Pharos Systems ComTaskMaster;Pharos Systems ComTaskMaster; C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe [2007-02-22 294912]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-03-02 37680]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S4 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-05-29 192104]
S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-05-29 169576]
S4 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-06-06 31424]
S4 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-23 622700]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-29 654848]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-06-06 116928]
S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S4 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-03-28 214672]
S4 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
S4 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2007-06-14 13312]
S4 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-06-06 1821376]
S4 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2006-12-10 1118208]
S4 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Please download the OTMoveIt3 by OldTimer

• Save it to your Desktop.
• Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
• Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
  
  

  :processes
  explorer.exe
  
  :services
  mchInjDrv
  
  :files
  C:\WINDOWS\system32\gizisuyo.dll
  C:\WINDOWS\system32\difodime.dll
  c:\windows\system32\sujibiwi.dll
  C:\WINDOWS\system32\mebozihi.dll
  C:\WINDOWS\system32\larirugi.dll
  C:\WINDOWS\system32\sedutodo.dll
  C:\WINDOWS\system32\emidofid.ini
  C:\WINDOWS\system32\uwigenop.ini
  C:\WINDOWS\system32\okizekoh.ini
  C:\WINDOWS\system32\ugohiraf.ini
  C:\WINDOWS\system32\abefeham.ini
  C:\WINDOWS\system32\ofafozan.ini
  C:\WINDOWS\system32\oneyonuf.ini
  C:\WINDOWS\system32\fatalofi.dll
  C:\WINDOWS\system32\ponegiwu.dll
  C:\WINDOWS\system32\huyavamu.dll
  C:\WINDOWS\system32\fataleti.dll
  C:\WINDOWS\system32\kewuvihe.dll
  C:\WINDOWS\system32\farihogu.dll
  C:\WINDOWS\system32\sifayemi.dll
  C:\WINDOWS\system32\witiwegu.dll
  C:\WINDOWS\system32\govikuti.dll
  C:\WINDOWS\system32\fihasine.dll
  C:\WINDOWS\system32\jijujopi.dll
  C:\WINDOWS\system32\fofajupa.dll
  C:\WINDOWS\system32\rujazeke.dll
  C:\WINDOWS\system32\figorana.dll
  C:\WINDOWS\system32\lisuhufu.dll
  C:\WINDOWS\system32\vufurajo.dll
  C:\WINDOWS\TEMP\mc21.tmp
  
  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "f0bd0c43"=-
  "CPMf38e3fdf"=-
  "fudulevuge"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fudulevuge]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLS"=""
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  "SSODL"=-
  [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
  "STS"=-
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
  "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]

• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Then run RSIT again.. Post OTMoveIt3 log along with RSIT log.txt in your next reply..

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service mchInjDrv .
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gizisuyo.dll
C:\WINDOWS\system32\gizisuyo.dll NOT unregistered.
C:\WINDOWS\system32\gizisuyo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\difodime.dll
C:\WINDOWS\system32\difodime.dll NOT unregistered.
C:\WINDOWS\system32\difodime.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\sujibiwi.dll
c:\windows\system32\sujibiwi.dll NOT unregistered.
c:\windows\system32\sujibiwi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mebozihi.dll
C:\WINDOWS\system32\mebozihi.dll NOT unregistered.
C:\WINDOWS\system32\mebozihi.dll moved successfully.
File/Folder C:\WINDOWS\system32\larirugi.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sedutodo.dll
C:\WINDOWS\system32\sedutodo.dll NOT unregistered.
C:\WINDOWS\system32\sedutodo.dll moved successfully.
C:\WINDOWS\system32\emidofid.ini moved successfully.
C:\WINDOWS\system32\uwigenop.ini moved successfully.
C:\WINDOWS\system32\okizekoh.ini moved successfully.
C:\WINDOWS\system32\ugohiraf.ini moved successfully.
C:\WINDOWS\system32\abefeham.ini moved successfully.
C:\WINDOWS\system32\ofafozan.ini moved successfully.
C:\WINDOWS\system32\oneyonuf.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fatalofi.dll
C:\WINDOWS\system32\fatalofi.dll NOT unregistered.
C:\WINDOWS\system32\fatalofi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ponegiwu.dll
C:\WINDOWS\system32\ponegiwu.dll NOT unregistered.
C:\WINDOWS\system32\ponegiwu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\huyavamu.dll
C:\WINDOWS\system32\huyavamu.dll NOT unregistered.
C:\WINDOWS\system32\huyavamu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fataleti.dll
C:\WINDOWS\system32\fataleti.dll NOT unregistered.
C:\WINDOWS\system32\fataleti.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kewuvihe.dll
C:\WINDOWS\system32\kewuvihe.dll NOT unregistered.
C:\WINDOWS\system32\kewuvihe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\farihogu.dll
C:\WINDOWS\system32\farihogu.dll NOT unregistered.
C:\WINDOWS\system32\farihogu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sifayemi.dll
C:\WINDOWS\system32\sifayemi.dll NOT unregistered.
C:\WINDOWS\system32\sifayemi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\witiwegu.dll
C:\WINDOWS\system32\witiwegu.dll NOT unregistered.
C:\WINDOWS\system32\witiwegu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\govikuti.dll
C:\WINDOWS\system32\govikuti.dll NOT unregistered.
C:\WINDOWS\system32\govikuti.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fihasine.dll
C:\WINDOWS\system32\fihasine.dll NOT unregistered.
C:\WINDOWS\system32\fihasine.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jijujopi.dll
C:\WINDOWS\system32\jijujopi.dll NOT unregistered.
C:\WINDOWS\system32\jijujopi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fofajupa.dll
C:\WINDOWS\system32\fofajupa.dll NOT unregistered.
C:\WINDOWS\system32\fofajupa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rujazeke.dll
C:\WINDOWS\system32\rujazeke.dll NOT unregistered.
C:\WINDOWS\system32\rujazeke.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\figorana.dll
C:\WINDOWS\system32\figorana.dll NOT unregistered.
C:\WINDOWS\system32\figorana.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lisuhufu.dll
C:\WINDOWS\system32\lisuhufu.dll NOT unregistered.
C:\WINDOWS\system32\lisuhufu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vufurajo.dll
C:\WINDOWS\system32\vufurajo.dll NOT unregistered.
C:\WINDOWS\system32\vufurajo.dll moved successfully.
File/Folder C:\WINDOWS\TEMP\mc21.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\f0bd0c43 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPMf38e3fdf deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fudulevuge deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fudulevuge\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler\\STS not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Pharos\UpdaterLog.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12062008_123730

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.
























Logfile of random's system information tool 1.04 (written by random/random)
Run by Lenovo at 2008-12-06 12:46:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (21%) free of 95 GB
Total RAM: 2014 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:48 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Lenovo\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Lenovo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {bb8f12da-2708-4408-8ff7-f0057ed05392} - C:\WINDOWS\system32\gizisuyo.dll (file missing)
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\mebozihi.dll",s
O4 - HKLM\..\Run: [CPMf38e3fdf] Rundll32.exe "c:\windows\system32\sujibiwi.dll",a
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\mebozihi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fudulevuge] Rundll32.exe "C:\WINDOWS\system32\mebozihi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\windows\system32\sujibiwi.dll,C:\WINDOWS\system32\sedutodo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sujibiwi.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sujibiwi.dll (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 5162 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb8f12da-2708-4408-8ff7-f0057ed05392}]
C:\WINDOWS\system32\gizisuyo.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-17 8433664]
"fudulevuge"=C:\WINDOWS\system32\mebozihi.dll []
"CPMf38e3fdf"=c:\windows\system32\sujibiwi.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-12-22 67752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-05-29 52840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMMUNICATOR]
C:\Program Files\Microsoft Office Communicator\Communicator.exe [2007-04-10 3900776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-04-27 243248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-03-23 120368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe [2007-11-08 323216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-05-17 8433664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-05-17 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-04-09 1015808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-04-10 58416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
C:\WINDOWS\system32\TpShocks.exe [2007-03-29 181808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2006-12-10 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2007-05-11 2061816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-06-06 125632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lenovo^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MURPHY_RICH^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3
"WMPNetworkSvc"=3
"WinDefend"=2
"TVT Scheduler"=2
"ose"=3
"odserv"=3
"MDM"=2
"idsvc"=3
"IDriverT"=3
"FLEXnet Licensing Service"=3
"Diskeeper"=2
"ccEvtMgr"=2
"Bonjour Service"=2
"Apple Mobile Device"=2
"AdobeActiveFileMonitor5.0"=2
"Symantec AntiVirus"=2
"SUService"=2
"SPBBCSvc"=2
"SNDSrvc"=3
"sdCoreService"=3
"sdAuxService"=3
"SavRoam"=2
"LiveUpdate"=3
"DefWatch"=2
"ccSetMgr"=2
"aawservice"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\sujibiwi.dll,C:\WINDOWS\system32\sedutodo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-06-06 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sujibiwi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sujibiwi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\sedutodo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2005"
"C:\Program Files\PharosSystems\Core\CTskMstr.exe"="C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox"
"C:\WINDOWS\system32\ibmpmsvc.exe"="C:\WINDOWS\system32\ibmpmsvc.exe:*:Enabled:ibmpmsvc"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator"
"C:\Program Files\PharosSystems\Core\CTskMstr.exe"="C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\rFactor\rFactor.exe"="C:\Program Files\rFactor\rFactor.exe:*:Enabled:rFactor"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-04 17:25:35 ----A---- C:\lopR.txt
2008-12-04 17:25:16 ----D---- C:\Lop SD
2008-12-04 17:21:10 ----SHD---- C:\RECYCLER
2008-12-04 17:20:56 ----D---- C:\_OTMoveIt
2008-12-04 16:56:54 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-03 22:58:37 ----A---- C:\ComboFix.txt
2008-12-03 22:51:52 ----D---- C:\WINDOWS\temp
2008-12-03 01:09:24 ----A---- C:\Boot.bak
2008-12-03 01:09:19 ----RASHD---- C:\cmdcons
2008-12-03 01:08:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-03 00:36:29 ----D---- C:\WINDOWS\ERUNT
2008-12-03 00:33:19 ----D---- C:\SDFix
2008-12-01 19:30:20 ----D---- C:\rsit
2008-12-01 14:41:18 ----D---- C:\WINDOWS\Prefetch
2008-12-01 14:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-01 14:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-01 14:11:56 ----D---- C:\VundoFix Backups
2008-12-01 14:11:56 ----A---- C:\VundoFix.txt
2008-12-01 13:55:00 ----SH---- C:\WINDOWS\system32\evojuyew.ini
2008-12-01 11:31:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-01 11:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-01 11:30:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-01 11:30:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-01 11:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-01 11:30:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-01 11:30:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-01 11:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-01 11:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-01 11:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-01 11:30:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-01 11:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-01 11:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-01 11:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-01 11:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-01 11:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-01 11:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-01 11:26:02 ----D---- C:\WINDOWS\system32\scripting
2008-12-01 11:26:00 ----D---- C:\WINDOWS\system32\en
2008-12-01 11:26:00 ----D---- C:\WINDOWS\system32\bits
2008-12-01 11:26:00 ----D---- C:\WINDOWS\l2schemas
2008-12-01 11:22:17 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-01 11:19:25 ----D---- C:\WINDOWS\network diagnostic
2008-12-01 11:15:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-30 13:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-11-30 13:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-11-30 13:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-11-30 13:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-11-30 13:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-30 13:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-11-30 13:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-11-30 13:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-11-30 13:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-11-30 13:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-11-30 13:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-11-30 13:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-30 13:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-30 13:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-11-30 13:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-11-30 13:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-30 13:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-30 13:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-30 13:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-11-30 12:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-30 12:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-29 10:58:22 ----A---- C:\WINDOWS\system32\muweb.dll
2008-11-29 10:58:22 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-29 10:58:22 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-29 10:49:17 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-29 10:48:48 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-29 10:48:48 ----D---- C:\Documents and Settings\Lenovo\Application Data\SUPERAntiSpyware.com
2008-11-27 12:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-11-27 12:36:11 ----D---- C:\Program Files\Common Files\PC Tools
2008-11-27 12:29:34 ----D---- C:\Program Files\Spyware Doctor
2008-11-27 12:29:34 ----D---- C:\Documents and Settings\Lenovo\Application Data\PC Tools
2008-11-26 09:46:04 ----D---- C:\Documents and Settings\Lenovo\Application Data\Leadertech
2008-11-26 09:32:34 ----D---- C:\Program Files\EA Games
2008-11-26 09:32:31 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-26 09:32:31 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-26 09:32:30 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-26 09:32:30 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-26 09:32:30 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-26 09:32:29 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-26 09:32:29 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-26 09:32:28 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-26 09:32:28 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-26 09:32:27 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-26 09:32:27 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-26 09:32:26 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-26 09:32:26 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-11-26 09:32:26 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-11-26 09:31:59 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-26 09:31:59 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-26 09:31:58 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-26 09:31:57 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-26 09:31:57 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-26 09:31:57 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-26 09:31:56 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-26 09:31:56 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-26 09:31:56 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-26 09:31:44 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-26 09:31:44 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-26 09:31:43 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-26 09:31:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-26 09:31:43 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-26 09:31:38 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-26 09:12:38 ----D---- C:\Program Files\Enigma Software Group
2008-11-24 17:01:59 ----D---- C:\Program Files\Lavasoft
2008-11-24 17:01:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-24 17:00:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-24 11:54:51 ----A---- C:\WINDOWS\vpc32.INI
2008-11-24 11:50:55 ----A---- C:\WINDOWS\zip.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\VFIND.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\SWSC.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\SWREG.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\sed.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\grep.exe
2008-11-24 11:50:55 ----A---- C:\WINDOWS\fdsv.exe
2008-11-24 11:50:49 ----D---- C:\WINDOWS\ERDNT
2008-11-24 11:50:48 ----D---- C:\Qoobox
2008-11-24 11:06:54 ----SHD---- C:\Config.Msi
2008-11-24 10:57:16 ----D---- C:\Program Files\Trend Micro
2008-11-22 12:44:43 ----D---- C:\Documents and Settings\Lenovo\Application Data\Malwarebytes
2008-11-22 12:44:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-22 12:44:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-21 01:28:42 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-21 01:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 22:25:00 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-11-15 22:24:59 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-11-11 19:30:48 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

======List of files/folders modified in the last 1 months======

2008-12-06 12:45:50 ----D---- C:\Program Files\Mozilla Firefox
2008-12-06 12:43:23 ----D---- C:\WINDOWS\system32
2008-12-06 12:43:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 12:39:25 ----A---- C:\WINDOWS\SMSCFG.ini
2008-12-06 12:38:59 ----A---- C:\TPHKLOCK.TXT
2008-12-06 12:37:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-04 17:08:21 ----RASH---- C:\boot.ini
2008-12-04 17:08:21 ----A---- C:\WINDOWS\win.ini
2008-12-04 17:08:21 ----A---- C:\WINDOWS\system.ini
2008-12-04 17:05:01 ----D---- C:\WINDOWS
2008-12-03 22:58:42 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 22:57:53 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 22:52:15 ----D---- C:\WINDOWS\system32\config
2008-12-03 22:51:15 ----D---- C:\WINDOWS\AppPatch
2008-12-03 22:51:15 ----D---- C:\Program Files\Common Files
2008-12-03 00:52:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-03 00:48:52 ----HD---- C:\WINDOWS\inf
2008-12-03 00:39:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-03 00:38:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-01 14:46:35 ----SHD---- C:\WINDOWS\Installer
2008-12-01 14:45:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-01 14:43:49 ----SHD---- C:\WINDOWS\CSC
2008-12-01 14:41:13 ----A---- C:\WINDOWS\setuplog.txt
2008-12-01 14:40:04 ----D---- C:\WINDOWS\system32\Setup
2008-12-01 14:40:02 ----D---- C:\WINDOWS\system32\wbem
2008-12-01 14:40:01 ----RSD---- C:\WINDOWS\Fonts
2008-12-01 14:37:42 ----A---- C:\WINDOWS\imsins.BAK
2008-12-01 12:48:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-01 11:35:11 ----D---- C:\WINDOWS\security
2008-12-01 11:32:26 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-01 11:29:29 ----D---- C:\Program Files\Messenger
2008-12-01 11:26:25 ----D---- C:\WINDOWS\WinSxS
2008-12-01 11:26:12 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-01 11:26:12 ----D---- C:\WINDOWS\ime
2008-12-01 11:26:12 ----D---- C:\WINDOWS\Help
2008-12-01 11:26:02 ----D---- C:\WINDOWS\system32\usmt
2008-12-01 11:26:02 ----D---- C:\WINDOWS\system32\en-us
2008-12-01 11:26:01 ----D---- C:\Program Files\Internet Explorer
2008-12-01 11:26:00 ----D---- C:\WINDOWS\PeerNet
2008-12-01 11:26:00 ----D---- C:\Program Files\Movie Maker
2008-12-01 11:21:50 ----D---- C:\WINDOWS\system32\Restore
2008-12-01 11:21:50 ----D---- C:\WINDOWS\system32\npp
2008-12-01 11:21:49 ----D---- C:\WINDOWS\mui
2008-12-01 11:21:47 ----D---- C:\WINDOWS\msagent
2008-12-01 11:21:43 ----D---- C:\WINDOWS\srchasst
2008-12-01 11:21:41 ----D---- C:\Program Files\NetMeeting
2008-12-01 11:21:37 ----D---- C:\WINDOWS\system32\Com
2008-12-01 11:21:31 ----D---- C:\Program Files\Windows Media Player
2008-12-01 11:21:30 ----D---- C:\Program Files\Windows NT
2008-12-01 11:21:30 ----D---- C:\Program Files\Outlook Express
2008-12-01 11:21:21 ----D---- C:\Program Files\Common Files\System
2008-12-01 11:20:50 ----D---- C:\WINDOWS\system32\oobe
2008-12-01 11:20:49 ----D---- C:\WINDOWS\system
2008-12-01 11:18:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-01 11:15:13 ----D---- C:\WINDOWS\ehome
2008-12-01 10:33:18 ----A---- C:\WINDOWS\wininit.ini
2008-11-30 13:18:15 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-30 13:11:08 ----RSD---- C:\WINDOWS\assembly
2008-11-30 13:04:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-29 11:14:27 ----D---- C:\WINDOWS\Debug
2008-11-29 10:48:48 ----D---- C:\Program Files
2008-11-26 15:55:06 ----D---- C:\Documents and Settings\Lenovo\Application Data\Azureus
2008-11-26 09:48:22 ----D---- C:\WINDOWS\Registration
2008-11-26 09:32:34 ----D---- C:\WINDOWS\system32\DirectX
2008-11-24 11:15:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 11:07:19 ----D---- C:\Program Files\Tunebite
2008-11-24 11:06:16 ----D---- C:\Program Files\NetSnippets
2008-11-24 11:05:35 ----D---- C:\Program Files\Bonjour
2008-11-24 11:04:21 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-23 12:45:11 ----SD---- C:\WINDOWS\Tasks
2008-11-22 15:45:22 ----SD---- C:\Documents and Settings\Lenovo\Application Data\Microsoft
2008-11-21 01:40:26 ----D---- C:\Program Files\DAEMON Tools Pro

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 189584]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-23 17778]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-06-18 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-04-10 12848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-04-13 306176]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-03-23 94848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-05-11 252312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081201.006\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081201.006\navex15.sys []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-17 6346720]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys []
S3 arqmdaxy;arqmdaxy; C:\WINDOWS\system32\drivers\arqmdaxy.sys []
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-04-02 21632]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys []
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys []
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 24208]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2006-04-19 14464]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-05-02 22768]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-05-31 36400]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-17 163908]
R2 Pharos Systems ComTaskMaster;Pharos Systems ComTaskMaster; C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe [2007-02-22 294912]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-03-02 37680]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S4 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-05-29 192104]
S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-05-29 169576]
S4 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-06-06 31424]
S4 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-23 622700]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-29 654848]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-06-06 116928]
S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S4 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-03-28 214672]
S4 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
S4 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2007-06-14 13312]
S4 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-06-06 1821376]
S4 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2006-12-10 1118208]
S4 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------